Bodo Möller
837f2fc7a4
Make sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't
...
enable disabled ciphersuites.
2008-09-22 21:22:47 +00:00
Bodo Möller
1a489c9af1
From branch OpenSSL_0_9_8-stable: Allow soft-loading engines.
...
Also, fix CHANGES (consistency with stable branch).
2008-09-15 20:41:24 +00:00
Dr. Stephen Henson
8c864e5466
Add missing CHANGES entry.
2008-09-15 20:30:58 +00:00
Bodo Möller
be5707c820
from 0.9.8 branch
2008-09-15 20:30:17 +00:00
Dr. Stephen Henson
4a4f3071ec
Update FAQ.
2008-09-15 11:27:58 +00:00
Andy Polyakov
d7235a9d68
Fix yesterday typos in bss_dgram.c.
2008-09-15 05:43:04 +00:00
Geoff Thorpe
fa0f834c20
Fix build warnings.
2008-09-15 04:02:37 +00:00
Bodo Möller
96562f2fb3
update comment
2008-09-14 19:50:55 +00:00
Andy Polyakov
b9790c1cd4
Winsock handles SO_RCVTIMEO in unique manner...
...
PR: 1648
2008-09-14 19:22:52 +00:00
Bodo Möller
fcbdde0dfe
oops
2008-09-14 18:16:07 +00:00
Andy Polyakov
51ec776b7d
dtls1_write_bytes consumers expect amount of bytes written per call, not
...
overall.
PR: 1604
2008-09-14 17:56:15 +00:00
Bodo Möller
e65bcbcef0
Fix SSL state transitions.
...
Submitted by: Nagendra Modadugu
2008-09-14 14:02:07 +00:00
Bodo Möller
e710de12ce
Note about CVS branch inconsistency.
2008-09-14 13:53:18 +00:00
Bodo Möller
db99c52509
Really get rid of unsafe double-checked locking.
...
Also, "CHANGES" clean-ups.
2008-09-14 13:51:44 +00:00
Bodo Möller
f8d6be3f81
Some precautions to avoid potential security-relevant problems.
2008-09-14 13:42:34 +00:00
Andy Polyakov
d493899579
DTLS didn't handle alerts correctly.
...
PR: 1632
2008-09-13 18:24:38 +00:00
Andy Polyakov
492279f6f3
AIX build updates.
2008-09-12 14:45:54 +00:00
Dr. Stephen Henson
3ad74edce8
Add SSL_FIPS flag for FIPS 140-2 approved ciphersuites and add a new
...
strength "FIPS" to represent all FIPS approved ciphersuites without NULL
encryption.
2008-09-10 16:02:09 +00:00
Ben Laurie
2b7b1cad10
Ignoring errors in makedepend can hide problems.
2008-09-09 19:08:40 +00:00
Ben Laurie
43048d13c8
Fix warning.
2008-09-07 13:22:34 +00:00
Dr. Stephen Henson
e8da6a1d0f
Fix from stable branch.
2008-09-03 22:17:11 +00:00
Dr. Stephen Henson
305514000c
Do not discard cached handshake records during resumed sessions:
...
they are used for mac computation.
2008-09-03 12:36:16 +00:00
Dr. Stephen Henson
0702150f53
Make no-tlsext compile.
2008-09-03 12:29:57 +00:00
Dr. Stephen Henson
a0ee081515
Perl script to run and verify OpenSSL against PKITS RFC3280 compliance
...
test suite.
2008-09-01 15:53:53 +00:00
Dr. Stephen Henson
d43c4497ce
Initial support for delta CRLs. If "use deltas" flag is set attempt to find
...
a delta CRL in addition to a full CRL. Check and search delta in addition to
the base.
2008-09-01 15:15:16 +00:00
Dr. Stephen Henson
4b96839f06
Add support for CRLs partitioned by reason code.
...
Tidy CRL scoring system.
Add new CRL path validation error.
2008-08-29 11:37:21 +00:00
Dr. Stephen Henson
249a77f5fb
Add support for freshest CRL extension.
2008-08-27 15:52:05 +00:00
Dr. Stephen Henson
d0fff69dc9
Initial indirect CRL support.
2008-08-20 16:42:19 +00:00
Dr. Stephen Henson
8c9bd89338
Support for certificateIssuer CRL entry extension.
2008-08-18 16:48:47 +00:00
Bodo Möller
2e415778f2
Don't use assertions to check application-provided arguments;
...
and don't unnecessarily fail on input size 0.
2008-08-14 21:37:51 +00:00
Bodo Möller
1cbf663a6c
sanity check
...
PR: 1679
2008-08-13 19:45:06 +00:00
Bodo Möller
9be8035b11
fix error function codes
2008-08-13 19:44:15 +00:00
Bodo Möller
2ecd2edede
Mention ERR_remove_state() deprecation, and ERR_remove_thread_state(NULL).
2008-08-13 19:30:01 +00:00
Dr. Stephen Henson
9d84d4ed5e
Initial support for CRL path validation. This supports distinct certificate
...
and CRL signing keys.
2008-08-13 16:00:11 +00:00
Dr. Stephen Henson
2e0c7db950
Initial code to support distinct certificate and CRL signing keys where the
...
CRL issuer is not part of the main path.
Not complete yet and not compiled in because the CRL issuer certificate is
not validated.
2008-08-12 16:07:52 +00:00
Dr. Stephen Henson
002e66c0e8
Support for policy mappings extension.
...
Delete X509_POLICY_REF code.
Fix handling of invalid policy extensions to return the correct error.
Add command line option to inhibit policy mappings.
2008-08-12 10:32:56 +00:00
Dr. Stephen Henson
e9746e03ee
Initial support for name constraints certificate extension.
...
TODO: robustness checking on name forms.
2008-08-08 15:35:29 +00:00
Geoff Thorpe
ab9c689ad3
Correct the FAQ and the threads man page re: CRYPTO_THREADID changes.
2008-08-06 16:41:50 +00:00
Geoff Thorpe
4c3296960d
Remove the dual-callback scheme for numeric and pointer thread IDs,
...
deprecate the original (numeric-only) scheme, and replace with the
CRYPTO_THREADID object. This hides the platform-specifics and should reduce
the possibility for programming errors (where failing to explicitly check
both thread ID forms could create subtle, platform-specific bugs).
Thanks to Bodo, for invaluable review and feedback.
2008-08-06 15:54:15 +00:00
Andy Polyakov
96826bfc84
sha1-armv4-large cosmetics.
2008-08-06 08:58:45 +00:00
Andy Polyakov
eb1aa135d8
sha1-armv4-large.pl performance improvement. On PXA255 it gives +10% on
...
8KB block, +60% on 1KB, +160% on 256B...
2008-08-06 08:47:07 +00:00
Geoff Thorpe
99649b5990
Fix signed/unsigned warning.
2008-08-05 17:48:02 +00:00
Dr. Stephen Henson
6d6c47980e
Correctly handle errors in CMS I/O code.
2008-08-05 15:55:53 +00:00
Bodo Möller
474b3b1cc8
Fix error codes for memory-saving patch.
...
Also, get rid of compile-time switch OPENSSL_NO_RELEASE_BUFFERS
because it was rather pointless (the new behavior has to be explicitly
requested by setting SSL_MODE_RELEASE_BUFFERS anyway).
2008-08-04 22:10:38 +00:00
Dr. Stephen Henson
3e727a3b37
Add support for nameRelativeToCRLIssuer field in distribution point name
...
fields.
2008-08-04 15:34:27 +00:00
Dr. Stephen Henson
a9ff742e42
Make explicit_policy handling match expected RFC3280 behaviour.
2008-08-02 11:16:35 +00:00
Lutz Jänicke
787287af40
Refer to SSL_pending from the man page for SSL_read
2008-08-01 15:03:20 +00:00
Dr. Stephen Henson
5cbd203302
Initial support for alternative CRL issuing certificates.
...
Allow inibit any policy flag to be set in apps.
2008-07-30 15:49:12 +00:00
Dr. Stephen Henson
592a207b94
Policy validation fixes.
...
Inhibit any policy count should ignore self issued certificates.
Require explicit policy is the number certificate before an explict policy
is required.
2008-07-30 15:41:42 +00:00
Ralf S. Engelschall
6bcbac0abb
remove a doubled entry for '-binary' in the usage message
2008-07-27 15:51:35 +00:00