Matt Caswell
89f6c5b492
Further comment amendments to preserve formatting prior to source reformat
...
(cherry picked from commit 4a7fa26ffd65bf36beb8d1cb8f29fc0ae203f5c5)
Conflicts:
crypto/x509v3/pcy_tree.c
Conflicts:
apps/apps.c
ssl/ssltest.c
Conflicts:
apps/apps.c
crypto/ec/ec2_oct.c
crypto/ec/ecp_nistp224.c
crypto/ec/ecp_nistp256.c
crypto/ec/ecp_nistp521.c
ssl/s3_cbc.c
ssl/ssl_sess.c
ssl/t1_lib.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:41:33 +00:00
Tim Hudson
f326f6544d
mark all block comments that need format preserving so that
...
indent will not alter them when reformatting comments
(cherry picked from commit 1d97c84351
2015-01-22 09:41:18 +00:00
Matt Caswell
82d7247fc5
Updates to s_client and s_server to remove the constant 28 (for IPv4 header
...
and UDP header) when setting an mtu. This constant is not always correct (e.g.
if using IPv6). Use the new DTLS_CTRL functions instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 464ce92026
2014-12-03 09:43:49 +00:00
Matt Caswell
4e73dc5b76
Remove duplicated code
...
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-11-27 14:33:55 +00:00
Matt Caswell
67eb85d7d4
Tidy up ocsp help output
...
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 5e31a40f47e164582690
2014-11-27 14:21:42 +00:00
André Guerreiro
915a3b1c21
Add documentation on -timeout option in the ocsp utility
...
PR#3612
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit de87dd46c14d3df37bc7
2014-11-27 14:21:42 +00:00
Richard Levitte
7e29be228e
Make sure that disabling the MAYLOSEDATA3 warning is only done when the compiler supports it. Otherwise, there are warnings about it lacking everywhere, which is quite tedious to read through while trying to check for other warnings.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
Conflicts:
ssl/ssl-lib.com
2014-10-15 11:32:15 +02:00
Bodo Moeller
8745c0815c
Add TLS_FALLBACK_SCSV documentation, and move s_client -fallback_scsv
...
handling out of #ifndef OPENSSL_NO_DTLS1 section.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-10-15 11:14:34 +02:00
Bodo Moeller
59dcfa21e5
Support TLS_FALLBACK_SCSV.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-10-15 04:05:57 +02:00
Dr. Stephen Henson
1a80d39021
Fix warnings about ignored return values.
...
(cherry picked from commit 27131fe8f7
2014-08-06 21:04:08 +01:00
Dr. Stephen Henson
ed1de3810d
Don't allow -www etc options with DTLS.
...
The options which emulate a web server don't make sense when doing DTLS.
Exit with an error if an attempt is made to use them.
PR#3453
(cherry picked from commit 58a2aaeade8bdecd0f9f0df41927f7cff3012547)
2014-07-15 12:27:03 +01:00
Dr. Stephen Henson
df35da266d
Use case insensitive compare for servername.
...
PR#3445
(cherry picked from commit 1c3e9a7c67
2014-07-15 00:00:14 +01:00
Dr. Stephen Henson
3fe4fc4774
Usage for -hack and -prexit -verify_return_error
...
(cherry picked from commit a07f514fc0
2014-07-06 22:59:03 +01:00
Dr. Stephen Henson
d8426e6b7d
s_server usage for certificate status requests
2014-07-06 22:58:58 +01:00
Dr. Stephen Henson
2e7124497d
Show errors on CSR verification failure.
...
If CSR verify fails in ca utility print out error messages.
Otherwise some errors give misleading output: for example
if the key size exceeds the library limit.
PR#2875
(cherry picked from commit a30bdb55d1
2014-06-29 13:35:01 +01:00
Dr. Stephen Henson
c0eae35b3d
Make no-ssl3 no-ssl2 do more sensible things.
...
(cherry picked from commit 7ae6a4b659
2014-06-29 03:05:54 +01:00
Dr. Stephen Henson
50c9141d00
Typo.
...
PR#3107
(cherry picked from commit 7c206db928
2014-06-28 12:43:36 +01:00
Dr. Stephen Henson
14247e4f59
Memory leak and NULL dereference fixes.
...
PR#3403
(cherry picked from commit d2aea03829
2014-06-27 14:53:21 +01:00
Dr. Stephen Henson
ead6774804
Fix compilation with no-comp
...
(cherry picked from commit 7239a09c7b5757ed8d0e9869f3e9b03c0e11f4d1)
2014-06-11 14:33:47 +01:00
Dr. Stephen Henson
92e2dc11f3
Change default cipher in smime app to des3.
...
PR#3357
(cherry picked from commit ca3ffd9670f2b589bf8cc04923f953e06d6fbc58)
2014-05-29 14:12:12 +01:00
Viktor Dukhovni
f9f6befa1f
Fix infinite loop. PR#3347
2014-05-11 21:15:57 +01:00
Tim Hudson
9f4a47b3ed
coverity 966576 - close socket in error path
2014-05-08 23:24:56 +01:00
Tim Hudson
51080676f1
PR#3342 fix resource leak coverity issue 966577
2014-05-08 23:24:51 +01:00
Dr. Stephen Henson
06e17142fc
Fix free errors in ocsp utility.
...
Keep copy of any host, path and port values allocated by
OCSP_parse_url and free as necessary.
(cherry picked from commit 5219d3dd35
2014-04-09 15:45:46 +01:00
Dr. Stephen Henson
f16fede1cd
Use correct length when prompting for password.
...
Use bufsiz - 1 not BUFSIZ - 1 when prompting for a password in
the openssl utility.
Thanks to Rob Mackinnon, Leviathan Security for reporting this issue.
(cherry picked from commit 7ba08a4d73
2014-04-04 13:08:42 +01:00
Tim Hudson
75c3073bbf
Add option to generate old hash format.
...
New -hash_old to generate CRL hashes using old
(before OpenSSL 1.0.0) algorithm.
(cherry picked from commit de2d97cd79
2014-04-03 13:37:56 +01:00
Dr. Stephen Henson
910b3a81fd
Avoid Windows 8 Getversion deprecated errors.
...
Windows 8 SDKs complain that GetVersion() is deprecated.
We only use GetVersion like this:
(GetVersion() < 0x80000000)
which checks if the Windows version is NT based. Use a macro check_winnt()
which uses GetVersion() on older SDK versions and true otherwise.
(cherry picked from commit a4cc3c8041
2014-02-25 13:43:04 +00:00
Kurt Roeckx
d43301b77a
Use defaults bits in req when not given
...
If you use "-newkey rsa" it's supposed to read the default number of bits from the
config file. However the value isn't used to generate the key, but it does
print it's generating such a key. The set_keygen_ctx() doesn't call
EVP_PKEY_CTX_set_rsa_keygen_bits() and you end up with the default set in
pkey_rsa_init() (1024). Afterwards the number of bits gets read from the config
file, but nothing is done with that anymore.
We now read the config first and use the value from the config file when no size
is given.
PR: 2592
(cherry picked from commit 3343220327
2014-02-14 22:36:05 +00:00
Scott Schaefer
b815ab2101
Fix various spelling errors
...
(cherry picked from commit 2b4ffc659e
2014-02-14 22:36:04 +00:00
Dr. Stephen Henson
16d616756f
Use default digest implementation in dgst.c
...
Use default instead of ENGINE version of digest. Without this
errors will occur if you use an ENGINE for a private key and
it doesn't implement the digest in question.
(cherry picked from commit 4eedf86a16
2014-01-23 18:38:51 +00:00
Dr. Stephen Henson
d985a68c89
add missing \n
2012-12-23 18:19:47 +00:00
Dr. Stephen Henson
d38c549e60
check mval for NULL too
2012-12-04 17:26:26 +00:00
Dr. Stephen Henson
558189183f
fix leak
2012-12-03 16:33:35 +00:00
Dr. Stephen Henson
04fde2025b
PR: 2908
...
Submitted by: Dmitry Belyavsky <beldmit@gmail.com>
Fix DH double free if parameter generation fails.
2012-11-21 14:01:55 +00:00
Dr. Stephen Henson
6bd61198fb
fix leaks
2012-11-20 00:29:09 +00:00
Dr. Stephen Henson
ca461ecd11
fix memory leak
2012-09-11 13:45:11 +00:00
Dr. Stephen Henson
652ac3e93a
oops, add -debug_decrypt option which was accidenatally left out
2012-06-19 13:38:47 +00:00
Dr. Stephen Henson
6b7887b0ab
Always use SSLv23_{client,server}_method in s_client.c and s_server.c,
...
the old code came from SSLeay days before TLS was even supported.
2012-03-18 18:14:46 +00:00
Richard Levitte
9ad1b440ae
cipher should only be set to PSK if JPAKE is used.
2012-03-14 12:38:55 +00:00
Dr. Stephen Henson
276eb93218
PR: 2717
...
Submitted by: Tim Rice <tim@multitalents.net>
Make compilation work on OpenServer 5.0.7
2012-02-12 18:25:11 +00:00
Dr. Stephen Henson
fd2d78e70b
PR: 2710
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Check return codes for load_certs_crls.
2012-02-10 19:54:37 +00:00
Andy Polyakov
27b1f137ff
Sanitize usage of <ctype.h> functions. It's important that characters
...
are passed zero-extended, not sign-extended [from HEAD].
PR: 2682
2012-01-12 16:37:20 +00:00
Bodo Möller
a99b6fcb7c
Fix usage indentation
2012-01-05 13:15:50 +00:00
Dr. Stephen Henson
7200b39ecd
make update
2012-01-04 16:52:53 +00:00
Dr. Stephen Henson
2a4adf19c8
The default CN prompt message can be confusing when often the CN needs to
...
be the server FQDN: change it.
[Reported by PSW Group]
2011-12-06 00:01:00 +00:00
Dr. Stephen Henson
872e3fd502
use keyformat for -x509toreq, don't hard code PEM
2011-09-23 21:48:59 +00:00
Dr. Stephen Henson
0b96f60a56
PR: 2347
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Reviewed by: steve
Fix usage message.
2011-09-23 13:12:52 +00:00
Dr. Stephen Henson
4d43129446
PR: 2527
...
Submitted by: Marcus Meissner <meissner@suse.de>
Reviewed by: steve
Set cnf to NULL to avoid possible double free.
2011-05-25 15:06:05 +00:00
Richard Levitte
067d72a082
Corrections to the VMS build system.
...
Submitted by Steven M. Schweda <sms@antinode.info>
2011-03-25 16:21:39 +00:00
Richard Levitte
f819147028
For VMS, implement the possibility to choose 64-bit pointers with
...
different options:
"64" The build system will choose /POINTER_SIZE=64=ARGV if
the compiler supports it, otherwise /POINTER_SIZE=64.
"64=" The build system will force /POINTER_SIZE=64.
"64=ARGV" The build system will force /POINTER_SIZE=64=ARGV.
2011-03-25 09:40:18 +00:00
