Jim Basney
dca7158c95
Avoid double-free in calleres to OCSP_parse_url
...
set pointers to NULL after OPENSSL_free before returning to caller to
avoid possible double-free in caller
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-09 20:44:52 -05:00
Mat
642565106e
Fix return type for CRYPTO_THREAD_run_once
...
return type should be int and not void
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-09 20:42:30 -05:00
Viktor Dukhovni
dd60efea95
Add X509_CHECK_FLAG_NEVER_CHECK_SUBJECT flag
...
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-03-09 20:41:28 -05:00
Richard Levitte
29f082603a
Remove duplicate typedef of ECPKPARAMETERS in ec.h
...
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-03-10 02:35:12 +01:00
Kurt Roeckx
6b51459026
Run make update
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR: #2296
2016-03-10 01:44:47 +01:00
Richard Levitte
32e4cc0cde
Travis - the source directory is _srcdist, not _srcdir
...
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-03-10 01:31:06 +01:00
Richard Levitte
c5798e0eb5
Correct slight logic error in processing IF in build.info
...
This corrects a fault where the inner IF in this example was still
being acted upon:
IF[0]
...whatever...
IF[1]
...whatever more...
ENDIF
ENDIF
With this change, the inner IF is skipped over.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-09 23:58:44 +01:00
Richard Levitte
64b9d84bfd
When grepping something starting with a dash, remember to use -e
...
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-03-09 22:34:27 +01:00
Kurt Roeckx
2b8fa1d56c
Deprecate the use of version-specific methods
...
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1824
2016-03-09 19:45:05 +01:00
Kurt Roeckx
885e601d97
Use version flexible method instead of fixed version
...
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1824
2016-03-09 19:39:54 +01:00
Kurt Roeckx
0d5301aff9
Use minimum and maximum protocol version instead of version fixed methods
...
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1824
2016-03-09 19:38:56 +01:00
Kurt Roeckx
1fc7d6664a
Fix usage of OPENSSL_NO_*_METHOD
...
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1824
2016-03-09 19:38:18 +01:00
Kurt Roeckx
ca3895f0b5
Move disabling of RC4 for DTLS to the cipher list.
...
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1595
2016-03-09 19:10:28 +01:00
Kurt Roeckx
82478521aa
Remove DES cipher alias
...
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1595
2016-03-09 19:10:28 +01:00
Kurt Roeckx
29c4cf0cd1
Update ciphers -s documentation
...
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1595
2016-03-09 19:10:28 +01:00
Kurt Roeckx
cdc72e497d
Document SSL_get1_supported_ciphers
...
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1595
2016-03-09 19:10:28 +01:00
Kurt Roeckx
d7a474264b
IDEA is not supported in TLS 1.2
...
This currently seems to be the only cipher we still support that should get
disabled.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1595
2016-03-09 19:10:28 +01:00
Kurt Roeckx
3eb2aff401
Add support for minimum and maximum protocol version supported by a cipher
...
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1595
2016-03-09 19:10:28 +01:00
Kurt Roeckx
068c358ac3
Add ssl_get_client_min_max_version() function
...
Adjust ssl_set_client_hello_version to get both the minimum and maximum and then
make ssl_set_client_hello_version use the maximum version.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1595
2016-03-09 19:10:28 +01:00
Kurt Roeckx
b11836a63a
Make SSL_CIPHER_get_version return a const char *
...
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1595
2016-03-09 19:10:28 +01:00
Kurt Roeckx
6063453c5a
Remove unused code
...
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1595
2016-03-09 19:10:28 +01:00
Kurt Roeckx
7d65007238
Make function to convert version to string
...
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1595
2016-03-09 19:10:28 +01:00
Kurt Roeckx
e4646a8963
Constify security callbacks
...
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1595
2016-03-09 19:10:28 +01:00
Rob Percival
ca74c38dc8
Documentation for ctx_set_ctlog_list_file()
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 13:07:09 -05:00
Rob Percival
6bea2a72a8
Minor improvement to formatting of SCT output in s_client
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 13:07:09 -05:00
Rob Percival
328f36c5c5
Do not display a CT log error message if CT validation is disabled
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 13:07:09 -05:00
Rich Salz
60b350a3ef
RT3676: Expose ECgroup i2d functions
...
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-03-09 12:25:21 -05:00
Richard Levitte
c471884996
Comment away the extra checks in Configure
...
The "extra checks" is a debugging tool to check the config resolving
mechanism. It uses Perl's smart match, which is experimental and
therefore always causes Perl to give out a warning, and it causes
older Perl versions to fail entirely.
So, it gets commented away, but stays otherwise in place, as it may be
useful again.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-09 17:59:14 +01:00
Richard Levitte
67336ea400
Make ct_dir and certs_dir static in test/ct_test.c
...
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-09 17:58:02 +01:00
Richard Levitte
1bee9d6b6c
Fix ct_test to not assume it's in the source directory
...
ct_test assumed it's run in the source directory and failed when built
elsewhere. It still defaults to that, but can be told another story
with the environment variables CT_DIR and CERTS_DIR.
Test recipe updated to match.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:35:18 -05:00
Rob Percival
9ddff1e83c
Document importance of CTLOG_STORE outliving SCT if SCT_set0_log is used
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Rob Percival
dc919c6935
Make SCT literals into const variables in ct_test.c
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Rob Percival
eac84e8127
Makes STACK_OF(SCT)* parameter of i2d_SCT_LIST const
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Rob Percival
14db9bbd71
Removes SCT_LIST_set_source and SCT_LIST_set0_logs
...
Both of these functions can easily be implemented by callers instead.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Rob Percival
21b908a8f9
Makes SCT_get0_log return const CTLOG*
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Rob Percival
12d2d28185
Makes CTLOG_STORE_get0_log_by_id return const CTLOG*
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Rob Percival
98af731064
Improved documentation of SCT_CTX_* functions
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Rob Percival
e5a7ac446b
Updates ct_err.c
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Rob Percival
5c081a8f74
Remove unnecessary call to SCT_set1_extensions(sct, "", 0) in ct_test.c
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Rob Percival
6d7fd9c142
Reset SCT validation_status if the SCT is modified
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Rob Percival
9c812014c8
Use SCT_VERSION_V1 in place of literal 0 in ct_test.c
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Rob Percival
70279a81a7
Fixes "usuable" typo in ct_locl.h
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Rob Percival
70073f3e3a
Treat boolean functions as booleans
...
Use "!x" instead of "x <= 0", as these functions never return a negative
value.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Rob Percival
8c92c4eac0
Make parameters of CTLOG_get* const
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Rob Percival
5da65ef23c
Extensive application of __owur to CT functions that return a boolean
...
Also improves some documentation of those functions.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Rob Percival
8fbb93d0e2
Makes SCT_LIST_set_source return the number of successes
...
No longer terminates on first error, but instead tries to set the source
of every SCT regardless of whether an error occurs with some.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Todd Short
aeb5b95576
Fix locking in ssl_cert_dup()
...
Properly check the return value of CRYPTO_THREAD_lock_new()
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-09 11:26:01 -05:00
Richard Levitte
b7aacc3ac3
Restore building out of source with the unified build scheme
...
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-09 17:13:56 +01:00
Richard Levitte
467bbe090b
CT test can't run without EC, so skip it on that algo as well
...
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-09 17:13:23 +01:00
Richard Levitte
c469a9a81e
Fix ct_test to not assume it's in the source directory
...
ct_test assumed it's run in the source directory and failed when built
elsewhere. It still defaults to that, but can be told another story
with the environment variables CT_DIR and CERTS_DIR.
Test recipe updated to match.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-09 17:13:23 +01:00