| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
|
|
|
| |
Add X25519 methods to match current key format defined in
draft-ietf-curdle-pkix-02
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
|
|
|
| |
Since "ptr" is used to handle arbitrary other types it should be
void *.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
| |
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1451)
|
| |
|
|
|
|
| |
Thanks to Brian Carpter for reporting this.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
| |
|
|
|
|
| |
RT#4590
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
|
|
|
|
| |
Originally new-line was suppressed, because double new-line was
observed under wine. But it appears rather to be a wine bug,
because on real Windows new-line is much needed.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
|
|
| |
Problem was introduced in 299ccadcdb99001c618d188fb243c1caaaa86a1c
as future extension, i.e. at this point it wasn't an actual problem,
because uninitialized capability bit was not actually used.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
| |
|
|
|
|
| |
RT#4530
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
| |
|
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| |
|
|
|
|
|
|
| |
In practice, CT isn't really functional without EC anyway, as most logs
use EC keys. So, skip loading the log list with no-ec, and skip CT tests
completely in that conf.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
|
| |
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1386)
|
| |
|
|
|
| |
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1386)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Commit 417be66 broken BIO_new_accept() by changing the definition of the
macro BIO_set_accept_port() which stopped acpt_ctrl() from calling
BIO_parse_hostserv(). This commit completes the series of changes
initiated in 417be66.
Updated pods to reflect new definition introduced by 417be66.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1386)
|
| |
|
|
| |
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1429)
|
| |
|
|
|
|
| |
Binary- and backward-compatible. Just better.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1429)
|
| |
|
|
|
| |
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1421)
|
| |
|
|
| |
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1397)
|
| |
|
|
|
| |
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1385
|
| |
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
|
|
| |
Like OPENSSL_assert, but also prints the error stack before exiting.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
|
|
|
|
| |
This commit only ports existing tests, and adds some coverage for
resumption. We don't appear to have any handshake tests that cover SCT
validation success, and this commit doesn't change that.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
|
|
| |
Make method names match reality
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
|
|
|
| |
Some failure tests were failing for the wrong reason after the CTX
refactoring. Update those tests.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
|
|
|
| |
As discussed in PR#1409 it can be done differently.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| |
|
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| |
|
|
|
|
|
|
|
|
| |
Thanks to Peter Gijsels for pointing out that if a CBC record has 255
bytes of padding, the first was not being checked.
(This is an import of change 80842bdb from BoringSSL.)
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1431)
|
| |
|
|
|
|
|
| |
Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1378)
|
| |
|
|
|
|
|
| |
In NPN and ALPN, the protocol is renegotiated upon resumption. Test that
resumption picks up changes to the extension.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
|
|
| |
OPENSSL_NO_NEXTPROTONEG only disables NPN, not ALPN
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move custom server and client options from the test dictionary to an
"extra" section of each server/client. Rename test expectations to say
"Expected".
This is a big but straightforward change. Primarily, this allows us to
specify multiple server and client contexts without redefining the
custom options for each of them. For example, instead of
"ServerNPNProtocols", "Server2NPNProtocols", "ResumeServerNPNProtocols",
we now have, "NPNProtocols".
This simplifies writing resumption and SNI tests. The first application
will be resumption tests for NPN and ALPN.
Regrouping the options also makes it clearer which options apply to the
server, which apply to the client, which configure the test, and which
are test expectations.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
|
| |
Commit 3eb2aff renamed a field of ssl_cipher_st from algorithm_ssl -> min_tls but neglected to update the fprintf reference which is included by -DCIPHER_DEBUG
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1417)
|
| |
|
|
|
|
|
|
|
| |
I bug in perl's File::Spec->canonpath() was uncovered. There's
nothing we can do about it (except re-implementing canonpath()),
except working around the problem (a directory rename) and reporting
the issue to the perl module developers.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
|
|
|
|
|
| |
Add colon when printing Registered ID.
Remove extra space when printing DirName.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1401)
|
| |
|
|
|
|
|
|
|
|
| |
In one failure case, it used to return -1. That failure case
(CTLOG_new() returning NULL) was not usefully distinct from all of the
other failure cases.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1407)
|
| |
|
|
|
| |
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1413)
|
| |
|
|
|
| |
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1413)
|
| |
|
|
|
|
|
|
| |
This is an entirely useless function, given that CTLOG is publicly
immutable.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1406)
|
| |
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These functions are:
SSL_use_certificate_file
SSL_use_RSAPrivateKey_file
SSL_use_PrivateKey_file
SSL_CTX_use_certificate_file
SSL_CTX_use_RSAPrivateKey_file
SSL_CTX_use_PrivateKey_file
SSL_use_certificate_chain_file
Internally, they use BIO_s_file(), which is defined and implemented at
all times, even when OpenSSL is configured no-stdio.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
|
|
|
|
| |
The macros that produce PEM_write_FOO() andd PEM_read_FOO() only do so
unless 'no-stdio' has been configured. mkdef.pl should mimic that by
marking those functions with the "STDIO" algo.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
|
|
|
|
|
| |
These were guarded by $disabled{tests}. However, 'tests' is disabled
if we configure 'no-stdio', which means that we don't detect the lack
of OPENSSL_NO_STDIO guards in our public header files. So we move the
generation and build of test/buildtest_*.c to be unconditional.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
|
|
| |
Thanks to Hanno Böck for reporting this bug.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
|
|
|
| |
Should result in more accurate header file coverage, see
https://github.com/eddyxu/cpp-coveralls/issues/54
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
|
