PR#3456
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit d48e78f0cf22aaddb563f4bcfccf25b1a45ac8a4)
Use same logic when determining when to expect a client
certificate for both TLS and DTLS.
PR#3452
(cherry picked from commit c8d710dc5f83d69d802f941a4cc5895eb5fe3d65)
The options which emulate a web server don't make sense when doing DTLS.
Exit with an error if an attempt is made to use them.
PR#3453
(cherry picked from commit 58a2aaeade8bdecd0f9f0df41927f7cff3012547)
This is actually ok for this function, but initialised to zero anyway if
PURIFY defined.
This does have the impact of masking any *real* unitialised data reads in bn though.
Patch based on approach suggested by Rich Salz.
PR#3415
(cherry picked from commit 77747e2d9a5573b1dbc15e247ce18c03374c760c)
ERR_get_error(3) references the non-existent
ERR_get_last_error_line_data instead of the one that does exist,
ERR_peek_last_error_line_data.
PR#3283
(cherry picked from commit 5cc99c6cf5e908df6b00b04af7f08e99c0698c7b)
Gets rid of this;
defined(@array) is deprecated at ../util/mkerr.pl line 792.
(Maybe you should just omit the defined()?)
defined(@array) is deprecated at ../util/mkerr.pl line 800.
(Maybe you should just omit the defined()?)
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
(cherry picked from commit 647f360e2e86818cee1f2d0429e071d14814e0b5)
IN parameter.
Under the old docs, the only thing stated was "at most
EVP_PKEY_size(pkey) bytes will be written". It was kind of misleading
since it appears EVP_PKEY_size(pkey) WILL be written regardless of the
signature's buffer size.
(cherry picked from commit 6e6ba36d980f67b6e5c7b139f78da7acbbf8ec76)
If CSR verify fails in ca utility print out error messages.
Otherwise some errors give misleading output: for example
if the key size exceeds the library limit.
PR#2875
(cherry picked from commit a30bdb55d1361b9926eef8127debfc2e1bb8c484)
In EVP_PBE_alg_add don't use the underlying NID for the cipher
as it may have a non-standard key size.
PR#3206
(cherry picked from commit efb7caef637a1de8468ca109efd355a9d0e73a45)
Document that the certificate passed to SSL_CTX_add_extra_chain_cert()
should not be freed by the application.
PR#3409
(cherry picked from commit 0535c2d67ca2d684087ef90be35d5fb207aab227)
Add restrictions section present in other branches.
Conflicts:
doc/ssl/SSL_CTX_add_extra_chain_cert.pod
(cherry picked from commit 86cac6d3b25342ff17a2b6564f7592fd7c6829e8)
In the ssl_cipher_get_evp() function, fix off-by-one errors in index validation before accessing arrays.
Bug discovered and fixed by Miod Vallat from the OpenBSD team.
PR#3375
