generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
8,561 Commits 16 Branches 258 Tags
Commit Graph

1496 Commits

Author SHA1 Message Date
Dr. Stephen Henson
e7e7f5de4b PR: 1960 
Approved by: steve@openssl.org

Encode compression id in {i2d,d2i}_SSL_SESSION().
 2009-06-30 22:20:46 +00:00
Dr. Stephen Henson
ab8fe43fa2 PR: 1942 
Submitted by: David Woodhouse <dwmw2@infradead.org>
Approved by: steve@openssl.org

Replace ad-hoc chain builder with X509_verify_cert().
 2009-06-28 16:23:05 +00:00
Dr. Stephen Henson
9aecc3e5ff Update from 1.0.0-stable. 2009-06-26 11:34:22 +00:00
Dr. Stephen Henson
51ebaa9f82 Correct CHANGES entry. 2009-06-17 11:58:17 +00:00
Dr. Stephen Henson
efaa569c3b PR: 1943 
Submitted by: Guenter <lists@gknw.net>
Approved by: steve@openssl.org

Rename uni2asc and asc2uni on Netware to avoid a name clash.
 2009-06-17 11:55:51 +00:00
Dr. Stephen Henson
1e53b797f6 Don't check self-signed signature in X509_verify_cert(), the check just 
wastes processing time and doesn't add any security.
 2009-06-15 14:52:38 +00:00
Mark J. Cox
0b8eca58b9 Update changelog to show fix for PR1679 as per Tomas Hoger's testing: 
http://thread.gmane.org/gmane.comp.security.oss.general/1769/focus=1814
 2009-06-02 09:20:52 +00:00
Mark J. Cox
a176be48a2 Add the corresponding CVE names to the CHANGES entry for 0.9.8 branch 2009-05-26 08:21:56 +00:00
Dr. Stephen Henson
f47bce27e3 Add CHANGES entries for security relate issues PR#1923, PR#1930 and PR#1931. 2009-05-18 17:34:16 +00:00
Dr. Stephen Henson
0d399f97dd Submitted by: Darryl Miles <darryl-mailinglists@netbauds.net> 
Approved by: steve@openssl.org

Handle non-blocking I/O properly in SSL_shutdown() call.
 2009-04-07 16:28:30 +00:00
Dr. Stephen Henson
7a746ecf3e Typo. 2009-03-25 22:22:42 +00:00
Dr. Stephen Henson
aca8bf43ce Submitted by: Ilya O. <vrghost@gmail.com> 
Approved by: steve@openssl.org

Add 2.5.4.* OIDs.
 2009-03-25 19:01:03 +00:00
Dr. Stephen Henson
7de0df694f Prepare for next version. 2009-03-25 13:02:49 +00:00
Dr. Stephen Henson
e10051ef3f Prepare for 0.9.8k release. 2009-03-25 10:46:56 +00:00
Dr. Stephen Henson
c60dca1f95 PR: 1868 
Submitted by: Paolo Ganci <Paolo.Ganci@AdNovum.CH>
Approved by: steve@openssl.org

Don't set fields to NULL when freeing them up in ASN1 code. On some platforms
with sizeof(long) < sizeof(char *) this can cause a crash.
 2009-03-25 10:42:34 +00:00
Dr. Stephen Henson
188abf7e2a Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com> 
Approved by: steve@openssl.org

Check return code properly in CMS_SignerInfo_verify_content().
 2009-03-25 10:40:32 +00:00
Dr. Stephen Henson
f021b7cca6 Reject BMPStrings and UniversalStrings of invalid length. This prevents 
a crash in ASN1_STRING_print_ex() which assumes they are valid.
 2009-03-25 10:35:57 +00:00
Dr. Stephen Henson
37afdc953e Don't force S/MIME signing purpose: allow it to be overridden by store 
settings.

Don't set default values in X509_VERIFY_PARAM_new(): it stops parameters
being inherited properly.
 2009-03-15 13:36:01 +00:00
Dr. Stephen Henson
044855e146 Permit nested ASN1 string encoding but with a maximum depth to avoid 
stack overflow.
 2009-03-14 18:33:25 +00:00
Dr. Stephen Henson
4fcf8d8b07 Submitted by: Jeremy Shapiro <jnshapir@us.ibm.com> 
Reviewed by: steve@openssl.org

Improve efficientcy of mem_gets().
 2009-03-07 16:58:43 +00:00
Bodo Möller
59689735a6 -hex option for openssl rand 
PR: 1831
Submitted by: Damien Miller
 2009-02-02 00:27:56 +00:00
Dr. Stephen Henson
73cb37295d Update from HEAD. 2009-01-28 12:55:36 +00:00
Dr. Stephen Henson
1f35508ae6 Support NumericString for name components. 2009-01-28 12:35:10 +00:00
Ben Laurie
dc0cb7e74f Make it possible to override CC. 2009-01-17 14:36:17 +00:00
Dr. Stephen Henson
367316c723 Oops, remove duplicate entry. 2009-01-07 23:45:19 +00:00
Dr. Stephen Henson
d34353cc91 Prepare for next version. 2009-01-07 23:38:34 +00:00
Dr. Stephen Henson
6287fa5396 Prepare for 0.9.8j release. 2009-01-07 10:50:54 +00:00
Dr. Stephen Henson
a00c3c4019 Properly check EVP_VerifyFinal() and similar return values 
(CVE-2008-5077).
Submitted by: Ben Laurie, Bodo Moeller, Google Security Team
 2009-01-07 10:48:23 +00:00
Ben Laurie
c153422388 Enable TLS Extensions by default. 2008-12-26 15:27:51 +00:00
Bodo Möller
505ed2b076 Implement Configure option pattern "experimental-foo" 
(specifically, "experimental-jpake").
 2008-12-02 01:21:06 +00:00
Dr. Stephen Henson
5a02ac6e5b Revert OPENSSL_EXPERIMENTAL patch. 
Change it so JPAKE uses the standard OPENSSL_NO_JPAKE instead.
 2008-11-24 16:14:15 +00:00
Geoff Thorpe
bfc6482a7a Allow the CHIL engine to load even if dynamic locks aren't registered. 
Submitted by: Sander Temme
 2008-11-19 14:08:06 +00:00
Dr. Stephen Henson
81dde5e8fe Add support for experimental code, not compiled in by default and 
with OPENSSL_EXPERIMENTAL_FOO around it. Make JPAKE experimental.
 2008-11-12 16:54:35 +00:00
Dr. Stephen Henson
4e98f8863f Oops... 2008-10-31 12:18:42 +00:00
Dr. Stephen Henson
582ef3dbdb Fix from HEAD. 2008-10-31 12:09:18 +00:00
Ben Laurie
2124e869a8 Add JPAKE. 2008-10-26 18:42:05 +00:00
Ben Laurie
cdffc716c9 Set the comparison function in v3_addr_canonize(). 2008-10-14 19:21:30 +00:00
Ben Laurie
5dffc13f55 Add XMPP STARTTLS support. 2008-10-14 19:09:47 +00:00
Bodo Möller
d875413a0b Make sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't 
enable disabled ciphersuites.
 2008-09-22 21:22:51 +00:00
Bodo Möller
4ea574fdf3 Now that we're changing the 0.9.8i CHANGES anyway, reorder them 
according to the usual convention (reverse chronological order)
 2008-09-15 20:34:13 +00:00
Dr. Stephen Henson
cf8115deb0 Add missing CHANGES entry. 2008-09-15 20:28:58 +00:00
Dr. Stephen Henson
6d3b70c8da Prepare for next version... 2008-09-15 15:30:20 +00:00
Dr. Stephen Henson
0a4fda742b Oops... use correct version number this time.... 2008-09-15 14:26:34 +00:00
Dr. Stephen Henson
3745e57bf9 Prepare for next version.... 2008-09-15 12:19:09 +00:00
Dr. Stephen Henson
b7e7aa00de Begin release of OpenSSL 0.9.8i. 2008-09-15 10:28:13 +00:00
Bodo Möller
200d00c854 Fix SSL state transitions. 
Submitted by: Nagendra Modadugu
 2008-09-14 14:02:01 +00:00
Bodo Möller
669b912dea Really get rid of unsafe double-checked locking. 
Also, "CHANGES" clean-ups.
 2008-09-14 13:51:49 +00:00
Bodo Möller
36a4a67b2b Some precautions to avoid potential security-relevant problems. 2008-09-14 13:42:40 +00:00
Ben Laurie
b7c8b4fc95 Allow soft-loading engines. 2008-09-12 13:29:59 +00:00
Dr. Stephen Henson
dd6e90465d Add support for Local Machine Keyset attribute in PKCS#12 files. 2008-06-26 23:26:52 +00:00