* updated README.md
* Create close-inactive-issues.yml
* check return codes of EVP_CIPHER_CTX_new and EVP_CipherInit
Especially with OpenSSL 3, it is possible that EVP_CipherInit may fail even when
passed a non-null cipher[1]. Without the checking, it will finally get to a
segfault.
[1] https://github.com/openssl/openssl/issues/16864
* Automatically load default and legacy providers with OpenSSL 3
Without the legacy provider [1], some ciphers are not available. For example,
the 'des-ecb' one used by test sutie is missed and the test will fail.
[1] OSSL_PROVIDER-LEGACY(7ossl)
* Make p12 ca order the same as pem
OpenSSL < 3 returns p12 ca order in reversed order. This is fixed
in OpenSSL 3. We work around it with old OpenSSL.
See:
https://github.com/openssl/openssl/issues/16421https://github.com/openssl/openssl/pull/12641f5eb85eb0f
* Implement SSL abort handling on OpenSSL 3
On an unexpected EOF, versions before OpenSSL 3.0 returned SSL_ERROR_SYSCALL,
nothing was added to the error stack, and errno was 0. Since OpenSSL 3.0 the
returned error is SSL_ERROR_SSL with a meaningful error on the error stack.[1]
[1] SSL_GET_ERROR(3ossl)
Co-authored-by: Günter Obiltschnig <guenter.obiltschnig@appinf.com>
Co-authored-by: Robin Lee <cheeselee@fedoraproject.org>
Co-authored-by: Aleksandar Fabijanic <aleks-f@users.noreply.github.com>
