* feat(Context): DH init openssl3 port (1/2 hardcoded params)
* create poco-1.11.3 branch, bump version
* update copyright date
* #3567: check legacy provider existence for legacy exception #3567
* fix(Placeholder): comparison for zero value
* feat(Context): DH init openssl3 port (2/2 params from file)
* test(HTTPSClientSession): try/catch to understand CI failure
* chore(cmake): copy the DH parameters file
* fix(OpenSSLInitializer): unload provider on uninitialize
* chore(HTTPSClientSessionTest): remove try/catch
* fix(OpenSSLInitializer): fix provider unloading
* feat(CppUnit): make tests exceptions more descriptive
* chore(CppUnit): a more descriptive name for callback
Co-authored-by: Günter Obiltschnig <guenter.obiltschnig@appinf.com>
* updated README.md
* Create close-inactive-issues.yml
* check return codes of EVP_CIPHER_CTX_new and EVP_CipherInit
Especially with OpenSSL 3, it is possible that EVP_CipherInit may fail even when
passed a non-null cipher[1]. Without the checking, it will finally get to a
segfault.
[1] https://github.com/openssl/openssl/issues/16864
* Automatically load default and legacy providers with OpenSSL 3
Without the legacy provider [1], some ciphers are not available. For example,
the 'des-ecb' one used by test sutie is missed and the test will fail.
[1] OSSL_PROVIDER-LEGACY(7ossl)
* Make p12 ca order the same as pem
OpenSSL < 3 returns p12 ca order in reversed order. This is fixed
in OpenSSL 3. We work around it with old OpenSSL.
See:
https://github.com/openssl/openssl/issues/16421https://github.com/openssl/openssl/pull/12641f5eb85eb0f
* Implement SSL abort handling on OpenSSL 3
On an unexpected EOF, versions before OpenSSL 3.0 returned SSL_ERROR_SYSCALL,
nothing was added to the error stack, and errno was 0. Since OpenSSL 3.0 the
returned error is SSL_ERROR_SSL with a meaningful error on the error stack.[1]
[1] SSL_GET_ERROR(3ossl)
Co-authored-by: Günter Obiltschnig <guenter.obiltschnig@appinf.com>
Co-authored-by: Robin Lee <cheeselee@fedoraproject.org>
Co-authored-by: Aleksandar Fabijanic <aleks-f@users.noreply.github.com>
