| Age | Commit message (Collapse) | Author |
|---|
|
function. Nothing makes use of the return value and the second argument
was only used to produce the return value...
|
|
when ssl3_send_client_certificate() was converted to the standard handshake
functions in r1.150 of s3_clnt.c.
This has no impact on TLS, however it causes the DTLS client to fail if the
server sends a certificate request, since the TLS MAC is calculated on a
non-populated DTLS header.
Issue reported by umokk on github.
|
|
Ensure both MD and key have been initialized before processing HMAC.
Releasing HMAC_CTX in error path of HMAC().
In regress test, added test 4,5,6 and cleaned up the code.
ok jsing@
|
|
ok bluhm@ jmc@ renato@
|
|
|
|
ok inoguchi@
|
|
|
|
|
|
|
|
used in various parts of TLS 1.0/1.1.
This will allow for code simplification in libssl.
The same interface exists in OpenSSL 1.1.
ok beck@ deraadt@ inoguchi@ millert@
|
|
|
|
"ssl3-md5" and "ssl-sha1", call the EVP_md5() and EVP_sha1() functions
directly.
ok beck@ inoguchi@
|
|
|
|
RES_USE_DNSSEC is implemented by setting the DNSSEC DO bit in outgoing
queries. The resolver is then supposed to set the AD bit in the reply
if it managed to validate the answer through DNSSEC. Useful when the
application doesn't implement validation internally. This scheme
assumes that the validating resolver is trusted and that the
communication channel between the validating resolver and and the client
is secure.
ok eric@ gilles@
|
|
Needed for RES_USE_DNSSEC support.
ok eric@ gilles@
|
|
elements of the union.
This field is for internal asr flags. The flags in "struct rrset" and
"struct ni" are different kinds of flags.
ok eric@
|
|
ok kettenis@
|
|
implementations.
ok guenther@
|
|
Necessary (but perhaps not suffcient) to build large binaries on arm.
ok guenther@
|
|
due to ports build failures.
ok kettenis@
|
|
of Japan, they are present in Mozilla's CA store. OK ajacoutot@
/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication EV RootCA1
/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication RootCA2
/C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1
|
|
suppose this still stems from the first steps where we tried to get at
least some userland stuff to compile. This change properly saves the
pointer before doing the syscall and stores the return value in the
pointer on return. This makes sigpending regress pass.
|
|
minek van on misc@. Thanks.
ok tb@, tj@
(and jmc@ is ok with the diff but can't ok the technical content).
|
|
a long sentence (from tj@).
|
|
element of the union.
ok gilles@ millert@ krw@
|
|
the wrong location, thus not making it set SIG_BLOCK with a zero mask
when attempting to read the signal mask (if set ptr is NULL). Instead
an attempt to read the mask actually told the syscall to set the mask
to zero.
|
|
ok jca@ krw@ gilles@
|
|
that make use of it.
ok bcook@ inoguchi@
|
|
rather than a non-informative EAI_FAIL. Compare to -1 for error detection
while here.
ok jca@ gilles@
|
|
|
|
and document ERR_asprintf_error_data as their replacement.
ok jsing@, ingo@
|
|
|
|
about tls_error(3), and warn about some traps;
OK jmc@
|
|
value returned in x1 on __tfork(3) is always zero, which made the code
always fall into the child case.
|
|
ok kettenis@
|
|
Requested earlier by eric@
|
|
In particular, truncated packets without the TC flag set (non-compliant
server sending too large packets) now fail with EOVERFLOW instead of EINVAL,
so the TCP fallback mechanism can work.
feedback and ok krw@ jca@ benno@
|
|
EDNS allows for various DNS extensions, among which UDP DNS packets size
bigger than 512 bytes. The default is still to not advertize anything.
ok eric@
|
|
pack/unpack contexts.
ok krw@ deraadt@
|
|
broken DNS servers out there that send packets >512 bytes w/o even the
courtesy of trying to use EDNS0.
A partial workaround as more complete packet parsing solutions are
worked on.
ok jca@ eric@
|
|
clang and clang++.
|
|
As reported by Yuri Pankov, some versions of GCC whine that "tmp"
might be used uninitialized in fts_open(3). Clearly, that cannot
actually happen, but explicitly setting it to NULL is safer anyway.
While here, rename the badly named variable "tmp" and make the
inner "if" easier to understand.
Feedback and OK guenther@
|
|
pointer being NULL.
Found by jsg@ with cppcheck; also detected by Coverity.
|
|
free() error path.
ok otto@
|
|
|
|
|
|
a page. This is not required by any standard and other malloc
implementation do not document (or implement) this. ok deraadt@
|
|
|
|
provided error code matches the error that is currently on the top of the
error stack.
|
|
1989, VMS, or MS/DOS and we all run Brobdingnagian C compilers that have
can now be counted on to achieve this level of sophistication nearly
everywhere.
ok jsing@
|
