|
Revision tags: release-2.2.1-alpha, release-2.1.12-stable, release-2.1.11-stable, release-2.1.10-stable, release-2.1.9-beta, release-2.0.23-beta |
|
| #
894ca48a |
| 02-Apr-2018 |
Bernard Spil <[email protected]> |
Fix build with LibreSSL 2.7
LibreSSL 2.7 implements OpenSSL 1.1 API except for BIO_get_init()
See also: https://bugs.freebsd.org/226900
Signed-off-by: Bernard Spil <[email protected]>
Closes: #617
Fix build with LibreSSL 2.7
LibreSSL 2.7 implements OpenSSL 1.1 API except for BIO_get_init()
See also: https://bugs.freebsd.org/226900
Signed-off-by: Bernard Spil <[email protected]>
Closes: #617 (cherry-pick)
(cherry picked from commit 28b8075400c70b2d2da2ce07e590c2ec6d11783d)
show more ...
|
| #
230af9f0 |
| 28-Jan-2017 |
Jan Beich <[email protected]> |
Unbreak build with LibreSSL after openssl 1.1 support added
Fixes: 3e9e0a0d46e4 ("Make it build using OpenSSL 1.1.0")
Fixes: #445
(cherry picked from commit d057c45e8f48aa90d8b340cac4c8ae4cc8b5d0ac)
|
|
Revision tags: release-2.1.8-stable, release-2.1.7-rc |
|
| #
3e9e0a0d |
| 19-Sep-2016 |
Kurt Roeckx <[email protected]> |
Make it build using OpenSSL 1.1.0
Rebased (azat):
- tabs instead of whitespaces
- make openssl-compat.h safe for complex expressions
- do not call sk_SSL_COMP_free() in 1.1 (fixes double free)
TODO
Make it build using OpenSSL 1.1.0
Rebased (azat):
- tabs instead of whitespaces
- make openssl-compat.h safe for complex expressions
- do not call sk_SSL_COMP_free() in 1.1 (fixes double free)
TODO:
- clean methods_bufferevent
Closes: #397 (cherry-picked)
show more ...
|
|
Revision tags: release-2.1.6-beta |
|
| #
3316a210 |
| 10-Nov-2015 |
Azat Khuzhin <[email protected]> |
Add missing <string.h> for openssl_hostname_validation module
Now it included by openssl, but nfter
openssl/openssl@master-post-reformat-1494-g6329b60 it will print warning
(apparently they dropped
Add missing <string.h> for openssl_hostname_validation module
Now it included by openssl, but nfter
openssl/openssl@master-post-reformat-1494-g6329b60 it will print warning
(apparently they dropped <string.h> from the generic headers).
show more ...
|
|
Revision tags: release-2.0.22-stable, release-1.4.15-stable, release-2.1.5-beta, release-2.1.4-alpha |
|
| #
e212c548 |
| 22-Jan-2014 |
Joakim Soderberg <[email protected]> |
Check for OSX when checking for clang.
|
| #
0ef1d04e |
| 17-Dec-2013 |
Joakim Soderberg <[email protected]> |
Get rid of unknown pragma warnings.
|
| #
69c3516b |
| 17-Dec-2013 |
Joakim Söderberg <[email protected]> |
Get rid of deprecation warnings for OpenSSL on OSX 10.7+
|
|
Revision tags: release-2.1.3-alpha |
|
| #
4db9da6b |
| 28-Feb-2013 |
Patrick Pelletier <[email protected]> |
pull in wildcard matching code from cURL
Now, https-client accepts both:
https://ip.appspot.com/ (matching wildcard certificate)
https://github.com/ (matching non-wildcard certificate)
but sti
pull in wildcard matching code from cURL
Now, https-client accepts both:
https://ip.appspot.com/ (matching wildcard certificate)
https://github.com/ (matching non-wildcard certificate)
but still rejects
https://www.kegel.com/ (non-matching wildcard certificate)
which should match the behavior of these sites in a web browser.
show more ...
|
| #
6021cb50 |
| 28-Feb-2013 |
Patrick Pelletier <[email protected]> |
avoid sign mismatch warning in openssl_hostname_validation.c
sample/openssl_hostname_validation.c: In function 'matches_common_name':
sample/openssl_hostname_validation.c:80: warning: comparison bet
avoid sign mismatch warning in openssl_hostname_validation.c
sample/openssl_hostname_validation.c: In function 'matches_common_name':
sample/openssl_hostname_validation.c:80: warning: comparison between signed and unsigned integer expressions
sample/openssl_hostname_validation.c: In function 'matches_subject_alternative_name':
sample/openssl_hostname_validation.c:124: warning: comparison between signed and unsigned integer expressions
show more ...
|
| #
64d9f161 |
| 28-Feb-2013 |
Patrick Pelletier <[email protected]> |
use iSECPartners code to validate hostname in certificate
The problem is that if you go to a website whose certificate does not
match its hostname, it should fail. Try this in a web browser for
htt
use iSECPartners code to validate hostname in certificate
The problem is that if you go to a website whose certificate does not
match its hostname, it should fail. Try this in a web browser for
https://www.kegel.com/ for example. Your web browser will say the
certificate is for *.pair.com, not for www.kegel.com, and won't let
you visit it without clicking through a bunch of scary warnings.
However, prior to this commit, https-client was happy to fetch
https://www.kegel.com/ without complaining. That is bad. Now, with
this commit, it will properly complain, which is good:
pelletier@chives:~/src/libevent/sample$ ./https-client https://www.kegel.com/
Got 'MatchNotFound' for hostname 'www.kegel.com' and certificate:
/C=US/postalCode=15203/ST=Pennsylvania/L=Pittsburgh/street=Suite 210/street=2403 Sidney Street/O=pair Networks, Inc./OU=Provided by pair Networks, Inc./OU=PairWildcardSSL $250,000/CN=*.pair.com
some request failed - no idea which one though!
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
ppelletier@chives:~/src/libevent/sample$
It will still succeed for sites with an exactly-matching certificate,
such as https://github.com/ and that is also good!
However, the problem is that the iSECPartners code doesn't handle
wildcards, which means we reject https://ip.appspot.com/ even though
it is perfectly legitimate, because we don't understand the wildcard:
ppelletier@chives:~/src/libevent/sample$ ./https-client https://ip.appspot.com/
Got 'MatchNotFound' for hostname 'ip.appspot.com' and certificate:
/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.appspot.com
some request failed - no idea which one though!
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
ppelletier@chives:~/src/libevent/sample$
So, we need to fix this. In other words, "to be continued..."
show more ...
|