Run-checker CI / run-checker (enable-trace enable-fips) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-cmp) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-cms) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-default-thread-pool) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-dgram) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-dh) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-dtls) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-ec) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-ecx) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-http) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-legacy) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-ml-dsa) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-ml-kem) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-quic) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-sock) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-ssl-trace) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-stdio) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-thread-pool) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-threads) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-tls) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-tls1_2) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-tls1_3) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-ui) (push) Has been cancelledDetails
Run-checker merge / run-checker (enable-asan enable-ubsan no-shared no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function) (push) Has been cancelledDetails
Run-checker merge / run-checker (enable-pie) (push) Has been cancelledDetails
Run-checker merge / run-checker (enable-ubsan no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function) (push) Has been cancelledDetails
Run-checker merge / run-checker (enable-weak-ssl-ciphers) (push) Has been cancelledDetails
Run-checker merge / run-checker (enable-zlib) (push) Has been cancelledDetails
Run-checker merge / run-checker (no-dso) (push) Has been cancelledDetails
Run-checker merge / run-checker (no-dynamic-engine) (push) Has been cancelledDetails
Run-checker merge / run-checker (no-ec2m enable-fips) (push) Has been cancelledDetails
Run-checker merge / run-checker (no-engine no-shared) (push) Has been cancelledDetails
Run-checker merge / run-checker (no-err) (push) Has been cancelledDetails
Run-checker merge / run-checker (no-filenames) (push) Has been cancelledDetails
Run-checker merge / run-checker (no-integrity-only-ciphers) (push) Has been cancelledDetails
Run-checker merge / run-checker (no-module) (push) Has been cancelledDetails
Run-checker merge / run-checker (no-ocsp) (push) Has been cancelledDetails
Run-checker merge / run-checker (no-pinshared) (push) Has been cancelledDetails
Run-checker merge / run-checker (no-srp) (push) Has been cancelledDetails
Run-checker merge / run-checker (no-srtp) (push) Has been cancelledDetails
Run-checker merge / run-checker (no-ts) (push) Has been cancelledDetails
Run-checker merge / jitter (push) Has been cancelledDetails
Run-checker merge / threads_sanitizer_atomic_fallback (push) Has been cancelledDetails
Windows GitHub CI / shared (map[arch:win32 config:--strict-warnings no-fips os:windows-2025]) (push) Has been cancelledDetails
Windows GitHub CI / shared (map[arch:win64 config:enable-fips no-thread-pool no-quic os:windows-2025]) (push) Has been cancelledDetails
Windows GitHub CI / shared (map[arch:win64 config:enable-fips os:windows-2022]) (push) Has been cancelledDetails
Windows GitHub CI / plain (windows-2022) (push) Has been cancelledDetails
Windows GitHub CI / minimal (windows-2022) (push) Has been cancelledDetails
Windows GitHub CI / cygwin (windows-2022, map[arch:win64 config:-DCMAKE_C_COMPILER=gcc --strict-warnings enable-demos no-fips]) (push) Has been cancelledDetails
Windows Compression GitHub CI / zstd (push) Has been cancelledDetails
Windows Compression GitHub CI / brotli (push) Has been cancelledDetails
When operating with the -new switch in apps/openssl s_time, we neglect
to set the exit code properly, and so the app exits with a code of 1
rather than 0 as expected
Fixes#27856
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27857)
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 0ce7d1f355)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24034)
Since SSL_MODE_AUTO_RETRY is enabled by default, no need to set
it explicitly.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14742)
Make sure all commands check to see if there are any "extra" arguments
after the options, and print an error if so.
Made all error messages consistent (which is to say, minimal).
Fixes: #13527
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13563)
fix doc of s_client and s_server credentials and verification options
fix doc of verification options also for s_time, x509, crl, req, ts, and verify
correcting and extending texts regarding untrusted and trusted certs,
making the order of options in the docs and help texts more consistent,
etc.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11273)
Add a -provider option to allow providers to be loaded. This option can be
specified multiple times.
Add a -provider_path option to allow the path to providers to be specified.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11167)
Add cmd-nits make target.
Listing options should stop when it hits the "parameters" separator.
Add missing .pod.in files to doc/man1/build.info
Tweak find-doc-nits to try openssl-XXX before XXX for POD files and
change an error messavge to be more useful.
Fix the following pages: ca, cms, crl, dgst, enc,
engine, errstr, gendsa, genrsa, list, ocsp, passwd, pkcs7, pkcs12, rand,
rehash, req, rsautil, s_server, speed, s_time,
sess_id, smime, srp, ts, x509.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10873)
Remove "Valid options" label, since all commands have sections (and
[almost] always the first one is "General options").
Have "list --options" ignore section headers
Reformat ts's additional help
Add output section
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9953)
Because of that we can remove OPENSSL_UNISTD and some other
macros from e_os2.h and opensslconf.h
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9204)
This is probably a "should not happen" scenario, but better check anyway.
Found by Coverity.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6373)
Various code-cleanups.
Use SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY) insead of handling
SSL_ERROR_WANT_READ everywhere.
Turn off the linger option on connected sockets to avoid failure.
Add BIO_set_conn_mode(conn, BIO_SOCK_NODELAY) to improve thruput.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3952)
Everything in apps includes apps.h, because that one declares apps
internal library routines. However, progs.h doesn't declare library
routines, but rather the main commands and their options, and there's
no reason why the library modules should include it.
So, remove the inclusion of progs.h from apps.h and add that inclusion
in all command source files.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5222)
Remove GETPID_IS_MEANINGLESS and osslargused.
Move socket-related things to new file internal/sockets.h; this is now
only needed by four(!!!) files. Compiles should be a bit faster.
Remove USE_SOCKETS ifdef's
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4209)
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3925)
This resolves the retry issue in general, but also the specific case where a TLS 1.3 server sends a post-handshake NewSessionTicket message prior to appdata.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3925)
This includes strcat, strcpy and sprintf.
In the x509 app, the code has been cleaned up as well.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3868)
[extended tests]
Original text:
Use BUF_strlcpy() instead of strcpy().
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3701)
Mostly braces and NULL pointer check and also copyright year bump
Signed-off-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3657)
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1694)
into a structure , to avoid any accident .
Plus some few cleanups
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
For those command line options that take the verification options
-CApath and -CAfile, if those options are absent then the default path or
file is used instead. It is not currently possible to specify *no* path or
file at all. This change adds the options -no-CApath and -no-CAfile to
specify that the default locations should not be used to all relevant
applications.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Here are the "rules" for handling flags that depend on #ifdef:
- Do not ifdef the enum. Only ifdef the OPTIONS table. All ifdef'd
entries appear at the end; by convention "engine" is last. This
ensures that at run-time, the flag will never be recognized/allowed.
The next two bullets entries are for silencing compiler warnings:
- In the while/switch parsing statement, use #ifdef for the body to
disable it; leave the "case OPT_xxx:" and "break" statements outside
the ifdef/ifndef. See ciphers.c for example.
- If there are multiple options controlled by a single guard, OPT_FOO,
OPT_BAR, etc., put a an #ifdef around the set, and then do "#else"
and a series of case labels and a break. See OPENSSL_NO_AES in cms.c
for example.
Reviewed-by: Matt Caswell <matt@openssl.org>
Continuing from the previous commit this changes the way we do client side
version negotiation. Similarly all of the s23* "up front" state machine code
has been avoided and again things now work much the same way as they already
did for DTLS, i.e. we just do most of the work in the
ssl3_get_server_hello() function.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
openssl-machine
Neil Horman
Richard Levitte
Drokov Pavel
Dr. David von Oheimb
Pauli
Rich Salz
Matt Caswell
Nan Xiao
Pauli
Pauli
raja-ashok
Bernd Edlinger
Rich Salz
Roelof duToit
Paul Yang
Dmitry Belyavskiy
FdaSilvaYY
Kurt Roeckx
Andy Polyakov