IABSD.fr/src/lib/libssl
Branch :
Log
| Author | Commit | Date | CI | Message |
|---|---|---|---|---|
 |
74a1e058 | 2025-06-13 18:34:00 | The mdoc(7) .Ft macro does not need quoting of its arguments, but about 10% of our manual pages using this macro employed useless quoting anyway. Remove these quotes such that they do not incite fear, uncertainty, and doubt in developers who happen to look at these pages. jmc@ and tb@ agree with the direction. | |
 |
ca887080 | 2025-06-09 10:14:38 | SSL_shutdown(): remove pointless NULL check. reported by smatch via jsg ok beck | |
|
a8680c8b | 2025-06-08 22:52:00 | .Lb libssl libcrypto ; OK tb@ | |
|
61351504 | 2025-06-08 22:49:42 | delete an "intentionally undocumented" comment regarding stuff that no longer exists, and add .Lb libssl libcrypto; OK tb@ | |
|
e5b65a2f | 2025-06-08 22:47:20 | add the missing .In line and add .Lb libssl libcrypto ; OK tb@ | |
|
c3fb235e | 2025-06-07 15:50:12 | Trim trailing whitespace | |
|
4f09611f | 2025-06-07 15:49:22 | Spelling, discussed with jsing | |
|
43bdc3b5 | 2025-06-07 10:25:12 | tls13_ctx_new(): fix calloc() incantation Switch argument order and use sizeof(*ctx) rather than sizeof(struct ...). ok jsg | |
|
88350ef7 | 2025-06-07 10:23:21 | Fix weird calloc() argument order ok jsg | |
 |
820c8430 | 2025-06-02 12:18:21 | correct indentation, no functional change found with smatch, ok tb@ | |
|
e042858e | 2025-05-31 15:17:11 | zap weird empty added to tls1_ec_nid2group_id() in previous | |
|
a10bf9eb | 2025-05-22 08:25:26 | Simplify SSL_alert_desc_string SSL_alert_desc_string() is only used by our good old friends M2Crypto and Net::SSLeay. While some of the two-letter combinations can be made sense of without looking at the switch, I guess, this is just a completely useless interface. The same level of uselessness can be acchieved in a single line matching BoringSSL. ok joshua kenjiro | |
 |
87f63e75 | 2025-05-20 05:39:08 | Don't use the array index as the group_id This is a precursor to adding new group ids for post quantum stuff which are up in the 4000 range, so using the array index as the group id will be silly. Instead we just add the group id to the structure and we walk the list to find it. This should never be a very large list for us, so no need to do anything cuter than linear search for now. ok jsing@, joshua@ | |
|
bdb0d0cc | 2025-05-10 06:04:36 | ssl_local.h: stop guarding SYSerror() with an #ifdef | |
|
e3034ce0 | 2025-05-10 05:49:56 | ssl_local: provide an SSL-internal version of SYSerror() | |
|
a77d91e1 | 2025-05-10 05:49:21 | SSL_error_internal: remove a superfluous pair of parens | |
|
b4e54e6f | 2025-05-10 05:37:22 | ssl_local.h: adjust some whitespace | |
|
a7723dc5 | 2025-05-10 05:31:21 | const correct SSL_error_internal() | |
|
8ee62dda | 2025-05-04 10:53:38 | sigh. pqueue_find() also needs a const treatment | |
|
e37f3117 | 2025-05-04 10:47:46 | pqueue.h: zap trailing whitespace | |
|
f7843586 | 2025-05-04 10:47:02 | const correct first argument of pitem_new() Makes upcoming changes in regress less ugly. | |
|
8e2d8607 | 2025-04-30 13:50:50 | tlsext: stop sending SNI before ALPN in clients All supported releases of LibreSSL ensure that the corresponding callbacks are called in a predefined order rather than honoring the order in which a client sends its extensions. Therefore the ALPN callback for apache-httpd's virtual host setups can rely on SNI information being available and we no longer need to work around this on hte client side. Cuts the amount of code needed for tlsext randomization in half. ok jsing | |
|
2687a752 | 2025-04-18 08:35:34 | SSL_set_tlsext_host_name: as a setter it cannot take a const ssl | |
|
8f9f394d | 2025-04-18 08:07:36 | Remove two unused defines, update standard reference ok jsing | |
|
ec958d0e | 2025-04-18 07:34:01 | Fix annoying whitespace | |
|
f2cb3ef3 | 2025-03-28 12:13:03 | typo: primtive -> primitive | |
 |
49eea2f0 | 2025-03-13 10:44:36 | minor libssl bump (SSL_OP_NO_RENEGOTIATION/SSL_OP_ALLOW_CLIENT_RENEGOTIATION) code #ifdef'ing these and compiled with new headers won't work as expected on earlier libraries minor libtls bump to match libssl bump ok tb@ | |
|
21482783 | 2025-03-13 10:26:41 | Make srtp.h self-standing by including ssl.h ok miod | |
 |
7eb10788 | 2025-03-12 14:03:55 | Provide SSL_OP_NO_RENEGOTIATION and SSL_OP_ALLOW_CLIENT_RENEGOTIATION. In January 2017 we added SSL_OP_NO_CLIENT_RENEGOTIATION, which results in a SSL_AD_NO_RENEGOTIATION fatal alert if a ClientHello message is seen on an active connection (client initiated renegotation). Then in May 2017 OpenSSL added SSL_OP_NO_RENEGOTIATION, which results in a SSL_AD_NO_RENEGOTIATION warning alert if a server receives a ClientHello on an active connection (client initiated renegotation), or a client receives a HelloRequest (server requested renegotation). This option also causes calls to SSL_renegotiate() and SSL_renegotiate_abbreviated() to fail. Then in 2021, OpenSSL also added SSL_OP_ALLOW_CLIENT_RENEGOTIATION, which trumps SSL_OP_NO_RENEGOTIATION but only for incoming ClientHello messages (apparently unsetting SSL_OP_NO_RENEGOTIATION is too hard). Provide SSL_OP_NO_RENEGOTIATION and SSL_OP_ALLOW_CLIENT_RENEGOTIATION, primarily to make life easier for ports. If SSL_OP_NO_CLIENT_RENEGOTIATION is set it will take precedence and render SSL_OP_ALLOW_CLIENT_RENEGOTIATION ineffective. The rest of the behaviour should match OpenSSL, with the exception of ClientHellos triggering fatal alerts instead of warnings. ok tb@ | |
|
a94db429 | 2025-03-09 15:54:59 | Give libssl the same bump as libcrypto | |
|
f41886e8 | 2025-03-09 15:53:36 | const correct tls_session_secret_cb_fn() Various ports throw a warning since their tls_session_secret_cb's signature doesn't match what we expect. Aligns us with OpenSSL 1.1. This is only useful for RFC 4851 EAP-FAST implementations and surprisingly it's undocumented. ok jsing | |
|
69fa30da | 2025-03-09 15:12:18 | Support OPENSSL_NO_FILENAMES Some people are concerned that leaking a user name is a privacy issue. Allow disabling the __FILE__ and __LINE__ argument in the error stack to avoid this. This can be improved a bit in tree. From Viktor Szakats in https://github.com/libressl/portable/issues/761 ok bcook jsing | |
|
4519f49a | 2025-02-04 14:00:05 | SSL_select_next_proto: fix invalid octal escape by switching to hexadecimal | |
|
e5d83da7 | 2025-01-18 14:17:05 | Simplify tls1_check_ec_key() It doesn't need to have optional arguments anymore, so we can pass in values and don't need NULL checks and dereferencing. ok jsing | |
|
e0096704 | 2025-01-18 13:26:51 | Rename grp to group like almost everywhere else | |
|
1271c85a | 2025-01-18 13:15:31 | Remove parentheses in return statements ok cc + sha256 | |
|
220e3b7c | 2025-01-18 13:11:58 | Remove two pointless NULL checks The only caller ensures that the EC_KEY is not NULL and passes the address of comp_id on its stack, so neither will be NULL. | |
|
54d00625 | 2025-01-18 13:07:47 | Drop field determination dance If we get here, we're in a server and have managed to load the cert. The public key is therefore a point on a built-in curve, and we know the group is defined over some prime field. Now it is just a matter of figuring out whether we support the group in libssl. ok jsing | |
|
29c2420e | 2025-01-18 13:03:02 | Stop pretending we support arbirary explicit groups ok jsing | |
|
1ef70f4f | 2025-01-18 12:20:37 | Remove SSL_DES and SSL_IDEA remnants ok jsing | |
|
a00bfa08 | 2025-01-18 12:20:02 | SSL_CTX_set_cipher_list: stop mentioning ancient ciphers Support was removed nearly a decade ago. No need to mention this anymore. ok jsing | |
|
2bba40d4 | 2025-01-18 10:53:04 | Remove last uses of SSL_aDSS ok jsing | |
|
942444cc | 2025-01-18 10:52:09 | ssl_seclevel: remove comment pertaining to DSA certs ok jsing | |
|
de980744 | 2025-01-18 10:45:12 | Stop mentioning DSA/DSS Support for this went away in 2017, but a few things still mentioned DSA in various contexts. Replace DSA with ECDSA where appropriate and otherwise delete this. It won't work. ok jsing | |
|
66738ebb | 2025-01-17 22:39:42 | ssl_local.h: does not need to include dsa.h | |
 |
72dde9b8 | 2024-12-19 06:45:21 | received form the peer -> received from the peer | |
|
f88101f6 | 2024-12-05 19:57:37 | Zap a trailing space | |
|
db36e951 | 2024-10-23 01:57:19 | remove duplicate defines; ok tb@ | |
|
09837443 | 2024-10-17 06:19:06 | libssl: rework cert signature security level This switches to using the X509_get_signature_info() API instead of hand rolling a part of it. This is slightly tangly since the security level API is strange. In particular, some failures are passed to the security level callback so that applications can override them. This makes the security level API handle RSA-PSS and EdDSA certificates correctly and the handshake with such can progress a bit further. Of note, we check that the certs are actually suitable for use in TLS per RFC 8446 contrary to what OpenSSL does. ok beck jsing | |
|
d586846e | 2024-10-13 08:25:09 | byt -> but; ok tb@ | |
|
738d3f53 | 2024-10-12 03:54:18 | Remove unnecessary str variable in ssl_stat.c Drop about 1/4 of the lines in here by avoiding the use of a variable. For some reason the API in this file made me go listen to Pow R. Toc H. All of a sudden the lyrics made sense. I should probably be worried. ok beck jsing | |
|
733b13f1 | 2024-10-09 10:27:52 | Remove SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER Nothing uses this and it collides with ALPN | |
|
76b18633 | 2024-10-09 08:22:28 | Add missing alert descriptions (taken from RFC 8446) This is so gross... | |
|
2db314db | 2024-10-09 08:01:39 | Add missing alerts to SSL_alert_desc_string{,_long}() ok beck | |
|
48d99288 | 2024-10-09 08:00:29 | Add missing alert errors and error strings For every TLS alert there needs a corresponding error with error code having an offset of SSL_AD_REASON_OFFSET (aka 1000), otherwise the error stack fails to set the reason correctly. ok beck | |
|
6eec31fb | 2024-09-22 14:59:48 | Reinstate bounds check accidentally disabled when defining OPENSSL_NO_DTLS1 From Kenjiro Nakayama Closes https://github.com/libressl/portable/issues/1097 | |
|
77f21699 | 2024-09-09 07:40:03 | Make error 235 resolve to "no application protocol" We accidentally have two errors 235 since we didn't notice that OpenSSL removed the unused SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER and later that becamse SSL_R_NO_APPLICATION_PROTOCOL. Getting an "unsupported cipher" error when fiddling with ALPN is confusing, so fix that. ok jsing | |
|
9987920c | 2024-09-09 03:55:55 | Fix alert callback in the QUIC layer Only close_notify and user_cancelled are warning alerts. All others should be fatal. In order for the lower layers to behave correctly, the return code for fatal alerts needs to be TLS13_IO_ALERT instead of TLS13_IO_SUCCESS. Failure to signal handshake failure in the public API led to a crash in HAProxy when forcing the tls cipher to TLS_AES_128_CCM_SHA256 as found by haproxyfred while investigating https://github.com/haproxy/haproxy/issues/2569 Kenjiro Nakayama found misbehavior of ngtcp2-based servers, wrote a similar patch and tested this version. Fixes https://github.com/libressl/portable/issues/1093 ok jsing | |
|
8699d7a9 | 2024-09-09 03:32:29 | Add and use tls13_record_layer_alert_sent() This is a small refactoring that wraps a direct call to the record layer's alert_sent() callback into a handler for upcoming reuse in the QUIC code. No functional change. ok jsing | |
|
c388d242 | 2024-08-31 12:46:55 | Update for OPENSSL_cpu_caps() now being machine independent. ok tb@ | |
|
47553fdf | 2024-08-31 10:54:12 | major bump for libcrypto libssl and libtls | |
|
849d353b | 2024-08-31 10:51:48 | Remove SSL_add_compression_method | |
|
6d516ef5 | 2024-08-12 21:01:54 | Bump minor after symbol addition | |
|
effebf15 | 2024-08-12 21:01:34 | Add SSL_CTX_set1_cert_store() and SSL_CIPHER_get_handshake_digest() to Symbols.list | |
|
3b17b0f8 | 2024-08-12 21:01:00 | Expose SSL_CTX_set1_cert_store() and SSL_CIPHER_get_handshake_digest() | |
|
121bba80 | 2024-08-11 13:04:46 | Add include path for crypto_arch.h. | |
|
946c9001 | 2024-08-03 04:53:01 | Document SSL_CTX_set_cert_store From Kenjiro Nakayama | |
|
dcd96ea6 | 2024-08-03 04:50:27 | Prepare to provide SSL_CTX_set1_cert_store() SSL_CTX_set_cert_store() should have been called SSL_CTX_set0_cert_store() since it takes ownership of the store argument. Apparently a few people ran into the issue of not bumping the refcount themselves, leading to use after frees about 10 years ago. This is a quite rarely used API and there are no misuses in the ports tree, but since someone did the work of writing a diff, we can still add it. Needless to say that SSL_CTX_get_cert_store() obviously has the exact same issue and nobody seems to have thought of adding a get0 or get1 version to match... Fixes https://github.com/libressl/openbsd/issues/71 From Kenjiro Nakayama | |
|
ae0a2582 | 2024-07-23 14:40:53 | Remove get_cipher from SSL_METHOD. Inline the get_cipher implementation (including the special handling for DTLS) in ssl_cipher_collect_ciphers() (the only consumer), remove the get_cipher member of SSL_METHOD and mop up dtls1_get_cipher(). ssl3_get_cipher() has always had a strange property of being a reverse index, which is relied on by the cipher list ordering code, since it currently assumes that high cipher suite values are preferable. Rather than complicating ssl3_get_cipher() (and regress), change the iteration order in ssl_cipher_collect_ciphers() to match what it requires. Lastly, rename ssl3_get_cipher() to be more descriptive. ok tb@ | |
|
f4fe6251 | 2024-07-22 14:47:15 | Use cipher suite values instead of IDs. OpenSSL has had the concept of cipher IDs, which were a way of working around overlapping cipher suite values between SSLv2 and SSLv3. Given that we no longer have to deal with this issue, replace the use of IDs with cipher suite values. In particular, this means that we can stop mapping back and forth between the two, simplifying things considerably. While here, remove the 'valid' member of the SSL_CIPHER. The ssl3_ciphers[] table is no longer mutable, meaning that ciphers cannot be disabled at runtime (and we have `#if 0' if we want to do it at compile time). Clean up the comments and add/update RFC references for cipher suites. ok tb@ | |
|
387303bb | 2024-07-20 04:04:23 | Remove cipher from SSL_SESSION. For a long time SSL_SESSION has had both a cipher ID and a pointer to an SSL_CIPHER (and not both are guaranteed to be populated). There is also a pointer to an SSL_CIPHER in the SSL_HANDSHAKE that denotes the cipher being used for this connection. Some code has been using the cipher from SSL_SESSION and some code has been using the cipher from SSL_HANDSHAKE. Remove cipher from SSL_SESSION and use the version in SSL_HANDSHAKE everywhere. If resuming from a session then we need to use the SSL_SESSION cipher ID to set the SSL_HANDSHAKE cipher. And we still need to ensure that we update the cipher ID in the SSL_SESSION whenever the SSL_HANDSHAKE cipher changes (this only occurs in a few places). ok tb@ | |
|
59ec10be | 2024-07-19 08:56:17 | Annotate issues with tls_session_secret_cb() related code. | |
|
1a5be6e3 | 2024-07-19 08:54:31 | Move client ciphers from SSL_SESSION to SSL_HANDSHAKE. SSL_SESSION has a 'ciphers' member which contains a list of ciphers that were advertised by the client. Move this from SSL_SESSION to SSL_HANDSHAKE and rename it to match reality. ok tb@ | |
|
eb67a850 | 2024-07-16 14:38:04 | Clean up SSL_HANDSHAKE_MAC_DEFAULT. The handshake MAC needs to be upgraded when TLSv1.0 and TLSv1.1 ciphersuites are used with TLSv1.2. Since we no longer support TLSv1.0 and TLSv1.1, we can simply upgrade the handshake MAC in the ciphersuite table and remove the various defines/macros/code that existed to handle the upgrade. ok tb@ | |
|
bf08afbe | 2024-07-16 10:19:38 | Fix .Ox for SSL_CIPHER_get_handshake_digest() | |
|
2bfbbd8b | 2024-07-15 14:45:15 | Mop up TLS1_PRF* defines. These have not been used for a long time, however SSL_CIPHER was not opaque at the time, hence they had to stick around. Now that SSL_CIPHER is opaque we can simply mop them up. ok tb@ | |
|
d148180b | 2024-07-15 00:11:59 | ocurred -> occurred | |
|
5dd6d43a | 2024-07-14 15:56:08 | Forgot to annotate the TMP UGLY CAST[S] as requested by jsing h/t to levitte | |
|
6071ac1f | 2024-07-14 15:48:24 | Document SSL_CIPHER_get_handshake_digest(3) | |
|
39d7e165 | 2024-07-14 15:39:36 | Prepare to provide SSL_CIPHER_get_handshake_digest() Needed by newer freeradius. This is a straightforward implementation that essentially duplicates tls13_cipher_hash(). ok jsing | |
|
21053144 | 2024-07-13 18:33:18 | ssl2.h and ssl23.h join the party in the attic Now that the SSL2 client hello support is gone, nothing uses this anymore, except that a few ports still need SSL2_VERSION. ok beck | |
|
5f4c8480 | 2024-07-13 17:42:13 | Make error constants const in libssl This could be made cleaner if we expose ERR_load_const_strings(), but for now this hackier version with casts achieves the same and removes the last unprotected modifiable globals in this library. ok jsing | |
 |
a8d65a3f | 2024-07-12 05:26:34 | Despite being an ELF citizen, hppa is its own special snowflake and requires different asm stanzas to produce strong aliases. This unbreaks libssl on hppa after the recent switch to LIBRESSL_NAMESPACE. | |
|
119a4d50 | 2024-07-11 13:50:44 | Adjust documentation for SSL_select_next_proto() Use better argument names, add a link to the relevant standards and add CAVEATS and BUGS sections pointing out a few pitfalls. discussed with davidben ok beck | |
|
d510b09d | 2024-07-11 13:48:52 | Follow BoringSSL's nomenclature in SSL_select_next_proto() SSL_select_next_poto() was written with NPN in mind. NPN has a weird fallback mechanism which is baked into the API. This is makes no sense for ALPN, where the API behavior is undesirable since it a server should not end up choosing a protocol it doesn't (want to) support. Arguably, ALPN should simply have had its own API for protocol selection supporting the proper semantics, instead of shoehorning an NPN API into working for ALPN. Commit https://boringssl-review.googlesource.com/c/boringssl/+/17206/ renamed the arguments to work for both NPN and ALPN, with the slight downside of honoring client preference instead of the SHOULD in RFC 7301, section 3.2. This grates for most consumers in the wild, but so be it. The behavior is saner and safer. discussed with davidben ok beck | |
|
ccf5fc62 | 2024-07-09 13:43:57 | Don't push the error stack in ssl_sigalg_select() Doing so breaks certificate selection if a TLS 1.3 client does not support EC certs, and needs to fall back to RSA. ok tb@ | |
|
e80243f4 | 2024-07-09 12:27:27 | Fix TLS key share check to not fire when using < TLS 1.3 The check was being too aggressive and was catching us when the extension was being sent by a client which supports tls 1.3 but the server was capped at TLS 1.2. This moves the check after the max version check, so we won't error out if we do not support TLS 1.3 Reported by obsd@bartula.de ok tb@ | |
|
35058f2b | 2024-07-09 09:39:14 | Actually enable namespaced builds in both libcrypto and libssl (instead of commiting only one part) | |
|
0d17ef71 | 2024-06-29 07:34:12 | fix typo | |
|
30d1defa | 2024-06-28 14:48:43 | The ALPN callback should really ignore the out parameter if there's no overlap. Document that explicitly. Also make it more explicit that that the caller must work with a copy of out. ok jsing | |
|
0a52d54c | 2024-06-28 14:46:19 | Fix SSL_select_next_proto() SSL_select_next_proto() is already quite broken by its design: const in, non-const out, with the intention of pointing somewhere inside of the two input pointers. A length returned in an unsigned char (because, you know, the individual protocols are encoded in Pascal strings). Can't signal uailure either. It also has an unreachable public return code. Also, due to originally catering to NPN, this function opportunistically selects a protocol from the second input (client) parameters, which makes little sense for ALPN since that means the server falls back to a protocol it doesn't (want to) support. If there's no overlap, it's the callback's job to signal error to its caller for ALPN. As if that wasn't enough misdesign and bugs, the one we're concerned with here wasn't reported to us twice in ten years is that if you pass this API a zero-length (or a sufficiently malformed client protocol list), it would return a pointer pointing somewhere into the heap instead into one of the two input pointers. This pointer could then be interpreted as a Pascal string, resulting in an information disclosure of up to 255 bytes from the heap to the peer, or a crash. This can only happen for NPN (where it does happen in old python and node). A long time ago jsing removed NPN support from LibreSSL, because it had an utter garbage implementation and because it was practically unused. First it was already replaced by the somewhat less bad ALPN, and the only users were the always same language bindings that tend to use every feature they shouldn't use. There were a lot of complaints due to failing test cases in there, but in the end the decision turned out to be the right one: the consequence is that LibreSSL isn't vulnerable to CVE-2024-5535. Still, there is a bug here to fix. It is completely straightforward to do so. Rewrite this mess using CBS, preserving the current behavior. Also, we do not follow BoringSSL's renaming of the variables. It would result in confusing code in almost all alpn callbacks I've seen in the wild. The only exception is the accidental example of Qt. ok jsing | |
|
42f4d18f | 2024-06-28 13:37:49 | Remove handling of SSLv2 client hello messages. This code was only previously enabled if the minimum enabled version was TLSv1.0 and a non-version locked method is in use. Since TLSv1.0 and TLSv1.1 were disabled nearly a year ago, this code is no longer ever being used. ok tb@ | |
|
a2ca3e8a | 2024-06-26 03:41:10 | remove psk_idx from tlsext_randomize_build_order() ok jsing | |
|
78db451b | 2024-06-26 03:39:49 | tls_extension_find(): make output index optional suggested by jsing | |
|
b9e57b4b | 2024-06-25 14:10:45 | Implement RSA key exchange in constant time. RSA key exchange is known to have multiple security weaknesses, including being potentially susceptible to padding oracle and timing attacks. The RSA key exchange code that we inherited from OpenSSL was riddled with timing leaks, many of which we fixed (or minimised) early on. However, a number of issues still remained, particularly those related to libcrypto's RSA decryption and padding checks. Rework the RSA key exchange code such that we decrypt with RSA_NO_PADDING and then check the padding ourselves in constant time. In this case, the pre-master secret is of a known length, hence the padding is also a known length based on the size of the RSA key. This makes it easy to implement a check that is much safer than having RSA_private_decrypt() depad for us. Regardless, we still strongly recommend disabling RSA key exchange and using other key exchange methods that provide perfect forward secrecy and do not depend on client generated keys. Thanks to Marcel Maehren, Nurullah Erinola, Robert Merget, Juraj Somorovsky, Joerg Schwenk and Hubert Kario for raising these issues with us at various points in time. ok tb@ | |
|
d0e64422 | 2024-06-25 05:46:48 | Fix TLS extension shuffling The diff decoupling the shuffle from the table order still relied on PSK being last because it failed to adjust the upper bound in the for loop. ok jsing | |
|
0d588c02 | 2024-06-24 06:50:07 | ssl_err: KNF tweak | |
|
5fcd2f53 | 2024-06-24 06:49:45 | ssl_err: fix whitespace | |
|
d47f6a4e | 2024-06-22 15:25:06 | Provide CBB_add_u32_length_prefixed(). This is needed for an upcoming change in libcrypto. ok tb@ | |
|
876d5c25 | 2024-06-06 16:13:12 | ssl_tlsext: fix uninitialized variable warning with gcc This is a false positive but as is well-known, gcc is terrible at understanding conditionally initialized variables and it is tedious to explain this to downstream maintainers who look at warnings. ok miod |