[openssl-commits] [openssl] OpenSSL_1_1_0-pre3 create

Richard Levitte levitte at openssl.org
Mon Feb 15 19:30:32 UTC 2016

The annotated tag OpenSSL_1_1_0-pre3 has been created
        at  d82c67c08de6ec3bc044ee5a658bffc0054a1c07 (tag)
   tagging  c2bbf058736b8cb5b32e78a50d1410fa34cc8284 (commit)
  replaces  OpenSSL_1_1_0-pre2
 tagged by  Richard Levitte
        on  Mon Feb 15 19:37:20 2016 +0100

- Log -----------------------------------------------------------------
OpenSSL 1.1.0-pre3 release tag

A J Mohan Rao (3):
      GH628: Add -help to all apps docs.
      commands help cleanup
      GH646: Update help for s_server command.

Alessandro Ghedini (2):
      Validate ClientHello session_id field length and send alert on failure
      Fix build failure with CIPHER_DEBUG

Alex Gaynor (1):
      Fixed typo in the SSL_CTX_set_security_level

Andy Isaacson (1):
      Fix quoting error in SRP printf

Andy Polyakov (32):
      Configure: restore original logic for -DWHIRLPOOL_ASM.
      Add poly1305/asm/poly1305-sparcv9.pl.
      Engage poly1305-sparcv9 module.
      Configurations/00-base-templates.conf: harmonize extensions.
      bn/Makefile.in: remove obsolete rules.
      bio/b_sock.c: cleanup obsolete stuff.
      s390x assembly pack: add ChaCha20 and Poly1305 modules.
      Configurations: engage s390x ChaCha20 and Poly1305 modules.
      x86[_64] assembly pack: add ChaCha20 and Poly1305 modules.
      poly1305/poly1305.c: work around -Wshadow warnings with POLY1305_ASM.
      Configurations: engage x86[_64] ChaCha20 and Poly1305 modules.
      chacha/asm/chacha-x86.pl: fix nasm compilation.
      ms/uplink-x86.pl: make it work.
      poly1305/asm/poly1305-x86_64.pl: fix mingw64 build.
      poly1305/asm/poly1305-x86_64.pl: MacOS X portability fix.
      util/mk1mf.pl: use LINK_CMD instead of LINK variable.
      perlasm/x86_64-xlate.pl: pass pure constants verbatim.
      ec/asm/ecp_nistz256-armv8.pl: fix test_ssl spurious errors.
      .travis.yml: exclude gcc from MacOS X CI builds.
      Update .gitignore.
      modes/ctr128.c: pay attention to ecount_buf alignment in CRYPTO_ctr128_encrypt.
      evp/e_des[3].c: address compiler warnings, fix formatting.
      apps/speed.c: initialize c[D_GHASH][i].
      ARM assembly pack: add ChaCha20 and Poly1305 modules.
      Configurations: engage ARM ChaCha20 and Poly1305 modules.
      C64x+ assembly pack: add ChaCha20 and Poly1305 modules.
      PPC assembly pack: add ChaCha20 and Poly1305 modules.
      Configurations: engage PPC ChaCha20 and Poly1305 modules.
      crypto/poly1305: add floating-point reference implementation.
      chacha/asm/chacha-x86[_64].pl: fix typos and logical errors.
      chacha/asm/chacha*: ensure that zero length is handled (without crash).
      Configurations/00-base-templates.conf: typos in [chacha|poly1305]_asm_src.

Ben Laurie (4):
      Disable jpake if psk is disabled.
      Don't test heartbeats when there aren't any.
      Tests depend on everything.
      Address comments.

Benjamin Kaduk (3):
      Add a no-egd option to disable EGD-related code
      Remove unused, undocumented clean-shared target
      GH650: Minor tidying around the ocsp app

Billy Brumley (4):
      RT3863 ECC: Add missing NULL check. Set a flag
      Test all built-in curves and let the library choose the EC_METHOD
      Fix BN_gcd errors for some curves
      GH587: Extend ECDH tests to more curves. Add more ECDH KATs.

Corinna Vinschen (3):
      Use POSIX functions on Cygwin, not Win32 function
      Don't strip object files on Cygwin
      Fix configuration system to support different architectures on Cygwin.

Daniel Black (1):
      RT2887: Add more packet and handshake types

Daniel Kahn Gillmor (1):
      RT4129: BUF_new_mem_buf should take const void *

Dmitry Belyavsky (1):
      Fix GOST2012-NULL-GOST12

Dmitry Sobinov (1):
      Add new DTLS-SRTP protection profiles from RFC 7714

Dmitry-Me (6):
      Comment "secure memcmp" implementation
      GH608: Ensure 64-bit shift no matter sizeof(long)
      GH614: Use memcpy()/strdup() when possible
      Fix potential buffer overrun
      Ensure allocation size fits into size_t
      GH643: Cleanup header analysis

Dr Stephen Henson (1):
      Test for and use AES CSP for RSA if present.

Dr. Stephen Henson (74):
      Add lookup_certs for a trusted stack.
      free up gost ciphers
      fix no-engine build
      Add TLS PRF method.
      use TLS PRF
      Add TLS1-PRF test support to evp_test
      add TLS1-PRF tests
      Add documentation for EVP_PKEY_TLS1_PRF
      prf redirection build fixes
      make EVP_PKEY opaque
      Use callback for DSAPublicKey
      Add function to return internal enoding of X509_NAME.
      fix warning
      Add support for EVP_PKEY_derive in evp_test
      Add test data for ECDH
      handle "Ctrl" in separate function
      Add EC_GROUP_order_bits, EC_GROUP_get0_order and EC_GROUP_get0_cofactor
      Remove redundant code.
      Zero newly allocated points
      Use PKCS#8 format EC key so test is skipped with no-ec
      Fix memory leak and print out keygen errors.
      add option to exclude public key from EC keys
      update DSA docs
      New BN functions.
      make update
      Add Curve OIDs from draft-josefsson-pkix-newcurves
      update OID tables
      Add ec -check option
      Add ASN1_buf_print to print a buffer in ASN1_bn_print format.
      Add EC_KEY_oct2priv and EC_KEY_priv2oct
      update EC ASN1 and print routines
      use enum type for do_EC_KEY_print
      Use BN_bn2binpad
      Allocate ASN1_bn_print buffer internally.
      Add EC_KEY_priv2buf()
      make update
      If memory debugging enabled return error on leaks.
      Fix return code in CRYPTO_mem_leaks_fp()
      enable leak checking for danetest
      Add SSL_get0_verified_chain() to return verified chain of peer
      Add documenation for X509_chain_up_ref()
      make update
      if no comparison function set make sk_sort no op
      Stack documentation.
      Clarify resumed sessions and NULL return.
      Fix engine key support in utilities.
      Deprecate undocumented SSL_cache_hit().
      Make PKCS12 structures opaque
      New PKCS12 accessors, change macros to functions.
      more PKCS12 opacity
      pkcs12 accessors
      Use accessors in pkcs12 app.
      Rename PKCS12 function
      Use new names
      pkcs12.h header reorganisation.
      Reorganise functions.
      Add p12_sbag.c to Makefile.in
      use new function names
      rename old functions names in libeay.num
      Only use compatibility macros for < 1.1 API.
      fix various formatting issues
      make update
      Remove ancient compatibility defines.
      add missing file p12_lcl.h
      Print out bad content octets.
      use consistent error messages
      Fix engine key support in cms and req utilities.
      Don't check self signed certificate signature security.
      Remove static ECDH support.
      update ciphers manual page
      Typo: only return error if unrecognise bag type.
      fix warnings on 32 bit builds
      Free and zero DH/ECDH temporary key after use.

Ellinger, Wesley M (1):
      RT4070: Improve struct/union regexp

Emilia Kasper (7):
      Always DPURIFY
      constify PACKET
      RT3854 Update docs.
      RT3234: disable compression
      RT3095: allow NULL key for single-shot HMAC
      RT 3854: Update apps/req

FdaSilvaYY (5):
      few typo fixes
      Fix possible memory leak on BUF_MEM_grow_clean failure
      Fix two possible leaks.
      fix code indentation issue
      GH601: Various spelling fixes.

Hubert Kario (1):
      GH554: Improve pkeyutl doc

Insu Yun (1):
      GH634: fix potential memory leak

Kristian Amlie (1):
      Don't use "grep -q", "-q" is not POSIX, and fails on Solaris.

Kurt Roeckx (6):
      Make fallback addresses static so that we can initialize it
      Restore xmm7 from the correct address on win64
      Use WSAGetLastError() on windows
      Don't include sys/socket.h
      Add BIO_ADDR_clear to libeay.num
      Fix memory leak in dtlsv1listentest

Marcus Meissner (1):
      dsatest: use the correct BIO to print the test error

Mat (1):
      GH649: Fix: version32.rc was not created on Windows

Matt Caswell (46):
      Rename INSTALL.W32 to INSTALL.WIN
      Update Windows installation instructions
      Remove the GOST engine
      Handle SSL_shutdown while in init more appropriately
      Remove dirs from mkfiles.pl
      Add SSL_up_ref() and SSL_CTX_up_ref()
      Prevent small subgroup attacks on DH/DHE
      Add a test for small subgroup attacks on DH/DHE
      CHANGES and NEWS updates for release
      Implement Async SSL_shutdown
      Correct value of DH_CHECK_PUBKEY_INVALID
      Add missing return value checks
      Fix bug in nistp224/256/521 where have_precompute_mult always returns 0
      Add have_precompute_mult tests
      Don't use RDRAND if told not to
      Don't export local symbols on Solaris
      Make DTLSv1_listen a first class function and change its type
      Add a BIO_ADDR_clear function
      Provide partial support for fragmented DTLS ClientHellos
      Add tests for DTLSv1_listen
      Update DTLSv1_listen documentation
      Handle SSL_shutdown while in init more appropriately #2
      Provide framework for auto initialise/deinitialise of the library
      Auto init/deinit libcrypto
      Auto init/de-init libssl
      Get the apps to use auto-init/de-init
      Clean up the tests for auto-init/de-init
      Provide a thread stop API
      Add an OPENSSL_NO_AUTOERRINIT option
      Provide documentation for auto-init/auto-deinit
      Avoid a race condition in loading config settings
      Update build.info files for auto-init/de-init
      Correct copyright date for internal header file
      Add a CHANGES entry for auto-init and de-init
      Updates for auto init/deinit review comments
      Stop library before checking for mem leaks
      NULL the thread_local_inits_st pointer after use
      Make some global variables static
      If we've not been inited don't deinit
      Variable was declared static when it shouldn't be
      The new init functions can now fail so shouldn't be void
      Attempt to log an error if init failed
      Update CHANGES following init function renaming
      Add some documentation about init after deinit
      Fix errstr error code parsing
      Fix the enable-ssl-trace config option

Michael Lee (1):
      [Configure] Make --with-zlib-* work with configdata.pm

Michał Trojnara (1):

Mouse (1):
      Fix pkeyutl inability to directly access keys on hardware tokens

Prayag Verma (1):
      Update license year range to 2016

Quanah Gibson-Mount (1):
      GH645: Fix typo: ctificates -> certificates

Rainer Jung (1):
      RT4304: Look for plaintext HTTP

Rich Salz (71):
      RT4232: Extra space in help message.
      Make SSL_set_debug deprecated in 1.1
      Fix typo
      RT4247: Fix EVP_CIPHER_CTX opaque on sparc
      RT4247: Add missing patch
      Add some accessors.
      Remove some old makefile targets
      Accessor update; fix API, document one.
      Fix function declarations.
      Fix build break; restore missing target
      Consolidate "make update"
      Remove update tags
      Remove outdated conftest.c
      Move pqueue into ssl
      Move & split opensslconf.h.in
      Ask for tests in CONTRIBUTING
      Remove /* foo.c */ comments
      Remove outdated legacy crypto options
      Remove EIGHT_BIT and SIXTEEN_BIT
      Add CRYPTO_secure_zalloc
      Fix typo in md2.h
      Missed part of b4f35e
      Add more components to build.
      Remove outdated tests
      Remove extraneous output from util/mk scripts
      Remove x86_gcc_des,x86_gcc_opts
      Remove clean-depend
      Merge error, wrong domd submitted.
      Templatize util/domd
      Missed rc2_int from before.
      GH102: Add volatile to CRYPTO_memcmp
      Move more BN internals to bn_lcl.h
      Remove extra level of indirection.
      GH102: Extra volatile avoids GCC bug
      RT3755: Remove duplicate #include
      Better check for gcc/clang
      Style; add "!= NULL"
      RT2353: Add ipsec IKE OID
      Tweak opensslconf.h.in for style
      RT2752: Add some EKU OID's
      Various RT doc fixes
      GH628: Add -help to all apps docs.
      RT1596: Add clarifying doc.
      RT4292: Remove ===== line
      RT4194: Restore old engine parameter parsing.
      more doc fixes
      GH322 revisited: remove unused function.
      GH641: Don't care openssl_zmalloc
      Portability fix
      Use NON_EMPTY_TRANSLATION_UNIT, consistently.
      Don't run RC4 test with no-rc4
      Remove store.
      Can't re-init after stop.
      No dynamic-init fix; merge goof.
      Rename INIT funtions, deprecate old ones.
      Update unified build after store removal
      BIO_PAIR_DEBUG did nothing; remove it.
      After renaming init, update errors.
      Missing header include.
      Check malloc
      GH620: second diff from rt-2275, adds error code
      Fix GH 327.
      Move to REF_DEBUG, for consistency.
      Remove TLS heartbeat, disable DTLS heartbeat
      Don't add filename comment.
      Put user flags last for priority.
      Reformat warn variables for easier editing.
      Don't call cpuid in test; done as init.
      Make the BIO_ADDR param optional.
      Fix build-break

Richard Levitte (191):
      Prepare for 1.1.0-pre3-dev
      Relax the requirements for a debug build
      In __cwd, make sure the given directory is seen as such and not a file
      Avoid the r modifier for s/// (perl)
      Small fixup, an extra line slipped in
      The TLSProxy tests can't run if no-engine has been configured
      Adjust the configuration target name from Cygwin-i686 to Cygwin-x86
      Add some extra Cygwin targets as aliases for Cygwin-x86
      Fix BSD -rpath parameter
      Adapt BSD cryptodev engine to opaque EVP_MD_CTX, EVP_CIPHER_CTX, etc
      Add an engine destructor to eng_cryptodev.
      Refactor config - a small cosmetic touchup of Configure
      Refactor config - throw away '--test-sanity'
      Refactor config - split read_config into read_config and resolve_config
      Refactor config - rewrite handling of "reconf"
      Refactor config - consolidate handling of disabled stuff
      Refactor config - throw away the last remains of '--test-sanity'
      Refresh the thinking of --prefix and --openssldir
      Refactor config - move templates and template docs to Configurations
      Refactor config - @MK1MF_Builds out, general build scheme in
      Configurations - no_asm_filler is long gone, don't use it
      Cleanup .gitignore
      Refactor config - consolidate and refresh print_table_entry
      Refactor file writing - introduce template driven file writing
      Refactor file writing - arrange for use of bundled Perl modules as fallback
      Bundle the non core Perl module Text::Template
      Refactor file writing - adapt util/dofile.pl to use with_fallback
      Refactor file writing - information on our use of Perl and Perl modules
      Refactor file writing - Adapt util/mkdef.pl to use configdata.pm
      Refactor file writing - rewrite crypto/opensslconf.h.in as template
      Remove extra unused variable in util/dofile.pl
      String configs are truly deprecated, not even somewhat supported any more
      Refactor file writing - make configdata.pm the info center for "reconf"
      The rehash.time target should depend on build_tools as well
      Make sure apps/Makefile builds apps/CA.pl by default
      Fix OpenSSL::Test::Simple to take more than one algorithm
      Make tests use configdata.pm rather than parsing Makefile
      For every test in 80-test_ssl.t, check that the protocol(s) used is enabled
      Now that Configure doesn't produce tools/c_rehash, mk1mf has to do it
      Refactor file writing - Remake Makefile.org into a template
      Remove GOST again
      Add some info in CHANGES about what's happening so far with Configure et al
      Revert merge error
      Misc fixups
      Generate warning text
      Small cleanups in Configure
      Small Makefile.in cleanup
      Base the tarfile list of files on git ls-files instead of find
      Configure first in travis create release
      Use Configure's @disablables and %disabled through configdata.pm
      Use the new OpenSSL::Test::Utils routines.
      Have OpenSSL::Test handle perl scripts like any program
      80-test_ca.t is made to use the new perlapp()
      SHARED_LIBS_LINK_EXTS is no longer used, remove it completely
      Be careful when applying EXE_SHELL
      Skip all explicitely if the number of tests is 0
      Complete the removal of /* foo.c */ comments
      Fix check of what makedepprog should be
      Correct number of arguments in BIO_get_conn_int_port macro
      Don't replace cflags with thread_cflags, only append the latter
      Revert "Don't replace cflags with thread_cflags, only append the latter"
      Make use of add() and add_before() in Configurations/
      Configure et al: split up the lflags configuration item into two
      Complete the lflags -> lflags/ex_libs transition
      Configure: Clarify the handling of $thread_cflags
      Fix opt_imax() call
      Fix test/recipes/25-test_verify.t
      When checking if there's a VMS directory spec, don't forget the possible device
      Don't go into dotted directories when copying Makefile.in to Makefile
      Remove the extra checks for Intel's C compiler
      unified build scheme: a first introduction
      unified build scheme: add build.info files
      unified build scheme: add a personal configuration to test it
      Use a simpler method to build a glob than splitpath and catpath
      Refactoring BIO: add wrappers around sockaddr et al
      Refactoring BIO: Small adjustments
      Refactoring BIO: add error macros & text, and make update
      Refactoring BIO: new socket-handling functions, deprecate older ones
      Temporary pragma to have GCC quiet down about deprecated functions
      make update
      Refactoring BIO: reimplement old socket handling functions with new ones
      make update
      Refactoring BIO: adapt BIO_s_connect and BIO_s_accept
      make update
      Refactoring BIO: add a test, using test/ssltest
      Refactoring BIO: Adapt BIO_s_datagram and all that depends on it
      Refactoring BIO: Adapt s_client and s_server
      Refactoring BIO: add a simple networking test of s_client and s_server
      Refactoring BIO: Add a few lines in CHANGES & NEWS
      Refactoring BIO: small test correction
      Use BIO_snprintf() rather than snprintf()
      Make the mk1mf 'mv' command variable
      Use matching quotes
      Have OpenSSL::Test::Utils::available_protocols load configdata as well
      Have 70-test_clienthello.t be selective on when it can be run
      Only use TLS1.2 when it's available
      If egd is disabled by default, it should be possible to enable
      Make sure getaddrinfo and getnameinfo works as intended on Windows
      Change the transfer perl module so the real module gets properly registered
      Update crypto/bio/build.info
      Add checks for IPv4 and IPv6 in OpenSSL::Test::Utils and use them
      Initialise with -1 rather than 1
      Initialize variable
      VMS lacks socklen_t, give it one
      Add build.info lines for dtlsv1listentest
      Enhance and clear the support of linker flags
      Display the linking commands that are performed
      dtlsv1listentest includes e_os.h, reflect that in include dirs
      Use File::Path::mkpath rather than File::Path::make_path
      Use File::Path::rmtree rather than File::Path::remove_tree
      Following the PKCS#12 update, update crypto/pkcs12/build.info as well
      Small fixes
      unified build scheme: add and document the "unified" driving engine
      unified build scheme: add a design document
      unified build scheme: adjust some scripts
      unified build scheme: adjust test framework for out of source build tree
      Update 90-test-networking.t to do the same checks as other TLSProxy tests
      Use rel2abs() on VMS, rather than realpath()
      Fix 90-test_networking.t
      Make sure to always include string.h so memset gets declared.
      Make the processing of build.info files more aware of absolute dirs
      Simplify the specification of include dirs in the build dir
      VMS getnameinfo() seems to have a bug with returned service string
      Configure et al: treat C defines separately
      Configure et al: move the installation directory logic to Makefiles
      unified build scheme: give util/dofile.pl the possibility to output selectively
      unified build scheme: add a "unified" template for Unix Makefile
      unified build scheme: add the tweaks to build on Cygwin & Mingw
      unified build scheme: Try to nudge users to try the "unified" build
      unified build scheme: add instructions for travis to build with --unified
      unified build scheme: add a "unified" template for VMS descrip.mms
      clean away old VMS cruft
      unified build scheme: rewrite INSTALL.VMS
      unified build system: add CHANGES & NEWS
      The guard macro to be defined didn't match the guard macro checked
      Make it possible to get ENGINESDIR info from OpenSSL_versions
      Make sure to escape backslashes and single quotes for buildinf.h
      Quote the CFLAG in Unixly Makefiles, for buildinf.h
      Produce buildinf.h on Windows the same way as on Unix
      Don't assert protocol equality
      Use the protocol we know rather than BIO_ADDRINFO_protocol(res)
      Change the VMS perl pointer from SF file store to the project page
      After auto init, check that the deprecated functions exist before using
      Make comment match reality
      Rework BIO_ADDRINFO_protocol() to return correct values
      The protocol variable has lost its use, remove it
      Add inclusion directory crypto/include for BN compilations
      Remove the "make depend" message
      Unified build: Keep track of generated header files
      Modernise the mingw cflags and ldflags
      Add support for shared_rcflag, useful for windres (Cygwin and Mingw)
      Make shared library targets more consistent
      Make util/mkrc.pl location agnostic and adapt Makefile.shared
      Add the generate mechanism from unixmake to unix-Makefile.tmpl
      Perl's chop / chomp considered bad, use a regexp instead
      State the minimum Perl version that our scripts will work with
      Generate progs.h from a bunch of files instead of internal knowledge
      make generate
      Remove last chomps
      Adjust transfer::Text::Template.pm for alternate directory name
      Better workaround for VMS getnameinfo() bug
      Rethink logging of test recipes
      Let all TLSProxy based tests display debug text conditionally
      Document the changes in "make test" behavior
      Now that we have good verbosity, turn it on for Travis
      Rename INSTALL_PREFIX to DESTDIR, remove option --install_prefix
      Unified build - fix make depend
      We need the linked utils after a full build.
      In templates, output_on() must be used the same way as output_off()
      Remove 00-test_checkexes.t, as it has lost its relevance
      Make sure the OPENSSL_INIT flags are 32 bits and document the ssl range
      Rethink the method to place user cflags last
      Display the windres command
      The unified build may delete installed manual files
      Add SHARED_RCFLAGS in unified Makefile template
      Have the same installation directories in unified as in unixmake
      Don't build test programs by default, add convenience targets for unified build
      Pass $(CC) to perlasm scripts via the environment
      Prefer IO::Socket::INET6 over IO::Socket::IP
      Have dofile.pl say where it was run
      Have dofile.pl say where it was run, for real this time
      Make sure a socklen_t can compare with a sizeof() result
      Declare DllMain internally
      Make the use of mdebug backtrace a separate option
      Make sure to use unsigned char for is*() functions
      Don't use libcrypto private headers with mkdef.pl
      make update
      Misc fixes in util/mk1mf.pl
      MANSUFFIX should be left empty
      Correct deprecation of OPENSSL_config
      Prepare for 1.1.0-pre3 release

Rob Percival (2):
      Make TESTS= work with "nmake -f ms/ntdll.mak tests"
      Defines OSSL_SSIZE_MAX

Roumen Petrov (1):
      avoid crash if hostserv is with host part only

Todd Short (4):
      Fix store with opaque data
      RT4272: Unit tests fail when DTLS disabled
      Add option to disable async
      Add CHACHA20 alias for ciphers.

Toshikuni Fukaya (1):
      RT3495: Add a hash for faster dup detection.

Viktor Dukhovni (46):
      EDH >= 1024 bits even at security level 0
      Always initialize X509_STORE_CTX get_crl pointer
      Fix last-resort depth 0 check when the chain has multiple certificates
      Cosmetic polish for last-resort depth 0 check
      Empty SNI names are not valid
      Better invalid SNI name error handling
      Make SSL_dane_enable() requirement more clear.
      Start a new line after each sentence-ending period.
      Drop cached certificate signature validity flag
      Support disabling any or all TLS or DTLS versions
      API compat for SSLeay_add_ssl_algorithms
      Check Suite-B constraints with EE DANE records
      Scripts to generate verify test certs
      Commit pre-generated test_verify certs
      Reject when explicit trust EKU are set and none match.
      More X509_verify_cert() tests via verify(1).
      Refactor apps load_certs/load_crls to work incrementally
      Multiple -trusted/-untrusted/-CRLfile options in verify
      Fix Custom Extension tests skip count
      Doc fixes suggested by Claus Assmann
      Comment side-effect only calls of X509_check_purpose
      Restore NUMPRIMES as a numeric literal
      Keep RC5 bit shifts in [0..31]
      Make it possible to check for explicit auxiliary trust
      Better type for x509 -checkend argument
      Fix invalid policy detection
      Make opt_imax visible in all apps
      Check chain extensions also for trusted certificates
      Compat self-signed trust with reject-only aux data
      Add tests for non-ca trusted roots and intermediates
      Fix pkeyutl/rsautl empty encrypt-input/decrypt-output handling
      Handle localhost being either or ::1
      Restore -no_comp switch for backwards compatible behaviour
      Long overdue cleanup of X509 policy tree verification
      Ensure correct chain depth for policy checks with DANE bare key TA
      Add missing static declarations in dtlsv1listentest.c
      Allocate bio_err before turning on memleak checks
      Suppress DANE TLSA reflection when verification fails
      Deprecate the -issuer_checks debugging option
      Improve recent option help string additions
      Simplify ssl_cert_type() by taking advantage of X509_get0_pubkey
      Fix MacOS/X build warnings
      Move brace outside #ifdef
      Fix some issues near recent chomp changes.
      Fixes to make no-deprecated work again

Viktor Szakats (3):
      bio_err.c: remove a reappeared filename comment     Reviewed-by: Rich Salz <rsalz at openssl.org>     Reviewed-by: Richard Levitte <levitte at openssl.org>
      async_win.c: remove unused variable
      GH675: make ssl3_ciphers static

Zhao Junwang (1):
      Fix typos

Zi Lin (1):
      NGX-2040 - fix wildcard match on punycode/IDNA DNS names

mmiyashi (1):
      isalist(1) is obsolete; use isainfo(1)

mrpre (1):
      free item after sk_push fail


More information about the openssl-commits mailing list