[openssl/openssl] 8e520d: Postpone two TODO(QUIC) items appropriately
Matt Caswell
noreply at github.com
Fri Oct 20 15:43:20 UTC 2023
Branch: refs/heads/master
Home: https://github.com/openssl/openssl
Commit: 8e520d2714abf4c6254ceec24b57f238433541ee
https://github.com/openssl/openssl/commit/8e520d2714abf4c6254ceec24b57f238433541ee
Author: Tomas Mraz <tomas at openssl.org>
Date: 2023-10-20 (Fri, 20 Oct 2023)
Changed paths:
M ssl/quic/quic_channel.c
M ssl/quic/quic_tserver.c
Log Message:
-----------
Postpone two TODO(QUIC) items appropriately
The one in ch_rx_handle_packet() is a tuning thing -> QUIC FUTURE
The one in ossl_quic_tserver_shutdown() is a server thing -> QUIC SERVER
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22408)
Commit: 7757f5ef731ad4e8d6c0f59ef752e4f726ba4f90
https://github.com/openssl/openssl/commit/7757f5ef731ad4e8d6c0f59ef752e4f726ba4f90
Author: Tomas Mraz <tomas at openssl.org>
Date: 2023-10-20 (Fri, 20 Oct 2023)
Changed paths:
M doc/man3/SSL_CTX_set_quiet_shutdown.pod
M doc/man3/SSL_set_shutdown.pod
M include/internal/quic_channel.h
M include/internal/quic_ssl.h
M ssl/quic/quic_channel.c
M ssl/quic/quic_impl.c
M ssl/ssl_lib.c
M test/quicapitest.c
Log Message:
-----------
QUIC: Add handling of SSL_get_shutdown()
Return SSL_SENT_SHUTDOWN and SSL_RECEIVED_SHUTDOWN with semantics
similar to TLS connections.
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22408)
Commit: 21f7a09ca256eee0ccc9a8fc498e8427469ab506
https://github.com/openssl/openssl/commit/21f7a09ca256eee0ccc9a8fc498e8427469ab506
Author: Neil Horman <nhorman at openssl.org>
Date: 2023-10-20 (Fri, 20 Oct 2023)
Changed paths:
M apps/openssl-vms.cnf
M apps/openssl.cnf
M apps/pkcs12.c
M doc/man1/openssl-pkcs12.pod.in
M test/recipes/80-test_pkcs12.t
R test/recipes/80-test_pkcs12_data/jdk_trusted.cnf
Log Message:
-----------
Convert jdkTrustedKeyUsage to be a pkcs12 cmd line option
Creating JDK compatible pkcs12 files requires a bit more than just
adding the Trusted Key Usage OID to a certbag in the pkcs12 file.
Additionally the JDK currently requires that pkcs12 files setting this
oid _not_ contain any additional keys, and in response will produce
unpredictable results.
This could be solved by implying --nokeys when the pkcs12 utility is run
and the config option is set, but thatcould confuse users who didn't
specify nokeys on the command line. As such, remove the config file
setting for this feature, and replace it with a -jdktrust command line
option, that is documented to assert nokeys when a users specifies the
new command line option.
Fixes #22215
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22422)
Commit: 461d41174b33e365677d21bf176d6959b15c2468
https://github.com/openssl/openssl/commit/461d41174b33e365677d21bf176d6959b15c2468
Author: Hugo Landau <hlandau at openssl.org>
Date: 2023-10-20 (Fri, 20 Oct 2023)
Changed paths:
M include/internal/quic_txp.h
M ssl/quic/quic_channel.c
M ssl/quic/quic_txp.c
M test/quic_multistream_test.c
M test/quic_txp_test.c
Log Message:
-----------
QUIC: Prevent incoming oversize tokens
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22436)
Commit: 055f3dd140f124df6f2d8f3f910f00928224b04f
https://github.com/openssl/openssl/commit/055f3dd140f124df6f2d8f3f910f00928224b04f
Author: Hugo Landau <hlandau at openssl.org>
Date: 2023-10-20 (Fri, 20 Oct 2023)
Changed paths:
M test/quic_multistream_test.c
Log Message:
-----------
QUIC: Test handling of post-connection session tickets
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22439)
Commit: c239bc9e960b866093dbc666c78c78935233750c
https://github.com/openssl/openssl/commit/c239bc9e960b866093dbc666c78c78935233750c
Author: Matt Caswell <matt at openssl.org>
Date: 2023-10-20 (Fri, 20 Oct 2023)
Changed paths:
M include/internal/time.h
Log Message:
-----------
Round up nano secs when converting OSSL_TIME to struct timeval
struct timeval doesn't support nanosecs but OSSL_TIME does. We round up
any nanosecs to ensure that a non-zero input always results in a non-zero
output.
This fixes a quic-client fuzzer hang.
Fixes #22437
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22440)
Commit: 039119a0f3eeb610689f21834ea04cc1f0efe8df
https://github.com/openssl/openssl/commit/039119a0f3eeb610689f21834ea04cc1f0efe8df
Author: Matt Caswell <matt at openssl.org>
Date: 2023-10-20 (Fri, 20 Oct 2023)
Changed paths:
M test/build.info
A test/recipes/02-test_time.t
A test/time_test.c
Log Message:
-----------
Add a test for converting OSSL_TIME to struct timeval
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22440)
Compare: https://github.com/openssl/openssl/compare/5516d20226c4...039119a0f3ee
More information about the openssl-commits
mailing list