| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Approved by: so
Security: FreeBSD-SA-16:26.openssl
|
| |
|
|
| |
Relnotes: yes
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Merge OpenSSL 1.0.1o.
Note it is instantly merged because it restores ABI compatibility broken by
the previous OpenSSL 1.0.1n.
Relnotes: yes
|
| |
|
|
| |
Merge OpenSSL 1.0.1n.
|
| |
|
|
|
|
| |
Merge OpenSSL 1.0.1m.
Relnotes: yes
|
| |
|
|
| |
Merge OpenSSL 1.0.1k.
|
| |
|
|
|
|
| |
Merge OpenSSL 1.0.1j.
Relnotes: yes
|
| |
|
|
| |
Merge OpenSSL 1.0.1i.
|
| |
|
|
|
|
| |
Merge OpenSSL 1.0.1h.
Approved by: so (delphij)
|
| |
|
|
| |
Merge OpenSSL 1.0.1f and 1.0.1g.
|
| |
|
|
|
| |
Fix "Heartbleed" vulnerability and ECDSA Cache Side-channel
Attack in OpenSSL. [SA-14:06]
|
| |\
| |
| |
| | |
Approved by: secteam (simon), benl (silence)
|
| |\ \
| |/
| |
| | |
Approved by: benl (maintainer)
|
| | |
| |
| |
| |
| |
| | |
Reviewed by: stas
Approved by: benl (maintainer)
MFC after: 3 days
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
cause OpenSSL to parse past the end of the message.
Note: Applications are only affected if they act as a server and call
SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. This includes
Apache httpd >= 2.3.3, if configured with "SSLUseStapling On".
Security: http://www.openssl.org/news/secadv_20110208.txt
Security: CVE-2011-0014
Obtained from: OpenSSL CVS
|
| | |
| |
| |
| |
| | |
Security: CVE-2010-3864
Security: http://www.openssl.org/news/secadv_20101116.txt
|
| |\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This also "reverts" some FreeBSD local changes so we should now
be back to using entirely stock OpenSSL. The local changes were
simple $FreeBSD$ lines additions, which were required in the CVS
days, and the patch for FreeBSD-SA-09:15.ssl which has been
superseded with OpenSSL 0.9.8m's RFC5746 'TLS renegotiation
extension' support.
MFC after: 3 weeks
|
| |\ \
| |/
| |
| | |
Approved by: re
|
| |/ |
|
| | |
|
| | |
|
| | |
|
|
|
infringement reasons.
|
