The problem is that the fix Bug#29784 was mistakenly
reverted when updating YaSSL to a newer version.
The solution is to re-apply the fix and this time
actually add a meaningful test case so that possible
regressions are caught.
Fix warnings flagged by the new warning option -Wunused-but-set-variable
that was added to GCC 4.6 and that is enabled by -Wunused and -Wall. The
option causes a warning whenever a local variable is assigned to but is
later unused. It also warns about meaningless pointer dereferences.
Apart strict-aliasing warnings, fix the remaining warnings
generated by GCC 4.4.4 -Wall and -Wextra flags.
One major source of warnings was the in-house function my_bcmp
which (unconventionally) took pointers to unsigned characters
as the byte sequences to be compared. Since my_bcmp and bcmp
are deprecated functions whose only difference with memcmp is
the return value, every use of the function is replaced with
memcmp as the special return value wasn't actually being used
by any caller.
There were also various other warnings, mostly due to type
mismatches, missing return values, missing prototypes, dead
code (unreachable) and ignored return values.
The problem was that the bundled yaSSL library was being built
without thread safety support regardless of the thread safeness
of the compoments linked with it.
The solution is to enable yaSSL thread safety support if any
component (server or client) is to be built with thread support.
Also, generate new certificates for yaSSL's test suite.
Problem: copying issuer's (or subject's) name tags into an internal
buffer from incoming stream we didn't check the buffer overflow.
That may lead to memory overrun, crash etc.
Fix: ensure we don't overrun the buffer.
Note: there's no simple test case (exploit needed).
- Remove bothersome warning messages. This change focuses on the warnings
that are covered by the ignore file: support-files/compiler_warnings.supp.
- Strings are guaranteed to be max uint in length
- Remove bothersome warning messages. This change focuses on the warnings
that are covered by the ignore file: support-files/compiler_warnings.supp.
- Strings are guaranteed to be max uint in length
with non-RSA-requesting client if server uses RSA key
matchSuite() may not find a match.
It will return error in this case.
Added a error checking code that will prevent using uninitialized
memory in the code based on the assumption
that matchSuite() has found a match.
using crashes server
When the server is configured to use a RSA key, and when the client sends
a cipher-suite list that contains a non-RSA key as acceptable, the server
would try to process that key even though it was impossible.
Now, yaSSL sets its own acceptable-cipher list according to what kind of
key the server is started with, and will never explore and try to pair
impossible combinations.
This involves a partial import of the current YaSSL tree, not the whole
thing, so as to try to avoid introducing new bugs.
(Updated to avoid many whitespace changes and make diff smaller.)
- Cherry pick 6.0 changes for Visual Studio 2008 support
- Add scripts win\build-vs9.bat and win\build-vs9_x64.bat
Also, remove CMake generated visual studio project files.
They had been introduced in 5.1 and were only later backported to 5.0;
as a consequence, the files in the 5.1 tree do not depend on the 5.0 ones,
and changes in 5.0 do not propagate into the 5.1 files.
To fix this, the (previous) files in 5.1 now are deleted ("bk rm"),
and the previously deleted files depending on 5.0 are now moved to the
respective source directories ("bk mv").
The current 5.1 contents is restored in these files.
If you need the previous history of the 5.1 files ("bk revtool"),
access those in "BitKeeper/deleted".
Contrary to the original plan, I did not introduce the name
"CMakeLists.historic" - mostly in order not to clutter the source tree.
This fixes bug#29982.
Added an option to yassl to allow "quiet shutdown" like openssl does. This option causes the SSL libs to NOT perform the close_notify handshake during shutdown. This fixes a hang we experience because we hold a lock during socket shutdown.
