On Windows, SOCKET type is unsigned.
All comparison with negative value produces signed/unsigned
warnings, moreover the code is incorrect in error path.
Use INVALID_SOCKET define that should work on all
platforms to detect error.
Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
MergeDate: Thu Apr 30 11:42:31 2026
(Merged from https://github.com/openssl/openssl/pull/30941)
This adds the functionality to VERIFY_PARAM to separately add multiple
ip's and email addresses for verification purposes.
We then mark the unfortunate SSL_add1_host API which unfortunately
aquired a confusing "maybe add an IP address" behaviour as deprecated.
We replace this with SSL_set1_<dnsname, email, ip, ip_asc> and
SSL_add1_<dnsname, email, ip, ip_asc> to set the things in the SSL
corresponding to the VERIFY_PARAM funcitons.
Fixes: https://github.com/openssl/openssl/issues/28418
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:03:42 2026
(Merged from https://github.com/openssl/openssl/pull/29612)
The X509_ATTRIBUTE accessor functions were not const-correct, preventing
callers from usefully interacting with a const X509_ATTRIBUTE pointer.
Update the following functions to accept const X509_ATTRIBUTE * and
return const pointers where appropriate:
- X509_ATTRIBUTE_get0_object: returns const ASN1_OBJECT *
- X509_ATTRIBUTE_get0_type: returns const ASN1_TYPE *
- X509_ATTRIBUTE_get0_data: returns const void *
Also update dependent PKCS12 functions:
- PKCS12_get_attr_gen: returns const ASN1_TYPE *
- PKCS12_get_attr: returns const ASN1_TYPE * (deprecated)
- PKCS8_get_attr: returns const ASN1_TYPE *
Update all callers to use const pointers for the return values.
Fixes#29811
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
MergeDate: Fri Feb 13 14:46:26 2026
(Merged from https://github.com/openssl/openssl/pull/29813)
In order to use our http3 demo to do interop testing, said demo needs to
be able to handle multiple requests and responses written to specific
output files.
Add that code here, allowing us to specify optionally a list of requests
on the command line to send to the server, as well as a download
directory, so that requests made get written locally to the same name as
the request in the specified download directory.
while we're at it, also clean up the code infrastructure to use SSL_poll
to do read-ready checking, rather than iterating/mutating the internal
hash table, which is questionable to do (i.e. we shouldn't be removing
elements from the hash table while iterating over it).
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
MergeDate: Fri Feb 6 12:46:24 2026
(Merged from https://github.com/openssl/openssl/pull/29922)
Adjust the http3 demo client so it works better on dual stack hosts. This
fixes the case when DNS returns both IPv4 and IPv6 addresses for host we try to
reach. The current code just uses the first address found in DNS answer. If
things are unfortunate and the service (port number) demo client tries to reach
does not listen on the address then demo gives up and exits.
Demo can do better. The RFC 6555 suggests application should try to reach the
service on the next address returned by DNS, when the first attempt fails for
the first address returned by DNS. This change helps with situation when DNS
prefers, let' say, IPv6 address, but the service is reachable via IPv4 only.
In that case application sees the failure on the first attempt to connect to
remote server over IPv6, but the second attempt that uses IPv4 is going to
succeed.
This extra handling is required for QUIC which uses UDP protocol. For TLS
client which uses TCP all this happens inside BIO layer which tries to
establish TCP connection. There is no TCP-handshake on UDP protocol so
BIO can not see the service is not reachable on requested address.
Fixes: #28331
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28802)
The validation was checking the default 'bits' value (4096) instead of
the parsed 'bits_i' from the command line arguments, allowing invalid
key sizes to bypass the 512-bit minimum.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28139)
The server_running variable is declared as volatile and some comments in
the code are mentioning about implementing CTRL+C handler in the future.
In the client handling loop, the client_skt is closed at the end of the
loop if server_running is true. If (future) CTRL+C handler changes
server_running to false at this time. The next accept will not happen
and the exit clean up code will close client_skt for the second time.
This patch fixes this potential double close by setting client_skt back
to -1 after closing it.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27405)
stack. The server currently replies with HTTP 200 OK only. It provides
text/plain response body.
It only accepts GET request with any URI. Any other requests will
make server to drop stream/connection.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27508)
Several servers defer the sending of max stream frames. For instance
quic-go uses a go-routine to do the sending after sufficient existing
streams have finished, while mvfst seems to wait for all outstanding
streams to be closed before issuing a new batch. This result in the
client, if all streams are in use, getting a transient NULL return from
SSL_new_stream(). Check for the stream limit being reached and allow a
number of retries before giving up to give the server a chance to issue
us more streams. Also dead-reckon the batch count of streams we use in
parallel to be 1/4 of our total number of available streams (generally
hard coded to 100 for most servers) to avoid using all our streams at
once. It would be really nice to have an api to expose our negotiated
transport parameters so that the application can know what this limit
is, but until then we have to just guess.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26527)
On working on a rebase for the quic-server branch, I noted that the
rebase was failing on the http3 server. It occurs because the new CI
ubuntu container appears to have FORTIFY_SOURCE enabled and trips over
the call to read here. Specifically the compiler notes that in passing
an int into the read syscall (which accepts a size_t as the 3rd
argument), may interpret a negative value as a very large unsigned value
that exeeds the size allowed by a read call.
Fix it by converting the size variable to a size_t to ensure that the
signing is correct
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26368)
Normally the throughput test in the interop harness requests several
hundred very small files, resulting in lots of small stream packets from
the client, which are nominally read in a single read operation (as they
typically fit into a single stream frame), and the server was written to
expect that. However, its still possible, if a stream frame is packed
to the end of a datagram, that only part of its content is carried,
finished in a subsequent stream packet, which leads to a short read.
Augment the server to properly handle SSL_read transient failures so
that such an occurance is handled properly.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26198)
Eugene Adell
Milan Broz
Emmalee Carpenter
openssl-machine
Bob Beck
sftcd
kovan
Neil Horman
Jiasheng Jiang
Nikola Pajkovsky
Alexandr Nedvedicky
Eugene Syromiatnikov
Nachel72
Quin-Darcy
Michael Baentsch
Tomas Mraz
Levi Zim
sashan
JiashengJiang
Benson Muite
Jon Ericson
Jean-Frederic Clere
Andrew Dinh