[openssl] master update
The branch master has been updated via a65c8d8f737fe4e67d0b37e2b20dc1adccd93112 (commit) from 96d6a4e4464c3dec9cdf2c6fb59d737c8cb1be49 (commit) - Log - commit a65c8d8f737fe4e67d0b37e2b20dc1adccd93112 Author: Todd Short Date: Fri Jul 23 09:25:09 2021 -0400 Add missing session timeout calc Fixes #16142 Add missing session timeout calculation in `ssl_get_new_session()` Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16145) --- Summary of changes: ssl/ssl_sess.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index b526984289..0e756c37c1 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -437,6 +437,7 @@ int ssl_get_new_session(SSL *s, int session) ss->timeout = SSL_get_default_timeout(s); else ss->timeout = s->session_ctx->session_timeout; +ssl_session_calculate_timeout(ss); SSL_SESSION_free(s->session); s->session = NULL;
[openssl] master update
The branch master has been updated via 96d6a4e4464c3dec9cdf2c6fb59d737c8cb1be49 (commit) via ca7cac886b0f1084acfe2e07135acd212415e2bd (commit) via 589fbc18aa5e72b2574a71d69c09b4f63f0ae943 (commit) via 123ed334337e874acb1f55b36dc671de7e306824 (commit) via 09f38299ccc006e0ce7e94897250e995ec2fc337 (commit) from 2a7855fb2596048e5038afa5e49a02853297df6d (commit) - Log - commit 96d6a4e4464c3dec9cdf2c6fb59d737c8cb1be49 Author: Pauli Date: Wed Jul 28 09:52:23 2021 +1000 test: add a comment indication that a bad MAC is intentional This permits negative testing of FIPS module load failure. Also changed the MAC to all zeros to make it even clearer. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/16168) commit ca7cac886b0f1084acfe2e07135acd212415e2bd Author: Matt Caswell Date: Tue Jul 27 16:36:41 2021 +0100 Add some testing for the case where the FIPS provider fails to load Ensure we get correct behaviour in the event that an attempt is made to load the fips provider but it fails to load. Reviewed-by: Tim Hudson Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16168) commit 589fbc18aa5e72b2574a71d69c09b4f63f0ae943 Author: Matt Caswell Date: Tue Jul 27 16:59:59 2021 +0100 Don't try and load the config file while already loading the config file Calls to the API function EVP_default_properties_enable_fips() will automatically attempt to load the default config file if it is not already loaded. Therefore this function should not be called from inside code to process the config file. Fixes #16165 Reviewed-by: Tim Hudson Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16168) commit 123ed334337e874acb1f55b36dc671de7e306824 Author: Matt Caswell Date: Tue Jul 27 16:36:24 2021 +0100 Ensure any default_properties still apply even in the event of a provider load failure We don't treat a failure to load a provider as a fatal error. If it is fatal then we give up attempting to load the config file - including reading any default properties. Additionally if an attempt has been made to load a provider then we disable fallback loading. Fixes #16166 Reviewed-by: Tim Hudson Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16168) commit 09f38299ccc006e0ce7e94897250e995ec2fc337 Author: Matt Caswell Date: Tue Jul 27 16:31:20 2021 +0100 Don't leak the OSSL_LIB_CTX in the event of a failure to load the FIPS module Ensure we free the OSSL_LIB_CTX on the error path. Fixes #16163 Reviewed-by: Tim Hudson Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16168) --- Summary of changes: crypto/evp/evp_cnf.c | 4 +-- crypto/evp/evp_fetch.c| 17 crypto/provider_conf.c| 16 ++- include/crypto/evp.h | 2 ++ providers/fips/fipsprov.c | 1 + test/defltfips_test.c | 39 +++ test/{fips.cnf => fips-alt.cnf} | 2 +- test/recipes/30-test_defltfips.t | 19 ++--- test/recipes/30-test_defltfips/fipsmodule.cnf | 7 + 9 files changed, 84 insertions(+), 23 deletions(-) copy test/{fips.cnf => fips-alt.cnf} (91%) create mode 100644 test/recipes/30-test_defltfips/fipsmodule.cnf diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c index 415712dffa..0e7fe64cf9 100644 --- a/crypto/evp/evp_cnf.c +++ b/crypto/evp/evp_cnf.c @@ -46,8 +46,8 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf) * fips_mode is deprecated and should not be used in new * configurations. */ -if (!EVP_default_properties_enable_fips(NCONF_get0_libctx((CONF *)cnf), -m > 0)) { +if (!evp_default_properties_enable_fips_int( +NCONF_get0_libctx((CONF *)cnf), m > 0, 0)) { ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE); return 0; } diff --git a/crypto/evp/evp_fetch.c b/crypto/evp/evp_fetch.c index 3067928030..5303cf8859 100644 --- a/crypto/evp/evp_fetch.c +++ b/crypto/evp/evp_fetch.c @@ -479,15 +479,16 @@ int EVP_set_default_properties(OSSL_LIB_CTX *libctx, const char *propq) return evp_set_default_properties_int(libctx, propq, 1, 0); } -static int evp_default_properties_merge(OSSL_LIB_CTX *libctx, const char *propq) +static int evp_default_properties_merge(OSSL_LIB_CTX *libctx, const char *propq, +
[openssl] master update
The branch master has been updated via 2a7855fb2596048e5038afa5e49a02853297df6d (commit) via 1ad435039333a09b31d7c569b822bd5d936b8105 (commit) via cb7055fd5ad9bf5c84d4480b7dbbcfb1cb242fc9 (commit) via 64d9b626aae49154bd44edf8fb1a3eca133445a3 (commit) via 09755337d5b907565d3b8a9ee8b33a2c60616c0a (commit) from 03c2f21b980524dc05a0426146f845ec1e969c2e (commit) - Log - commit 2a7855fb2596048e5038afa5e49a02853297df6d Author: Pauli Date: Mon Jul 26 12:54:50 2021 +1000 ci: disable async for the SH4 build and reenable the associated test The platform doesn't seem to have support for this. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/16144) commit 1ad435039333a09b31d7c569b822bd5d936b8105 Author: Pauli Date: Mon Jul 26 11:57:48 2021 +1000 ci: get rid of no-asm flag to m68k cross compiles Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/16144) commit cb7055fd5ad9bf5c84d4480b7dbbcfb1cb242fc9 Author: Pauli Date: Mon Jul 26 11:54:12 2021 +1000 ci: add the param conversion tests to the cross compiles. There was a failure because an "inf" values was being read as a "NaN" not an infinity. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/16144) commit 64d9b626aae49154bd44edf8fb1a3eca133445a3 Author: Pauli Date: Fri Jul 23 11:48:32 2021 +1000 QEMU: include test runs for most cross compilation targets For the cross compiles where the tests couldn't be run, most are capable of being run when statically linked. For these, a shared with FIPS build but not test run is also included to maximise compilation coverage. The builds take a couple of minutes so the impact of these extra jobs isn't great. The test failures for test_includes, test_store and test_x509_store across several platforms are related the the OPENSSL_DIR_read() call. This gets a "Value too large for defined data type" error calling the standard library's readdir() wrapper. That is, the failure is during the translation from the x86-64 structure to the 32 bit structure. I've tried tweaking the include defines to use larger fields but couldn't figure out how to make it work. The most prudent fix is to ignore these tests for these platforms. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/16144) commit 09755337d5b907565d3b8a9ee8b33a2c60616c0a Author: Pauli Date: Mon Jul 26 11:53:23 2021 +1000 test: handle not a number (NaN) values in the param conversion test. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/16144) --- Summary of changes: .github/workflows/cross-compiles.yml | 62 +--- test/params_conversion_test.c| 24 -- 2 files changed, 73 insertions(+), 13 deletions(-) diff --git a/.github/workflows/cross-compiles.yml b/.github/workflows/cross-compiles.yml index 6b4505c5db..514a4fbabe 100644 --- a/.github/workflows/cross-compiles.yml +++ b/.github/workflows/cross-compiles.yml @@ -14,6 +14,8 @@ jobs: # libs: the Debian package for the necessary link/runtime libraries. # target: the OpenSSL configuration target to use, this is passed # directly to the config command line. +# fips: set to "no" to disable building FIPS, leave unset to +# build the FIPS provider. # tests: omit this to run all the tests using QEMU, set it to "none" # to never run the tests, otherwise it's value is passed to # the "make test" command to allow selectiving disabling of @@ -40,23 +42,26 @@ jobs: }, { arch: hppa-linux-gnu, libs: libc6-dev-hppa-cross, -target: linux-generic32, -tests: none #-test_includes -test_store -test_x509_store +target: -static linux-generic32, +fips: no, +tests: -test_includes -test_store -test_x509_store }, { arch: m68k-linux-gnu, libs: libc6-dev-m68k-cross, -target: linux-latomic no-asm, -tests: none #-test_includes -test_store -test_x509_store -test_includes +target: -static -m68040 linux-latomic, +fips: no, +tests: -test_includes -test_store -test_x509_store }, { arch: mips-linux-gnu, libs: libc6-dev-mips-cross, -target: linux-mips32, -tests: none +target: -static linux-mips32, +fips: no, +tests: -test_includes -test_store -test_x509_store }, { arch: mips64-linux-gnu
[openssl] master update
The branch master has been updated via 03c2f21b980524dc05a0426146f845ec1e969c2e (commit) via bb98a1123b3d7a8464f2c1f61ffd41f826c7c423 (commit) from c6fcd88fa030da8322cf27aff95376512f41faff (commit) - Log - commit 03c2f21b980524dc05a0426146f845ec1e969c2e Author: Matt Caswell Date: Tue Jul 27 10:32:49 2021 +0100 Add a test case for EVP_MD_meth_dup() and EVP_CIPHER_meth_dup() Check that EVP_MD_meth_free() and EVP_CIPHER_meth_free() does actually free the data. Reviewed-by: Dmitry Belyavskiy Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16159) commit bb98a1123b3d7a8464f2c1f61ffd41f826c7c423 Author: Matt Caswell Date: Mon Jul 26 15:53:25 2021 +0100 Fix EVP_MD_meth_dup and EVP_CIPHER_meth_dup Make sure the origin is set correctly when duping an EVP_MD or EVP_CIPHER. Fixes #16157 Reviewed-by: Dmitry Belyavskiy Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16159) --- Summary of changes: crypto/evp/cmeth_lib.c | 1 + crypto/evp/evp_lib.c | 1 + test/evp_extra_test.c | 21 - 3 files changed, 22 insertions(+), 1 deletion(-) diff --git a/crypto/evp/cmeth_lib.c b/crypto/evp/cmeth_lib.c index 9b93550307..a806ec5f9e 100644 --- a/crypto/evp/cmeth_lib.c +++ b/crypto/evp/cmeth_lib.c @@ -50,6 +50,7 @@ EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher) memcpy(to, cipher, sizeof(*to)); to->lock = lock; +to->origin = EVP_ORIG_METH; } return to; } diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index f78df52ab1..64d7fb046d 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -823,6 +823,7 @@ EVP_MD *EVP_MD_meth_dup(const EVP_MD *md) memcpy(to, md, sizeof(*to)); to->lock = lock; +to->origin = EVP_ORIG_METH; } return to; } diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 7494c1f21b..e03e2a252e 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -3690,7 +3690,25 @@ static int test_custom_pmeth(int idx) custom_pmeth = NULL; return testresult; } -#endif + +static int test_evp_md_cipher_meth(void) +{ +EVP_MD *md = EVP_MD_meth_dup(EVP_sha256()); +EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc()); +int testresult = 0; + +if (!TEST_ptr(md) || !TEST_ptr(ciph)) +goto err; + +testresult = 1; + + err: +EVP_MD_meth_free(md); +EVP_CIPHER_meth_free(ciph); + +return testresult; +} +#endif /* OPENSSL_NO_DEPRECATED_3_0 */ typedef enum OPTION_choice { OPT_ERR = -1, @@ -3814,6 +3832,7 @@ int setup_tests(void) #ifndef OPENSSL_NO_DEPRECATED_3_0 ADD_ALL_TESTS(test_custom_pmeth, 12); +ADD_TEST(test_evp_md_cipher_meth); #endif return 1;
[web] master update
The branch master has been updated via 86e6eb2e66ec9112b311616d9dbfbb7da734c6a4 (commit) via 6340022c20721b8cde5817dc5a9caa39e2d7b232 (commit) from 61f488185e0736cf5196efc9d5f4f4b3370b3f8e (commit) - Log - commit 86e6eb2e66ec9112b311616d9dbfbb7da734c6a4 Merge: 61f4881 6340022 Author: Mark J. Cox Date: Tue Jul 27 13:06:17 2021 +0100 Merge pull request #249 from iamamoose/fixpgp SKS keyservers have been offline for a while, so switch to OpenPGP commit 6340022c20721b8cde5817dc5a9caa39e2d7b232 Author: Mark J. Cox Date: Tue Jul 27 12:07:40 2021 +0100 SKS keyservers have been offline for a while, so switch to keys.openpgp.org --- Summary of changes: bin/mk-omc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/mk-omc b/bin/mk-omc index e6dee11..24144df 100755 --- a/bin/mk-omc +++ b/bin/mk-omc @@ -60,7 +60,7 @@ foreach my $key (sort { mk_sortable($a) cmp mk_sortable($b) } keys %data) { my $pgpurl = $data{$key}->{pgpid} if $options{pgp}; $pgpurl =~ s|\s+||g if $pgpurl; $pgpurl = - "http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x$pgpurl"; + "https://keys.openpgp.org/search?q=$pgpurl"; if $pgpurl; my @columndata = ();
[openssl] master update
The branch master has been updated via c6fcd88fa030da8322cf27aff95376512f41faff (commit) from 26411bc8879bf979e3703357e9595de057528e28 (commit) - Log - commit c6fcd88fa030da8322cf27aff95376512f41faff Author: Matt Caswell Date: Tue Jul 20 16:18:04 2021 +0100 Mark the EVP_PKEY_METHOD arg as const on some EVP_PKEY_meth_get_*() funcs Most EVP_PKEY_meth_get_*() functions mark the EVP_PKEY_METHOD argument as const. But 3 did not. We fix those to be consistent. Reviewed-by: Tomas Mraz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/16128) --- Summary of changes: crypto/evp/pmeth_lib.c | 6 +++--- doc/man3/EVP_PKEY_meth_new.pod | 6 +++--- include/openssl/evp.h | 6 +++--- test/evp_extra_test.c | 2 +- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 7b835a5eb6..954166caae 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -1990,7 +1990,7 @@ void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, *pctrl_str = pmeth->ctrl_str; } -void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_digestsign(const EVP_PKEY_METHOD *pmeth, int (**digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, const unsigned char *tbs, size_t tbslen)) { @@ -1998,7 +1998,7 @@ void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth, *digestsign = pmeth->digestsign; } -void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_digestverify(const EVP_PKEY_METHOD *pmeth, int (**digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, size_t siglen, const unsigned char *tbs, size_t tbslen)) @@ -2028,7 +2028,7 @@ void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth, *pcheck = pmeth->param_check; } -void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_digest_custom(const EVP_PKEY_METHOD *pmeth, int (**pdigest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)) { diff --git a/doc/man3/EVP_PKEY_meth_new.pod b/doc/man3/EVP_PKEY_meth_new.pod index d07ec1a637..06404079ab 100644 --- a/doc/man3/EVP_PKEY_meth_new.pod +++ b/doc/man3/EVP_PKEY_meth_new.pod @@ -220,13 +220,13 @@ L: int (**pctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value)); - void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth, + void EVP_PKEY_meth_get_digestsign(const EVP_PKEY_METHOD *pmeth, int (**digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, const unsigned char *tbs, size_t tbslen)); - void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth, + void EVP_PKEY_meth_get_digestverify(const EVP_PKEY_METHOD *pmeth, int (**digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, size_t siglen, @@ -238,7 +238,7 @@ L: int (**pcheck) (EVP_PKEY *pkey)); void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth, int (**pcheck) (EVP_PKEY *pkey)); - void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth, + void EVP_PKEY_meth_get_digest_custom(const EVP_PKEY_METHOD *pmeth, int (**pdigest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)); diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 1c8ce48773..1850381720 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -2117,11 +2117,11 @@ OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_ctrl int (**pctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value)); OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_digestsign -(EVP_PKEY_METHOD *pmeth, +(const EVP_PKEY_METHOD *pmeth, int (**digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, const unsigned char *tbs, size_t tbslen)); OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_digestverify -(EVP_PKEY_METHOD *pmeth, +(const EVP_PKEY_METHOD *pmeth, int (**digestverify) (
[web] master update
The branch master has been updated via 61f488185e0736cf5196efc9d5f4f4b3370b3f8e (commit) from 539bea014de78db5ff5b0785a46bfd7647b0b589 (commit) - Log - commit 61f488185e0736cf5196efc9d5f4f4b3370b3f8e Author: Richard Levitte Date: Tue Jul 27 09:55:07 2021 +0200 Simplify the CDN purge Our CDN (Akamai) purge script was run as a standalone automation, in parallell with the automatic 'make' run. The consequence was that the CDN could catch a copy of our original web pages in a semi built state, as demonstrated by openssl/openssl#16152. The solution is the ensure that the purge is run in sequence after everything is built. We simplify this further by moving the actual script into the web source. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/web/pull/248) --- Summary of changes: Makefile | 7 +++-- bin/purge-one-hour | 90 -- 2 files changed, 93 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 32b9244..fb15dad 100644 --- a/Makefile +++ b/Makefile @@ -56,15 +56,18 @@ SRCLISTS = $(foreach S,$(FUTURESERIES) $(SERIES) $(OLDSERIES2) fips,source/old/$ @rm -f $@ ./bin/md-to-html5 $< -all: suball manmaster mancross +all: suball manmaster mancross akamai-purge suball: $(SIMPLE) $(SRCLISTS) -relupd: suball manpages mancross +relupd: suball manpages mancross akamai-purge clean: rm -f $(SIMPLE) $(SRCLISTS) +akamai-purge: + ./bin/purge-one-hour + # Legacy targets hack-source_htaccess: all simple: all diff --git a/bin/purge-one-hour b/bin/purge-one-hour index 5e10e49..895967f 100755 --- a/bin/purge-one-hour +++ b/bin/purge-one-hour @@ -1,3 +1,89 @@ -#! /bin/sh +#! /usr/bin/perl +# +# script to purge the Akamai cache. +# +# Notes: +# +# - we limit the purging to files newer than an hour +# - there must be a file ~openssl/.edgerc with our Akamai credentials +# - the Akamai supplied program 'akamai-purge' must be installed in +# /usr/local/bin -/opt/openssl/maker/triggered-makers/akamai-purge +use strict; +use warnings; + +# Find all .html files that include a .inc file, and create a map +my %inc2html = (); + +my $debug = $ENV{DEBUG}; +my $dryrun = $ENV{DRYRUN}; + +my $base = '/var/www/openssl'; # MUST NOT end with a slash + +foreach ( `find $base -type f -name '*.html'` ) { +chomp; +my $file = $_; +my ($dn, $fn) = $_ =~ m/^(?:(.*)\/)?([^\/]*)$/; +my @incs = (); + +open HTML, $_; +foreach ( ) { + if (//) { + my $vf = $1; + $vf = ($vf =~ m|^/|) ? "$base$vf" : "$dn/$vf"; + push @incs, "$vf"; + } +} +close HTML; + +foreach ( @incs ) { + push @{$inc2html{$_}}, $file; +} +} + +if ($debug) { +for ( sort keys %inc2html ) { + print STDERR "DEBUG: $_ => ", join(", ", @{$inc2html{$_}}), "\n"; +} +} + +# Find all files younger than an hour +# Discard those in .git/ and bin/ +# Discard any .ht* +# For any virtually included file, use the corresponding .html file instead +# For all remaining files, turn it into a valid URL +# For any valid index file, duplicate into two URLs without the file, +#one with an ending slash and one without. +my %files = (); + +foreach ( `find $base -type f -mtime -2` ) { +chomp; +next if /^\Q$base\E\/(\.git|bin)/; +next if /\/\.ht\w+$/; +my $x = $_; +my @files = defined $inc2html{$x} ? @{$inc2html{$x}} : ( $x ); +foreach ( @files ) { + s/^\Q$base\E\//https:\/\/www.openssl.org\//; + $files{$_} = 1; + if ( /^(.*)\/index.(html|cgi|pl|php|xhtml|htm)$/ ) { + $files{"$1/"} = $files{"$1"} = 1; + } +} +} + +# Finally, output the result to the akamai-purge program +my @files = sort keys %files; +while ( @files ) { +my $count = 500; # Try not to overwhelm Akamai +if ( $dryrun || open PURGE, '| /usr/local/bin/akamai-purge invalidate' ) { + printf STDERR + "DEBUG: Invoking '/usr/local/bin/akamai-purge invalidate' with:\n" + if $debug; + while ( @files && $count-- > 0 ) { + my $file = pop @files; + print STDERR " ",$file,"\n" if $debug; + print PURGE $file,"\n" unless $dryrun; + } + close PURGE unless $dryrun; +} +}
Coverity Scan: Analysis completed for OpenSSL-1.0.2
Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DavDb_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGNr7Zz4kt39z4EEycNzwwoD5GvTaBiKjjikrHwT4wrfoP3Si3ViDyBExjFnPC5gk7SDR32NTDD5YYnJZmrgU3By0YG46mmhBPaJL97-2F6flbK1jr3P5cdX-2FbhfSz5rZDxGXHaU3PfXFp-2B8-2FWGq8hkIiQ2M9TJ2DZrI08gx0ulRsadJazGmnvQIwzRSlWCY3Wd4-3D Build ID: 399072 Analysis Summary: New defects found: 0 Defects eliminated: 0
Coverity Scan: Analysis completed for openssl/openssl
Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DDBJ3_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeH3vm906luUSw7s4b93pdYRUemPvs2e-2BV8wgq7zSy5-2B-2FF9Mnd1Ze5lXnHTMM0ywR7eNal2LfAUqwzHoqXBiQ-2BjloNoW3cwSGW79I1NA-2Fda04qTOB5Gp0IITy4exV8tTYu04ETuIThHk9TD0i6sxPpH8swy8Y3sdePmdBaeS4F7svRFi35WHvkgpyvxoAa0Gu9w-3D Build ID: 399071 Analysis Summary: New defects found: 0 Defects eliminated: 0