Introduce and use dtls12_handshake_msg.
Add struct dtls12_handshake_msg and various related functions, which
allow for the construction of DTLS handshake messages and associated
fragments.
Use this on the DTLS write path for sending handshake message fragments.
This means that we no longer modify the init buffer, which also fixes a
bug where the message callback is called with a corrupted handshake
message when multiple fragments have been sent.
We also now correctly track fragment offsets when sending a handshake
message that results in multiple calls to dtls1_do_write_handshake_message().
This is the first step towards further untangling of the write path in
the legacy TLS stack.
ok kenjiro@ tb@
update to zsync-0.6.4
specific gzip support is deprecated and will be removed in a future version
(upstream suggest using gzip --rsyncable, if you have a version of gzip
which supports it; openbsd's doesn't)
neuter shared memory (shm*) in webrtc to unbreak screen sharing while using pledge
the same patch is used in chromium to take the XImage API codepath instead
of using shared memory which cannot be used while pledged
ok landry@
unknown_ext_print: avoid casting away const
The BIO_dump_indent() API masterpiece expects a const char pointer as
input. Don't cast away const when suppressing pointer sign warnings.
Prompted by a report by N. Dossche
ok kenjiro
Ensure X509V3_EXT_print() only returns 0 and 1
In a rare mistake by schwarze, X509V3_EXT_print() is documented to return
0 and 1. This is also what most internal callers expect.
However, if either X509V3_EXT_DUMP_UNKNOWN or X509V3_EXT_PARSE_UNKNOWN is
set, the extension has an unknown NID or on failure to deserialize the
extension value, the return values of BIO_dump_indent() (which is number
of bytes written or -1 on error) and ASN1_parse_dump() (which is 0, 1, or
2 on EOC) are propagated.
Follow what OpenSSL did and translate to Boolean returns. Error indicators
are rather useless here since most errors are ignored anyway. Most callers
do if (!X509V3_EXT_print(...)) but they also pass a zero flag.
Reported by N. Dossche
ok kenjiro
Downgrade mismatch when checking pack version minor from error to
warning.
With relative API stability in Godot 3.x, don't error when Godot bin
minor is less than pack file minor, warn instead. This is stop refusing
to run games that are built with HEAD and report higher minor version
than latest release.
ok op@
