提交 · 18d7158809c9722f4c6d2a8af7513577274f9b56 · btwise / openssl

29 6月, 2012 1 次提交

Add certificate callback. If set this is called whenever a certificate · 18d71588

由 Dr. Stephen Henson 提交于 6月 29, 2012

is required by client or server. An application can decide which
certificate chain to present based on arbitrary criteria: for example
supported signature algorithms. Add very simple example to s_server.
This fixes many of the problems and restrictions of the existing client
certificate callback: for example you can now clear existing certificates
and specify the whole chain.

18d71588

25 6月, 2012 1 次提交

Reorganise supported signature algorithm extension processing. · 4453cd8c

由 Dr. Stephen Henson 提交于 6月 25, 2012

Only store encoded versions of peer and configured signature algorithms.
Determine shared signature algorithms and cache the result along with NID
equivalents of each algorithm.

4453cd8c

22 6月, 2012 1 次提交

Add support for application defined signature algorithms for use with · 0f229cce

由 Dr. Stephen Henson 提交于 6月 22, 2012

TLS v1.2. These are sent as an extension for clients and during a certificate
request for servers.

TODO: add support for shared signature algorithms, respect shared algorithms
when deciding which ciphersuites and certificates to permit.

0f229cce

30 5月, 2012 1 次提交
- B
  
  RFC 5878 support. · a9e1c50b
  由 Ben Laurie 提交于 5月 30, 2012
  
  a9e1c50b
10 3月, 2012 1 次提交
- D
  Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> · 15a40af2
  由 Dr. Stephen Henson 提交于 3月 09, 2012
```
Add more extension names in s_cb.c extension printing code.
```
  15a40af2
06 3月, 2012 1 次提交

New ctrls to retrieve supported signature algorithms and curves and · e7f8ff43

由 Dr. Stephen Henson 提交于 3月 06, 2012

extensions to s_client and s_server to print out retrieved valued.

Extend CERT structure to cache supported signature algorithm data.

e7f8ff43

22 2月, 2012 1 次提交
- D
  
  SSL export fixes (from Adam Langley) [original from 1.0.1] · 74b4b494
  由 Dr. Stephen Henson 提交于 2月 22, 2012
  
  74b4b494
01 1月, 2012 1 次提交

PR: 2658 · 4817504d

由 Dr. Stephen Henson 提交于 12月 31, 2011

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Support for TLS/DTLS heartbeats.

4817504d

25 11月, 2011 1 次提交

PR: 1794 · ebba6c48

由 Dr. Stephen Henson 提交于 11月 25, 2011

Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

Make SRP conformant to rfc 5054.

Changes are:

- removal of the addition state after client hello
- removal of all pre-rfc srp alert ids
- sending a fatal alert when there is no srp extension but when the
server wants SRP
- removal of unnecessary code in the client.

ebba6c48

16 11月, 2011 2 次提交
- B
  
  Add TLS exporter. · e0af0405
  由 Ben Laurie 提交于 11月 15, 2011
  
  e0af0405
- B
  
  Add DTLS-SRTP. · 333f926d
  由 Ben Laurie 提交于 11月 15, 2011
  
  333f926d
07 10月, 2011 1 次提交
- D
  
  use client version when eliminating TLS v1.2 ciphersuites in client hello · 6dd54739
  由 Dr. Stephen Henson 提交于 10月 07, 2011
  
  6dd54739
03 8月, 2011 1 次提交
- D
  Expand range of ctrls for AES GCM to support retrieval and setting of · 28dd49fa
  由 Dr. Stephen Henson 提交于 8月 03, 2011
```
invocation field.

Add complete support for AES GCM ciphersuites including all those in
RFC5288 and RFC5289.
```
  28dd49fa
26 7月, 2011 1 次提交
- D
  Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support and · d09677ac
  由 Dr. Stephen Henson 提交于 7月 25, 2011
```
prohibit use of these ciphersuites for TLS < 1.2
```
  d09677ac
25 5月, 2011 1 次提交
- D
  
  use TLS1_get_version macro to check version so TLS v1.2 changes don't interfere with DTLS · 238b6361
  由 Dr. Stephen Henson 提交于 5月 25, 2011
  
  238b6361
06 5月, 2011 1 次提交

Continuing TLS v1.2 support: add support for server parsing of · 6b7be581

由 Dr. Stephen Henson 提交于 5月 06, 2011

signature algorithms extension and correct signature format for
server key exchange.

All ciphersuites should now work on the server but no client support and
no client certificate support yet.

6b7be581

30 4月, 2011 1 次提交

Initial incomplete TLS v1.2 support. New ciphersuites added, new version · 7409d7ad

由 Dr. Stephen Henson 提交于 4月 29, 2011

checking added, SHA256 PRF support added.

At present only RSA key exchange ciphersuites work with TLS v1.2 as the
new signature format is not yet implemented.

7409d7ad

13 3月, 2011 1 次提交
- B
  
  Add SRP support. · edc032b5
  由 Ben Laurie 提交于 3月 12, 2011
  
  edc032b5
06 9月, 2010 1 次提交
- B
  
  Fixes to NPN from Adam Langley. · bf48836c
  由 Ben Laurie 提交于 9月 05, 2010
  
  bf48836c
28 7月, 2010 1 次提交
- B
  
  Add Next Protocol Negotiation. · ee2ffc27
  由 Ben Laurie 提交于 7月 28, 2010
  
  ee2ffc27
07 12月, 2009 1 次提交
- D
  
  Initial experimental TLSv1.1 support · 637f374a
  由 Dr. Stephen Henson 提交于 12月 07, 2009
  
  637f374a
02 12月, 2009 2 次提交
- D
  
  Ooops... · 7f354fa4
  由 Dr. Stephen Henson 提交于 12月 01, 2009
  
  7f354fa4
- D
  
  check DSA_sign() return value properly · 6732e142
  由 Dr. Stephen Henson 提交于 12月 01, 2009
  
  6732e142
11 11月, 2009 1 次提交
- D
  
  add missing parts of reneg port, fix apps patch · 860c3dd1
  由 Dr. Stephen Henson 提交于 11月 11, 2009
  
  860c3dd1
01 7月, 2009 1 次提交
- D
  
  Typo. · 4f761f59
  由 Dr. Stephen Henson 提交于 6月 30, 2009
  
  4f761f59
29 5月, 2009 1 次提交
- D
  
  Update from 1.0.0-stable. · caa97ef1
  由 Dr. Stephen Henson 提交于 5月 28, 2009
  
  caa97ef1
16 11月, 2008 1 次提交

PR: 1574 · 12bf56c0

由 Dr. Stephen Henson 提交于 11月 15, 2008

Submitted by: Jouni Malinen <j@w1.fi>
Approved by: steve@openssl.org

Ticket override support for EAP-FAST.

12bf56c0

01 5月, 2008 1 次提交
- D
  
  Update from stable branch. · 8a2062fe
  由 Dr. Stephen Henson 提交于 4月 30, 2008
  
  8a2062fe
27 9月, 2007 1 次提交
- D
  
  Support for certificate status TLS extension. · 67c8e7f4
  由 Dr. Stephen Henson 提交于 9月 26, 2007
  
  67c8e7f4
21 9月, 2007 1 次提交

Implement the Opaque PRF Input TLS extension · 761772d7

由 Bodo Möller 提交于 9月 21, 2007

(draft-rescorla-tls-opaque-prf-input-00.txt), and do some cleanups and
bugfixes on the way.  In particular, this fixes the buffer bounds
checks in ssl_add_clienthello_tlsext() and in ssl_add_serverhello_tlsext().

Note that the opaque PRF Input TLS extension is not compiled by default;
see CHANGES.

761772d7

31 8月, 2007 1 次提交
- D
  Update ssl code to support digests other than MD5+SHA1 in handshake. · 81025661
  由 Dr. Stephen Henson 提交于 8月 31, 2007
```
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>
```
  81025661
28 8月, 2007 1 次提交
- D
  Add ctrls to set and get RFC4507bis keys to enable several contexts to · 94d511cd
  由 Dr. Stephen Henson 提交于 8月 28, 2007
```
reuse the same tickets.
```
  94d511cd
12 8月, 2007 1 次提交
- D
  RFC4507 (including RFC4507bis) TLS stateless session resumption support · 6434abbf
  由 Dr. Stephen Henson 提交于 8月 11, 2007
```
for OpenSSL.
```
  6434abbf
05 6月, 2007 1 次提交
- D
  
  Update ssl library to support EVP_PKEY MAC API. Include generic MAC support. · b948e2c5
  由 Dr. Stephen Henson 提交于 6月 04, 2007
  
  b948e2c5
24 4月, 2007 1 次提交
- B
  Add SEED encryption algorithm. · 96afc1cf
  由 Bodo Möller 提交于 4月 23, 2007
```
PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller
```
  96afc1cf
15 6月, 2006 1 次提交
- B
  
  Disable invalid ciphersuites · 5b57fe0a
  由 Bodo Möller 提交于 6月 14, 2006
  
  5b57fe0a
09 6月, 2006 1 次提交
- B
  Camellia cipher, contributed by NTT · f3dea9a5
  由 Bodo Möller 提交于 6月 09, 2006
```
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
```
  f3dea9a5
13 3月, 2006 1 次提交
- B
  udpate Supported Point Formats Extension code · b6acb8d0
  由 Bodo Möller 提交于 3月 13, 2006
```
Submitted by: Douglas Stebila
```
  b6acb8d0
12 3月, 2006 1 次提交
- B
  Implement the Supported Point Formats Extension for ECC ciphersuites · 36ca4ba6
  由 Bodo Möller 提交于 3月 11, 2006
```
Submitted by: Douglas Stebila
```
  36ca4ba6
11 3月, 2006 1 次提交
- N
  add initial support for RFC 4279 PSK SSL ciphersuites · ddac1974
  由 Nils Larsch 提交于 3月 10, 2006
```
PR: 1191
Submitted by: Mika Kousa and Pasi Eronen of Nokia Corporation
Reviewed by: Nils Larsch
```
  ddac1974