Skip to content

O
openssl

btwise / openssl

通知 1
Star 0
Fork 0
O
openssl

体验新版 GitCode,发现更多精彩内容 >>

切换分支/标签
  1. 21 8月, 2017 8 次提交
  3. 20 8月, 2017 1 次提交
  5. 18 8月, 2017 11 次提交
  7. 17 8月, 2017 6 次提交
  9. 16 8月, 2017 10 次提交
  11. 15 8月, 2017 4 次提交
    • B
      Add SSL_get_pending_cipher() · 0aed6e44
      Benjamin Kaduk 提交于 
      The existing function SSL_get_current_cipher() queries the
current session for the ciphersuite in use, but there is no way
for application code to determine what ciphersuite has been
negotiated and will be used in the future, prior to ChangeCipherState
(or the TLS 1.3 equivalent) causing the new cipher to take effect and
become visible in the session information.  Expose this information
to appropriate application callbacks to use during the handshake.

The name SSL_get_pending_cipher() was chosen for compatibility with
BoringSSL's routine of that name.

Improve the note on macro implementations in SSL_get_current_cipher.pod
while here.
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4070)
      0aed6e44
    • B
      Move ALPN handling from finalizer to delayed call · 5626f634
      Benjamin Kaduk 提交于 
      Commit 02f0274e moved ALPN processing
into an extension finalization function, as the only documented ordering
requirement from previous commits was that ALPN processing occur after
SNI processing, and SNI processing is performed before the extension
finalization step.  However, it is useful for applications'
alpn_select callbacks to run after ciphersuite selection as well -- at
least one application protocol specification (HTTP/2) imposes restrictions
on which ciphersuites are usable with that protocol.  Since it is generally
more preferrable to have a successful TLS connection with a default application
protocol than to fail the TLS connection and not be able to have the preferred
application protocol, it is good to give the alpn_select callback information
about the ciphersuite to be used, so that appropriate restrctions can be
enforced in application code.

Accordingly, split the ALPN handling out into a separate tls_handl_alpn()
function akin to tls_handle_status_request(), called from
tls_post_process_client_hello().  This is an alternative to resuscitating
ssl_check_clienthello_tlsext_late(), something of an awkwward name itself.
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4070)
      5626f634
    • R
      Revert "Add some casts for %j" · 12997aa9
      Rich Salz 提交于 
      This reverts commit c4d2e483.
Reviewed-by: NBen Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4160)
      12997aa9
    • P
      Use new setup_tests in code of rsa_test · b158049c
      Paul Yang 提交于 
      Although this piece of code will not be compiled at current stage, but
there seems a plan to re-open the 'no-rsa' option in the future so this
should be fixed.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4161)
      b158049c