- 26 4月, 2014 1 次提交
-
-
由 Geoff Thorpe 提交于
-
- 23 4月, 2014 1 次提交
-
-
由 Ben Laurie 提交于
-
- 21 4月, 2014 1 次提交
-
-
由 Kaspar Brand 提交于
Fix typo that stopped SSL_CTX_get_{first,next}_certificate from working.
-
- 08 4月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for preparing the fix (CVE-2014-0160) (cherry picked from commit 96db9023b881d7cd9f379b0c154650d6c108e9a3)
-
- 06 4月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Enable TLS padding extension using official value from: http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
-
- 05 4月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 28 3月, 2014 8 次提交
-
-
由 Dr. Stephen Henson 提交于
Allow setting of security level in cipher string using the @SECLEVEL=N syntax.
-
由 Dr. Stephen Henson 提交于
Since ssltest needs to test low security ciphersuites and keys set security level to zero so they aren't rejected.
-
由 Dr. Stephen Henson 提交于
Security callback: selects which parameters are permitted including sensible defaults based on bits of security. The "parameters" which can be selected include: ciphersuites, curves, key sizes, certificate signature algorithms, supported signature algorithms, DH parameters, SSL/TLS version, session tickets and compression. In some cases prohibiting the use of a parameters will mean they are not advertised to the peer: for example cipher suites and ECC curves. In other cases it will abort the handshake: e.g DH parameters or the peer key size. Documentation to follow...
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
New function ssl_cipher_disabled. Check for disabled client ciphers using ssl_cipher_disabled. New function to return only supported ciphers. New option to ciphers utility to print only supported ciphers.
-
由 Dr. Stephen Henson 提交于
Add auto DH parameter support. This is roughly equivalent to the ECDH auto curve selection but for DH. An application can just call SSL_CTX_set_auto_dh(ctx, 1); and appropriate DH parameters will be used based on the size of the server key. Unlike ECDH there is no way a peer can indicate the range of DH parameters it supports. Some peers cannot handle DH keys larger that 1024 bits for example. In this case if you call: SSL_CTX_set_auto_dh(ctx, 2); Only 1024 bit DH parameters will be used. If the server key is 7680 bits or more in size then 8192 bit DH parameters will be used: these will be *very* slow. The old export ciphersuites aren't supported but those are very insecure anyway.
-
由 Dr. Stephen Henson 提交于
(cherry picked from commit bc5ec653ba65fedb1619c8182088497de8a97a70)
-
由 Dr. Stephen Henson 提交于
(cherry picked from commit 1f44dac24d1cb752b1a06be9091bb03a88a8598e)
-
- 27 3月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Don't clear verification errors from the error queue unless SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR is set. If errors occur during verification and SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR is set return 2 so applications can issue warnings. (cherry picked from commit 2dd6976f6d02f98b30c376951ac38f780a86b3b5)
-
- 24 3月, 2014 1 次提交
-
-
由 Emilia Kasper 提交于
-
- 19 3月, 2014 1 次提交
-
-
由 Piotr Sikora 提交于
-
- 10 3月, 2014 2 次提交
-
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
-
- 06 3月, 2014 1 次提交
-
-
由 Andy Polyakov 提交于
Submitted by: Roumen Petrov
-
- 02 3月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Although the memory allocated by compression methods is fixed and cannot grow over time it can cause warnings in some leak checking tools. The function SSL_COMP_free_compression_methods() will free and zero the list of supported compression methods. This should *only* be called in a single threaded context when an application is shutting down to avoid interfering with existing contexts attempting to look up compression methods. (cherry picked from commit 976c58302b13d085edb3ab822f5eac4b2f1bff95)
-
- 26 2月, 2014 2 次提交
-
-
由 Dr. Stephen Henson 提交于
(cherry picked from commit 3eddd1706a30cdf3dc9278692d8ee9038eac8a0d)
-
由 Andy Polyakov 提交于
PR: 3201
-
- 25 2月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
(cherry picked from commit 3678161d717d0f46c5b5b052a6d6a33438b1df00)
-
- 23 2月, 2014 2 次提交
-
-
由 Dr. Stephen Henson 提交于
When setting the current certificate check that it has a corresponding private key.
-
由 Dr. Stephen Henson 提交于
New flags to build certificate chains. The can be used to rearrange the chain so all an application needs to do is add all certificates in arbitrary order and then build the chain to check and correct them. Add verify error code when building chain. Update docs.
-
- 22 2月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 21 2月, 2014 3 次提交
-
-
由 Dr. Stephen Henson 提交于
(cherry picked from commit b709f8ef54b1c9ad513878ba0213aa651a9acef8)
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
-
- 20 2月, 2014 2 次提交
-
-
由 Dr. Stephen Henson 提交于
-
由 Ben Laurie 提交于
-
- 19 2月, 2014 1 次提交
-
-
由 Rob Stradling 提交于
Add the extension parser in the s_client, ocsp and x509 apps.
-
- 16 2月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
The flag SSL_OP_MSIE_SSLV2_RSA_PADDING hasn't done anything since OpenSSL 0.9.7h but deleting it will break source compatibility with any software that references it. Restore it but #define to zero. (cherry picked from commit b17d6b8d1d49fa4732deff17cfd1833616af0d9c)
-
- 15 2月, 2014 2 次提交
-
-
由 Rob Stradling 提交于
Add the RFC6962 OIDs to the objects table.
-
由 Andy Polyakov 提交于
-
- 13 2月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
(cherry picked from commit a2317c3ffde3f1f73bd7fa3f08e420fb09043905)
-
- 06 2月, 2014 3 次提交
-
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
-
由 Ben Laurie 提交于
-