- 24 10月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 15 10月, 2014 1 次提交
-
-
由 Bodo Moeller 提交于
Reviewed-by: NStephen Henson <steve@openssl.org>
-
- 22 8月, 2014 1 次提交
-
-
由 Emilia Kasper 提交于
Use existing error code SSL_R_RECORD_TOO_SMALL for too many empty records. For ease of backporting the patch to release branches. Reviewed-by: NBodo Moeller <bodo@openssl.org>
-
- 07 8月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Check SRP parameters when they are received so we can send back an appropriate alert. Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
- 05 7月, 2014 1 次提交
-
-
由 Ben Laurie 提交于
-
- 04 7月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Remove RFC5878 code. It is no longer needed for CT and has numerous bugs
-
- 01 5月, 2014 1 次提交
-
-
由 Matt Caswell 提交于
-
- 28 3月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Security callback: selects which parameters are permitted including sensible defaults based on bits of security. The "parameters" which can be selected include: ciphersuites, curves, key sizes, certificate signature algorithms, supported signature algorithms, DH parameters, SSL/TLS version, session tickets and compression. In some cases prohibiting the use of a parameters will mean they are not advertised to the peer: for example cipher suites and ECC curves. In other cases it will abort the handshake: e.g DH parameters or the peer key size. Documentation to follow...
-
- 06 11月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 25 9月, 2013 1 次提交
-
-
由 Ben Laurie 提交于
Conflicts: apps/s_server.c
-
- 18 9月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 06 9月, 2013 1 次提交
-
-
由 Scott Deboy 提交于
Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions) Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API Tests exercising the new supplemental data registration and callback api can be found in ssltest.c. Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
-
- 14 6月, 2013 1 次提交
-
-
由 Adam Langley 提交于
in order to prevent ssl3_get_record from never returning. Reported by "oftc_must_be_destroyed" and George Kadianakis.
-
- 13 6月, 2013 1 次提交
-
-
由 Trevor 提交于
Contributed by Trevor Perrin.
-
- 14 4月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 09 4月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Check for Suite B support using method flags instead of version numbers: anything supporting TLS 1.2 cipher suites will also support Suite B. Return an error if an attempt to use DTLS 1.0 is made in Suite B mode.
-
- 02 12月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 17 11月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 31 8月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
perform sanity checks on server certificate type as soon as it is received instead of waiting until server key exchange
-
- 30 8月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 15 8月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 25 7月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 24 7月, 2012 2 次提交
-
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
possible to have different stores per SSL structure or one store in the parent SSL_CTX. Include distint stores for certificate chain verification and chain building. New ctrl SSL_CTRL_BUILD_CERT_CHAIN to build and store a certificate chain in CERT structure: returing an error if the chain cannot be built: this will allow applications to test if a chain is correctly configured. Note: if the CERT based stores are not set then the parent SSL_CTX store is used to retain compatibility with existing behaviour.
-
- 19 7月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 29 6月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
is required by client or server. An application can decide which certificate chain to present based on arbitrary criteria: for example supported signature algorithms. Add very simple example to s_server. This fixes many of the problems and restrictions of the existing client certificate callback: for example you can now clear existing certificates and specify the whole chain.
-
- 25 6月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Only store encoded versions of peer and configured signature algorithms. Determine shared signature algorithms and cache the result along with NID equivalents of each algorithm.
-
- 07 6月, 2012 1 次提交
-
-
由 Ben Laurie 提交于
-
- 30 5月, 2012 1 次提交
-
-
由 Ben Laurie 提交于
-
- 24 4月, 2012 3 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed by: steve Improved localisation of TLS extension handling and code tidy.
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
-
- 18 4月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 22 2月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Move new structure fields to end of structures.
-
- 10 2月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Fix encoding of use_srtp extension to be compliant with RFC5764
-
- 26 1月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
New function ssl_add_cert_chain which adds a certificate chain to SSL internal BUF_MEM. Use this function in ssl3_output_cert_chain and dtls1_output_cert_chain instead of partly duplicating code.
-
- 05 1月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 04 1月, 2012 2 次提交
-
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
-
- 01 1月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Support for TLS/DTLS heartbeats.
-