- 11 9月, 2012 2 次提交
-
-
由 Dr. Stephen Henson 提交于
change the current certificate (in s->cert->key) to the one used and then SSL_get_certificate and SSL_get_privatekey will automatically work.
-
由 Ben Laurie 提交于
right response is stapled. Also change SSL_get_certificate() so it returns the certificate actually sent. See http://rt.openssl.org/Ticket/Display.html?id=2836.
-
- 31 8月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
perform sanity checks on server certificate type as soon as it is received instead of waiting until server key exchange
-
- 29 8月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
some invalid operations for testing purposes. Currently this can be used to sign using digests the peer doesn't support, EC curves the peer doesn't support and use certificates which don't match the type associated with a ciphersuite.
-
- 15 8月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 27 7月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
by a certificate chain. Add additional tests to handle client certificates: checks for matching certificate type and issuer name comparison. Print out results of checks for each candidate chain tested in s_server/s_client.
-
- 18 7月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
that are disabled for this session (as opposed to always disabled by configuration).
-
- 03 7月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 29 6月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
is required by client or server. An application can decide which certificate chain to present based on arbitrary criteria: for example supported signature algorithms. Add very simple example to s_server. This fixes many of the problems and restrictions of the existing client certificate callback: for example you can now clear existing certificates and specify the whole chain.
-
- 28 6月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
the certificate can be used for (if anything). Set valid_flags field in new tls1_check_chain function. Simplify ssl_set_cert_masks which used to have similar checks in it. Add new "cert_flags" field to CERT structure and include a "strict mode". This enforces some TLS certificate requirements (such as only permitting certificate signature algorithms contained in the supported algorithms extension) which some implementations ignore: this option should be used with caution as it could cause interoperability issues.
-
- 18 6月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 04 6月, 2012 1 次提交
-
-
由 Ben Laurie 提交于
-
- 30 5月, 2012 1 次提交
-
-
由 Ben Laurie 提交于
-
- 24 4月, 2012 2 次提交
-
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
-
- 05 4月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
enabled instead of requiring an application to hard code a (possibly inappropriate) parameter set and delve into EC internals we just automatically use the preferred curve.
-
- 28 3月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Tidy some code up. Don't allocate a structure to handle ECC extensions when it is used for default values. Make supported curves configurable. Add ctrls to retrieve shared curves: not fully integrated with rest of ECC code yet.
-
- 22 2月, 2012 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Move new structure fields to end of structures.
-
由 Dr. Stephen Henson 提交于
-
- 27 1月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
certificate chain instead of an X509 structure. This makes it easier to enhance code in future and the chain output functions have access to the CERT_PKEY structure being used.
-
- 17 1月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
The cipher definitions of these ciphersuites have been around since SSLeay but were always disabled. Now OpenSSL supports DH certificates they can be finally enabled. Various additional changes were needed to make them work properly: many unused fixed DH sections of code were untested.
-
- 05 1月, 2012 1 次提交
-
-
由 Bodo Möller 提交于
Submitted by: Brian Carlstrom
-
- 16 11月, 2011 2 次提交
-
-
由 Ben Laurie 提交于
-
由 Ben Laurie 提交于
-
- 10 10月, 2011 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 07 10月, 2011 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 27 9月, 2011 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 23 9月, 2011 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS bug which prevents manual MTU setting
-
- 05 9月, 2011 1 次提交
-
-
由 Bodo Möller 提交于
-
- 14 8月, 2011 1 次提交
-
-
由 Dr. Stephen Henson 提交于
using OBJ xref utilities instead of string comparison with OID name. This removes the arbitrary restriction on using SHA1 only with some ECC ciphersuites.
-
- 26 7月, 2011 1 次提交
-
-
由 Dr. Stephen Henson 提交于
prohibit use of these ciphersuites for TLS < 1.2
-
- 25 5月, 2011 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 20 5月, 2011 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 09 5月, 2011 1 次提交
-
-
由 Dr. Stephen Henson 提交于
algorithms extension (including everything we support). Swicth to new signature format where needed and relax ECC restrictions. Not TLS v1.2 client certifcate support yet but client will handle case where a certificate is requested and we don't have one.
-
- 06 5月, 2011 1 次提交
-
-
由 Dr. Stephen Henson 提交于
signature algorithms extension and correct signature format for server key exchange. All ciphersuites should now work on the server but no client support and no client certificate support yet.
-
- 30 4月, 2011 2 次提交
-
-
由 Dr. Stephen Henson 提交于
checking added, SHA256 PRF support added. At present only RSA key exchange ciphersuites work with TLS v1.2 as the new signature format is not yet implemented.
-
由 Dr. Stephen Henson 提交于
OPENSSL_NO_SSL_INTERN all ssl related structures are opaque and internals cannot be directly accessed. Many applications will need some modification to support this and most likely some additional functions added to OpenSSL. The advantage of this option is that any application supporting it will still be binary compatible if SSL structures change.
-
- 13 3月, 2011 1 次提交
-
-
由 Ben Laurie 提交于
-
- 17 2月, 2011 1 次提交
-
-
由 Dr. Stephen Henson 提交于
is picked up.
-
- 19 11月, 2010 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-