- 06 9月, 2013 6 次提交
-
-
由 Ben Laurie 提交于
-
由 Scott Deboy 提交于
Free generated supp data after handshake completion, add comment regarding use of num_renegotiations in TLS and supp data generation callbacks
-
由 Ben Laurie 提交于
-
由 Ben Laurie 提交于
-
由 Scott Deboy 提交于
Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions) Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API Tests exercising the new supplemental data registration and callback api can be found in ssltest.c. Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
-
-
- 18 8月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 22 7月, 2013 1 次提交
-
-
由 Adam Langley 提交于
This change adds support for ALPN[1] in OpenSSL. ALPN is the IETF blessed version of NPN and we'll be supporting both ALPN and NPN for some time yet. [1] https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-00 Conflicts: ssl/ssl3.h ssl/t1_lib.c
-
- 13 6月, 2013 1 次提交
-
-
由 Trevor 提交于
Contributed by Trevor Perrin.
-
- 09 4月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Add new methods DTLS_*_method() which support both DTLS 1.0 and DTLS 1.2 and pick the highest version the peer supports during negotiation. As with SSL/TLS options can change this behaviour specifically SSL_OP_NO_DTLSv1 and SSL_OP_NO_DTLSv1_2.
-
- 26 3月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Add correct flags for DTLS 1.2, update s_server and s_client to handle DTLS 1.2 methods. Currently no support for version negotiation: i.e. if client/server selects DTLS 1.2 it is that or nothing.
-
- 30 12月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 27 12月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 12 12月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 07 12月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Just a sample, real world applications would have to be cleverer.
-
- 06 12月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Add new verify options to set checks. Remove previous -check* commands from s_client and s_server.
-
- 03 12月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 26 11月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 24 11月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Add support for separate verify and chain stores in s_client.
-
- 22 11月, 2012 3 次提交
-
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
-
- 20 11月, 2012 3 次提交
-
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
-
- 19 11月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 18 11月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 17 11月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
to the SSL_CONF APIs. This is complicated a little because the SSL_CTX structure is not available when the command line is processed: so just check syntax of commands initially and store them, ready to apply later.
-
- 06 11月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 12 10月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 08 10月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
certificate. Add options to s_client, s_server and x509 utilities to print results of checks.
-
- 14 9月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
by client and send back to server. Also prints an abbreviated summary of the connection parameters.
-
- 13 9月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
New option -verify_quiet to shut up the verify callback unless there is an error.
-
- 11 9月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 10 9月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 29 8月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
some invalid operations for testing purposes. Currently this can be used to sign using digests the peer doesn't support, EC curves the peer doesn't support and use certificates which don't match the type associated with a ciphersuite.
-
- 15 8月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 24 7月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
possible to have different stores per SSL structure or one store in the parent SSL_CTX. Include distint stores for certificate chain verification and chain building. New ctrl SSL_CTRL_BUILD_CERT_CHAIN to build and store a certificate chain in CERT structure: returing an error if the chain cannot be built: this will allow applications to test if a chain is correctly configured. Note: if the CERT based stores are not set then the parent SSL_CTX store is used to retain compatibility with existing behaviour.
-
- 08 7月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
details in s_client. Also add ctrl to set client certificate types. If not used sensible values will be included based on supported signature algorithms: for example if we don't include any DSA signing algorithms the DSA certificate type is omitted. Fix restriction in old code where certificate types would be truncated if it exceeded TLS_CT_NUMBER.
-
- 04 7月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Always perform nexproto callback argument initialisation in s_server otherwise we use uninitialised data if -nocert is specified.
-