- 09 1月, 2014 2 次提交
-
-
由 Daniel Kahn Gillmor 提交于
other parts of packet tracing emit the standard "ECDHE" label instead of "EECDH". This change brings the output of ssl_print_client_keyex() and ssl_print_server_keyex() into accordance with the standard term.
-
由 Daniel Kahn Gillmor 提交于
The standard terminology in https://tools.ietf.org/html/rfc4492 is ECDHE. "openssl ciphers" outputs ECDHE. But users of the library currently cannot specify ECDHE, they must specify EECDH. This change allows users to specify the common term in cipher suite strings without breaking backward compatibility.
-
- 07 1月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
(cherry picked from commit 6b42ed4e7104898f4b5b69337589719913b36404)
-
- 04 1月, 2014 3 次提交
-
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
Fix a limitation in SSL_CTX_use_certificate_chain_file(): use algorithm specific chains instead of the shared chain. Update docs.
-
由 Andy Polyakov 提交于
-
- 02 1月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
When sending an invalid version number alert don't change the version number to the client version if a session is already established. Thanks to Marek Majkowski for additional analysis of this issue. PR#3191
-
- 30 12月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
(cherry picked from commit cfa86987a8d9d2b8cc5e5fea2d3260c46542cdb9)
-
- 21 12月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
For DTLS we might need to retransmit messages from the previous session so keep a copy of write context in DTLS retransmission buffers instead of replacing it after sending CCS. CVE-2013-6450. (cherry picked from commit 34628967f1e65dc8f34e000f0f5518e21afbfc7b)
-
- 18 12月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Partial mitigation of PR#3200 (cherry picked from commit 0294b2be5f4c11e60620c0018674ff0e17b14238)
-
- 13 12月, 2013 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Fix padding calculation for different SSL_METHOD types. Use the standard name as used in draft-agl-tls-padding-02
-
由 Dr. Stephen Henson 提交于
New functions to retrieve internal pointers to X509_VERIFY_PARAM for SSL_CTX and SSL structures. (cherry picked from commit be0c9270690ed9c1799900643cab91de146de857)
-
- 19 11月, 2013 2 次提交
-
-
由 Dr. Stephen Henson 提交于
New functions to retrieve current certificate or private key from an SSL_CTX. Constify SSL_get_private_key().
-
由 Dr. Stephen Henson 提交于
-
- 18 11月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 14 11月, 2013 4 次提交
-
-
由 Piotr Sikora 提交于
PR#3106
-
由 Dr. Stephen Henson 提交于
If pointer comparison for current certificate fails check to see if a match using X509_cmp succeeds for the current certificate: this is useful for cases where the certificate pointer is not available.
-
由 Rob Stradling 提交于
PR#3169 This patch, which currently applies successfully against master and 1_0_2, adds the following functions: SSL_[CTX_]select_current_cert() - set the current certificate without disturbing the existing structure. SSL_[CTX_]get0_chain_certs() - get the current certificate's chain. SSL_[CTX_]clear_chain_certs() - clear the current certificate's chain. The patch also adds these functions to, and fixes some existing errors in, SSL_CTX_add1_chain_cert.pod.
-
由 Krzysztof Kwiatkowski 提交于
PR#3172
-
- 07 11月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Based on a suggested workaround for the "TLS hang bug" (see FAQ and PR#2771): if the TLS Client Hello record length value would otherwise be > 255 and less that 512 pad with a dummy extension containing zeroes so it is at least 512. To enable it use an unused extension number (for example 0x4242) using e.g. -DTLSEXT_TYPE_wtf=0x4242 WARNING: EXPERIMENTAL, SUBJECT TO CHANGE.
-
- 06 11月, 2013 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Enable PSK ciphersuites with AES or DES3 in FIPS mode.
-
由 Dr. Stephen Henson 提交于
-
- 02 11月, 2013 5 次提交
-
-
由 Dr. Stephen Henson 提交于
(cherry picked from commit bd80d0229c9a154f569b046365bc85d76b59cfc5)
-
由 Robin Seggelmann 提交于
PR: 2808 With DTLS/SCTP the SCTP extension SCTP-AUTH is used to protect DATA and FORWARD-TSN chunks. The key for this extension is derived from the master secret and changed with the next ChangeCipherSpec, whenever a new key has been negotiated. The following Finished then already uses the new key. Unfortunately, the ChangeCipherSpec and Finished are part of the same flight as the ClientKeyExchange, which is necessary for the computation of the new secret. Hence, these messages are sent immediately following each other, leaving the server very little time to compute the new secret and pass it to SCTP before the finished arrives. So the Finished is likely to be discarded by SCTP and a retransmission becomes necessary. To prevent this issue, the Finished of the client is still sent with the old key. (cherry picked from commit 9fb523adce6fd6015b68da2ca8e4ac4900ac2be2)
-
由 Piotr Sikora 提交于
Don't require a public key in tls1_set_ec_id if compression status is not needed. This fixes a bug where SSL_OP_SINGLE_ECDH_USE wouldn't work. (cherry picked from commit 5ff68e8f6dac3b0d8997b8bc379f9111c2bab74f)
-
由 Dr. Stephen Henson 提交于
Add -ecdh_single option to set SSL_OP_SINGLE_ECDH_USE on the command line. (cherry picked from commit f14a4a861d2d221ed565a75441a218f85b8db530)
-
由 Dr. Stephen Henson 提交于
-
- 22 10月, 2013 2 次提交
-
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
-
- 21 10月, 2013 7 次提交
-
-
由 Dr. Stephen Henson 提交于
-
由 Ben Laurie 提交于
-
由 Nick Mathewson 提交于
-
由 Nick Mathewson 提交于
Instead, send random bytes, unless SSL_SEND_{CLIENT,SERVER}RANDOM_MODE is set. This is a forward-port of commits: 4af793036f6ef4f0a1078e5d7155426a98d50e37 f4c93b46edb51da71f09eda99e83eaf193a33c08 3da721dac9382c48812c8eba455528fd59af2eef 2583270191a8b27eed303c03ece1da97b9b69fd3 While the gmt_unix_time record was added in an ostensible attempt to mitigate the dangers of a bad RNG, its presence leaks the host's view of the current time in the clear. This minor leak can help fingerprint TLS instances across networks and protocols... and what's worse, it's doubtful thet the gmt_unix_time record does any good at all for its intended purpose, since: * It's quite possible to open two TLS connections in one second. * If the PRNG output is prone to repeat itself, ephemeral handshakes (and who knows what else besides) are broken.
-
由 Dr. Stephen Henson 提交于
Extend SSL_CONF to return command value types. Add certificate and key options. Update documentation.
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
Removing RSA+MD5 from the default signature algorithm list prevents its use by default. If a broken implementation attempts to use RSA+MD5 anyway the sanity checking of signature algorithms will cause a fatal alert.
-
- 15 10月, 2013 2 次提交
-
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
-
- 09 10月, 2013 1 次提交
-
-
由 Andy Polyakov 提交于
-
- 25 9月, 2013 1 次提交
-
-
由 Ben Laurie 提交于
Conflicts: apps/s_server.c
-