Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
大约 1 年 前同步成功

通知 9
Star 18
Fork 1
T
Third Party Openssl

体验新版 GitCode,发现更多精彩内容 >>

切换分支/标签
  1. 15 11月, 2013 1 次提交
    • D
      Constify. · 0f7fa1b1
      Dr. Stephen Henson 提交于 
      (cherry picked from commit 1abfa78a8ba714f7e47bd674db53dbe303cd1ce7)
      0f7fa1b1
  3. 14 11月, 2013 5 次提交
    • P
      Fix compilation with no-nextprotoneg. · 2911575c
      Piotr Sikora 提交于 
      PR#3106
      2911575c
    • D
      Flag to disable automatic copying of contexts. · afa23c46
      Dr. Stephen Henson 提交于 
      Some functions such as EVP_VerifyFinal only finalise a copy of the passed
context in case an application wants to digest more data. Doing this when
it is not needed is inefficient and many applications don't require it.

For compatibility the default is to still finalise a copy unless the
flag EVP_MD_CTX_FLAG_FINALISE is set in which case the passed
context is finalised an *no* further data can be digested after
finalisation.
      afa23c46
    • D
      Allow match selecting of current certificate. · 629b640b
      Dr. Stephen Henson 提交于 
      If pointer comparison for current certificate fails check
to see if a match using X509_cmp succeeds for the current
certificate: this is useful for cases where the certificate
pointer is not available.
      629b640b
    • R
      Additional "chain_cert" functions. · 7b6b246f
      Rob Stradling 提交于 
      PR#3169

This patch, which currently applies successfully against master and
1_0_2, adds the following functions:

SSL_[CTX_]select_current_cert() - set the current certificate without
disturbing the existing structure.

SSL_[CTX_]get0_chain_certs() - get the current certificate's chain.

SSL_[CTX_]clear_chain_certs() - clear the current certificate's chain.

The patch also adds these functions to, and fixes some existing errors
in, SSL_CTX_add1_chain_cert.pod.
      7b6b246f
    • K
      Delete duplicate entry. · 44314cf6
      Krzysztof Kwiatkowski 提交于 
      PR#3172
      44314cf6
  5. 13 11月, 2013 4 次提交
  7. 12 11月, 2013 3 次提交
  9. 11 11月, 2013 2 次提交
  11. 09 11月, 2013 7 次提交
  13. 07 11月, 2013 1 次提交
    • D
      Experimental workaround TLS filler (WTF) extension. · 0467ea68
      Dr. Stephen Henson 提交于 
      Based on a suggested workaround for the "TLS hang bug" (see FAQ and PR#2771):
if the TLS Client Hello record length value would otherwise be > 255 and less
that 512 pad with a dummy extension containing zeroes so it is at least 512.

To enable it use an unused extension number (for example 0x4242) using
e.g. -DTLSEXT_TYPE_wtf=0x4242

WARNING: EXPERIMENTAL, SUBJECT TO CHANGE.
      0467ea68
  15. 06 11月, 2013 3 次提交
  17. 04 11月, 2013 1 次提交
  19. 02 11月, 2013 7 次提交
    • D
      Add brainpool curves to trace output. · d519f083
      Dr. Stephen Henson 提交于 
      (cherry picked from commit bd80d0229c9a154f569b046365bc85d76b59cfc5)
      d519f083
    • R
      DTLS/SCTP struct authchunks Bug · b8140811
      Robin Seggelmann 提交于 
      PR: 2809

DTLS/SCTP requires DATA and FORWARD-TSN chunks to be protected with
SCTP-AUTH.  It is checked if this has been activated successfully for
the local and remote peer. Due to a bug, however, the
gauth_number_of_chunks field of the authchunks struct is missing on
FreeBSD, and was therefore not considered in the OpenSSL implementation.
This patch sets the corresponding pointer for the check correctly
whether or not this bug is present.
(cherry picked from commit f596e3c491035fe80db5fc0c3ff6b647662b0003)
      b8140811
    • R
      DTLS/SCTP Finished Auth Bug · b9ef52b0
      Robin Seggelmann 提交于 
      PR: 2808

With DTLS/SCTP the SCTP extension SCTP-AUTH is used to protect DATA and
FORWARD-TSN chunks. The key for this extension is derived from the
master secret and changed with the next ChangeCipherSpec, whenever a new
key has been negotiated. The following Finished then already uses the
new key.  Unfortunately, the ChangeCipherSpec and Finished are part of
the same flight as the ClientKeyExchange, which is necessary for the
computation of the new secret. Hence, these messages are sent
immediately following each other, leaving the server very little time to
compute the new secret and pass it to SCTP before the finished arrives.
So the Finished is likely to be discarded by SCTP and a retransmission
becomes necessary. To prevent this issue, the Finished of the client is
still sent with the old key.
(cherry picked from commit 9fb523adce6fd6015b68da2ca8e4ac4900ac2be2)
      b9ef52b0
    • P
      Fix SSL_OP_SINGLE_ECDH_USE · 29b490a4
      Piotr Sikora 提交于 
      Don't require a public key in tls1_set_ec_id if compression status is
not needed. This fixes a bug where SSL_OP_SINGLE_ECDH_USE wouldn't work.
(cherry picked from commit 5ff68e8f6dac3b0d8997b8bc379f9111c2bab74f)
      29b490a4
    • D
      Add -ecdh_single option. · a9bc1af9
      Dr. Stephen Henson 提交于 
      Add -ecdh_single option to set SSL_OP_SINGLE_ECDH_USE on the command line.
(cherry picked from commit f14a4a861d2d221ed565a75441a218f85b8db530)
      a9bc1af9
    • D
      Fix warning. · 96e16bdd
      Dr. Stephen Henson 提交于
      96e16bdd
    • D
      Fix warning. · 3f9b187b
      Dr. Stephen Henson 提交于
      3f9b187b
  21. 01 11月, 2013 1 次提交
  23. 31 10月, 2013 4 次提交
  25. 29 10月, 2013 1 次提交