- 17 4月, 2015 1 次提交
-
-
由 Viktor Dukhovni 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 25 3月, 2015 1 次提交
-
-
由 Rich Salz 提交于
This commit handles BIO_ACCEPT_free BIO_CB_FREE BIO_CONNECT_free BIO_free BIO_free_all BIO_vfree Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 23 3月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
Ensure that all functions have their return values checked where appropriate. This covers all functions defined and called from within libssl. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 15 3月, 2015 1 次提交
-
-
由 Kurt Roeckx 提交于
It created the cert structure in SSL_CTX or SSL if it was NULL, but they can never be NULL as the comments already said. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
- 29 1月, 2015 1 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 22 1月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 11 12月, 2014 1 次提交
-
-
由 Jonas Maebe 提交于
serverinfo_process_buffer: check result of realloc(ctx->cert->key->serverinfo) and don't leak memory if it fails Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 29 8月, 2014 5 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Dr. Stephen Henson 提交于
Instead of SSL_CTX_set_custom_cli_ext and SSL_CTX_set_custom_srv_ext use SSL_CTX_add_client_custom_ext and SSL_CTX_add_server_custom_ext. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Dr. Stephen Henson 提交于
Support separate parse and add callback arguments. Add new callback so an application can free extension data. Change return value for send functions so < 0 is an error 0 omits extension and > 0 includes it. This is more consistent with the behaviour of other functions in OpenSSL. Modify parse_cb handling so <= 0 is an error. Make SSL_CTX_set_custom_cli_ext and SSL_CTX_set_custom_cli_ext argument order consistent. NOTE: these changes WILL break existing code. Remove (now inaccurate) in line documentation. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Dr. Stephen Henson 提交于
Use "parse" and "add" for function and callback names instead of "first" and "second". Change arguments to callback so the extension type is unsigned int and the buffer length is size_t. Note: this *will* break existing code. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Dr. Stephen Henson 提交于
Since sanity checks are performed for all custom extensions the serverinfo checks are no longer needed. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 09 8月, 2014 1 次提交
-
-
由 Viktor Szakats 提交于
The "unsigned char *d" should be const. Reviewed-by: NKurt Roeckx <kurt@roeckx.be>
-
- 28 3月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Security callback: selects which parameters are permitted including sensible defaults based on bits of security. The "parameters" which can be selected include: ciphersuites, curves, key sizes, certificate signature algorithms, supported signature algorithms, DH parameters, SSL/TLS version, session tickets and compression. In some cases prohibiting the use of a parameters will mean they are not advertised to the peer: for example cipher suites and ECC curves. In other cases it will abort the handshake: e.g DH parameters or the peer key size. Documentation to follow...
-
- 06 2月, 2014 3 次提交
-
-
由 Ben Laurie 提交于
-
由 Scott Deboy 提交于
Whitespace fixes
-
由 Scott Deboy 提交于
If multiple TLS extensions are expected but not received, the TLS extension and supplemental data 'generate' callbacks are the only chance for the receive-side to trigger a specific TLS alert during the handshake. Removed logic which no-op'd TLS extension generate callbacks (as the generate callbacks need to always be called in order to trigger alerts), and updated the serverinfo-specific custom TLS extension callbacks to track which custom TLS extensions were received by the client, where no-ops for 'generate' callbacks are appropriate.
-
- 04 1月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Fix a limitation in SSL_CTX_use_certificate_chain_file(): use algorithm specific chains instead of the shared chain. Update docs.
-
- 25 9月, 2013 1 次提交
-
-
由 Ben Laurie 提交于
Conflicts: apps/s_server.c
-
- 17 9月, 2013 1 次提交
-
-
由 Trevor Perrin 提交于
-
- 14 9月, 2013 2 次提交
-
-
由 Trevor Perrin 提交于
-
由 Trevor Perrin 提交于
-
- 06 9月, 2013 1 次提交
-
-
由 Scott Deboy 提交于
Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions) Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API Tests exercising the new supplemental data registration and callback api can be found in ssltest.c. Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
-
- 31 7月, 2013 1 次提交
-
-
由 Trevor Perrin 提交于
Force no SSL2 when custom extensions in use. Don't clear extension state when cert is set. Clear on renegotiate.
-
- 28 6月, 2013 1 次提交
-
-
由 Trevor 提交于
-
- 18 6月, 2013 1 次提交
-
-
由 Trevor 提交于
serverinfo rejects non-empty extensions. Omit extension if no relevant serverinfo data. Improve error-handling in serverinfo callback. Cosmetic cleanups. s_client documentation. s_server documentation. SSL_CTX_serverinfo documentation. Cleaup -1 and NULL callback handling for custom extensions, add tests. Cleanup ssl_rsa.c serverinfo code. Whitespace cleanup. Improve comments in ssl.h for serverinfo. Whitespace. Cosmetic cleanup. Reject non-zero-len serverinfo extensions. Whitespace. Make it build.
-
- 13 6月, 2013 1 次提交
-
-
由 Trevor 提交于
Contributed by Trevor Perrin.
-
- 07 6月, 2012 1 次提交
-
-
由 Ben Laurie 提交于
-
- 30 5月, 2012 1 次提交
-
-
由 Ben Laurie 提交于
-
- 17 1月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
The cipher definitions of these ciphersuites have been around since SSLeay but were always disabled. Now OpenSSL supports DH certificates they can be finally enabled. Various additional changes were needed to make them work properly: many unused fixed DH sections of code were untested.
-
- 13 9月, 2009 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: steve@openssl.org Allow use of trusted certificates in SSL_CTX_use_chain_file()
-
- 26 5月, 2008 1 次提交
-
-
由 Lutz Jänicke 提交于
about "overcommenting".
-
- 23 5月, 2008 1 次提交
-
-
由 Lutz Jänicke 提交于
PR: 1417, 1513 Submitted by: Erik de Castro Lopo <mle+openssl@mega-nerd.com>
-
- 09 4月, 2005 1 次提交
-
-
由 Nils Larsch 提交于
and SSL_use_PrivateKey_file() PR: 1035 Submitted by: Walter Goulet Reviewed by: Nils Larsch
-
- 08 4月, 2005 1 次提交
-
-
由 Nils Larsch 提交于
Reviewed by: Bodo Moeller
-
- 02 4月, 2005 1 次提交
-
-
由 Nils Larsch 提交于
PR: 860
-
- 16 3月, 2004 1 次提交
-
-
由 Richard Levitte 提交于
functions and macros. This change has associated tags: LEVITTE_before_const and LEVITTE_after_const. Those will be removed when this change has been properly reviewed.
-
- 12 8月, 2003 1 次提交
-
-
由 Bodo Möller 提交于
-
- 10 7月, 2002 1 次提交
-
-
由 Lutz Jänicke 提交于
des_old.h redefines crypt: #define crypt(b,s)\ DES_crypt((b),(s)) This scheme leads to failure, if header files with the OS's true definition of crypt() are processed _after_ des_old.h was processed. This is e.g. the case on HP-UX with unistd.h. As evp.h now again includes des.h (which includes des_old.h), this problem only came up after this modification. Solution: move header files (indirectly) including e_os.h before the header files (indirectly) including evp.h. Submitted by: Reviewed by: PR:
-
- 28 2月, 2002 1 次提交
-
-
由 Bodo Möller 提交于
-