- 27 1月, 2016 1 次提交
-
-
由 Rich Salz 提交于
This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1 && m@/\* .*\.[ch] \*/@; close ARGV if eof; # Close file to reset $. And then some hand-editing of other files. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 15 12月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
s_server was trying to set the ECDH curve when no-ec was defined. This also highlighted the fact that the -no_ecdhe option to s_server is broken, and doesn't make any sense any more (ECDHE is on by default and the only way it can be disabled is through the cipherstring). Therefore this commit removes the option. Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
- 09 10月, 2015 1 次提交
-
-
由 Emilia Kasper 提交于
Note that this commit constifies a user callback parameter and therefore will break compilation for applications using this callback. But unless they are abusing write access to the buffer, the fix is trivial. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 06 5月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Just as with the OPENSSL_malloc calls, consistently use sizeof(*ptr) for memset and memcpy. Remove needless casts for those functions. For memset, replace alternative forms of zero with 0. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 29 4月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Many functions had a BIO* parameter, and it was always called with bio_err. Remove the param and just use bio_err. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 25 4月, 2015 1 次提交
-
-
由 Rich Salz 提交于
This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb246 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 22 1月, 2015 2 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 13 1月, 2015 1 次提交
-
-
由 Rich Salz 提交于
This last one for this ticket. Removes WIN16. So long, MS_CALLBACK and MS_FAR. We won't miss you. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 09 5月, 2014 1 次提交
-
-
由 Geoff Thorpe 提交于
The "-unix <path>" argument allows s_server and s_client to use a unix domain socket in the filesystem instead of IPv4 ("-connect", "-port", "-accept", etc). If s_server exits gracefully, such as when "-naccept" is used and the requested number of SSL/TLS connections have occurred, then the domain socket file is removed. On ctrl-C, it is likely that the stale socket file will be left over, such that s_server would normally fail to restart with the same arguments. For this reason, s_server also supports an "-unlink" option, which will clean up any stale socket file before starting. If you have any reason to want encrypted IPC within an O/S instance, this concept might come in handy. Otherwise it just demonstrates that there is nothing about SSL/TLS that limits it to TCP/IP in any way. (There might also be benchmarking and profiling use in this path, as unix domain sockets are much lower overhead than connecting over local IP addresses). Signed-off-by: NGeoff Thorpe <geoff@openssl.org>
-
- 26 4月, 2014 1 次提交
-
-
由 Geoff Thorpe 提交于
There are certainly many more constifiable strings in the various interfaces, which I hope to get to eventually. Signed-off-by: NGeoff Thorpe <geoff@openssl.org>
-
- 28 3月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Add a debugging security callback option to s_client/s_server. This will print out each security parameter as it is accepted or rejected.
-
- 06 9月, 2013 1 次提交
-
-
由 Scott Deboy 提交于
Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions) Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API Tests exercising the new supplemental data registration and callback api can be found in ssltest.c. Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
-
- 26 3月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Add correct flags for DTLS 1.2, update s_server and s_client to handle DTLS 1.2 methods. Currently no support for version negotiation: i.e. if client/server selects DTLS 1.2 it is that or nothing.
-
- 30 12月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 07 12月, 2012 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Just a sample, real world applications would have to be cleverer.
-
由 Dr. Stephen Henson 提交于
-
- 03 12月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 24 11月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Add support for separate verify and chain stores in s_client.
-
- 22 11月, 2012 2 次提交
-
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
-
- 18 11月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 17 11月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
to the SSL_CONF APIs. This is complicated a little because the SSL_CTX structure is not available when the command line is processed: so just check syntax of commands initially and store them, ready to apply later.
-
- 08 10月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
certificate. Add options to s_client, s_server and x509 utilities to print results of checks.
-
- 13 9月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
New option -verify_quiet to shut up the verify callback unless there is an error.
-
- 08 9月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
new ctrl to retrive value of received temporary key in server key exchange message, print out details in s_client
-
- 24 7月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
possible to have different stores per SSL structure or one store in the parent SSL_CTX. Include distint stores for certificate chain verification and chain building. New ctrl SSL_CTRL_BUILD_CERT_CHAIN to build and store a certificate chain in CERT structure: returing an error if the chain cannot be built: this will allow applications to test if a chain is correctly configured. Note: if the CERT based stores are not set then the parent SSL_CTX store is used to retain compatibility with existing behaviour.
-
- 08 7月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
details in s_client. Also add ctrl to set client certificate types. If not used sensible values will be included based on supported signature algorithms: for example if we don't include any DSA signing algorithms the DSA certificate type is omitted. Fix restriction in old code where certificate types would be truncated if it exceeded TLS_CT_NUMBER.
-
- 29 6月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
is required by client or server. An application can decide which certificate chain to present based on arbitrary criteria: for example supported signature algorithms. Add very simple example to s_server. This fixes many of the problems and restrictions of the existing client certificate callback: for example you can now clear existing certificates and specify the whole chain.
-
- 25 6月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Only store encoded versions of peer and configured signature algorithms. Determine shared signature algorithms and cache the result along with NID equivalents of each algorithm.
-
- 30 5月, 2012 1 次提交
-
-
由 Ben Laurie 提交于
-
- 12 4月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
s_server.
-
- 06 3月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
extensions to s_client and s_server to print out retrieved valued. Extend CERT structure to cache supported signature algorithm data.
-
- 05 9月, 2009 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org Fix DTLS cookie management bugs.
-
- 22 12月, 2008 1 次提交
-
-
http://cvs.openssl.org/chngview?cn=17710由 Andy Polyakov 提交于
to build the library without -D_CRT_NONSTDC_NO_DEPRECATE. This commit expands it even to apps catalog and actually omits the macro in question from Configure.
-
- 13 11月, 2008 1 次提交
-
-
由 Ben Laurie 提交于
-
- 12 11月, 2008 1 次提交
-
-
由 Geoff Thorpe 提交于
knock-on work than expected - they've been extracted into a patch series that can be completed elsewhere, or in a different branch, before merging back to HEAD.
-
- 01 11月, 2008 1 次提交
-
-
由 Ben Laurie 提交于
-
- 12 8月, 2007 1 次提交
-
-
由 Dr. Stephen Henson 提交于
for OpenSSL.
-
- 27 4月, 2005 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-