1. 27 1月, 2016 1 次提交
    • R
      Remove /* foo.c */ comments · 34980760
      Rich Salz 提交于
      This was done by the following
              find . -name '*.[ch]' | /tmp/pl
      where /tmp/pl is the following three-line script:
              print unless $. == 1 && m@/\* .*\.[ch] \*/@;
              close ARGV if eof; # Close file to reset $.
      
      And then some hand-editing of other files.
      Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
      34980760
  2. 15 12月, 2015 1 次提交
    • M
      Fix s_server problem with no-ec · 8caab744
      Matt Caswell 提交于
      s_server was trying to set the ECDH curve when no-ec was defined. This also
      highlighted the fact that the -no_ecdhe option to s_server is broken, and
      doesn't make any sense any more (ECDHE is on by default and the only way it
      can be disabled is through the cipherstring). Therefore this commit removes
      the option.
      Reviewed-by: NKurt Roeckx <kurt@openssl.org>
      8caab744
  3. 09 10月, 2015 1 次提交
  4. 06 5月, 2015 1 次提交
  5. 29 4月, 2015 1 次提交
  6. 25 4月, 2015 1 次提交
    • R
      Big apps cleanup (option-parsing, etc) · 7e1b7485
      Rich Salz 提交于
      This is merges the old "rsalz-monolith" branch over to master.  The biggest
      change is that option parsing switch from cascasding 'else if strcmp("-foo")'
      to a utility routine and somethin akin to getopt.  Also, an error in the
      command line no longer prints the full summary; use -help (or --help :)
      for that.  There have been many other changes and code-cleanup, see
      bullet list below.
      
      Special thanks to Matt for the long and detailed code review.
      
      TEMPORARY:
              For now, comment out CRYPTO_mem_leaks() at end of main
      
      Tickets closed:
              RT3515: Use 3DES in pkcs12 if built with no-rc2
              RT1766: s_client -reconnect and -starttls broke
              RT2932: Catch write errors
              RT2604: port should be 'unsigned short'
              RT2983: total_bytes undeclared #ifdef RENEG
              RT1523: Add -nocert to fix output in x509 app
              RT3508: Remove unused variable introduced by b09eb246
              RT3511: doc fix; req default serial is random
              RT1325,2973: Add more extensions to c_rehash
              RT2119,3407: Updated to dgst.pod
              RT2379: Additional typo fix
              RT2693: Extra include of string.h
              RT2880: HFS is case-insensitive filenames
              RT3246: req command prints version number wrong
      
      Other changes; incompatibilities marked with *:
              Add SCSV support
              Add -misalign to speed command
              Make dhparam, dsaparam, ecparam, x509 output C in proper style
              Make some internal ocsp.c functions void
              Only display cert usages with -help in verify
              Use global bio_err, remove "BIO*err" parameter from functions
              For filenames, - always means stdin (or stdout as appropriate)
              Add aliases for -des/aes "wrap" ciphers.
              *Remove support for IISSGC (server gated crypto)
              *The undocumented OCSP -header flag is now "-header name=value"
              *Documented the OCSP -header flag
      Reviewed-by: NMatt Caswell <matt@openssl.org>
      7e1b7485
  7. 22 1月, 2015 2 次提交
  8. 13 1月, 2015 1 次提交
  9. 09 5月, 2014 1 次提交
    • G
      s_client/s_server: support unix domain sockets · a9351320
      Geoff Thorpe 提交于
      The "-unix <path>" argument allows s_server and s_client to use a unix
      domain socket in the filesystem instead of IPv4 ("-connect", "-port",
      "-accept", etc). If s_server exits gracefully, such as when "-naccept"
      is used and the requested number of SSL/TLS connections have occurred,
      then the domain socket file is removed. On ctrl-C, it is likely that
      the stale socket file will be left over, such that s_server would
      normally fail to restart with the same arguments. For this reason,
      s_server also supports an "-unlink" option, which will clean up any
      stale socket file before starting.
      
      If you have any reason to want encrypted IPC within an O/S instance,
      this concept might come in handy. Otherwise it just demonstrates that
      there is nothing about SSL/TLS that limits it to TCP/IP in any way.
      
      (There might also be benchmarking and profiling use in this path, as
      unix domain sockets are much lower overhead than connecting over local
      IP addresses).
      Signed-off-by: NGeoff Thorpe <geoff@openssl.org>
      a9351320
  10. 26 4月, 2014 1 次提交
  11. 28 3月, 2014 1 次提交
  12. 06 9月, 2013 1 次提交
    • S
      Add callbacks supporting generation and retrieval of supplemental data... · 36086186
      Scott Deboy 提交于
      Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions)
      Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API
      Tests exercising the new supplemental data registration and callback api can be found in ssltest.c.
      Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
      36086186
  13. 26 3月, 2013 1 次提交
    • D
      Provisional DTLS 1.2 support. · c3b344e3
      Dr. Stephen Henson 提交于
      Add correct flags for DTLS 1.2, update s_server and s_client to handle
      DTLS 1.2 methods.
      
      Currently no support for version negotiation: i.e. if client/server selects
      DTLS 1.2 it is that or nothing.
      c3b344e3
  14. 30 12月, 2012 1 次提交
  15. 07 12月, 2012 2 次提交
  16. 03 12月, 2012 1 次提交
  17. 24 11月, 2012 1 次提交
  18. 22 11月, 2012 2 次提交
  19. 18 11月, 2012 1 次提交
  20. 17 11月, 2012 1 次提交
  21. 08 10月, 2012 1 次提交
  22. 13 9月, 2012 1 次提交
  23. 08 9月, 2012 1 次提交
  24. 24 7月, 2012 1 次提交
    • D
      Add support for certificate stores in CERT structure. This makes it · 74ecfab4
      Dr. Stephen Henson 提交于
      possible to have different stores per SSL structure or one store in
      the parent SSL_CTX. Include distint stores for certificate chain
      verification and chain building. New ctrl SSL_CTRL_BUILD_CERT_CHAIN
      to build and store a certificate chain in CERT structure: returing
      an error if the chain cannot be built: this will allow applications
      to test if a chain is correctly configured.
      
      Note: if the CERT based stores are not set then the parent SSL_CTX
      store is used to retain compatibility with existing behaviour.
      74ecfab4
  25. 08 7月, 2012 1 次提交
    • D
      Add new ctrl to retrieve client certificate types, print out · 9f27b1ee
      Dr. Stephen Henson 提交于
      details in s_client.
      
      Also add ctrl to set client certificate types. If not used sensible values
      will be included based on supported signature algorithms: for example if
      we don't include any DSA signing algorithms the DSA certificate type is
      omitted.
      
      Fix restriction in old code where certificate types would be truncated
      if it exceeded TLS_CT_NUMBER.
      9f27b1ee
  26. 29 6月, 2012 1 次提交
    • D
      Add certificate callback. If set this is called whenever a certificate · 18d71588
      Dr. Stephen Henson 提交于
      is required by client or server. An application can decide which
      certificate chain to present based on arbitrary criteria: for example
      supported signature algorithms. Add very simple example to s_server.
      This fixes many of the problems and restrictions of the existing client
      certificate callback: for example you can now clear existing certificates
      and specify the whole chain.
      18d71588
  27. 25 6月, 2012 1 次提交
  28. 30 5月, 2012 1 次提交
  29. 12 4月, 2012 1 次提交
  30. 06 3月, 2012 1 次提交
  31. 05 9月, 2009 1 次提交
    • D
      PR: 2028 · 07a9d1a2
      Dr. Stephen Henson 提交于
      Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
      Approved by: steve@openssl.org
      
      Fix DTLS cookie management bugs.
      07a9d1a2
  32. 22 12月, 2008 1 次提交
  33. 13 11月, 2008 1 次提交
  34. 12 11月, 2008 1 次提交
  35. 01 11月, 2008 1 次提交
  36. 12 8月, 2007 1 次提交
  37. 27 4月, 2005 1 次提交