- 19 11月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 18 11月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 15 11月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
(cherry picked from commit 1abfa78a8ba714f7e47bd674db53dbe303cd1ce7)
-
- 14 11月, 2013 5 次提交
-
-
由 Piotr Sikora 提交于
PR#3106
-
由 Dr. Stephen Henson 提交于
Some functions such as EVP_VerifyFinal only finalise a copy of the passed context in case an application wants to digest more data. Doing this when it is not needed is inefficient and many applications don't require it. For compatibility the default is to still finalise a copy unless the flag EVP_MD_CTX_FLAG_FINALISE is set in which case the passed context is finalised an *no* further data can be digested after finalisation.
-
由 Dr. Stephen Henson 提交于
If pointer comparison for current certificate fails check to see if a match using X509_cmp succeeds for the current certificate: this is useful for cases where the certificate pointer is not available.
-
由 Rob Stradling 提交于
PR#3169 This patch, which currently applies successfully against master and 1_0_2, adds the following functions: SSL_[CTX_]select_current_cert() - set the current certificate without disturbing the existing structure. SSL_[CTX_]get0_chain_certs() - get the current certificate's chain. SSL_[CTX_]clear_chain_certs() - clear the current certificate's chain. The patch also adds these functions to, and fixes some existing errors in, SSL_CTX_add1_chain_cert.pod.
-
由 Krzysztof Kwiatkowski 提交于
PR#3172
-
- 13 11月, 2013 4 次提交
-
-
由 Andy Polyakov 提交于
Submitted by: Marcelo Cerri
-
由 Andy Polyakov 提交于
PR: 3165 Submitted by: Daniel Richard G.
-
由 Andy Polyakov 提交于
-
由 Andy Polyakov 提交于
PR: 3165
-
- 12 11月, 2013 3 次提交
-
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
If the oid parameter is set to NULL in X509_add1_trust_object create an empty list of trusted purposes corresponding to "no purpose" if trust is checked.
-
由 Dr. Stephen Henson 提交于
-
- 11 11月, 2013 2 次提交
-
-
由 Andy Polyakov 提交于
-
由 Dr. Stephen Henson 提交于
-
- 09 11月, 2013 7 次提交
-
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
Add function to retrieve the signature from a CMS_SignerInfo structure: applications can then read or modify it.
-
由 Dr. Stephen Henson 提交于
-
由 Andy Polyakov 提交于
PR: 3165
-
由 Andy Polyakov 提交于
Original definition depended on __LONG_MAX__ that is not guaranteed to be present. As we don't support platforms with int narrower that 32 bits it's appropriate to make defition inconditional. PR: 3165
-
由 Andy Polyakov 提交于
PR: 3165
-
- 07 11月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Based on a suggested workaround for the "TLS hang bug" (see FAQ and PR#2771): if the TLS Client Hello record length value would otherwise be > 255 and less that 512 pad with a dummy extension containing zeroes so it is at least 512. To enable it use an unused extension number (for example 0x4242) using e.g. -DTLSEXT_TYPE_wtf=0x4242 WARNING: EXPERIMENTAL, SUBJECT TO CHANGE.
-
- 06 11月, 2013 3 次提交
-
-
由 Dr. Stephen Henson 提交于
Enable PSK ciphersuites with AES or DES3 in FIPS mode.
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
(cherry picked from commit a4947e4e064d2d5bb622ac64cf13edc4a46ed196)
-
- 04 11月, 2013 1 次提交
-
-
由 Ben Laurie 提交于
<christian@python.org>.
-
- 02 11月, 2013 7 次提交
-
-
由 Dr. Stephen Henson 提交于
(cherry picked from commit bd80d0229c9a154f569b046365bc85d76b59cfc5)
-
由 Robin Seggelmann 提交于
PR: 2809 DTLS/SCTP requires DATA and FORWARD-TSN chunks to be protected with SCTP-AUTH. It is checked if this has been activated successfully for the local and remote peer. Due to a bug, however, the gauth_number_of_chunks field of the authchunks struct is missing on FreeBSD, and was therefore not considered in the OpenSSL implementation. This patch sets the corresponding pointer for the check correctly whether or not this bug is present. (cherry picked from commit f596e3c491035fe80db5fc0c3ff6b647662b0003)
-
由 Robin Seggelmann 提交于
PR: 2808 With DTLS/SCTP the SCTP extension SCTP-AUTH is used to protect DATA and FORWARD-TSN chunks. The key for this extension is derived from the master secret and changed with the next ChangeCipherSpec, whenever a new key has been negotiated. The following Finished then already uses the new key. Unfortunately, the ChangeCipherSpec and Finished are part of the same flight as the ClientKeyExchange, which is necessary for the computation of the new secret. Hence, these messages are sent immediately following each other, leaving the server very little time to compute the new secret and pass it to SCTP before the finished arrives. So the Finished is likely to be discarded by SCTP and a retransmission becomes necessary. To prevent this issue, the Finished of the client is still sent with the old key. (cherry picked from commit 9fb523adce6fd6015b68da2ca8e4ac4900ac2be2)
-
由 Piotr Sikora 提交于
Don't require a public key in tls1_set_ec_id if compression status is not needed. This fixes a bug where SSL_OP_SINGLE_ECDH_USE wouldn't work. (cherry picked from commit 5ff68e8f6dac3b0d8997b8bc379f9111c2bab74f)
-
由 Dr. Stephen Henson 提交于
Add -ecdh_single option to set SSL_OP_SINGLE_ECDH_USE on the command line. (cherry picked from commit f14a4a861d2d221ed565a75441a218f85b8db530)
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
-
- 01 11月, 2013 1 次提交
-
-
由 Andy Polyakov 提交于
Submitted by: Marcelo Cerri
-
- 31 10月, 2013 3 次提交
-
-
由 Andy Polyakov 提交于
-
由 Andy Polyakov 提交于
Submitted by: Marcelo Cerri
-
由 Andy Polyakov 提交于
sha/asm/sha512-ppc.pl: add little-endian support. Submitted by: Marcelo Cerri
-