- 09 1月, 2014 6 次提交
-
-
由 Daniel Kahn Gillmor 提交于
other parts of packet tracing emit the standard "DHE" label instead of "edh". This change brings the output of ssl_print_client_keyex() and ssl_print_server_keyex() into accordance with the standard term.
-
由 Daniel Kahn Gillmor 提交于
The standard terminology in https://tools.ietf.org/html/rfc5426 is "DHE". "openssl ciphers" outputs "DHE" (for the most part). But users of the library currently cannot specify "DHE", they must currently specify "EDH". This change allows users to specify the common term in cipher suite strings without breaking backward compatibility.
-
由 Daniel Kahn Gillmor 提交于
ECDHE is the standard term used by the RFCs and by other TLS implementations. It's useful to have the internal variables use the standard terminology. This patch leaves a synonym SSL_kEECDH in place, though, so that older code can still be built against it, since that has been the traditional API. SSL_kEECDH should probably be deprecated at some point, though.
-
由 Daniel Kahn Gillmor 提交于
other parts of packet tracing emit the standard "ECDHE" label instead of "EECDH". This change brings the output of ssl_print_client_keyex() and ssl_print_server_keyex() into accordance with the standard term.
-
由 Daniel Kahn Gillmor 提交于
The standard terminology in https://tools.ietf.org/html/rfc4492 is ECDHE. "openssl ciphers" outputs ECDHE. But users of the library currently cannot specify ECDHE, they must specify EECDH. This change allows users to specify the common term in cipher suite strings without breaking backward compatibility.
-
由 Andy Polyakov 提交于
-
- 08 1月, 2014 2 次提交
-
-
由 Dr. Stephen Henson 提交于
-
由 Andy Polyakov 提交于
-
- 07 1月, 2014 4 次提交
-
-
由 Andy Polyakov 提交于
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
(cherry picked from commit 6b42ed4e7104898f4b5b69337589719913b36404)
-
由 Dr. Stephen Henson 提交于
-
- 05 1月, 2014 2 次提交
-
-
由 Andy Polyakov 提交于
(and shave off cycle even from integer-only code)
-
由 Andy Polyakov 提交于
(and update performance data, and fix typo)
-
- 04 1月, 2014 4 次提交
-
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
Fix a limitation in SSL_CTX_use_certificate_chain_file(): use algorithm specific chains instead of the shared chain. Update docs.
-
由 Andy Polyakov 提交于
-
由 Andy Polyakov 提交于
but keep it disabled, too little gain... Add some Atom-specific optimization.
-
- 02 1月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
When sending an invalid version number alert don't change the version number to the client version if a session is already established. Thanks to Marek Majkowski for additional analysis of this issue. PR#3191
-
- 30 12月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
(cherry picked from commit cfa86987a8d9d2b8cc5e5fea2d3260c46542cdb9)
-
- 28 12月, 2013 3 次提交
-
-
由 Andy Polyakov 提交于
PR: 3202
-
由 Andy Polyakov 提交于
-
由 Andy Polyakov 提交于
-
- 22 12月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
If content is detached and not binary mode translate the input to CRLF format. Before this change the input was verified verbatim which lead to a discrepancy between sign and verify.
-
- 21 12月, 2013 2 次提交
-
-
由 Dr. Stephen Henson 提交于
For DTLS we might need to retransmit messages from the previous session so keep a copy of write context in DTLS retransmission buffers instead of replacing it after sending CCS. CVE-2013-6450. (cherry picked from commit 34628967f1e65dc8f34e000f0f5518e21afbfc7b)
-
由 Dr. Stephen Henson 提交于
(cherry picked from commit a6c62f0c25a756c263a80ce52afbae888028e986)
-
- 19 12月, 2013 5 次提交
-
-
由 Andy Polyakov 提交于
(and ensure stack alignment in the process)
-
由 Andy Polyakov 提交于
It worked because it was never called.
-
由 Andy Polyakov 提交于
-
由 Andy Polyakov 提交于
SHA512_Transform was initially added rather as tribute to tradition than for practucal reasons. But use was recently found in ssl/s3_cbc.c and it turned to be problematic on platforms that don't tolerate misasligned references to memory and lack assembly subroutine.
-
由 Andy Polyakov 提交于
-
- 18 12月, 2013 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Partial mitigation of PR#3200 (cherry picked from commit 0294b2be5f4c11e60620c0018674ff0e17b14238)
-
由 Dr. Stephen Henson 提交于
-
- 13 12月, 2013 5 次提交
-
-
由 Dr. Stephen Henson 提交于
Move the IP, email and host checking fields from the public X509_VERIFY_PARAM structure into an opaque X509_VERIFY_PARAM_ID structure. By doing this the structure can be modified in future without risk of breaking any applications. (cherry picked from commit adc6bd73e3bd10ce6e76867482e8d137071298d7) Conflicts: crypto/x509/x509_vpm.c
-
由 Dr. Stephen Henson 提交于
Fix padding calculation for different SSL_METHOD types. Use the standard name as used in draft-agl-tls-padding-02
-
由 Dr. Stephen Henson 提交于
For consistency with other cases if we are performing partial chain verification with just one certificate notify the callback with ok==1. (cherry picked from commit 852553d9005e13aed7feb986a5d71cb885b994c7)
-
由 Dr. Stephen Henson 提交于
New functions to retrieve internal pointers to X509_VERIFY_PARAM for SSL_CTX and SSL structures. (cherry picked from commit be0c9270690ed9c1799900643cab91de146de857)
-
由 Dr. Stephen Henson 提交于
(cherry picked from commit 16898401bd47a153fbf799127ff57fdcfcbd324f)
-
- 10 12月, 2013 2 次提交
-
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
-