1. 27 4月, 2016 1 次提交
  2. 26 4月, 2016 2 次提交
  3. 25 4月, 2016 1 次提交
  4. 22 4月, 2016 1 次提交
  5. 21 4月, 2016 7 次提交
  6. 20 4月, 2016 5 次提交
  7. 18 4月, 2016 3 次提交
  8. 16 4月, 2016 1 次提交
  9. 14 4月, 2016 5 次提交
  10. 13 4月, 2016 5 次提交
  11. 11 4月, 2016 1 次提交
  12. 10 4月, 2016 1 次提交
  13. 09 4月, 2016 1 次提交
  14. 08 4月, 2016 1 次提交
    • V
      Suppress CT callback as appropriate · 43341433
      Viktor Dukhovni 提交于
      Suppress CT callbacks with aNULL or PSK ciphersuites that involve
      no certificates.  Ditto when the certificate chain is validated via
      DANE-TA(2) or DANE-EE(3) TLSA records.  Also skip SCT processing
      when the chain is fails verification.
      
      Move and consolidate CT callbacks from libcrypto to libssl.  We
      also simplify the interface to SSL_{,CTX_}_enable_ct() which can
      specify either a permissive mode that just collects information or
      a strict mode that requires at least one valid SCT or else asks to
      abort the connection.
      
      Simplified SCT processing and options in s_client(1) which now has
      just a simple pair of "-noct" vs. "-ct" options, the latter enables
      the permissive callback so that we can complete the handshake and
      report all relevant information.  When printing SCTs, print the
      validation status if set and not valid.
      Signed-off-by: NRob Percival <robpercival@google.com>
      Reviewed-by: NEmilia Käsper <emilia@openssl.org>
      43341433
  15. 06 4月, 2016 3 次提交
  16. 05 4月, 2016 2 次提交