1. 17 11月, 2012 1 次提交
  2. 06 11月, 2012 1 次提交
  3. 12 10月, 2012 1 次提交
  4. 08 10月, 2012 1 次提交
  5. 14 9月, 2012 1 次提交
  6. 13 9月, 2012 1 次提交
  7. 11 9月, 2012 1 次提交
  8. 10 9月, 2012 1 次提交
  9. 29 8月, 2012 1 次提交
  10. 15 8月, 2012 1 次提交
  11. 24 7月, 2012 1 次提交
    • D
      Add support for certificate stores in CERT structure. This makes it · 74ecfab4
      Dr. Stephen Henson 提交于
      possible to have different stores per SSL structure or one store in
      the parent SSL_CTX. Include distint stores for certificate chain
      verification and chain building. New ctrl SSL_CTRL_BUILD_CERT_CHAIN
      to build and store a certificate chain in CERT structure: returing
      an error if the chain cannot be built: this will allow applications
      to test if a chain is correctly configured.
      
      Note: if the CERT based stores are not set then the parent SSL_CTX
      store is used to retain compatibility with existing behaviour.
      74ecfab4
  12. 08 7月, 2012 1 次提交
    • D
      Add new ctrl to retrieve client certificate types, print out · 9f27b1ee
      Dr. Stephen Henson 提交于
      details in s_client.
      
      Also add ctrl to set client certificate types. If not used sensible values
      will be included based on supported signature algorithms: for example if
      we don't include any DSA signing algorithms the DSA certificate type is
      omitted.
      
      Fix restriction in old code where certificate types would be truncated
      if it exceeded TLS_CT_NUMBER.
      9f27b1ee
  13. 04 7月, 2012 1 次提交
    • D
      Fix memory leak. · dd251659
      Dr. Stephen Henson 提交于
      Always perform nexproto callback argument initialisation in s_server
      otherwise we use uninitialised data if -nocert is specified.
      dd251659
  14. 03 7月, 2012 2 次提交
  15. 29 6月, 2012 1 次提交
    • D
      Add certificate callback. If set this is called whenever a certificate · 18d71588
      Dr. Stephen Henson 提交于
      is required by client or server. An application can decide which
      certificate chain to present based on arbitrary criteria: for example
      supported signature algorithms. Add very simple example to s_server.
      This fixes many of the problems and restrictions of the existing client
      certificate callback: for example you can now clear existing certificates
      and specify the whole chain.
      18d71588
  16. 28 6月, 2012 1 次提交
    • D
      Add new "valid_flags" field to CERT_PKEY structure which determines what · d61ff83b
      Dr. Stephen Henson 提交于
      the certificate can be used for (if anything). Set valid_flags field
      in new tls1_check_chain function. Simplify ssl_set_cert_masks which used
      to have similar checks in it.
      
      Add new "cert_flags" field to CERT structure and include a "strict mode".
      This enforces some TLS certificate requirements (such as only permitting
      certificate signature algorithms contained in the supported algorithms
      extension) which some implementations ignore: this option should be used
      with caution as it could cause interoperability issues.
      d61ff83b
  17. 25 6月, 2012 1 次提交
  18. 22 6月, 2012 1 次提交
  19. 15 6月, 2012 1 次提交
  20. 07 6月, 2012 1 次提交
  21. 04 6月, 2012 1 次提交
  22. 30 5月, 2012 1 次提交
  23. 12 4月, 2012 1 次提交
  24. 05 4月, 2012 1 次提交
  25. 28 3月, 2012 1 次提交
    • D
      Initial revision of ECC extension handling. · d0595f17
      Dr. Stephen Henson 提交于
      Tidy some code up.
      
      Don't allocate a structure to handle ECC extensions when it is used for
      default values.
      
      Make supported curves configurable.
      
      Add ctrls to retrieve shared curves: not fully integrated with rest of
      ECC code yet.
      d0595f17
  26. 19 3月, 2012 1 次提交
  27. 06 3月, 2012 1 次提交
  28. 12 2月, 2012 1 次提交
    • D
      PR: 2716 · be81f4dd
      Dr. Stephen Henson 提交于
      Submitted by: Adam Langley <agl@google.com>
      
      Fix handling of exporter return value and use OpenSSL indentation in
      s_client, s_server.
      be81f4dd
  29. 11 2月, 2012 1 次提交
    • D
      PR: 2714 · 9641be2a
      Dr. Stephen Henson 提交于
      Submitted by: Tomas Mraz <tmraz@redhat.com>
      
      Make no-srp work.
      9641be2a
  30. 13 1月, 2012 1 次提交
  31. 01 1月, 2012 1 次提交
    • D
      PR: 2658 · 4817504d
      Dr. Stephen Henson 提交于
      Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
      Reviewed by: steve
      
      Support for TLS/DTLS heartbeats.
      4817504d
  32. 27 12月, 2011 1 次提交
    • D
      PR: 1794 · c79f22c6
      Dr. Stephen Henson 提交于
      Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
      Reviewed by: steve
      
      - remove some unncessary SSL_err and permit
      an srp user callback to allow a worker to obtain
      a user verifier.
      
      - cleanup and comments in s_server and demonstration
      for asynchronous srp user lookup
      c79f22c6
  33. 22 12月, 2011 1 次提交
  34. 16 11月, 2011 2 次提交
  35. 10 10月, 2011 1 次提交
  36. 12 5月, 2011 1 次提交
  37. 06 5月, 2011 1 次提交
  38. 30 4月, 2011 1 次提交