- 24 8月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 18 8月, 2016 1 次提交
-
-
由 Emilia Kasper 提交于
Run util/openssl-format-source on ssl/ Some comments and hand-formatted tables were fixed up manually by disabling auto-formatting. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 17 8月, 2016 1 次提交
-
-
由 Remi Gacogne 提交于
* SSL_SESSION_set1_id() * SSL_SESSION_get0_id_context() * SSL_CTX_get_tlsext_status_cb() * SSL_CTX_get_tlsext_status_arg() Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 15 8月, 2016 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Fix no-ec builds by having separate functions to create keys based on an existing EVP_PKEY and a curve id. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 13 8月, 2016 1 次提交
-
-
由 Dr. Stephen Henson 提交于
When handling ECDH check to see if the curve is "custom" (X25519 is currently the only curve of this type) and instead of setting a curve NID just allocate a key of appropriate type. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 05 8月, 2016 1 次提交
-
-
由 David Woodhouse 提交于
Commit 3eb2aff4 ("Add support for minimum and maximum protocol version supported by a cipher") disabled all ciphers for DTLS1_BAD_VER. That wasn't helpful. Give them back. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 20 7月, 2016 1 次提交
-
-
由 Dr. Stephen Henson 提交于
RT#4600 Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 19 7月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
The tls_process_client_key_exchange() function is far too long. This splits out the PSK preamble processing, and the RSA processing into separate functions. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 23 6月, 2016 1 次提交
-
-
由 FdaSilvaYY 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 08 6月, 2016 3 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Alessandro Ghedini 提交于
The tlsext_status_type field in SSL is used by e.g. OpenResty to determine if the client requested the certificate status, but SSL is now opaque. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 18 5月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
- 17 5月, 2016 2 次提交
-
-
由 Kurt Roeckx 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> MR: #2153
-
由 TJ Saunders 提交于
Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NMatt Caswell <matt@openssl.org> GH: #515, MR: #2153
-
- 16 5月, 2016 1 次提交
-
-
由 jfigus 提交于
To allow OCSP stapling to work with libcurl. Github PR #200 Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 12 5月, 2016 1 次提交
-
-
由 Dmitry Belyavsky 提交于
RT#4438 Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NStephen Henson <steve@openssl.org>
-
- 06 5月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 29 4月, 2016 1 次提交
-
-
由 FdaSilvaYY 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/952)
-
- 05 4月, 2016 2 次提交
-
-
由 Rich Salz 提交于
This reverts commit 620d540b. It wasn't reviewed. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 FdaSilvaYY 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 31 3月, 2016 1 次提交
-
-
由 Pauli 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 21 3月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Don't have #error statements in header files, but instead wrap the contents of that file in #ifndef OPENSSL_NO_xxx This means it is now always safe to include the header file. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 17 3月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Reduces #ifdef complexity. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 10 3月, 2016 3 次提交
-
-
由 Kurt Roeckx 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org> MR: #1595
-
由 Kurt Roeckx 提交于
This currently seems to be the only cipher we still support that should get disabled. Reviewed-by: NViktor Dukhovni <viktor@openssl.org> MR: #1595
-
由 Kurt Roeckx 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org> MR: #1595
-
- 08 3月, 2016 2 次提交
-
-
由 Benjamin Kaduk 提交于
CCA8, CCA9, CCAA, CCAB, CCAC, CCAD, and CCAE are now present in https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml so remove the "as per draft-ietf-tls-chacha20-poly1305-03" note accordingly. Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Todd Short 提交于
* Perform ALPN after the SNI callback; the SSL_CTX may change due to that processing * Add flags to indicate that we actually sent ALPN, to properly error out if unexpectedly received. * clean up ssl3_free() no need to explicitly clear when doing memset * document ALPN functions Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 07 3月, 2016 1 次提交
-
-
由 Emilia Kasper 提交于
- Always prefer forward-secure handshakes. - Consistently order ECDSA above RSA. - Next, always prefer AEADs to non-AEADs, irrespective of strength. - Within AEADs, prefer GCM > CHACHA > CCM for a given strength. - Prefer TLS v1.2 ciphers to legacy ciphers. - Remove rarely used DSS, IDEA, SEED, CAMELLIA, CCM from the default list to reduce ClientHello bloat. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 05 3月, 2016 1 次提交
-
-
由 Kurt Roeckx 提交于
They're not part of ALL, so they're not part of COMPLEMENTOFDEFAULT Reviewed-by: NRich Salz <rsalz@openssl.org> MR: #2202
-
- 04 3月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
RC4 based ciphersuites in libssl have been disabled by default. They can be added back by building OpenSSL with the "enable-weak-ssl-ciphers" Configure option at compile time. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 24 2月, 2016 1 次提交
-
-
由 Dr. Stephen Henson 提交于
The ssl_set_masks() function no longer depends on the cipher. This also means there is no need to set the masks for each cipher in ssl3_choose_cipher. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 19 2月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Add -DBIO_DEBUG to --strict-warnings. Remove comments about outdated debugging ifdef guards. Remove md_rand ifdef guarding an assert; it doesn't seem used. Remove the conf guards in conf_api since we use OPENSSL_assert, not assert. For pkcs12 stuff put OPENSSL_ in front of the macro name. Merge TLS_DEBUG into SSL_DEBUG. Various things just turned on/off asserts, mainly for checking non-NULL arguments, which is now removed: camellia, bn_ctx, crypto/modes. Remove some old debug code, that basically just printed things to stderr: DEBUG_PRINT_UNKNOWN_CIPHERSUITES, DEBUG_ZLIB, OPENSSL_RI_DEBUG, RL_DEBUG, RSA_DEBUG, SCRYPT_DEBUG. Remove OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 14 2月, 2016 1 次提交
-
-
由 Viktor Szakats 提交于
Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 12 2月, 2016 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Remove support for static ECDH ciphersuites. They require ECDH keys in certificates and don't support forward secrecy. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Rich Salz 提交于
To enable heartbeats for DTLS, configure with enable-heartbeats. Heartbeats for TLS have been completely removed. This addresses RT 3647 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 09 2月, 2016 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Deprecate undocumented SSL_cache_hit(). Make SSL_session_reused() into a real function. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 08 2月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
Previous commit 7bb196a7 attempted to "fix" a problem with the way SSL_shutdown() behaved whilst in mid-handshake. The original behaviour had SSL_shutdown() return immediately having taken no action if called mid- handshake with a return value of 1 (meaning everything was shutdown successfully). In fact the shutdown has not been successful. Commit 7bb196a7 changed that to send a close_notify anyway and then return. This seems to be causing some problems for some applications so perhaps a better (much simpler) approach is revert to the previous behaviour (no attempt at a shutdown), but return -1 (meaning the shutdown was not successful). This also fixes a bug where SSL_shutdown always returns 0 when shutdown *very* early in the handshake (i.e. we are still using SSLv23_method). Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 01 2月, 2016 1 次提交
-
-
由 Emilia Kasper 提交于
PACKET contents should be read-only. To achieve this, also - constify two user callbacks - constify BUF_reverse. Reviewed-by: NRich Salz <rsalz@openssl.org>
-