- 20 9月, 2013 1 次提交
-
-
由 Andy Polyakov 提交于
Submitted by: Ard Biesheuvel
-
- 18 9月, 2013 3 次提交
-
-
由 Dr. Stephen Henson 提交于
Add various functions to allocate and set the fields of an ECDSA_METHOD structure.
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
Make DTLS behave like TLS when negotiating version: record layer has DTLS 1.0, message version is 1.2. Tolerate different version numbers if version hasn't been negotiated yet.
-
- 17 9月, 2013 3 次提交
-
-
由 Bodo Moeller 提交于
(This went into 1.0.2 too, so it's not actually a change between 1.0.x and 1.1.0.)
-
由 Bodo Moeller 提交于
the main branch (http://cvs.openssl.org/chngview?cn=19322) later added to the 1.0.2 branch (http://cvs.openssl.org/chngview?cn=23113), and thus not a change "between 1.0.2 and 1.1.0".
-
由 Trevor Perrin 提交于
-
- 16 9月, 2013 7 次提交
-
-
由 Bodo Moeller 提交于
(Various changes from the master branch are now in the 1.0.2 branch too.)
-
由 Bodo Moeller 提交于
- EC_GROUP_cmp shouldn't consider curves equal just because the curve name is the same. (They really *should* be the same in this case, but there's an EC_GROUP_set_curve_name API, which could be misused.) - EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates equality (not an error). Reported by: king cope
-
由 Andy Polyakov 提交于
PR: 3125 Submitted by: Kyle McMartin
-
由 Andy Polyakov 提交于
PR: 3110 Submitted by Corinna Vinschen.
-
由 Andy Polyakov 提交于
-
由 Andy Polyakov 提交于
-
由 Ard Biesheuvel 提交于
Signed-off-by: NArd Biesheuvel <ard.biesheuvel@linaro.org>
-
- 14 9月, 2013 1 次提交
-
-
由 Rob Stradling 提交于
-
- 13 9月, 2013 4 次提交
-
-
由 Rob Stradling 提交于
-
由 Rob Stradling 提交于
-
由 Rob Stradling 提交于
-
由 Mat 提交于
-
- 12 9月, 2013 1 次提交
-
-
由 Scott Deboy 提交于
-
- 11 9月, 2013 1 次提交
-
-
由 Ben Laurie 提交于
-
- 10 9月, 2013 2 次提交
-
-
由 Andy Polyakov 提交于
Avoid occasional up to 8% performance drops.
-
由 Andy Polyakov 提交于
-
- 09 9月, 2013 2 次提交
-
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
When verifying a partial path always check to see if the EE certificate is explicitly trusted: the path could contain other untrusted certificates.
-
- 08 9月, 2013 3 次提交
-
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
Experimental support for encrypt then mac from draft-gutmann-tls-encrypt-then-mac-02.txt To enable it set the appropriate extension number (0x10 for the test server) using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x10 For non-compliant peers (i.e. just about everything) this should have no effect.
-
由 Dr. Stephen Henson 提交于
-
- 06 9月, 2013 12 次提交
-
-
由 Ben Laurie 提交于
-
由 Scott Deboy 提交于
Free generated supp data after handshake completion, add comment regarding use of num_renegotiations in TLS and supp data generation callbacks
-
由 Ben Laurie 提交于
-
由 Ben Laurie 提交于
-
由 Scott Deboy 提交于
Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions) Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API Tests exercising the new supplemental data registration and callback api can be found in ssltest.c. Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
-
由 Ben Laurie 提交于
-
-
由 Ben Laurie 提交于
-
* Many XMPP servers are configured with multiple domains (virtual hosts) * In order to establish successfully the TLS connection you have to specify which virtual host you are trying to connect. * Test this, for example with :: * Fail: openssl s_client -connect talk.google.com:5222 -starttls xmpp * Works: openssl s_client -connect talk.google.com:5222 -starttls xmpp -xmpphost gmail.com
-
-
* When the host used in "-connect" is not what the remote XMPP server expects the server will return an error like this: <stream:error> <host-unknown xmlns='urn:ietf:params:xml:ns:xmpp-streams'/> </stream:error> * But the actual code will stay on the loop forever because the stop condition "/stream:features>" will never happen, * Make this more robust: The stop condition should be that BIO_read failed * Test if for example with :: openssl s_client -connect random.jabb3r.net:5222 -starttls xmpp
-
* Some XMPP Servers (OpenFire) use double quotes. * This makes s_client starttls work with this servers. * Tested with OpenFire servers from http://xmpp.net/ :: openssl s_client -connect coderollers.com:5222 -starttls xmpp
-