1. 21 8月, 2017 9 次提交
  2. 20 8月, 2017 1 次提交
  3. 18 8月, 2017 11 次提交
  4. 17 8月, 2017 6 次提交
  5. 16 8月, 2017 10 次提交
  6. 15 8月, 2017 3 次提交
    • B
      Add SSL_get_pending_cipher() · 0aed6e44
      Benjamin Kaduk 提交于
      The existing function SSL_get_current_cipher() queries the
      current session for the ciphersuite in use, but there is no way
      for application code to determine what ciphersuite has been
      negotiated and will be used in the future, prior to ChangeCipherState
      (or the TLS 1.3 equivalent) causing the new cipher to take effect and
      become visible in the session information.  Expose this information
      to appropriate application callbacks to use during the handshake.
      
      The name SSL_get_pending_cipher() was chosen for compatibility with
      BoringSSL's routine of that name.
      
      Improve the note on macro implementations in SSL_get_current_cipher.pod
      while here.
      Reviewed-by: NMatt Caswell <matt@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/4070)
      0aed6e44
    • B
      Move ALPN handling from finalizer to delayed call · 5626f634
      Benjamin Kaduk 提交于
      Commit 02f0274e moved ALPN processing
      into an extension finalization function, as the only documented ordering
      requirement from previous commits was that ALPN processing occur after
      SNI processing, and SNI processing is performed before the extension
      finalization step.  However, it is useful for applications'
      alpn_select callbacks to run after ciphersuite selection as well -- at
      least one application protocol specification (HTTP/2) imposes restrictions
      on which ciphersuites are usable with that protocol.  Since it is generally
      more preferrable to have a successful TLS connection with a default application
      protocol than to fail the TLS connection and not be able to have the preferred
      application protocol, it is good to give the alpn_select callback information
      about the ciphersuite to be used, so that appropriate restrctions can be
      enforced in application code.
      
      Accordingly, split the ALPN handling out into a separate tls_handl_alpn()
      function akin to tls_handle_status_request(), called from
      tls_post_process_client_hello().  This is an alternative to resuscitating
      ssl_check_clienthello_tlsext_late(), something of an awkwward name itself.
      Reviewed-by: NMatt Caswell <matt@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/4070)
      5626f634
    • R
      Revert "Add some casts for %j" · 12997aa9
      Rich Salz 提交于
      This reverts commit c4d2e483.
      Reviewed-by: NBen Kaduk <kaduk@mit.edu>
      (Merged from https://github.com/openssl/openssl/pull/4160)
      12997aa9