- 06 2月, 2014 4 次提交
-
-
由 Scott Deboy 提交于
Whitespace fixes
-
由 Scott Deboy 提交于
-
由 Scott Deboy 提交于
If multiple TLS extensions are expected but not received, the TLS extension and supplemental data 'generate' callbacks are the only chance for the receive-side to trigger a specific TLS alert during the handshake. Removed logic which no-op'd TLS extension generate callbacks (as the generate callbacks need to always be called in order to trigger alerts), and updated the serverinfo-specific custom TLS extension callbacks to track which custom TLS extensions were received by the client, where no-ops for 'generate' callbacks are appropriate.
-
由 Dr. Stephen Henson 提交于
If an application calls the macro SSL_CTX_get_extra_chain_certs return either the old "shared" extra certificates or those associated with the current certificate. This means applications which call SSL_CTX_use_certificate_chain_file and retrieve the additional chain using SSL_CTX_get_extra_chain_certs will still work. An application which only wants to check the shared extra certificates can call the new macro SSL_CTX_get_extra_chain_certs_only
-
- 05 2月, 2014 5 次提交
-
-
由 Andy Polyakov 提交于
-
由 Andy Polyakov 提交于
This allows to process multiple fragmets of maximum fragment size, as opposite to chopping maximum-sized fragments to multiple smaller ones. This approach relies on dynamic allocation of larger buffers, which we trade for performance improvement, for several *times* in some situations.
-
由 Andy Polyakov 提交于
-
由 Andy Polyakov 提交于
-
由 Andy Polyakov 提交于
If application has more data than maximum fragment, hold to buffer for whole write, as opposite to per-fragment strategy.
-
- 03 2月, 2014 3 次提交
-
-
由 Dr. Stephen Henson 提交于
PR#3253
-
由 Dr. Stephen Henson 提交于
New ctrl sets current certificate based on certain criteria. Currently two options: set the first valid certificate as current and set the next valid certificate as current. Using these an application can iterate over all certificates in an SSL_CTX or SSL structure.
-
由 Dr. Stephen Henson 提交于
-
- 02 2月, 2014 3 次提交
-
-
由 Andy Polyakov 提交于
-
由 Andy Polyakov 提交于
Atom Silvermont. On other CPUs one can observe 1% loss on some algorithms.
-
由 Andy Polyakov 提交于
+5% on Atom Silvermont, up to +8% improvement of legacy code. Harmonize sha1-586.pl and aesni-sha1-x86_86.p with sha1-x86_64.pl.
-
- 29 1月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Remove reference to ERR_TXT_MALLOCED in the error library as that is only used internally. Indicate that returned error data must not be freed. (cherry picked from commit f2d678e6e89b6508147086610e985d4e8416e867)
-
- 28 1月, 2014 4 次提交
-
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
PR#3244 (cherry picked from commit 9614d2c676ffe74ce0c919d9e5c0d622a011cbed)
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
Always add a dynamically loaded ENGINE to list. Otherwise it can cause problems when multiply loaded, especially if it adds new public key methods. For all current engines we only want a single implementation anyway.
-
- 27 1月, 2014 4 次提交
-
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
-
- 26 1月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 16 1月, 2014 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Partial fix for PR#3183.
-
由 Kaspar Brand 提交于
PR#3178
-
- 12 1月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 11 1月, 2014 3 次提交
-
-
由 Dr. Stephen Henson 提交于
If available rdrand is used as an additional entropy source for the PRNG and for additional input in FIPS mode.
-
由 Jeff Trawick 提交于
-
由 Jeff Trawick 提交于
-
- 10 1月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 09 1月, 2014 8 次提交
-
-
由 Daniel Kahn Gillmor 提交于
change documentation and comments to indicate that we prefer the standard "DHE" naming scheme everywhere over the older "EDH"
-
由 Daniel Kahn Gillmor 提交于
Replace the full ciphersuites with "EDH-" in their labels with "DHE-" so that all DHE ciphersuites are referred to in the same way. Leave backward-compatible aliases for the ciphersuites in question so that configurations which specify these explicitly will continue working.
-
由 Daniel Kahn Gillmor 提交于
This change normalizes the SSL_CK_DHE_ #defines to use the common term "DHE", while permitting older code that uses the more uncommon "EDH" constants to compile properly.
-
由 Daniel Kahn Gillmor 提交于
-
由 Daniel Kahn Gillmor 提交于
DHE is the standard term used by the RFCs and by other TLS implementations. It's useful to have the internal variables use the standard terminology. This patch leaves a synonym SSL_kEDH in place, though, so that older code can still be built against it, since that has been the traditional API. SSL_kEDH should probably be deprecated at some point, though.
-
由 Daniel Kahn Gillmor 提交于
other parts of packet tracing emit the standard "DHE" label instead of "edh". This change brings the output of ssl_print_client_keyex() and ssl_print_server_keyex() into accordance with the standard term.
-
由 Daniel Kahn Gillmor 提交于
The standard terminology in https://tools.ietf.org/html/rfc5426 is "DHE". "openssl ciphers" outputs "DHE" (for the most part). But users of the library currently cannot specify "DHE", they must currently specify "EDH". This change allows users to specify the common term in cipher suite strings without breaking backward compatibility.
-
由 Daniel Kahn Gillmor 提交于
ECDHE is the standard term used by the RFCs and by other TLS implementations. It's useful to have the internal variables use the standard terminology. This patch leaves a synonym SSL_kEECDH in place, though, so that older code can still be built against it, since that has been the traditional API. SSL_kEECDH should probably be deprecated at some point, though.
-