- 07 7月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 04 7月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Remove RFC5878 code. It is no longer needed for CT and has numerous bugs
-
- 01 7月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 20 6月, 2014 1 次提交
-
-
由 Hubert Kario 提交于
Add -trusted_first description to help messages and man pages of tools that deal with certificate verification.
-
- 09 5月, 2014 1 次提交
-
-
由 Geoff Thorpe 提交于
The "-unix <path>" argument allows s_server and s_client to use a unix domain socket in the filesystem instead of IPv4 ("-connect", "-port", "-accept", etc). If s_server exits gracefully, such as when "-naccept" is used and the requested number of SSL/TLS connections have occurred, then the domain socket file is removed. On ctrl-C, it is likely that the stale socket file will be left over, such that s_server would normally fail to restart with the same arguments. For this reason, s_server also supports an "-unlink" option, which will clean up any stale socket file before starting. If you have any reason to want encrypted IPC within an O/S instance, this concept might come in handy. Otherwise it just demonstrates that there is nothing about SSL/TLS that limits it to TCP/IP in any way. (There might also be benchmarking and profiling use in this path, as unix domain sockets are much lower overhead than connecting over local IP addresses). Signed-off-by: NGeoff Thorpe <geoff@openssl.org>
-
- 28 3月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Add a debugging security callback option to s_client/s_server. This will print out each security parameter as it is accepted or rejected.
-
- 21 2月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 19 2月, 2014 1 次提交
-
-
由 Rob Stradling 提交于
Add the extension parser in the s_client, ocsp and x509 apps.
-
- 06 2月, 2014 3 次提交
-
-
由 Ben Laurie 提交于
-
由 Scott Deboy 提交于
Whitespace fixes
-
由 Scott Deboy 提交于
If multiple TLS extensions are expected but not received, the TLS extension and supplemental data 'generate' callbacks are the only chance for the receive-side to trigger a specific TLS alert during the handshake. Removed logic which no-op'd TLS extension generate callbacks (as the generate callbacks need to always be called in order to trigger alerts), and updated the serverinfo-specific custom TLS extension callbacks to track which custom TLS extensions were received by the client, where no-ops for 'generate' callbacks are appropriate.
-
- 14 11月, 2013 1 次提交
-
-
由 Piotr Sikora 提交于
PR#3106
-
- 25 9月, 2013 1 次提交
-
-
由 Ben Laurie 提交于
-
- 06 9月, 2013 10 次提交
-
-
由 Ben Laurie 提交于
-
由 Scott Deboy 提交于
Free generated supp data after handshake completion, add comment regarding use of num_renegotiations in TLS and supp data generation callbacks
-
由 Ben Laurie 提交于
-
由 Ben Laurie 提交于
-
由 Scott Deboy 提交于
Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions) Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API Tests exercising the new supplemental data registration and callback api can be found in ssltest.c. Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
-
-
由 Ben Laurie 提交于
-
* Many XMPP servers are configured with multiple domains (virtual hosts) * In order to establish successfully the TLS connection you have to specify which virtual host you are trying to connect. * Test this, for example with :: * Fail: openssl s_client -connect talk.google.com:5222 -starttls xmpp * Works: openssl s_client -connect talk.google.com:5222 -starttls xmpp -xmpphost gmail.com
-
* When the host used in "-connect" is not what the remote XMPP server expects the server will return an error like this: <stream:error> <host-unknown xmlns='urn:ietf:params:xml:ns:xmpp-streams'/> </stream:error> * But the actual code will stay on the loop forever because the stop condition "/stream:features>" will never happen, * Make this more robust: The stop condition should be that BIO_read failed * Test if for example with :: openssl s_client -connect random.jabb3r.net:5222 -starttls xmpp
-
* Some XMPP Servers (OpenFire) use double quotes. * This makes s_client starttls work with this servers. * Tested with OpenFire servers from http://xmpp.net/ :: openssl s_client -connect coderollers.com:5222 -starttls xmpp
-
- 22 7月, 2013 2 次提交
-
-
由 Adam Langley 提交于
Conflicts: ssl/ssltest.c
-
由 Adam Langley 提交于
This change adds support for ALPN[1] in OpenSSL. ALPN is the IETF blessed version of NPN and we'll be supporting both ALPN and NPN for some time yet. [1] https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-00 Conflicts: ssl/ssl3.h ssl/t1_lib.c
-
- 13 6月, 2013 1 次提交
-
-
由 Trevor 提交于
Contributed by Trevor Perrin.
-
- 09 4月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Add new methods DTLS_*_method() which support both DTLS 1.0 and DTLS 1.2 and pick the highest version the peer supports during negotiation. As with SSL/TLS options can change this behaviour specifically SSL_OP_NO_DTLSv1 and SSL_OP_NO_DTLSv1_2.
-
- 26 3月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Add correct flags for DTLS 1.2, update s_server and s_client to handle DTLS 1.2 methods. Currently no support for version negotiation: i.e. if client/server selects DTLS 1.2 it is that or nothing.
-
- 30 12月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 12 12月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 07 12月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Just a sample, real world applications would have to be cleverer.
-
- 06 12月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Add new verify options to set checks. Remove previous -check* commands from s_client and s_server.
-
- 03 12月, 2012 4 次提交
-
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
-
- 24 11月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Add support for separate verify and chain stores in s_client.
-
- 22 11月, 2012 2 次提交
-
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
-
- 20 11月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-