1. 28 9月, 2019 1 次提交
  2. 12 7月, 2016 1 次提交
    • V
      Perform DANE-EE(3) name checks by default · 5ae4ceb9
      Viktor Dukhovni 提交于
      In light of potential UKS (unknown key share) attacks on some
      applications, primarily browsers, despite RFC761, name checks are
      by default applied with DANE-EE(3) TLSA records.  Applications for
      which UKS is not a problem can optionally disable DANE-EE(3) name
      checks via the new SSL_CTX_dane_set_flags() and friends.
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      5ae4ceb9
  3. 18 5月, 2016 1 次提交
  4. 22 4月, 2016 1 次提交
    • V
      Enabled DANE only when at least one TLSA RR was added · 9f6b22b8
      Viktor Dukhovni 提交于
      It is up to the caller of SSL_dane_tlsa_add() to take appropriate
      action when no records are added successfully or adding some records
      triggers an internal error (negative return value).
      
      With this change the caller can continue with PKIX if desired when
      none of the TLSA records are usable, or take some appropriate action
      if DANE is required.
      
      Also fixed the internal ssl_dane_dup() function to properly initialize
      the TLSA RR stack in the target SSL handle.  Errors in ssl_dane_dup()
      are no longer ignored.
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      9f6b22b8
  5. 08 4月, 2016 1 次提交
  6. 02 2月, 2016 1 次提交
  7. 27 1月, 2016 1 次提交
    • R
      Remove /* foo.c */ comments · 34980760
      Rich Salz 提交于
      This was done by the following
              find . -name '*.[ch]' | /tmp/pl
      where /tmp/pl is the following three-line script:
              print unless $. == 1 && m@/\* .*\.[ch] \*/@;
              close ARGV if eof; # Close file to reset $.
      
      And then some hand-editing of other files.
      Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
      34980760
  8. 08 1月, 2016 1 次提交
  9. 06 1月, 2016 1 次提交