Skip to content
  1. May 11, 2014
  2. May 10, 2014
  3. May 09, 2014
    • Dr. Stephen Henson's avatar
      Return an error if no recipient type matches. · 0bcb17a7
      Dr. Stephen Henson authored
      If the key type does not match any CMS recipient type return
      an error instead of using a random key (MMA mitigation). This
      does not leak any useful information to an attacker.
      
      PR#3348
      0bcb17a7
    • Geoff Thorpe's avatar
      s_client/s_server: support unix domain sockets · a9351320
      Geoff Thorpe authored
      
      
      The "-unix <path>" argument allows s_server and s_client to use a unix
      domain socket in the filesystem instead of IPv4 ("-connect", "-port",
      "-accept", etc). If s_server exits gracefully, such as when "-naccept"
      is used and the requested number of SSL/TLS connections have occurred,
      then the domain socket file is removed. On ctrl-C, it is likely that
      the stale socket file will be left over, such that s_server would
      normally fail to restart with the same arguments. For this reason,
      s_server also supports an "-unlink" option, which will clean up any
      stale socket file before starting.
      
      If you have any reason to want encrypted IPC within an O/S instance,
      this concept might come in handy. Otherwise it just demonstrates that
      there is nothing about SSL/TLS that limits it to TCP/IP in any way.
      
      (There might also be benchmarking and profiling use in this path, as
      unix domain sockets are much lower overhead than connecting over local
      IP addresses).
      
      Signed-off-by: default avatarGeoff Thorpe <geoff@openssl.org>
      a9351320
  4. May 08, 2014
  5. May 07, 2014
  6. May 06, 2014
  7. May 05, 2014
  8. May 04, 2014
  9. May 03, 2014
  10. May 02, 2014
  11. May 01, 2014
  12. Apr 30, 2014
  13. Apr 29, 2014
  14. Apr 27, 2014
  15. Apr 26, 2014
  16. Apr 25, 2014