- Feb 19, 2014
-
-
Ben Laurie authored
-
-
Rob Stradling authored
Add the extension parser in the s_client, ocsp and x509 apps.
-
- Feb 18, 2014
-
-
Dr. Stephen Henson authored
-
- Feb 16, 2014
-
-
Dr. Stephen Henson authored
The flag SSL_OP_MSIE_SSLV2_RSA_PADDING hasn't done anything since OpenSSL 0.9.7h but deleting it will break source compatibility with any software that references it. Restore it but #define to zero. (cherry picked from commit b17d6b8d1d49fa4732deff17cfd1833616af0d9c)
-
- Feb 15, 2014
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Klaus-Peter Junghanns authored
This can be used to speed up SRTP with libsrtp, e.g. on TI omap/sitara based devices.
-
- Feb 14, 2014
-
-
Rob Stradling authored
Add the RFC6962 OIDs to the objects table.
-
Kurt Roeckx authored
If you use "-newkey rsa" it's supposed to read the default number of bits from the config file. However the value isn't used to generate the key, but it does print it's generating such a key. The set_keygen_ctx() doesn't call EVP_PKEY_CTX_set_rsa_keygen_bits() and you end up with the default set in pkey_rsa_init() (1024). Afterwards the number of bits gets read from the config file, but nothing is done with that anymore. We now read the config first and use the value from the config file when no size is given. PR: 2592
-
Kurt Roeckx authored
-
Scott Schaefer authored
-
Scott Schaefer authored
apps/pkcs12.c accepts -password as an argument. The document author almost certainly meant to write "-password, -passin". However, that is not correct, either. Actually the code treats -password as equivalent to -passin, EXCEPT when -export is also specified, in which case -password as equivalent to -passout.
-
Andy Polyakov authored
-
Andy Polyakov authored
-
Andy Polyakov authored
Improve CBC decrypt and CTR by ~13/16%, which adds up to ~25/33% improvement over "pre-Silvermont" version. [Add performance table to aesni-x86.pl].
-
Dr. Stephen Henson authored
When a chain is complete and ends in a trusted root checks are also performed on the TA and the callback notified with ok==1. For consistency do the same for chains where the TA is not self signed.
-
Dr. Stephen Henson authored
-
- Feb 13, 2014
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
(cherry picked from commit a2317c3f)
-
Andy Polyakov authored
-
Andy Polyakov authored
(other processors unaffected).
-
Ben Laurie authored
-
- Feb 09, 2014
-
-
Ben Laurie authored
-
- Feb 06, 2014
-
-
Dr. Stephen Henson authored
-
- Feb 05, 2014
-
-
Dr. Stephen Henson authored
-
Ben Laurie authored
-
Scott Deboy authored
The contract for custom extension callbacks has changed - all custom extension callbacks are triggered
-
Ben Laurie authored
-
Scott Deboy authored
Whitespace fixes
-
Scott Deboy authored
-
Scott Deboy authored
If multiple TLS extensions are expected but not received, the TLS extension and supplemental data 'generate' callbacks are the only chance for the receive-side to trigger a specific TLS alert during the handshake. Removed logic which no-op'd TLS extension generate callbacks (as the generate callbacks need to always be called in order to trigger alerts), and updated the serverinfo-specific custom TLS extension callbacks to track which custom TLS extensions were received by the client, where no-ops for 'generate' callbacks are appropriate.
-
Dr. Stephen Henson authored
If an application calls the macro SSL_CTX_get_extra_chain_certs return either the old "shared" extra certificates or those associated with the current certificate. This means applications which call SSL_CTX_use_certificate_chain_file and retrieve the additional chain using SSL_CTX_get_extra_chain_certs will still work. An application which only wants to check the shared extra certificates can call the new macro SSL_CTX_get_extra_chain_certs_only
-
Andy Polyakov authored
-
Andy Polyakov authored
This allows to process multiple fragmets of maximum fragment size, as opposite to chopping maximum-sized fragments to multiple smaller ones. This approach relies on dynamic allocation of larger buffers, which we trade for performance improvement, for several *times* in some situations.
-
Andy Polyakov authored
-
Andy Polyakov authored
-
Andy Polyakov authored
If application has more data than maximum fragment, hold to buffer for whole write, as opposite to per-fragment strategy.
-
- Feb 03, 2014
-
-
Dr. Stephen Henson authored
PR#3253
-
- Feb 02, 2014
-
-
Dr. Stephen Henson authored
New ctrl sets current certificate based on certain criteria. Currently two options: set the first valid certificate as current and set the next valid certificate as current. Using these an application can iterate over all certificates in an SSL_CTX or SSL structure.
-