Skip to content
  1. Oct 28, 2014
  2. Oct 27, 2014
  3. Oct 21, 2014
  4. Oct 20, 2014
  5. Oct 17, 2014
  6. Oct 15, 2014
  7. Oct 10, 2014
    • Dr. Stephen Henson's avatar
      Preserve digests for SNI. · 4e05aedb
      Dr. Stephen Henson authored
      
      
      SSL_set_SSL_CTX is normally called for SNI after ClientHello has
      received and the digest to use for each certificate has been decided.
      The original ssl->cert contains the negotiated digests and is now
      copied to the new ssl->cert.
      
      PR: 3560
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      4e05aedb
  8. Oct 06, 2014
  9. Sep 29, 2014
    • Dr. Stephen Henson's avatar
      Add additional DigestInfo checks. · 55614f89
      Dr. Stephen Henson authored
      
      
      Reencode DigestInto in DER and check against the original: this
      will reject any improperly encoded DigestInfo structures.
      
      Note: this is a precautionary measure, there is no known attack
      which can exploit this.
      
      Thanks to Brian Smith for reporting this issue.
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      55614f89
  10. Sep 25, 2014
  11. Sep 24, 2014
  12. Sep 21, 2014