- Feb 14, 2014
-
-
Andy Polyakov authored
(cherry picked from commit f4d45640)
-
Andy Polyakov authored
Improve CBC decrypt and CTR by ~13/16%, which adds up to ~25/33% improvement over "pre-Silvermont" version. [Add performance table to aesni-x86.pl]. (cherry picked from commit 5599c733)
-
Dr. Stephen Henson authored
as issuer and subject names. Although this is an incompatible change it should have little impact in pratice because self-issued certificates that are not self-signed are rarely encountered. (cherry picked from commit b1efb716)
-
Dr. Stephen Henson authored
When a chain is complete and ends in a trusted root checks are also performed on the TA and the callback notified with ok==1. For consistency do the same for chains where the TA is not self signed. (cherry picked from commit 385b3486)
-
Dr. Stephen Henson authored
(from master)
-
Dr. Stephen Henson authored
-
- Feb 13, 2014
-
-
Andy Polyakov authored
-
Andy Polyakov authored
(and remove duplicates).
-
Andy Polyakov authored
(cherry picked from commit 9587429f)
-
Andy Polyakov authored
(other processors unaffected). (cherry picked from commit 98e143f1)
-
- Feb 09, 2014
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
Revert libssl ordinals to OpenSSL 1.0.1 values first to tidy up and avoid entries for deleted functions.
-
Dr. Stephen Henson authored
-
Ben Laurie authored
-
Ben Laurie authored
Merge branch '102_stable_tlsext_suppdata_changes' of git://github.com/scottdeboy/openssl into scottdeboy-102_stable_tlsext_suppdata_changes
-
Scott Deboy authored
-
Ben Laurie authored
-
Ben Laurie authored
(cherry picked from commit 5eda213e) Conflicts: apps/s_client.c apps/s_server.c
-
Ben Laurie authored
(cherry picked from commit a6a48e87) Conflicts: ssl/s3_clnt.c ssl/t1_lib.c
-
Scott Deboy authored
Reverting 1.0.2-only changes supporting the prior authz RFC5878-based tests from commit 835d104f
-
Ben Laurie authored
-
Scott Deboy authored
The contract for custom extension callbacks has changed - all custom extension callbacks are triggered
-
Ben Laurie authored
-
Scott Deboy authored
Whitespace fixes (cherry picked from commit e9add063) Conflicts: ssl/s3_clnt.c
-
Scott Deboy authored
-
Scott Deboy authored
If multiple TLS extensions are expected but not received, the TLS extension and supplemental data 'generate' callbacks are the only chance for the receive-side to trigger a specific TLS alert during the handshake. Removed logic which no-op'd TLS extension generate callbacks (as the generate callbacks need to always be called in order to trigger alerts), and updated the serverinfo-specific custom TLS extension callbacks to track which custom TLS extensions were received by the client, where no-ops for 'generate' callbacks are appropriate. (cherry picked from commit ac20719d) Conflicts: ssl/t1_lib.c
-
Trevor Perrin authored
-
Scott Deboy authored
Free generated supp data after handshake completion, add comment regarding use of num_renegotiations in TLS and supp data generation callbacks (cherry picked from commit 67c408ce) Conflicts: apps/s_client.c apps/s_server.c
-
Scott Deboy authored
Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions) Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API Tests exercising the new supplemental data registration and callback api can be found in ssltest.c. Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation. (cherry picked from commit 36086186) Conflicts: Configure apps/s_client.c apps/s_server.c ssl/ssl.h ssl/ssl3.h ssl/ssltest.c
-
- Feb 06, 2014
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Andy Polyakov authored
(cherry picked from commit 2d752737)
-
Dr. Stephen Henson authored
(cherry picked from commit b45e874d)
-
- Feb 05, 2014
-
-
Andy Polyakov authored
-
Andy Polyakov authored
-
Dr. Stephen Henson authored
(cherry picked from commit 3880579240d476d21f68fd01a391dd325920f479)
-
Andy Polyakov authored
-
Dr. Stephen Henson authored
If an application calls the macro SSL_CTX_get_extra_chain_certs return either the old "shared" extra certificates or those associated with the current certificate. This means applications which call SSL_CTX_use_certificate_chain_file and retrieve the additional chain using SSL_CTX_get_extra_chain_certs will still work. An application which only wants to check the shared extra certificates can call the new macro SSL_CTX_get_extra_chain_certs_only (cherry picked from commit a51f7676)
-
Andy Polyakov authored
-
- Feb 03, 2014
-
-
Dr. Stephen Henson authored
PR#3253
-