- Feb 09, 2014
-
-
Scott Deboy authored
-
Scott Deboy authored
If multiple TLS extensions are expected but not received, the TLS extension and supplemental data 'generate' callbacks are the only chance for the receive-side to trigger a specific TLS alert during the handshake. Removed logic which no-op'd TLS extension generate callbacks (as the generate callbacks need to always be called in order to trigger alerts), and updated the serverinfo-specific custom TLS extension callbacks to track which custom TLS extensions were received by the client, where no-ops for 'generate' callbacks are appropriate. (cherry picked from commit ac20719d) Conflicts: ssl/t1_lib.c
-
Trevor Perrin authored
-
Scott Deboy authored
Free generated supp data after handshake completion, add comment regarding use of num_renegotiations in TLS and supp data generation callbacks (cherry picked from commit 67c408ce) Conflicts: apps/s_client.c apps/s_server.c
-
Scott Deboy authored
Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions) Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API Tests exercising the new supplemental data registration and callback api can be found in ssltest.c. Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation. (cherry picked from commit 36086186) Conflicts: Configure apps/s_client.c apps/s_server.c ssl/ssl.h ssl/ssl3.h ssl/ssltest.c
-
- Feb 06, 2014
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Andy Polyakov authored
(cherry picked from commit 2d752737)
-
Dr. Stephen Henson authored
(cherry picked from commit b45e874d)
-
- Feb 05, 2014
-
-
Andy Polyakov authored
-
Andy Polyakov authored
-
Dr. Stephen Henson authored
(cherry picked from commit 3880579240d476d21f68fd01a391dd325920f479)
-
Andy Polyakov authored
-
Dr. Stephen Henson authored
If an application calls the macro SSL_CTX_get_extra_chain_certs return either the old "shared" extra certificates or those associated with the current certificate. This means applications which call SSL_CTX_use_certificate_chain_file and retrieve the additional chain using SSL_CTX_get_extra_chain_certs will still work. An application which only wants to check the shared extra certificates can call the new macro SSL_CTX_get_extra_chain_certs_only (cherry picked from commit a51f7676)
-
Andy Polyakov authored
-
- Feb 03, 2014
-
-
Dr. Stephen Henson authored
PR#3253
-
- Feb 02, 2014
-
-
Dr. Stephen Henson authored
New ctrl sets current certificate based on certain criteria. Currently two options: set the first valid certificate as current and set the next valid certificate as current. Using these an application can iterate over all certificates in an SSL_CTX or SSL structure. (cherry picked from commit 0f78819c)
-
Dr. Stephen Henson authored
(cherry picked from commit f3efeaad)
-
Dr. Stephen Henson authored
(cherry picked from commit 88c21c47)
-
Dr. Stephen Henson authored
(cherry picked from commit ea131a06)
-
Dr. Stephen Henson authored
(cherry picked from commit d80b0eee)
-
Dr. Stephen Henson authored
(cherry picked from commit ebd14bfc)
-
Ben Laurie authored
-
- Feb 01, 2014
-
-
Andy Polyakov authored
-
Andy Polyakov authored
(cherry picked from commit d162584b)
-
Andy Polyakov authored
-
Andy Polyakov authored
(cherry picked from commit 0a2d5003)
-
Andy Polyakov authored
-
Andy Polyakov authored
-
Ben Laurie authored
X509_ALGOR_[gs]et0()).
-
Andy Polyakov authored
(cherry picked from commit fb0a5208)
-
Andy Polyakov authored
suggestions from Pierre Delaage). (cherry picked from commit 668bcfd5) Resolved conflicts: util/pl/VC-32.pl
-
Andy Polyakov authored
Submitted by: Pierre Delaage (cherry picked from commit a006fef7) Resolved conflicts: crypto/bio/bss_dgram.c ssl/d1_lib.c util/pl/VC-32.pl
-
Andy Polyakov authored
(cherry picked from commit 80c42f3e)
-
Andy Polyakov authored
(cherry picked from commit ae007d4d)
-
Andy Polyakov authored
(cherry picked from commit 701d593f)
-
Andy Polyakov authored
(cherry picked from commit 46a2b338)
-
Andy Polyakov authored
(cherry picked from commit 71fa3bc5)
-
Adam Langley authored
eliminating them as dead code. Both volatile and "memory" are used because of some concern that the compiler may still cache values across the asm block without it, and because this was such a painful debugging session that I wanted to ensure that it's never repeated. (cherry picked from commit 7753a3a6)
-
Andy Polyakov authored
-