Skip to content
  1. Dec 20, 2013
  2. Dec 18, 2013
  3. Dec 13, 2013
    • Dr. Stephen Henson's avatar
      Add opaque ID structure. · 4a253652
      Dr. Stephen Henson authored
      Move the IP, email and host checking fields from the public
      X509_VERIFY_PARAM structure into an opaque X509_VERIFY_PARAM_ID
      structure. By doing this the structure can be modified in future
      without risk of breaking any applications.
      (cherry picked from commit adc6bd73e3bd10ce6e76867482e8d137071298d7)
      
      Conflicts:
      
      	crypto/x509/x509_vpm.c
      4a253652
    • Dr. Stephen Henson's avatar
      Update to pad extension. · 4fcdd66f
      Dr. Stephen Henson authored
      Fix padding calculation for different SSL_METHOD types. Use the
      standard name as used in draft-agl-tls-padding-02
      4fcdd66f
    • Dr. Stephen Henson's avatar
      Fix for partial chain notification. · 102302b0
      Dr. Stephen Henson authored
      For consistency with other cases if we are performing
      partial chain verification with just one certificate
      notify the callback with ok==1.
      (cherry picked from commit 852553d9005e13aed7feb986a5d71cb885b994c7)
      102302b0
    • Dr. Stephen Henson's avatar
      Verify parameter retrieval functions. · 7af31968
      Dr. Stephen Henson authored
      New functions to retrieve internal pointers to X509_VERIFY_PARAM
      for SSL_CTX and SSL structures.
      (cherry picked from commit be0c9270690ed9c1799900643cab91de146de857)
      7af31968
    • Dr. Stephen Henson's avatar
      Don't use rdrand engine as default unless explicitly requested. · 8a1956f3
      Dr. Stephen Henson authored
      (cherry picked from commit 16898401bd47a153fbf799127ff57fdcfcbd324f)
      8a1956f3
  4. Dec 10, 2013
  5. Dec 09, 2013
  6. Dec 04, 2013
  7. Dec 03, 2013
  8. Nov 30, 2013
  9. Nov 29, 2013
  10. Nov 27, 2013
  11. Nov 18, 2013
  12. Nov 17, 2013
  13. Nov 14, 2013
  14. Nov 13, 2013
    • Dr. Stephen Henson's avatar
      Flag to disable automatic copying of contexts. · afa23c46
      Dr. Stephen Henson authored
      Some functions such as EVP_VerifyFinal only finalise a copy of the passed
      context in case an application wants to digest more data. Doing this when
      it is not needed is inefficient and many applications don't require it.
      
      For compatibility the default is to still finalise a copy unless the
      flag EVP_MD_CTX_FLAG_FINALISE is set in which case the passed
      context is finalised an *no* further data can be digested after
      finalisation.
      afa23c46
    • Dr. Stephen Henson's avatar
      Allow match selecting of current certificate. · 629b640b
      Dr. Stephen Henson authored
      If pointer comparison for current certificate fails check
      to see if a match using X509_cmp succeeds for the current
      certificate: this is useful for cases where the certificate
      pointer is not available.
      629b640b
    • Rob Stradling's avatar
      Additional "chain_cert" functions. · 7b6b246f
      Rob Stradling authored
      PR#3169
      
      This patch, which currently applies successfully against master and
      1_0_2, adds the following functions:
      
      SSL_[CTX_]select_current_cert() - set the current certificate without
      disturbing the existing structure.
      
      SSL_[CTX_]get0_chain_certs() - get the current certificate's chain.
      
      SSL_[CTX_]clear_chain_certs() - clear the current certificate's chain.
      
      The patch also adds these functions to, and fixes some existing errors
      in, SSL_CTX_add1_chain_cert.pod.
      7b6b246f