- Nov 30, 2013
-
-
Dr. Stephen Henson authored
-
- Nov 29, 2013
-
-
Andy Polyakov authored
-
- Nov 27, 2013
-
-
Andy Polyakov authored
-
Andy Polyakov authored
-
Andy Polyakov authored
-
- Nov 18, 2013
-
-
Dr. Stephen Henson authored
New functions to retrieve current certificate or private key from an SSL_CTX. Constify SSL_get_private_key().
-
Dr. Stephen Henson authored
-
- Nov 17, 2013
-
-
Dr. Stephen Henson authored
-
- Nov 14, 2013
-
-
Dr. Stephen Henson authored
(cherry picked from commit 1abfa78a)
-
Piotr Sikora authored
PR#3106
-
- Nov 13, 2013
-
-
Dr. Stephen Henson authored
Some functions such as EVP_VerifyFinal only finalise a copy of the passed context in case an application wants to digest more data. Doing this when it is not needed is inefficient and many applications don't require it. For compatibility the default is to still finalise a copy unless the flag EVP_MD_CTX_FLAG_FINALISE is set in which case the passed context is finalised an *no* further data can be digested after finalisation.
-
Dr. Stephen Henson authored
If pointer comparison for current certificate fails check to see if a match using X509_cmp succeeds for the current certificate: this is useful for cases where the certificate pointer is not available.
-
Rob Stradling authored
PR#3169 This patch, which currently applies successfully against master and 1_0_2, adds the following functions: SSL_[CTX_]select_current_cert() - set the current certificate without disturbing the existing structure. SSL_[CTX_]get0_chain_certs() - get the current certificate's chain. SSL_[CTX_]clear_chain_certs() - clear the current certificate's chain. The patch also adds these functions to, and fixes some existing errors in, SSL_CTX_add1_chain_cert.pod.
-
Krzysztof Kwiatkowski authored
PR#3172
-
- Nov 12, 2013
-
-
Andy Polyakov authored
Submitted by: Marcelo Cerri
-
Andy Polyakov authored
PR: 3165 Submitted by: Daniel Richard G.
-
Andy Polyakov authored
-
Andy Polyakov authored
PR: 3165
-
- Nov 11, 2013
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
If the oid parameter is set to NULL in X509_add1_trust_object create an empty list of trusted purposes corresponding to "no purpose" if trust is checked.
-
Dr. Stephen Henson authored
-
- Nov 10, 2013
-
-
Andy Polyakov authored
-
Dr. Stephen Henson authored
-
- Nov 09, 2013
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
Add function to retrieve the signature from a CMS_SignerInfo structure: applications can then read or modify it.
-
Dr. Stephen Henson authored
-
Andy Polyakov authored
PR: 3165
-
- Nov 08, 2013
-
-
Andy Polyakov authored
Original definition depended on __LONG_MAX__ that is not guaranteed to be present. As we don't support platforms with int narrower that 32 bits it's appropriate to make defition inconditional. PR: 3165
-
Andy Polyakov authored
PR: 3165
-
- Nov 06, 2013
-
-
Dr. Stephen Henson authored
Based on a suggested workaround for the "TLS hang bug" (see FAQ and PR#2771): if the TLS Client Hello record length value would otherwise be > 255 and less that 512 pad with a dummy extension containing zeroes so it is at least 512. To enable it use an unused extension number (for example 0x4242) using e.g. -DTLSEXT_TYPE_wtf=0x4242 WARNING: EXPERIMENTAL, SUBJECT TO CHANGE.
-
Dr. Stephen Henson authored
Enable PSK ciphersuites with AES or DES3 in FIPS mode.
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
(cherry picked from commit a4947e4e)
-
- Nov 03, 2013
-
-
Ben Laurie authored
<christian@python.org>.
-
- Nov 02, 2013
-
-
Dr. Stephen Henson authored
(cherry picked from commit bd80d022)
-
- Nov 01, 2013
-
-
Robin Seggelmann authored
PR: 2809 DTLS/SCTP requires DATA and FORWARD-TSN chunks to be protected with SCTP-AUTH. It is checked if this has been activated successfully for the local and remote peer. Due to a bug, however, the gauth_number_of_chunks field of the authchunks struct is missing on FreeBSD, and was therefore not considered in the OpenSSL implementation. This patch sets the corresponding pointer for the check correctly whether or not this bug is present. (cherry picked from commit f596e3c491035fe80db5fc0c3ff6b647662b0003)
-
Robin Seggelmann authored
PR: 2808 With DTLS/SCTP the SCTP extension SCTP-AUTH is used to protect DATA and FORWARD-TSN chunks. The key for this extension is derived from the master secret and changed with the next ChangeCipherSpec, whenever a new key has been negotiated. The following Finished then already uses the new key. Unfortunately, the ChangeCipherSpec and Finished are part of the same flight as the ClientKeyExchange, which is necessary for the computation of the new secret. Hence, these messages are sent immediately following each other, leaving the server very little time to compute the new secret and pass it to SCTP before the finished arrives. So the Finished is likely to be discarded by SCTP and a retransmission becomes necessary. To prevent this issue, the Finished of the client is still sent with the old key. (cherry picked from commit 9fb523ad)
-
Piotr Sikora authored
Don't require a public key in tls1_set_ec_id if compression status is not needed. This fixes a bug where SSL_OP_SINGLE_ECDH_USE wouldn't work. (cherry picked from commit 5ff68e8f6dac3b0d8997b8bc379f9111c2bab74f)
-
Dr. Stephen Henson authored
Add -ecdh_single option to set SSL_OP_SINGLE_ECDH_USE on the command line. (cherry picked from commit f14a4a86)
-