Skip to content
  1. Nov 18, 2013
  2. Nov 17, 2013
  3. Nov 14, 2013
  4. Nov 13, 2013
    • Dr. Stephen Henson's avatar
      Allow match selecting of current certificate. · ff0bdbed
      Dr. Stephen Henson authored
      If pointer comparison for current certificate fails check
      to see if a match using X509_cmp succeeds for the current
      certificate: this is useful for cases where the certificate
      pointer is not available.
      (cherry picked from commit 6856b288a6e66edd23907b7fa264f42e05ac9fc7)
      ff0bdbed
    • Rob Stradling's avatar
      Additional "chain_cert" functions. · dc4bdf59
      Rob Stradling authored
      PR#3169
      
      This patch, which currently applies successfully against master and
      1_0_2, adds the following functions:
      
      SSL_[CTX_]select_current_cert() - set the current certificate without
      disturbing the existing structure.
      
      SSL_[CTX_]get0_chain_certs() - get the current certificate's chain.
      
      SSL_[CTX_]clear_chain_certs() - clear the current certificate's chain.
      
      The patch also adds these functions to, and fixes some existing errors
      in, SSL_CTX_add1_chain_cert.pod.
      (cherry picked from commit 2f56c9c015dbca45379c9a725915b3b8e765a119)
      dc4bdf59
    • Krzysztof Kwiatkowski's avatar
      Delete duplicate entry. · b03d0513
      Krzysztof Kwiatkowski authored
      PR#3172
      (cherry picked from commit 4f055e34c3598cad00fca097d812fa3e6436d967)
      b03d0513
  5. Nov 12, 2013
  6. Nov 11, 2013
  7. Nov 10, 2013
  8. Nov 09, 2013
  9. Nov 08, 2013
  10. Nov 06, 2013
  11. Nov 03, 2013
  12. Nov 02, 2013
  13. Nov 01, 2013
  14. Oct 30, 2013
    • Robin Seggelmann's avatar
      DTLS/SCTP struct authchunks Bug · f596e3c4
      Robin Seggelmann authored
      PR: 2809
      
      DTLS/SCTP requires DATA and FORWARD-TSN chunks to be protected with
      SCTP-AUTH.  It is checked if this has been activated successfully for
      the local and remote peer. Due to a bug, however, the
      gauth_number_of_chunks field of the authchunks struct is missing on
      FreeBSD, and was therefore not considered in the OpenSSL implementation.
      This patch sets the corresponding pointer for the check correctly
      whether or not this bug is present.
      f596e3c4
    • Robin Seggelmann's avatar
      DTLS/SCTP Finished Auth Bug · 9fb523ad
      Robin Seggelmann authored
      PR: 2808
      
      With DTLS/SCTP the SCTP extension SCTP-AUTH is used to protect DATA and
      FORWARD-TSN chunks. The key for this extension is derived from the
      master secret and changed with the next ChangeCipherSpec, whenever a new
      key has been negotiated. The following Finished then already uses the
      new key.  Unfortunately, the ChangeCipherSpec and Finished are part of
      the same flight as the ClientKeyExchange, which is necessary for the
      computation of the new secret. Hence, these messages are sent
      immediately following each other, leaving the server very little time to
      compute the new secret and pass it to SCTP before the finished arrives.
      So the Finished is likely to be discarded by SCTP and a retransmission
      becomes necessary. To prevent this issue, the Finished of the client is
      still sent with the old key.
      9fb523ad
  15. Oct 21, 2013
  16. Oct 20, 2013