- Feb 22, 2012
-
-
Dr. Stephen Henson authored
Move new structure fields to end of structures.
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
- Feb 21, 2012
-
-
Dr. Stephen Henson authored
between NIDs and the more common NIST names such as "P-256". Enhance ecparam utility and ECC method to recognise the NIST names for curves.
-
- Feb 16, 2012
-
-
Dr. Stephen Henson authored
before rejecting multiple SGC restarts.
-
- Feb 15, 2012
-
-
Dr. Stephen Henson authored
Update RSA EVP_PKEY_METHOD to use the OCTET STRING form of MDC2 signature: this will make all versions of MDC2 signature equivalent.
-
Dr. Stephen Henson authored
signatures and MDC2 using EVP or RSA_sign. This has become more apparent when the dgst utility in OpenSSL 1.0.0 and later switched to using the EVP_DigestSign functions which call RSA_sign. This means that the signature format OpenSSL 1.0.0 and later used with dgst -sign and MDC2 is incompatible with previous versions. Add detection in RSA_verify so either format works. Note: MDC2 is disabled by default in OpenSSL and very rarely used in practice.
-
- Feb 12, 2012
-
-
Dr. Stephen Henson authored
Submitted by: Tomas Mraz <tmraz@redhat.com> Move libraries that are not needed for dynamic linking to Libs.private in the .pc files
-
- Feb 11, 2012
-
-
Dr. Stephen Henson authored
Submitted by: Tim Rice <tim@multitalents.net> Make compilation work on OpenServer 5.0.7
-
Dr. Stephen Henson authored
Submitted by: Adam Langley <agl@google.com> Fix handling of exporter return value and use OpenSSL indentation in s_client, s_server.
-
Dr. Stephen Henson authored
Submitted by: Alexey Melnikov <alexey.melnikov@isode.com> Fix some memory and resource leaks in CAPI ENGINE.
-
Dr. Stephen Henson authored
Submitted by: Alexey Melnikov <alexey.melnikov@isode.com> Only create ex_data indices once for CAPI engine.
-
Dr. Stephen Henson authored
Further fixes for use_srtp extension.
-
Andy Polyakov authored
-
- Feb 10, 2012
-
-
Dr. Stephen Henson authored
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> Fix srp extension.
-
Dr. Stephen Henson authored
Submitted by: Tomas Mraz <tmraz@redhat.com> Check return codes for load_certs_crls.
-
Dr. Stephen Henson authored
Submitted by: Tomas Mraz <tmraz@redhat.com> Make no-srp work.
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
Fix encoding of use_srtp extension to be compliant with RFC5764
-
- Feb 09, 2012
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
some servers.
-
- Feb 02, 2012
-
-
Dr. Stephen Henson authored
-
Andy Polyakov authored
-
Andy Polyakov authored
-
- Jan 31, 2012
-
-
Dr. Stephen Henson authored
structure. Before this the only way to add a custom chain was in the parent SSL_CTX (which is shared by all key types and SSL structures) or rely on auto chain building (which is performed on each handshake) from the trust store.
-
- Jan 27, 2012
-
-
Dr. Stephen Henson authored
-
- Jan 26, 2012
-
-
Dr. Stephen Henson authored
certificate chain instead of an X509 structure. This makes it easier to enhance code in future and the chain output functions have access to the CERT_PKEY structure being used.
-
Dr. Stephen Henson authored
New function ssl_add_cert_chain which adds a certificate chain to SSL internal BUF_MEM. Use this function in ssl3_output_cert_chain and dtls1_output_cert_chain instead of partly duplicating code.
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
- Jan 25, 2012
-
-
Andy Polyakov authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
- Jan 22, 2012
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
- Jan 21, 2012
-
-
Andy Polyakov authored
-
- Jan 18, 2012
-
-
Dr. Stephen Henson authored
Thanks to Antonio Martin, Enterprise Secure Access Research and Development, Cisco Systems, Inc. for discovering this bug and preparing a fix. (CVE-2012-0050)
-
- Jan 17, 2012
-
-
Dr. Stephen Henson authored
-
- Jan 16, 2012
-
-
Dr. Stephen Henson authored
The cipher definitions of these ciphersuites have been around since SSLeay but were always disabled. Now OpenSSL supports DH certificates they can be finally enabled. Various additional changes were needed to make them work properly: many unused fixed DH sections of code were untested.
-