- Feb 09, 2014
-
-
Ben Laurie authored
-
- Feb 06, 2014
-
-
Dr. Stephen Henson authored
-
- Feb 05, 2014
-
-
Dr. Stephen Henson authored
-
Ben Laurie authored
-
Scott Deboy authored
The contract for custom extension callbacks has changed - all custom extension callbacks are triggered
-
Ben Laurie authored
-
Scott Deboy authored
Whitespace fixes
-
Scott Deboy authored
-
Scott Deboy authored
If multiple TLS extensions are expected but not received, the TLS extension and supplemental data 'generate' callbacks are the only chance for the receive-side to trigger a specific TLS alert during the handshake. Removed logic which no-op'd TLS extension generate callbacks (as the generate callbacks need to always be called in order to trigger alerts), and updated the serverinfo-specific custom TLS extension callbacks to track which custom TLS extensions were received by the client, where no-ops for 'generate' callbacks are appropriate.
-
Dr. Stephen Henson authored
If an application calls the macro SSL_CTX_get_extra_chain_certs return either the old "shared" extra certificates or those associated with the current certificate. This means applications which call SSL_CTX_use_certificate_chain_file and retrieve the additional chain using SSL_CTX_get_extra_chain_certs will still work. An application which only wants to check the shared extra certificates can call the new macro SSL_CTX_get_extra_chain_certs_only
-
Andy Polyakov authored
-
Andy Polyakov authored
This allows to process multiple fragmets of maximum fragment size, as opposite to chopping maximum-sized fragments to multiple smaller ones. This approach relies on dynamic allocation of larger buffers, which we trade for performance improvement, for several *times* in some situations.
-
Andy Polyakov authored
-
Andy Polyakov authored
-
Andy Polyakov authored
If application has more data than maximum fragment, hold to buffer for whole write, as opposite to per-fragment strategy.
-
- Feb 03, 2014
-
-
Dr. Stephen Henson authored
PR#3253
-
- Feb 02, 2014
-
-
Dr. Stephen Henson authored
New ctrl sets current certificate based on certain criteria. Currently two options: set the first valid certificate as current and set the next valid certificate as current. Using these an application can iterate over all certificates in an SSL_CTX or SSL structure.
-
Dr. Stephen Henson authored
-
- Feb 01, 2014
-
-
Andy Polyakov authored
-
Andy Polyakov authored
Atom Silvermont. On other CPUs one can observe 1% loss on some algorithms.
-
Andy Polyakov authored
+5% on Atom Silvermont, up to +8% improvement of legacy code. Harmonize sha1-586.pl and aesni-sha1-x86_86.p with sha1-x86_64.pl.
-
- Jan 29, 2014
-
-
Dr. Stephen Henson authored
Remove reference to ERR_TXT_MALLOCED in the error library as that is only used internally. Indicate that returned error data must not be freed. (cherry picked from commit f2d678e6e89b6508147086610e985d4e8416e867)
-
- Jan 28, 2014
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
PR#3244 (cherry picked from commit 9614d2c676ffe74ce0c919d9e5c0d622a011cbed)
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
Always add a dynamically loaded ENGINE to list. Otherwise it can cause problems when multiply loaded, especially if it adds new public key methods. For all current engines we only want a single implementation anyway.
-
- Jan 27, 2014
-
-
Dr. Stephen Henson authored
-
- Jan 26, 2014
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
- Jan 16, 2014
-
-
Dr. Stephen Henson authored
Partial fix for PR#3183.
-
Kaspar Brand authored
PR#3178
-
- Jan 12, 2014
-
-
Dr. Stephen Henson authored
-
- Jan 11, 2014
-
-
Dr. Stephen Henson authored
If available rdrand is used as an additional entropy source for the PRNG and for additional input in FIPS mode.
-
- Jan 10, 2014
-
-
Jeff Trawick authored
-
Jeff Trawick authored
-
- Jan 09, 2014
-
-
Dr. Stephen Henson authored
-
Daniel Kahn Gillmor authored
change documentation and comments to indicate that we prefer the standard "DHE" naming scheme everywhere over the older "EDH"
-
Daniel Kahn Gillmor authored
Replace the full ciphersuites with "EDH-" in their labels with "DHE-" so that all DHE ciphersuites are referred to in the same way. Leave backward-compatible aliases for the ciphersuites in question so that configurations which specify these explicitly will continue working.
-