- Sep 18, 2013
-
-
Dr. Stephen Henson authored
Revise DTLS code. There was a *lot* of code duplication in the DTLS code that generates records. This makes it harder to maintain and sometimes a TLS update is omitted by accident from the DTLS code. Specifically almost all of the record generation functions have code like this: some_pointer = buffer + HANDSHAKE_HEADER_LENGTH; ... Record creation stuff ... set_handshake_header(ssl, SSL_MT_SOMETHING, message_len); ... write_handshake_message(ssl); Where the "Record creation stuff" is identical between SSL/TLS and DTLS or in some cases has very minor differences. By adding a few fields to SSL3_ENC to include the header length, some flags and function pointers for handshake header setting and handshake writing the code can cope with both cases. (cherry picked from commit 173e72e6)
-
Dr. Stephen Henson authored
Add various functions to allocate and set the fields of an ECDSA_METHOD structure. (cherry picked from commit 94c2f77a)
-
- Sep 17, 2013
-
-
Bodo Moeller authored
-
Bodo Moeller authored
-
- Sep 16, 2013
-
-
Trevor Perrin authored
Force no SSL2 when custom extensions in use. Don't clear extension state when cert is set. Clear on renegotiate. Conflicts: ssl/t1_lib.c
-
Rob Stradling authored
-
Rob Stradling authored
-
Rob Stradling authored
-
Rob Stradling authored
-
Rob Stradling authored
OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
-
Bodo Moeller authored
-
Bodo Moeller authored
Merge branch 'OpenSSL_1_0_2-stable' of /usr/local/google/home/bmoeller/openssl/openssl into OpenSSL_1_0_2-stable
-
Bodo Moeller authored
- EC_GROUP_cmp shouldn't consider curves equal just because the curve name is the same. (They really *should* be the same in this case, but there's an EC_GROUP_set_curve_name API, which could be misused.) - EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates equality (not an error). Reported by: king cope (cherry picked from commit 312a46791ab465cfa3bf26764361faed0e5df014)
-
Bodo Moeller authored
- EC_GROUP_cmp shouldn't consider curves equal just because the curve name is the same. (They really *should* be the same in this case, but there's an EC_GROUP_set_curve_name API, which could be misused.) - EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates equality (not an error). Reported by: king cope (cherry picked from commit 312a46791ab465cfa3bf26764361faed0e5df014)
-
- Sep 15, 2013
-
-
Andy Polyakov authored
-
Andy Polyakov authored
PR: 3125 Submitted by: Kyle McMartin (cherry picked from commit 8e52a906)
-
- Sep 14, 2013
-
-
Dr. Stephen Henson authored
(cherry picked from commit 139cd16c)
-
Dr. Stephen Henson authored
-
- Sep 10, 2013
-
-
Ben Laurie authored
-
- Sep 09, 2013
-
-
Andy Polyakov authored
Avoid occasional up to 8% performance drops. (cherry picked from commit 7a1a1223)
-
Andy Polyakov authored
(cherry picked from commit 72a15870)
-
Andy Polyakov authored
This reverts commit 514f1a78.
-
- Sep 08, 2013
-
-
Dr. Stephen Henson authored
(cherry picked from commit ce455596)
-
Dr. Stephen Henson authored
When verifying a partial path always check to see if the EE certificate is explicitly trusted: the path could contain other untrusted certificates. (cherry picked from commit 52073b76)
-
- Sep 03, 2013
-
-
Dr. Stephen Henson authored
(cherry picked from commit c3eb3376)
-
- Aug 21, 2013
-
-
Dr. Stephen Henson authored
(cherry picked from commit b093a06866bf632a97a9a0286e2d08f69c3cf7dd)
-
- Aug 20, 2013
-
-
Dr. Stephen Henson authored
(cherry picked from commit 3a918ea2bbf4175d9461f81be1403d3781b2c0dc)
-
- Aug 19, 2013
-
-
Dr. Stephen Henson authored
(cherry picked from commit f7ac0ec8)
-
Dr. Stephen Henson authored
Backport of ASN1_TIME_diff and OPENSSL_gmtime_diff functions from master branch.
-
Dr. Stephen Henson authored
(cherry picked from commit 51b9115b)
-
Dr. Stephen Henson authored
is needed to test some profiles/protocols which reject certificates with unsupported versions. (cherry picked from commit df316fd4)
-
Dr. Stephen Henson authored
(cherry picked from commit 96cfba0f)
-
Dr. Stephen Henson authored
(cherry picked from commit 7c8ac505)
-
Dr. Stephen Henson authored
(cherry picked from commit b5cadfb5)
-
Dr. Stephen Henson authored
(cherry picked from commit 68575593)
-
Dr. Stephen Henson authored
just like a "real" server making it easier to trace any problems. (manually applied from commit 35b0ea4e)
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
(cherry picked from commit 14536c8c)
-
Dr. Stephen Henson authored
by client and send back to server. Also prints an abbreviated summary of the connection parameters. (cherry picked from commit 4f3df8be)
-
Dr. Stephen Henson authored
New option -verify_quiet to shut up the verify callback unless there is an error. (manually applied from commit 2a7cbe77)
-