Commits · 78b5d89ddfdc66b5bf5919b7858f11d2e491efbf · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL · GitLab

Dec 26, 2012
- Add support for printing out and retrieving EC point formats extension. · 78b5d89d
  Dr. Stephen Henson authored Dec 26, 2012
  78b5d89d
- return error if Suite B mode is selected and TLS 1.2 can't be used. · b79df62e
  Dr. Stephen Henson authored Dec 26, 2012
  b79df62e
- set auto ecdh parameter selction for Suite B · e3c76874
  Dr. Stephen Henson authored Dec 26, 2012
  e3c76874
- add Suite B 128 bit mode offering only combination 2 · 4347394a
  Dr. Stephen Henson authored Dec 26, 2012
  4347394a
- Use client version when deciding which cipher suites to disable. · 53bb7238
  Dr. Stephen Henson authored Dec 26, 2012
  53bb7238
- Use default point formats extension for server side as well as client · 684a2264
  Dr. Stephen Henson authored Dec 26, 2012
  684a2264
- add Suite B verification flags · fde8dc17
  Dr. Stephen Henson authored Dec 26, 2012
  
  fde8dc17
- contify · 3c87a2bd
  Dr. Stephen Henson authored Dec 26, 2012
  3c87a2bd
- Add ctrl and utility functions to retrieve raw cipher list sent by client in · 1520e6c0
  Dr. Stephen Henson authored Dec 26, 2012
  1520e6c0
- new ctrl to retrive value of received temporary key in server key exchange... · 2001129f
  Dr. Stephen Henson authored Dec 26, 2012
  2001129f
- store and print out message digest peer signed with in TLS 1.2 · a50ecaee
  Dr. Stephen Henson authored Dec 26, 2012
  a50ecaee
- perform sanity checks on server certificate type as soon as it is received... · 67d9dcf0
  Dr. Stephen Henson authored Dec 26, 2012
  67d9dcf0
- give more meaningful error if presented with wrong certificate type by server · 79dcae32
  Dr. Stephen Henson authored Dec 26, 2012
  79dcae32
- Add three Suite B modes to TLS code, supporting RFC6460. · ccf6a19e
  Dr. Stephen Henson authored Dec 26, 2012
  ccf6a19e
- Add missing prototype to x509.h · 28fbbe3b
  Dr. Stephen Henson authored Dec 26, 2012
  
  28fbbe3b
- New function X509_chain_up_ref to dup and up the reference count of · 8d2dbe6a
  Dr. Stephen Henson authored Dec 26, 2012
  8d2dbe6a
- add suite B chain validation flags and associated verify errors · ba8bdea7
  Dr. Stephen Henson authored Dec 26, 2012
  ba8bdea7
- Oops, add missing v3nametest.c · 3d991629
  Dr. Stephen Henson authored Dec 26, 2012
  
  3d991629
- New -valid option to add a certificate to the ca index.txt that is valid and not revoked · 87054c4f
  Dr. Stephen Henson authored Dec 26, 2012
  87054c4f
- Make tls1_check_chain return a set of flags indicating checks passed · 6660baee
  Dr. Stephen Henson authored Dec 26, 2012
  6660baee
- Abort handshake if signature algorithm used not supported by peer. · 25d4c925
  Dr. Stephen Henson authored Dec 26, 2012
  25d4c925
- check EC tmp key matches preferences · 44adfeb6
  Dr. Stephen Henson authored Dec 26, 2012
  44adfeb6
- typo · 5ff2ef79
  Dr. Stephen Henson authored Dec 26, 2012
  
  5ff2ef79
- Add support for certificate stores in CERT structure. This makes it · b762acad
  Dr. Stephen Henson authored Dec 26, 2012
  b762acad
- add ssl_locl.h to err header files, rebuild ssl error strings · 7d779eef
  Dr. Stephen Henson authored Dec 26, 2012
  7d779eef
- set ciphers to NULL before calling cert_cb · 35b7757f
  Dr. Stephen Henson authored Dec 26, 2012
  35b7757f
- stop warning · 23195e4d
  Dr. Stephen Henson authored Dec 26, 2012
  23195e4d
- New function ssl_set_client_disabled to set masks for any ciphersuites · b28fbdfa
  Dr. Stephen Henson authored Dec 26, 2012
  b28fbdfa
- Add new ctrl to retrieve client certificate types, print out · a897502c
  Dr. Stephen Henson authored Dec 26, 2012
  a897502c
- cert_flags is unsigned · 8546add6
  Dr. Stephen Henson authored Dec 26, 2012
  8546add6
- add support for client certificate callbak, fix memory leak · aa5c5eb4
  Dr. Stephen Henson authored Dec 26, 2012
  aa5c5eb4
- new function SSL_is_server to which returns 1 is the corresponding SSL context is for a server · 731abd3b
  Dr. Stephen Henson authored Dec 26, 2012
  731abd3b
- no need to check s->server as default_nid is never used for TLS 1.2 client authentication · 7531dd18
  Dr. Stephen Henson authored Dec 26, 2012
  7531dd18
- Separate client and server permitted signature algorithm support: by default · 04c32cdd
  Dr. Stephen Henson authored Dec 26, 2012
  04c32cdd
- Add certificate callback. If set this is called whenever a certificate · 623a5e24
  Dr. Stephen Henson authored Dec 26, 2012
  623a5e24
- New functions to retrieve certificate signatures and signature OID NID. · bd9fc1d6
  Dr. Stephen Henson authored Dec 26, 2012
  bd9fc1d6
- Function tls1_check_ec_server_key is now redundant as we make · c550f2e3
  Dr. Stephen Henson authored Dec 26, 2012
  c550f2e3
- Add new "valid_flags" field to CERT_PKEY structure which determines what · 484f8762
  Dr. Stephen Henson authored Dec 26, 2012
  484f8762
- Reorganise supported signature algorithm extension processing. · c70a1fee
  Dr. Stephen Henson authored Dec 26, 2012
  c70a1fee
- Add support for application defined signature algorithms for use with · 0b362de5
  Dr. Stephen Henson authored Dec 26, 2012
  0b362de5