- Sep 09, 2013
-
-
Andy Polyakov authored
Avoid occasional up to 8% performance drops.
-
Andy Polyakov authored
-
- Sep 08, 2013
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
When verifying a partial path always check to see if the EE certificate is explicitly trusted: the path could contain other untrusted certificates.
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
Experimental support for encrypt then mac from draft-gutmann-tls-encrypt-then-mac-02.txt To enable it set the appropriate extension number (0x10 for the test server) using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x10 For non-compliant peers (i.e. just about everything) this should have no effect.
-
- Sep 07, 2013
-
-
Dr. Stephen Henson authored
-
- Sep 06, 2013
-
-
Ben Laurie authored
-
Scott Deboy authored
Free generated supp data after handshake completion, add comment regarding use of num_renegotiations in TLS and supp data generation callbacks
-
Ben Laurie authored
-
Ben Laurie authored
-
Scott Deboy authored
Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions) Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API Tests exercising the new supplemental data registration and callback api can be found in ssltest.c. Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
-
- Sep 05, 2013
-
-
Ben Laurie authored
-
-
Ben Laurie authored
-
Carlos Alberto Lopez Perez authored
* Many XMPP servers are configured with multiple domains (virtual hosts) * In order to establish successfully the TLS connection you have to specify which virtual host you are trying to connect. * Test this, for example with :: * Fail: openssl s_client -connect talk.google.com:5222 -starttls xmpp * Works: openssl s_client -connect talk.google.com:5222 -starttls xmpp -xmpphost gmail.com
-
Carlos Alberto Lopez Perez authored
-
Carlos Alberto Lopez Perez authored
* When the host used in "-connect" is not what the remote XMPP server expects the server will return an error like this: <stream:error> <host-unknown xmlns='urn:ietf:params:xml:ns:xmpp-streams'/> </stream:error> * But the actual code will stay on the loop forever because the stop condition "/stream:features>" will never happen, * Make this more robust: The stop condition should be that BIO_read failed * Test if for example with :: openssl s_client -connect random.jabb3r.net:5222 -starttls xmpp
-
Carlos Alberto Lopez Perez authored
* Some XMPP Servers (OpenFire) use double quotes. * This makes s_client starttls work with this servers. * Tested with OpenFire servers from http://xmpp.net/ :: openssl s_client -connect coderollers.com:5222 -starttls xmpp
-
Rob Stradling authored
OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
-
- Sep 03, 2013
-
-
Dr. Stephen Henson authored
-
- Aug 21, 2013
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Ben Laurie authored
-
Ben Laurie authored
-
- Aug 18, 2013
-
-
Dr. Stephen Henson authored
(cherry picked from commit 90e7f983)
-
- Aug 17, 2013
-
-
Dr. Stephen Henson authored
Preliminary documentation for chain and verify stores and certificate chain setting functions.
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
- Aug 14, 2013
-
-
Dr. Stephen Henson authored
-
- Aug 13, 2013
-
-
Michael Tuexen authored
This fix ensures that * A HelloRequest is retransmitted if not responded by a ClientHello * The HelloRequest "consumes" the sequence number 0. The subsequent ServerHello uses the sequence number 1. * The client also expects the sequence number of the ServerHello to be 1 if a HelloRequest was received earlier. This patch fixes the RFC violation.
-
- Aug 08, 2013
-
-
Michael Tuexen authored
Reported by: Prashant Jaikumar <rmstar@gmail.com> Fix handling of application data received before a handshake.
-
- Aug 06, 2013
-
-
Kaspar Brand authored
PR: 3028 Fix bug introduced in PEM_X509_INFO_bio which wouldn't process RSA keys correctly if they appeared first.
-
- Aug 05, 2013
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
Add X9.42 DH KDF. Move sharedinfo generation code to CMS library as the same structure is used by DH and ECDH. Move ASN1_OBJECT typedef to ossl_typ.h so it can be picked up by dh headers without the need to use ASN1.
-
Dr. Stephen Henson authored
Add support for DH parameter generation using DSA methods including FIPS 186-3.
-