- Dec 01, 2013
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
- Nov 27, 2013
-
-
Dr. Stephen Henson authored
-
- Nov 18, 2013
-
-
Dr. Stephen Henson authored
New functions to retrieve current certificate or private key from an SSL_CTX. Constify SSL_get_private_key(). (cherry picked from commit a25f9adc)
-
Dr. Stephen Henson authored
(cherry picked from commit 60aeb187)
-
- Nov 17, 2013
-
-
Dr. Stephen Henson authored
(cherry picked from commit fdeaf55b)
-
- Nov 14, 2013
-
-
Dr. Stephen Henson authored
-
Piotr Sikora authored
PR#3106
-
- Nov 13, 2013
-
-
Dr. Stephen Henson authored
If pointer comparison for current certificate fails check to see if a match using X509_cmp succeeds for the current certificate: this is useful for cases where the certificate pointer is not available. (cherry picked from commit 6856b288a6e66edd23907b7fa264f42e05ac9fc7)
-
Rob Stradling authored
PR#3169 This patch, which currently applies successfully against master and 1_0_2, adds the following functions: SSL_[CTX_]select_current_cert() - set the current certificate without disturbing the existing structure. SSL_[CTX_]get0_chain_certs() - get the current certificate's chain. SSL_[CTX_]clear_chain_certs() - clear the current certificate's chain. The patch also adds these functions to, and fixes some existing errors in, SSL_CTX_add1_chain_cert.pod. (cherry picked from commit 2f56c9c015dbca45379c9a725915b3b8e765a119)
-
Krzysztof Kwiatkowski authored
PR#3172 (cherry picked from commit 4f055e34c3598cad00fca097d812fa3e6436d967)
-
- Nov 12, 2013
-
-
Andy Polyakov authored
PR: 3165 Submitted by: Daniel Richard G. (cherry picked from commit 2df9ec01)
-
Andy Polyakov authored
PR: 3165
-
Andy Polyakov authored
PR: 3165 (cherry picked from commit d1cf23ac)
-
- Nov 11, 2013
-
-
Dr. Stephen Henson authored
(cherry picked from commit 16bc45ba)
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
(cherry picked from commit 08b433540416c5bc9a874ba0343e35ba490c65f1)
-
- Nov 10, 2013
-
-
Andy Polyakov authored
-
- Nov 09, 2013
-
-
Dr. Stephen Henson authored
(cherry picked from commit 01be36ef70525e81fc358d2e559bdd0a0d9427a5)
-
Dr. Stephen Henson authored
(cherry picked from commit 7040d73d22987532faa503630d6616cf2788c975)
-
Dr. Stephen Henson authored
Add function to retrieve the signature from a CMS_SignerInfo structure: applications can then read or modify it. (cherry picked from commit e8df6cec4c09b9a94c4c07abcf0402d31ec82cc1)
-
- Nov 08, 2013
-
-
Andy Polyakov authored
Original definition depended on __LONG_MAX__ that is not guaranteed to be present. As we don't support platforms with int narrower that 32 bits it's appropriate to make defition inconditional. PR: 3165 (cherry picked from commit 96180cac)
-
Andy Polyakov authored
PR: 3165 (cherry picked from commit d24d1d7d)
-
- Nov 06, 2013
-
-
Dr. Stephen Henson authored
Enable PSK ciphersuites with AES or DES3 in FIPS mode. (cherry picked from commit e0ffd129)
-
Dr. Stephen Henson authored
-
- Nov 03, 2013
-
-
Ben Laurie authored
<christian@python.org>.
-
- Nov 02, 2013
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
(cherry picked from commit 96e16bdd)
-
Dr. Stephen Henson authored
(cherry picked from commit c557f921)
-
Dr. Stephen Henson authored
(cherry picked from commit abf840e4)
-
Dr. Stephen Henson authored
(cherry picked from commit 27f3b65f)
-
Dr. Stephen Henson authored
Extend SSL_CONF to return command value types. Add certificate and key options. Update documentation. (cherry picked from commit ec2f7e56)
-
Dr. Stephen Henson authored
(cherry picked from commit 13af1451)
-
- Nov 01, 2013
-
-
Piotr Sikora authored
Don't require a public key in tls1_set_ec_id if compression status is not needed. This fixes a bug where SSL_OP_SINGLE_ECDH_USE wouldn't work.
-
Dr. Stephen Henson authored
Add -ecdh_single option to set SSL_OP_SINGLE_ECDH_USE on the command line.
-
- Oct 30, 2013
-
-
Robin Seggelmann authored
PR: 2809 DTLS/SCTP requires DATA and FORWARD-TSN chunks to be protected with SCTP-AUTH. It is checked if this has been activated successfully for the local and remote peer. Due to a bug, however, the gauth_number_of_chunks field of the authchunks struct is missing on FreeBSD, and was therefore not considered in the OpenSSL implementation. This patch sets the corresponding pointer for the check correctly whether or not this bug is present.
-
Robin Seggelmann authored
PR: 2808 With DTLS/SCTP the SCTP extension SCTP-AUTH is used to protect DATA and FORWARD-TSN chunks. The key for this extension is derived from the master secret and changed with the next ChangeCipherSpec, whenever a new key has been negotiated. The following Finished then already uses the new key. Unfortunately, the ChangeCipherSpec and Finished are part of the same flight as the ClientKeyExchange, which is necessary for the computation of the new secret. Hence, these messages are sent immediately following each other, leaving the server very little time to compute the new secret and pass it to SCTP before the finished arrives. So the Finished is likely to be discarded by SCTP and a retransmission becomes necessary. To prevent this issue, the Finished of the client is still sent with the old key.
-
- Oct 21, 2013
-
-
Ben Laurie authored
-
- Oct 20, 2013
-
-
Nick Mathewson authored
-
Nick Mathewson authored
Instead, send random bytes, unless SSL_SEND_{CLIENT,SERVER}RANDOM_MODE is set. This is a forward-port of commits: 4af79303 f4c93b46 3da721da 25832701 While the gmt_unix_time record was added in an ostensible attempt to mitigate the dangers of a bad RNG, its presence leaks the host's view of the current time in the clear. This minor leak can help fingerprint TLS instances across networks and protocols... and what's worse, it's doubtful thet the gmt_unix_time record does any good at all for its intended purpose, since: * It's quite possible to open two TLS connections in one second. * If the PRNG output is prone to repeat itself, ephemeral handshakes (and who knows what else besides) are broken.
-