- Sep 16, 2013
-
-
Bodo Moeller authored
(Various changes from the master branch are now in the 1.0.2 branch too.)
-
- Sep 13, 2013
-
-
Rob Stradling authored
-
- Sep 08, 2013
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
Experimental support for encrypt then mac from draft-gutmann-tls-encrypt-then-mac-02.txt To enable it set the appropriate extension number (0x10 for the test server) using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x10 For non-compliant peers (i.e. just about everything) this should have no effect.
-
- Sep 06, 2013
-
-
Scott Deboy authored
Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions) Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API Tests exercising the new supplemental data registration and callback api can be found in ssltest.c. Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
-
- Sep 05, 2013
-
-
- Jul 17, 2013
-
-
Dr. Stephen Henson authored
Add support for key wrap algorithms via EVP interface. Generalise AES wrap algorithm and add to modes, making existing AES wrap algorithm a special case. Move test code to evptests.txt
-
- Jul 04, 2013
-
-
Jeff Walton authored
-
- Jun 21, 2013
-
-
Dr. Stephen Henson authored
-
- Jun 12, 2013
-
-
Dr. Stephen Henson authored
Extend OAEP support. Generalise the OAEP padding functions to support arbitrary digests. Extend EVP_PKEY RSA method to handle the new OAEP padding functions and add ctrls to set the additional parameters.
-
Trevor authored
Contributed by Trevor Perrin.
-
- Apr 09, 2013
-
-
Dr. Stephen Henson authored
Add new methods DTLS_*_method() which support both DTLS 1.0 and DTLS 1.2 and pick the highest version the peer supports during negotiation. As with SSL/TLS options can change this behaviour specifically SSL_OP_NO_DTLSv1 and SSL_OP_NO_DTLSv1_2.
-
- Dec 19, 2012
-
-
Dr. Stephen Henson authored
-
- Dec 11, 2012
-
-
Ben Laurie authored
-
- Dec 07, 2012
-
-
Ben Laurie authored
-
- Dec 06, 2012
-
-
Dr. Stephen Henson authored
Just a sample, real world applications would have to be cleverer.
-
- Dec 05, 2012
-
-
Dr. Stephen Henson authored
Add new verify options to set checks. Remove previous -check* commands from s_client and s_server.
-
- Dec 04, 2012
-
-
Dr. Stephen Henson authored
-
- Dec 02, 2012
-
-
Dr. Stephen Henson authored
-
- Nov 28, 2012
-
-
Dr. Stephen Henson authored
structures using HTTP. Add wrapper function to handle CRL download.
-
- Nov 27, 2012
-
-
Dr. Stephen Henson authored
from X509_STORE_CTX.
-
- Nov 22, 2012
-
-
Dr. Stephen Henson authored
-
- Nov 19, 2012
-
-
Dr. Stephen Henson authored
-
- Nov 18, 2012
-
-
Dr. Stephen Henson authored
Contributed by: Florian Weimer <fweimer@redhat.com> Fixes to X509 hostname and email address checking. Wildcard matching support. New test program and manual page.
-
- Nov 16, 2012
-
-
Dr. Stephen Henson authored
-
- Oct 08, 2012
-
-
Dr. Stephen Henson authored
certificate. Add options to s_client, s_server and x509 utilities to print results of checks.
-
- Sep 19, 2012
-
-
Andy Polyakov authored
-
- Sep 14, 2012
-
-
Dr. Stephen Henson authored
by client and send back to server. Also prints an abbreviated summary of the connection parameters.
-
- Sep 12, 2012
-
-
Dr. Stephen Henson authored
New option -verify_quiet to shut up the verify callback unless there is an error.
-
Dr. Stephen Henson authored
client hello message. Previously this could only be retrieved on an initial connection and it was impossible to determine the cipher IDs of any uknown ciphersuites.
-
- Sep 11, 2012
-
-
Dr. Stephen Henson authored
change the current certificate (in s->cert->key) to the one used and then SSL_get_certificate and SSL_get_privatekey will automatically work.
-
Ben Laurie authored
right response is stapled. Also change SSL_get_certificate() so it returns the certificate actually sent. See http://rt.openssl.org/Ticket/Display.html?id=2836.
-
- Aug 29, 2012
-
-
Andy Polyakov authored
-
- Aug 15, 2012
-
-
Dr. Stephen Henson authored
-
- Aug 03, 2012
-
-
Dr. Stephen Henson authored
-
- Jul 27, 2012
-
-
Dr. Stephen Henson authored
by a certificate chain. Add additional tests to handle client certificates: checks for matching certificate type and issuer name comparison. Print out results of checks for each candidate chain tested in s_server/s_client.
-
- Jul 24, 2012
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
- Jul 23, 2012
-
-
Dr. Stephen Henson authored
possible to have different stores per SSL structure or one store in the parent SSL_CTX. Include distint stores for certificate chain verification and chain building. New ctrl SSL_CTRL_BUILD_CERT_CHAIN to build and store a certificate chain in CERT structure: returing an error if the chain cannot be built: this will allow applications to test if a chain is correctly configured. Note: if the CERT based stores are not set then the parent SSL_CTX store is used to retain compatibility with existing behaviour.
-
- Jul 18, 2012
-
-
Dr. Stephen Henson authored
that are disabled for this session (as opposed to always disabled by configuration).
-