- Jul 03, 2012
-
-
Dr. Stephen Henson authored
Always perform nexproto callback argument initialisation in s_server otherwise we use uninitialised data if -nocert is specified.
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
the permitted signature algorithms for server and client authentication are the same but it is now possible to set different algorithms for client authentication only.
-
- Jul 02, 2012
-
-
Andy Polyakov authored
PR: 2837
-
Andy Polyakov authored
-
- Jul 01, 2012
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Andy Polyakov authored
-
Andy Polyakov authored
-
- Jun 29, 2012
-
-
Dr. Stephen Henson authored
is required by client or server. An application can decide which certificate chain to present based on arbitrary criteria: for example supported signature algorithms. Add very simple example to s_server. This fixes many of the problems and restrictions of the existing client certificate callback: for example you can now clear existing certificates and specify the whole chain.
-
- Jun 28, 2012
-
-
Dr. Stephen Henson authored
appropriate checks in tls1_check_chain.
-
Dr. Stephen Henson authored
the certificate can be used for (if anything). Set valid_flags field in new tls1_check_chain function. Simplify ssl_set_cert_masks which used to have similar checks in it. Add new "cert_flags" field to CERT structure and include a "strict mode". This enforces some TLS certificate requirements (such as only permitting certificate signature algorithms contained in the supported algorithms extension) which some implementations ignore: this option should be used with caution as it could cause interoperability issues.
-
- Jun 27, 2012
-
-
Dr. Stephen Henson authored
-
Andy Polyakov authored
path with spaces. PR: 2835
-
- Jun 25, 2012
-
-
Andy Polyakov authored
-
Dr. Stephen Henson authored
Only store encoded versions of peer and configured signature algorithms. Determine shared signature algorithms and cache the result along with NID equivalents of each algorithm.
-
- Jun 24, 2012
-
-
Andy Polyakov authored
-
- Jun 22, 2012
-
-
Dr. Stephen Henson authored
TLS v1.2. These are sent as an extension for clients and during a certificate request for servers. TODO: add support for shared signature algorithms, respect shared algorithms when deciding which ciphersuites and certificates to permit.
-
- Jun 19, 2012
-
-
Dr. Stephen Henson authored
-
Andy Polyakov authored
-
Andy Polyakov authored
-
- Jun 18, 2012
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
- Jun 15, 2012
-
-
Dr. Stephen Henson authored
for debugging purposes. Needs "enable-ssl-trace" configuration option.
-
- Jun 13, 2012
-
-
Dr. Stephen Henson authored
-
- Jun 12, 2012
-
-
Andy Polyakov authored
-
Andy Polyakov authored
-
Andy Polyakov authored
-
Andy Polyakov authored
-
Dr. Stephen Henson authored
-
- Jun 11, 2012
-
-
Andy Polyakov authored
PR: 2830 Submitted by: Robin Seggelmann
-
Andy Polyakov authored
-
Ben Laurie authored
-
Andy Polyakov authored
-
- Jun 07, 2012
-
-
Ben Laurie authored
-
- Jun 06, 2012
-
-
Ben Laurie authored
-