Skip to content
  1. Dec 11, 2012
  2. Dec 07, 2012
  3. Dec 06, 2012
  4. Dec 05, 2012
  5. Dec 04, 2012
  6. Dec 02, 2012
  7. Nov 28, 2012
  8. Nov 27, 2012
  9. Nov 22, 2012
  10. Nov 19, 2012
  11. Nov 18, 2012
    • Dr. Stephen Henson's avatar
      PR: 2909 · d88926f1
      Dr. Stephen Henson authored
      Contributed by: Florian Weimer <fweimer@redhat.com>
      
      Fixes to X509 hostname and email address checking. Wildcard matching support.
      New test program and manual page.
      d88926f1
  12. Nov 16, 2012
  13. Oct 08, 2012
  14. Sep 19, 2012
  15. Sep 14, 2012
  16. Sep 12, 2012
  17. Sep 11, 2012
  18. Aug 29, 2012
  19. Aug 15, 2012
  20. Aug 03, 2012
  21. Jul 27, 2012
  22. Jul 24, 2012
  23. Jul 23, 2012
    • Dr. Stephen Henson's avatar
      Add support for certificate stores in CERT structure. This makes it · 74ecfab4
      Dr. Stephen Henson authored
      possible to have different stores per SSL structure or one store in
      the parent SSL_CTX. Include distint stores for certificate chain
      verification and chain building. New ctrl SSL_CTRL_BUILD_CERT_CHAIN
      to build and store a certificate chain in CERT structure: returing
      an error if the chain cannot be built: this will allow applications
      to test if a chain is correctly configured.
      
      Note: if the CERT based stores are not set then the parent SSL_CTX
      store is used to retain compatibility with existing behaviour.
      74ecfab4
  24. Jul 18, 2012
  25. Jul 08, 2012
    • Dr. Stephen Henson's avatar
      Add new ctrl to retrieve client certificate types, print out · 9f27b1ee
      Dr. Stephen Henson authored
      details in s_client.
      
      Also add ctrl to set client certificate types. If not used sensible values
      will be included based on supported signature algorithms: for example if
      we don't include any DSA signing algorithms the DSA certificate type is
      omitted.
      
      Fix restriction in old code where certificate types would be truncated
      if it exceeded TLS_CT_NUMBER.
      9f27b1ee
  26. Jul 03, 2012
  27. Jun 29, 2012
    • Dr. Stephen Henson's avatar
      Add certificate callback. If set this is called whenever a certificate · 18d71588
      Dr. Stephen Henson authored
      is required by client or server. An application can decide which
      certificate chain to present based on arbitrary criteria: for example
      supported signature algorithms. Add very simple example to s_server.
      This fixes many of the problems and restrictions of the existing client
      certificate callback: for example you can now clear existing certificates
      and specify the whole chain.
      18d71588
  28. Jun 28, 2012
    • Dr. Stephen Henson's avatar
      Add new "valid_flags" field to CERT_PKEY structure which determines what · d61ff83b
      Dr. Stephen Henson authored
      the certificate can be used for (if anything). Set valid_flags field
      in new tls1_check_chain function. Simplify ssl_set_cert_masks which used
      to have similar checks in it.
      
      Add new "cert_flags" field to CERT structure and include a "strict mode".
      This enforces some TLS certificate requirements (such as only permitting
      certificate signature algorithms contained in the supported algorithms
      extension) which some implementations ignore: this option should be used
      with caution as it could cause interoperability issues.
      d61ff83b
  29. Jun 25, 2012
  30. Jun 22, 2012
  31. Jun 18, 2012
  32. Jun 15, 2012
  33. Jun 13, 2012
  34. Jun 12, 2012
  35. May 30, 2012
  36. May 11, 2012
    • Dr. Stephen Henson's avatar
      PR: 2813 · 4242a090
      Dr. Stephen Henson authored
      Reported by: Constantine Sapuntzakis <csapuntz@gmail.com>
      
      Fix possible deadlock when decoding public keys.
      4242a090
    • Dr. Stephen Henson's avatar
      PR: 2811 · c3b13033
      Dr. Stephen Henson authored
      Reported by: Phil Pennock <openssl-dev@spodhuis.org>
      
      Make renegotiation work for TLS 1.2, 1.1 by not using a lower record
      version client hello workaround if renegotiating.
      c3b13033