generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Security framework.

Browse Source 
Security callback: selects which parameters are permitted including
sensible defaults based on bits of security.

The "parameters" which can be selected include: ciphersuites,
curves, key sizes, certificate signature algorithms, supported
signature algorithms, DH parameters, SSL/TLS version, session tickets
and compression.

In some cases prohibiting the use of a parameters will mean they are
not advertised to the peer: for example cipher suites and ECC curves.
In other cases it will abort the handshake: e.g DH parameters or the
peer key size.

Documentation to follow...
This commit is contained in:
Dr. Stephen Henson
2013-12-15 13:32:24 +00:00
parent 66f96fe2d5
commit b362ccab5c
16 changed files with 827 additions and 202 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ssl/s2_clnt.c
View File

@@ -1056,6 +1056,12 @@ int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data)
ERR_clear_error(); /* but we keep s->verify_result */
s->session->verify_result = s->verify_result;
if (i > 1)
{
SSLerr(SSL_F_SSL2_SET_CERTIFICATE, i);
goto err;
}
/* server's cert for this session */
sc=ssl_sess_cert_new();
if (sc == NULL)