generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Security framework.

Browse Source 
Security callback: selects which parameters are permitted including
sensible defaults based on bits of security.

The "parameters" which can be selected include: ciphersuites,
curves, key sizes, certificate signature algorithms, supported
signature algorithms, DH parameters, SSL/TLS version, session tickets
and compression.

In some cases prohibiting the use of a parameters will mean they are
not advertised to the peer: for example cipher suites and ECC curves.
In other cases it will abort the handshake: e.g DH parameters or the
peer key size.

Documentation to follow...
This commit is contained in:
Dr. Stephen Henson
2013-12-15 13:32:24 +00:00
parent 66f96fe2d5
commit b362ccab5c
16 changed files with 827 additions and 202 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ssl/s2_srvr.c
View File

@@ -1053,6 +1053,12 @@ static int request_certificate(SSL *s)
i=ssl_verify_cert_chain(s,sk);
if (i > 1)
{
SSLerr(SSL_F_REQUEST_CERTIFICATE, i);
goto msg_end;
}
if (i > 0) /* we like the packet, now check the chksum */
{
EVP_MD_CTX ctx;