generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
11,505 Commits 16 Branches 258 Tags 86 MiB
36019f70e8
Commit Graph

1553 Commits

Author SHA1 Message Date
Dr. Stephen Henson
fcb2bcfe65 Typo: don't call RAND_cleanup during app startup. 
(cherry picked from commit 90e7f983b5)
 2013-08-18 19:06:51 +01:00
Dr. Stephen Henson
14536c8c9c Make no-ec compilation work. 2013-08-17 17:41:13 +01:00
Adam Langley
a898936218 Add tests for ALPN functionality. 
Conflicts:
	ssl/ssltest.c
 2013-07-22 15:47:48 +01:00
Adam Langley
6f017a8f9d Support ALPN. 
This change adds support for ALPN[1] in OpenSSL. ALPN is the IETF
blessed version of NPN and we'll be supporting both ALPN and NPN for
some time yet.

[1] https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-00

Conflicts:
	ssl/ssl3.h
	ssl/t1_lib.c
 2013-07-22 15:28:20 +01:00
Dr. Stephen Henson
5711885a2b Custom key wrap option for cms utility. 2013-07-17 21:45:01 +01:00
Dr. Stephen Henson
02498cc885 Add -keyopt option to cms utility. 
Add support for custom public key parameters in the cms utility using
the -keyopt switch. Works for -sign and also -encrypt if -recip is used.
 2013-06-21 23:43:06 +01:00
Trevor
a398f821fa Add support for arbitrary TLS extensions. 
Contributed by Trevor Perrin.
 2013-06-12 17:01:13 +01:00
Dr. Stephen Henson
c6913eeb76 Dual DTLS version methods. 
Add new methods DTLS_*_method() which support both DTLS 1.0 and DTLS 1.2 and
pick the highest version the peer supports during negotiation.

As with SSL/TLS options can change this behaviour specifically
SSL_OP_NO_DTLSv1 and SSL_OP_NO_DTLSv1_2.
 2013-04-09 14:02:48 +01:00
Dr. Stephen Henson
3d1160d58b Call RAND_cleanup in openssl application. 
(cherry picked from commit 944bc29f90)
 2013-03-28 14:29:39 +00:00
Dr. Stephen Henson
c3b344e36a Provisional DTLS 1.2 support. 
Add correct flags for DTLS 1.2, update s_server and s_client to handle
DTLS 1.2 methods.

Currently no support for version negotiation: i.e. if client/server selects
DTLS 1.2 it is that or nothing.
 2013-03-26 15:16:41 +00:00
Andy Polyakov
a006fef78e Improve WINCE support. 
Submitted by: Pierre Delaage
 2013-01-19 21:23:13 +01:00
Dr. Stephen Henson
4badfebefc Typo (PR2959). 2013-01-17 18:20:18 +00:00
Dr. Stephen Henson
abd01ea214 Change default bits to 1024 2013-01-07 16:18:31 +00:00
Dr. Stephen Henson
b252cf0d98 make JPAKE work again, fix memory leaks 2012-12-29 23:38:20 +00:00
Dr. Stephen Henson
89a5e2f704 missing tab 2012-12-26 19:12:57 +00:00
Dr. Stephen Henson
09d0d67c13 add missing newline 2012-12-21 16:24:48 +00:00
Dr. Stephen Henson
bbdfbacdef add -rmd option to set OCSP response signing digest 2012-12-16 00:10:03 +00:00
Dr. Stephen Henson
99fc818e93 Return success when the responder is active. 
Don't verify our own responses.
 2012-12-15 02:56:02 +00:00
Dr. Stephen Henson
265f835e3e typo 2012-12-15 00:29:12 +00:00
Dr. Stephen Henson
33826fd028 Add support for '-' as input and output filenames in ocsp utility. 
Recognise verification arguments.
 2012-12-14 23:30:56 +00:00
Dr. Stephen Henson
92821996de oops, revert, committed in error 2012-12-14 23:29:58 +00:00
Dr. Stephen Henson
11e2957d5f apps/ocsp.c 2012-12-14 23:28:19 +00:00
Dr. Stephen Henson
51e7a4378a New verify flag to return success if we have any certificate in the 
trusted store instead of the default which is to return an error if
we can't build the complete chain.
 2012-12-13 18:14:46 +00:00
Dr. Stephen Henson
60938ae772 add -crl_download option to s_server 2012-12-12 03:35:31 +00:00
Dr. Stephen Henson
4e71d95260 add -cert_chain option to s_client 2012-12-12 00:50:26 +00:00
Ben Laurie
fefc111a2a Make openssl verify return errors. 2012-12-11 16:05:14 +00:00
Dr. Stephen Henson
1e8b9e7e69 add -badsig option to ocsp utility too. 2012-12-09 16:21:46 +00:00
Ben Laurie
30c278aa6b Fix OCSP checking. 2012-12-07 18:47:47 +00:00
Dr. Stephen Henson
0090a686c0 Add code to download CRLs based on CRLDP extension. 
Just a sample, real world applications would have to be cleverer.
 2012-12-06 18:43:40 +00:00
Dr. Stephen Henson
f5a7d5b164 remove print_ssl_cert_checks() from openssl application: it is no longer used 2012-12-06 18:36:51 +00:00
Dr. Stephen Henson
3bf15e2974 Integrate host, email and IP address checks into X509_verify. 
Add new verify options to set checks.

Remove previous -check* commands from s_client and s_server.
 2012-12-05 18:35:20 +00:00
Dr. Stephen Henson
fbeb85ecb9 don't print verbose policy check messages when -quiet is selected even on error 2012-12-04 23:18:44 +00:00
Dr. Stephen Henson
2e8cb108dc initial support for delta CRL generations by diffing two full CRLs 2012-12-04 18:35:36 +00:00
Dr. Stephen Henson
256f9573c5 make -subj always override config file 2012-12-04 18:35:04 +00:00
Dr. Stephen Henson
b6b094fb77 check mval for NULL too 2012-12-04 17:25:34 +00:00
Dr. Stephen Henson
0db46a7dd7 fix leak 2012-12-03 16:32:52 +00:00
Dr. Stephen Henson
2537d46903 oops, really check brief mode only ;-) 2012-12-03 03:40:57 +00:00
Dr. Stephen Henson
5447f836a0 don't check errno is zero, just print out message 2012-12-03 03:39:23 +00:00
Dr. Stephen Henson
66d9f2e521 if no error code and -brief selected print out connection closed instead of read error 2012-12-03 03:33:44 +00:00
Dr. Stephen Henson
139cd16cc5 add -badsig option to corrupt CRL signatures for testing too 2012-12-02 16:48:25 +00:00
Dr. Stephen Henson
fdb78f3d88 New option to add CRLs for s_client and s_server. 2012-12-02 16:16:28 +00:00
Dr. Stephen Henson
95ea531864 add option to get a certificate or CRL from a URL 2012-12-02 14:00:22 +00:00
Dr. Stephen Henson
df316fd43c Add new test option set the version in generated certificates: this 
is needed to test some profiles/protocols which reject certificates
with unsupported versions.
 2012-11-30 19:24:13 +00:00
Dr. Stephen Henson
84bafb7471 Print out point format list for clients too. 2012-11-26 18:39:38 +00:00
Dr. Stephen Henson
55b66f084d set cmdline flag in s_server 2012-11-26 12:51:12 +00:00
Dr. Stephen Henson
96cfba0fb4 option to output corrupted signature in certificates for testing purposes 2012-11-25 22:29:52 +00:00
Dr. Stephen Henson
a5afc0a8f4 Don't display messages about verify depth in s_server if -quiet it set. 
Add support for separate verify and chain stores in s_client.
 2012-11-23 18:56:25 +00:00
Dr. Stephen Henson
20b431e3a9 Add support for printing out and retrieving EC point formats extension. 2012-11-22 15:20:53 +00:00
Dr. Stephen Henson
1740c9fbfc support -quiet with -msg or -trace 2012-11-21 17:11:42 +00:00
Dr. Stephen Henson
191b3f0ba9 only use a default curve if not already set 2012-11-21 16:47:25 +00:00