openssl

Author	SHA1	Message	Date
Dr. Stephen Henson	65a87d3cc3	Dual DTLS version methods. Add new methods DTLS_*_method() which support both DTLS 1.0 and DTLS 1.2 and pick the highest version the peer supports during negotiation. As with SSL/TLS options can change this behaviour specifically SSL_OP_NO_DTLSv1 and SSL_OP_NO_DTLSv1_2. (cherry picked from commit `c6913eeb76`) Conflicts: CHANGES	2013-09-18 13:46:02 +01:00
Dr. Stephen Henson	acec5a6244	Provisional DTLS 1.2 support. Add correct flags for DTLS 1.2, update s_server and s_client to handle DTLS 1.2 methods. Currently no support for version negotiation: i.e. if client/server selects DTLS 1.2 it is that or nothing. (cherry picked from commit `c3b344e36a`) Conflicts: apps/s_server.c	2013-09-18 13:46:02 +01:00
Dr. Stephen Henson	9ecf6e93af	add -badsig option to corrupt CRL signatures for testing too (cherry picked from commit `139cd16cc5`)	2013-09-14 13:53:44 +01:00
Dr. Stephen Henson	9855026c43	fix printout of expiry days if -enddate is used in ca (cherry picked from commit `f7ac0ec89d`)	2013-08-19 21:55:07 +01:00
Dr. Stephen Henson	aaaa18392d	new command line option -stdname to ciphers utility (cherry picked from commit `51b9115b6d`)	2013-08-19 20:25:39 +01:00
Dr. Stephen Henson	8c33e40d2e	Add new test option set the version in generated certificates: this is needed to test some profiles/protocols which reject certificates with unsupported versions. (cherry picked from commit `df316fd43c`)	2013-08-19 18:10:04 +01:00
Dr. Stephen Henson	0d04af1e72	option to output corrupted signature in certificates for testing purposes (cherry picked from commit `96cfba0fb4`)	2013-08-19 18:09:44 +01:00
Dr. Stephen Henson	8f17495800	update usage messages (cherry picked from commit `7c8ac50504`)	2013-08-19 18:09:26 +01:00
Dr. Stephen Henson	95c1a24853	add -naccept <n> option to s_server to automatically exit after <n> connections (cherry picked from commit `b5cadfb564`)	2013-08-19 17:42:02 +01:00
Dr. Stephen Henson	08374de10f	with -rev close connection if client sends "CLOSE" (cherry picked from commit `685755937a`)	2013-08-19 14:14:05 +01:00
Dr. Stephen Henson	506e70a216	Add simple external session cache to s_server. This serialises sessions just like a "real" server making it easier to trace any problems. (manually applied from commit `35b0ea4efe`)	2013-08-19 14:13:56 +01:00
Dr. Stephen Henson	0cca92cdd3	Remove commented out debug line.	2013-08-19 14:13:38 +01:00
Dr. Stephen Henson	5b430cfc44	Make no-ec compilation work. (cherry picked from commit `14536c8c9c`)	2013-08-19 14:13:38 +01:00
Dr. Stephen Henson	171c4da568	Add -rev test option to s_server to just reverse order of characters received by client and send back to server. Also prints an abbreviated summary of the connection parameters. (cherry picked from commit `4f3df8bea2`)	2013-08-19 14:13:38 +01:00
Dr. Stephen Henson	04611fb0f1	Add -brief option to s_client and s_server to summarise connection details. New option -verify_quiet to shut up the verify callback unless there is an error. (manually applied from commit `2a7cbe77b3`)	2013-08-19 14:13:24 +01:00
Trevor	e27711cfdd	Trying cherrypick: Add support for arbitrary TLS extensions. Contributed by Trevor Perrin. Conflicts: CHANGES ssl/ssl.h ssl/ssltest.c test/testssl Fix compilation due to #endif. Cherrypicking more stuff. Cleanup of custom extension stuff. serverinfo rejects non-empty extensions. Omit extension if no relevant serverinfo data. Improve error-handling in serverinfo callback. Cosmetic cleanups. s_client documentation. s_server documentation. SSL_CTX_serverinfo documentation. Cleaup -1 and NULL callback handling for custom extensions, add tests. Cleanup ssl_rsa.c serverinfo code. Whitespace cleanup. Improve comments in ssl.h for serverinfo. Whitespace. Cosmetic cleanup. Reject non-zero-len serverinfo extensions. Whitespace. Make it build. Conflicts: test/testssl	2013-07-03 11:53:30 +01:00
Dr. Stephen Henson	90e7f983b5	Typo: don't call RAND_cleanup during app startup.	2013-06-12 21:16:31 +01:00
Dr. Stephen Henson	af908bc48b	Don't use RC2 with PKCS#12 files in FIPS mode. (cherry picked from commit `cdb6c48445`)	2013-06-05 15:06:02 +01:00
Andy Polyakov	e815d72b1f	RFC6689 support: add missing commit (git noob alert).	2013-05-15 20:41:51 +02:00
Dr. Stephen Henson	f25c3c0542	Call RAND_cleanup in openssl application. (cherry picked from commit `944bc29f90`)	2013-03-28 14:29:11 +00:00
Dr. Stephen Henson	f8a69166ed	New -force_pubkey option to x509 utility to supply a different public key to the one in a request. This is useful for cases where the public key cannot be used for signing e.g. DH. (cherry picked from commit `43206a2d7c`)	2013-02-25 15:25:27 +00:00
Dr. Stephen Henson	1a932ae094	-named_curve option handled automatically now.	2013-01-18 15:41:06 +00:00
Dr. Stephen Henson	57912ed329	Add code to download CRLs based on CRLDP extension. Just a sample, real world applications would have to be cleverer.	2013-01-18 15:38:13 +00:00
Dr. Stephen Henson	e998f8aeb8	cipher is not used in s_server any more.	2013-01-18 15:05:28 +00:00
Dr. Stephen Henson	e318431e54	New option to add CRLs for s_client and s_server.	2013-01-18 14:37:14 +00:00
Dr. Stephen Henson	6a10f38daa	initial support for delta CRL generations by diffing two full CRLs	2013-01-17 18:51:50 +00:00
Dr. Stephen Henson	c095078890	Typo (PR2959).	2013-01-17 18:21:54 +00:00
Dr. Stephen Henson	7c283d9e97	add option to get a certificate or CRL from a URL	2013-01-17 16:08:02 +00:00
Dr. Stephen Henson	75a8ff9263	make update	2013-01-15 16:24:07 +00:00
Dr. Stephen Henson	bf1d32e52a	Change default bits to 1024	2013-01-07 16:13:48 +00:00
Dr. Stephen Henson	3341b820cc	add support for separate verify can chain stores to s_client (backport from HEAD)	2012-12-30 16:27:15 +00:00
Dr. Stephen Henson	ede5f6cf74	add -chain options to s_client (backrpot from HEAD)	2012-12-30 16:17:29 +00:00
Dr. Stephen Henson	8c3f868983	remove unused cipher functionality from s_client	2012-12-30 00:03:40 +00:00
Dr. Stephen Henson	5477ff9ba2	make JPAKE work again, fix memory leaks	2012-12-29 23:58:44 +00:00
Dr. Stephen Henson	15387e4ce0	Delegate command line handling for many common options in s_client/s_server to the SSL_CONF APIs. This is complicated a little because the SSL_CTX structure is not available when the command line is processed: so just check syntax of commands initially and store them, ready to apply later. (backport from HEAD)	2012-12-29 14:16:41 +00:00
Dr. Stephen Henson	bc200e691c	SSL/TLS record tracing code (backport from HEAD).	2012-12-26 22:40:46 +00:00
Dr. Stephen Henson	78b5d89ddf	Add support for printing out and retrieving EC point formats extension. (backport from HEAD)	2012-12-26 18:13:49 +00:00
Dr. Stephen Henson	fde8dc1798	add Suite B verification flags	2012-12-26 16:57:39 +00:00
Dr. Stephen Henson	3c87a2bdfa	contify (backport from HEAD)	2012-12-26 16:49:59 +00:00
Dr. Stephen Henson	2001129f09	new ctrl to retrive value of received temporary key in server key exchange message, print out details in s_client (backport from HEAD)	2012-12-26 16:23:36 +00:00
Dr. Stephen Henson	a50ecaee56	store and print out message digest peer signed with in TLS 1.2 (backport from HEAD)	2012-12-26 16:23:13 +00:00
Dr. Stephen Henson	ccf6a19e2d	Add three Suite B modes to TLS code, supporting RFC6460. (backport from HEAD)	2012-12-26 16:17:40 +00:00
Dr. Stephen Henson	87054c4f0e	New -valid option to add a certificate to the ca index.txt that is valid and not revoked (backport from HEAD)	2012-12-26 15:32:13 +00:00
Dr. Stephen Henson	6660baee66	Make tls1_check_chain return a set of flags indicating checks passed by a certificate chain. Add additional tests to handle client certificates: checks for matching certificate type and issuer name comparison. Print out results of checks for each candidate chain tested in s_server/s_client. (backport from HEAD)	2012-12-26 15:27:44 +00:00
Dr. Stephen Henson	b762acadeb	Add support for certificate stores in CERT structure. This makes it possible to have different stores per SSL structure or one store in the parent SSL_CTX. Include distint stores for certificate chain verification and chain building. New ctrl SSL_CTRL_BUILD_CERT_CHAIN to build and store a certificate chain in CERT structure: returing an error if the chain cannot be built: this will allow applications to test if a chain is correctly configured. Note: if the CERT based stores are not set then the parent SSL_CTX store is used to retain compatibility with existing behaviour. (backport from HEAD)	2012-12-26 15:21:53 +00:00
Dr. Stephen Henson	a897502cd9	Add new ctrl to retrieve client certificate types, print out details in s_client. Also add ctrl to set client certificate types. If not used sensible values will be included based on supported signature algorithms: for example if we don't include any DSA signing algorithms the DSA certificate type is omitted. Fix restriction in old code where certificate types would be truncated if it exceeded TLS_CT_NUMBER. (backport from HEAD)	2012-12-26 14:51:37 +00:00
Dr. Stephen Henson	8546add692	cert_flags is unsigned (backport from HEAD)	2012-12-26 14:48:05 +00:00
Dr. Stephen Henson	aa5c5eb4c1	add support for client certificate callbak, fix memory leak (backport from HEAD)	2012-12-26 14:47:31 +00:00
Dr. Stephen Henson	04c32cddaa	Separate client and server permitted signature algorithm support: by default the permitted signature algorithms for server and client authentication are the same but it is now possible to set different algorithms for client authentication only. (backport from HEAD)	2012-12-26 14:44:56 +00:00
Dr. Stephen Henson	623a5e24cb	Add certificate callback. If set this is called whenever a certificate is required by client or server. An application can decide which certificate chain to present based on arbitrary criteria: for example supported signature algorithms. Add very simple example to s_server. This fixes many of the problems and restrictions of the existing client certificate callback: for example you can now clear existing certificates and specify the whole chain. (backport from HEAD)	2012-12-26 14:43:51 +00:00

1 2 3 4 5 ...

1509 Commits