generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
10,530 Commits 16 Branches 258 Tags
Commit Graph

168 Commits

Author SHA1 Message Date
Rob Stradling
07df5018be Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. 
OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
 2013-09-16 14:03:21 +01:00
Dr. Stephen Henson
593605d3ec Document supported curve functions. 
(cherry picked from commit c3eb33763bf2999843fe4124f3f39dea6edc26e6)
 2013-09-03 15:43:59 +01:00
Dr. Stephen Henson
df430489cf Add documentation. 
Preliminary documentation for chain and verify stores and certificate chain
setting functions.
(cherry picked from commit eeb15452a053c14305210522be0e7313cb763bac)
 2013-08-18 13:53:32 +01:00
Trevor
e27711cfdd Trying cherrypick: 
Add support for arbitrary TLS extensions.

Contributed by Trevor Perrin.

Conflicts:

	CHANGES
	ssl/ssl.h
	ssl/ssltest.c
	test/testssl

Fix compilation due to #endif.

Cherrypicking more stuff.

Cleanup of custom extension stuff.

serverinfo rejects non-empty extensions.

Omit extension if no relevant serverinfo data.

Improve error-handling in serverinfo callback.

Cosmetic cleanups.

s_client documentation.

s_server documentation.

SSL_CTX_serverinfo documentation.

Cleaup -1 and NULL callback handling for custom extensions, add tests.

Cleanup ssl_rsa.c serverinfo code.

Whitespace cleanup.

Improve comments in ssl.h for serverinfo.

Whitespace.

Cosmetic cleanup.

Reject non-zero-len serverinfo extensions.

Whitespace.

Make it build.

Conflicts:

	test/testssl
 2013-07-03 11:53:30 +01:00
Dr. Stephen Henson
1510b1f4c2 Update SSL_CONF docs. 
Fix some typos and update version number first added: it has now been
backported to OpenSSL 1.0.2.
(cherry picked from commit 4365e4aad97fa37e4a97eb2270a64c03e6547014)
 2013-02-26 15:29:49 +00:00
Nick Alcock
ae5c1ca377 Fix POD errors to stop make install_docs dying with pod2man 2.5.0+ 
podlators 2.5.0 has switched to dying on POD syntax errors. This means
that a bunch of long-standing erroneous POD in the openssl documentation
now leads to fatal errors from pod2man, halting installation.

Unfortunately POD constraints mean that you have to sort numeric lists
in ascending order if they start with 1: you cannot do 1, 0, 2 even if
you want 1 to appear first. I've reshuffled such (alas, I wish there
were a better way but I don't know of one).
(cherry picked from commit 5cc270774258149235f69e1789b3370f57b0e27b)
 2013-02-15 19:39:59 +01:00
Dr. Stephen Henson
49ef33fa34 add SSL_CONF functions and documentation (backport from HEAD) 2012-12-29 13:30:56 +00:00
Dr. Stephen Henson
efbb7ee432 PR: 1794 
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

Document unknown_psk_identify alert, remove pre-RFC 5054 string from
ssl_stat.c
 2011-11-13 13:13:14 +00:00
Bodo Möller
79571bb1ca Clarify warning 2011-10-13 13:25:03 +00:00
Bodo Möller
1dc4c8c727 Fix typo. 
Submitted by: Jim Morrison
 2011-07-11 12:13:56 +00:00
Bodo Möller
346601bc32 CVE-2010-4180 fix (from OpenSSL_1_0_0-stable) 2011-02-03 10:42:00 +00:00
Dr. Stephen Henson
acc9938ba5 Add SHA2 algorithms to SSL_library_init(). Although these aren't used 
directly by SSL/TLS SHA2 certificates are becoming more common and
applications that only call SSL_library_init() and not
OpenSSL_add_all_alrgorithms() will fail when verifying certificates.

Update docs.
 2010-04-07 13:18:30 +00:00
Dr. Stephen Henson
f6d13ac8cf Remove obsolete PRNG note. Add comment about use of SHA256 et al. 2010-04-06 15:05:47 +00:00
Dr. Stephen Henson
4f3d52fedc clarify documentation 2010-02-18 12:41:50 +00:00
Dr. Stephen Henson
989238802a Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as 
initial connection to unpatched servers. There are no additional security
concerns in doing this as clients don't see renegotiation during an
attack anyway.
 2010-02-17 18:38:10 +00:00
Dr. Stephen Henson
81d87a2a28 update references to new RI RFC 2010-02-12 21:59:57 +00:00
Dr. Stephen Henson
5a6ae115f8 reword RI description 2010-01-27 18:53:49 +00:00
Dr. Stephen Henson
5e5df40b9b update documentation to reflect new renegotiation options 2010-01-27 17:50:20 +00:00
Dr. Stephen Henson
1699389a46 Tolerate PKCS#8 DSA format with negative private key. 2010-01-22 20:17:30 +00:00
Dr. Stephen Henson
4359b88bbe Typo 2010-01-05 17:50:01 +00:00
Dr. Stephen Henson
730f5752ff clarify docs 2009-12-09 18:17:09 +00:00
Dr. Stephen Henson
a88c73b43a Document option clearning functions. 
Initial secure renegotiation documentation.
 2009-12-09 18:00:52 +00:00
Dr. Stephen Henson
a131de9bb2 PR: 2025 
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org

Constify SSL_CIPHER_description
 2009-09-12 23:18:09 +00:00
Dr. Stephen Henson
477fd4596f PR: 1835 
Submitted by: Damien Miller <djm@mindrot.org>
Approved by: steve@openssl.org

Fix various typos.
 2009-02-14 21:49:38 +00:00
Lutz Jänicke
787287af40 Refer to SSL_pending from the man page for SSL_read 2008-08-01 15:03:20 +00:00
Ben Laurie
8671b89860 Memory saving patch. 2008-06-03 02:48:34 +00:00
Dr. Stephen Henson
f3fef74b09 Document ticket disabling option. 2007-08-23 22:49:13 +00:00
Nils Larsch
fec38ca4ed fix typos 
PR: 1354, 1355, 1398, 1408
 2006-12-21 21:13:27 +00:00
Nils Larsch
da736b31b2 fix documentation 
PR: 1343
 2006-12-06 09:10:59 +00:00
Nils Larsch
c2cd422ac6 note that SSL_library_init() is not reentrant 2006-03-12 00:37:55 +00:00
Nils Larsch
ddac197404 add initial support for RFC 4279 PSK SSL ciphersuites 
PR: 1191
Submitted by: Mika Kousa and Pasi Eronen of Nokia Corporation
Reviewed by: Nils Larsch
 2006-03-10 23:06:27 +00:00
Bodo Möller
72dce7685e Add fixes for CAN-2005-2969. 
(This were in 0.9.7-stable and 0.9.8-stable, but not in HEAD so far.)
 2005-10-26 19:40:45 +00:00
Nils Larsch
4ebb342fcd Let the TLSv1_method() etc. functions return a const SSL_METHOD 
pointer and make the SSL_METHOD parameter in SSL_CTX_new,
SSL_CTX_set_ssl_version and SSL_set_ssl_method const.
 2005-08-14 21:48:33 +00:00
Nils Larsch
e248596bac improve docu of SSL_CTX_use_PrivateKey() 2005-04-08 22:49:57 +00:00
Nils Larsch
c3e6402857 update docs (recent constification) 2005-03-30 11:50:14 +00:00
Dr. Stephen Henson
e27a259696 Doc fixes. 2005-03-22 17:55:33 +00:00
Dr. Stephen Henson
4a64f3d665 PR: 938 
Typo.
 2004-11-14 13:55:16 +00:00
Lutz Jänicke
9f6ea7163b More precise explanation of session id context requirements. 2004-06-14 13:27:28 +00:00
Richard Levitte
6859bb1a22 Make sure the documentation matches reality. 
PR: 755
Notified by: Jakub Bogusz <qboosh@pld-linux.org>
 2003-11-29 10:33:25 +00:00
Lutz Jänicke
9d19fbc4fc Clarify wording of verify_callback() behaviour. 2003-06-26 14:03:03 +00:00
Lutz Jänicke
db01746978 Clarify return value of SSL_connect() and SSL_accept() in case of the 
WANT_READ and WANT_WRITE conditions.
 2003-06-03 09:59:44 +00:00
Lutz Jänicke
02b95b7499 Clarify ordering of certificates when using certificate chains 2003-05-30 07:45:07 +00:00
Lutz Jänicke
423b1a840c Add warning about unwanted side effect when calling SSL_CTX_free(): 
sessions in the external session cache might be removed.
Submitted by: "Nadav Har'El" <nyh@math.technion.ac.il>

PR: 547
 2003-03-27 22:04:05 +00:00
Richard Levitte
d177e6180d Spelling errors. 
PR: 538
 2003-03-20 11:41:59 +00:00
Lutz Jänicke
532215f2db Missing ")" 
Submitted by: Christian Hohnstaedt <chohnstaedt@innominate.com>
Reviewed by:
PR:
 2002-12-04 13:30:58 +00:00
Lutz Jänicke
84d828ab70 No such reference to link to (found running pod2latex). 
Submitted by:
Reviewed by:
PR:
 2002-11-14 21:41:54 +00:00
Geoff Thorpe
769fedc3ad Add a HISTORY section to the man page to mention the new flags. 2002-10-29 18:05:16 +00:00
Geoff Thorpe
d9ec9d990f The last character of inconsistency in my recent commits is hereby 
squashed.
 2002-10-29 17:51:32 +00:00
Geoff Thorpe
e0db2eed8d Correct and enhance the behaviour of "internal" session caching as it 
relates to SSL_CTX flags and the use of "external" session caching. The
existing flag, "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" remains but is
supplemented with a complimentary flag, "SSL_SESS_CACHE_NO_INTERNAL_STORE".
The bitwise OR of the two flags is also defined as
"SSL_SESS_CACHE_NO_INTERNAL" and is the flag that should be used by most
applications wanting to implement session caching *entirely* by its own
provided callbacks. As the documented behaviour contradicted actual
behaviour up until recently, and since that point behaviour has itself been
inconsistent anyway, this change should not introduce any compatibility
problems. I've adjusted the relevant documentation to elaborate about how
this works.

Kudos to "Nadav Har'El" <nyh@math.technion.ac.il> for diagnosing these
anomalies and testing this patch for correctness.

PR: 311
 2002-10-29 00:33:04 +00:00
Richard Levitte
37f5fcf85c Missing =back. 
Part of PR 196
 2002-08-15 10:59:55 +00:00