generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
10,203 Commits 16 Branches 258 Tags 86 MiB
9d2006d8ed
Commit Graph

1442 Commits

Author SHA1 Message Date
Dr. Stephen Henson
9d2006d8ed add -trusted_first option and verify flag (backport from HEAD) 2012-09-26 13:50:42 +00:00
Dr. Stephen Henson
f8b90b5a5d fix memory leak 2012-09-11 13:44:19 +00:00
Bodo Möller
6d78a93b5b Enable message names for TLS 1.1, 1.2 with -msg. 2012-08-16 13:42:37 +00:00
Dr. Stephen Henson
f142a71c3d Fix memory leak. 
Always perform nexproto callback argument initialisation in s_server
otherwise we use uninitialised data if -nocert is specified.
 2012-07-03 16:37:31 +00:00
Dr. Stephen Henson
93cf058334 oops, add -debug_decrypt option which was accidenatally left out 2012-06-19 13:39:17 +00:00
Ben Laurie
835d104f46 Rearrange and test authz extension. 2012-06-07 13:20:20 +00:00
Ben Laurie
68d2cf51bc Reduce version skew: trivia (I hope). 2012-06-03 22:03:37 +00:00
Ben Laurie
8a02a46a5c RFC 5878 support. 2012-05-29 17:27:48 +00:00
Dr. Stephen Henson
65a0f68484 Add options to set additional type specific certificate chains to 
s_server.
 2012-04-11 16:54:07 +00:00
Dr. Stephen Henson
c3cb069108 transparently handle X9.42 DH parameters 
(backport from HEAD)
 2012-04-07 20:42:44 +00:00
Dr. Stephen Henson
e46c807e4f Add support for automatic ECDH temporary key parameter selection. When 
enabled instead of requiring an application to hard code a (possibly
inappropriate) parameter set and delve into EC internals we just
automatically use the preferred curve.
(backport from HEAD)
 2012-04-06 20:15:50 +00:00
Dr. Stephen Henson
6b870763ac Initial revision of ECC extension handling. 
Tidy some code up.

Don't allocate a structure to handle ECC extensions when it is used for
default values.

Make supported curves configurable.

Add ctrls to retrieve shared curves: not fully integrated with rest of
ECC code yet.
(backport from HEAD)
 2012-04-06 20:12:35 +00:00
Dr. Stephen Henson
5505818199 New ctrls to retrieve supported signature algorithms and curves and 
extensions to s_client and s_server to print out retrieved valued.

Extend CERT structure to cache supported signature algorithm data.
(backport from HEAD)
 2012-04-06 19:29:49 +00:00
Dr. Stephen Henson
a068a1d0e3 Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert 
between NIDs and the more common NIST names such as "P-256". Enhance
ecparam utility and ECC method to recognise the NIST names for curves.
(backport from HEAD)
 2012-04-06 17:35:01 +00:00
Dr. Stephen Henson
3bf4e14cc3 Always use SSLv23_{client,server}_method in s_client.c and s_server.c, 
the old code came from SSLeay days before TLS was even supported.
 2012-03-18 18:16:05 +00:00
Richard Levitte
49f6cb968f cipher should only be set to PSK if JPAKE is used. 2012-03-14 12:39:00 +00:00
Dr. Stephen Henson
267c950c5f Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> 
Add more extension names in s_cb.c extension printing code.
 2012-03-09 18:37:41 +00:00
Dr. Stephen Henson
c714e43c8d PR: 2717 
Submitted by: Tim Rice <tim@multitalents.net>

Make compilation work on OpenServer 5.0.7
 2012-02-11 23:38:49 +00:00
Dr. Stephen Henson
cdf9d6f6ed PR: 2716 
Submitted by: Adam Langley <agl@google.com>

Fix handling of exporter return value and use OpenSSL indentation in
s_client, s_server.
 2012-02-11 23:21:09 +00:00
Andy Polyakov
69e9c69e70 apps/s_cb.c: recognize latest TLS versions [from HEAD]. 2012-02-11 13:31:16 +00:00
Dr. Stephen Henson
26c6857a59 PR: 2710 
Submitted by: Tomas Mraz <tmraz@redhat.com>

Check return codes for load_certs_crls.
 2012-02-10 19:54:46 +00:00
Dr. Stephen Henson
508bd3d1aa PR: 2714 
Submitted by: Tomas Mraz <tmraz@redhat.com>

Make no-srp work.
 2012-02-10 19:44:00 +00:00
Dr. Stephen Henson
c944a9696e add fips hmac option and fips blocking overrides to command line utilities 2012-02-10 16:46:19 +00:00
Andy Polyakov
9b2a29660b Sanitize usage of <ctype.h> functions. It's important that characters 
are passed zero-extended, not sign-extended [from HEAD].
PR: 2682
 2012-01-12 16:28:03 +00:00
Andy Polyakov
b9cbcaad58 speed.c: typo in pkey_print_message [from HEAD]. 
PR: 2681
Submitted by: Annie Yousar
 2012-01-11 21:49:16 +00:00
Bodo Möller
767d3e0054 Update for 0.9.8s and 1.0.0f. 
(While the 1.0.0f CHANGES entry on VOS PRNG seeding was missing
in the 1.0.1 branch, the actual code is here already.)
 2012-01-05 13:46:27 +00:00
Dr. Stephen Henson
bd6941cfaa PR: 2658 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Support for TLS/DTLS heartbeats.
 2011-12-31 23:00:36 +00:00
Dr. Stephen Henson
5c05f69450 make update 2011-12-27 14:38:27 +00:00
Dr. Stephen Henson
b300fb7734 PR: 1794 
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

- remove some unncessary SSL_err and permit
an srp user callback to allow a worker to obtain
a user verifier.

- cleanup and comments in s_server and demonstration
for asynchronous srp user lookup
 2011-12-27 14:23:22 +00:00
Andy Polyakov
1d05ff2779 apps/speed.c: fix typo in last commit. 2011-12-19 14:33:37 +00:00
Andy Polyakov
941811ccb9 apps/speed.c: Cygwin alarm() fails sometimes. 
PR: 2655
 2011-12-15 22:30:11 +00:00
Dr. Stephen Henson
b8a22c40e0 PR: 1794 
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

Remove unnecessary code for srp and to add some comments to
s_client.

- the callback to provide a user during client connect is
no longer necessary since rfc 5054 a connection attempt
with an srp cipher and no user is terminated when the
cipher is acceptable

- comments to indicate in s_client the (non-)usefulness of
th primalaty tests for non known group parameters.
 2011-12-14 22:18:03 +00:00
Dr. Stephen Henson
8173960305 remove old -attime code, new version includes all old functionality 2011-12-10 00:42:48 +00:00
Dr. Stephen Henson
f2e590942e implement -attime option as a verify parameter then it works with all relevant applications 2011-12-10 00:37:42 +00:00
Dr. Stephen Henson
97d0c596a1 Replace expired test server and client certificates with new ones. 2011-12-08 14:45:15 +00:00
Dr. Stephen Henson
5713411893 The default CN prompt message can be confusing when often the CN needs to 
be the server FQDN: change it.
[Reported by PSW Group]
 2011-12-06 00:00:51 +00:00
Ben Laurie
825e1a7c56 Fix warnings. 2011-12-02 14:39:41 +00:00
Dr. Stephen Henson
a310428527 Workaround so "make depend" works for fips builds. 2011-11-22 12:50:59 +00:00
Ben Laurie
b1d7429186 Add TLS exporter. 2011-11-15 23:51:22 +00:00
Ben Laurie
060a38a2c0 Add DTLS-SRTP. 2011-11-15 23:02:16 +00:00
Andy Polyakov
db896db5a7 speed.c: add ghash benchmark [from HEAD]. 2011-11-14 21:09:30 +00:00
Ben Laurie
68b33cc5c7 Add Next Protocol Negotiation. 2011-11-13 21:55:42 +00:00
Ben Laurie
4c02cf8ecc make depend. 2011-11-13 20:23:34 +00:00
Dr. Stephen Henson
efbb7ee432 PR: 1794 
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

Document unknown_psk_identify alert, remove pre-RFC 5054 string from
ssl_stat.c
 2011-11-13 13:13:14 +00:00
Dr. Stephen Henson
6bd173fced Don't disable TLS v1.2 by default any more. 2011-10-09 23:28:25 +00:00
Dr. Stephen Henson
9309ea6617 Backport PSS signature support from HEAD. 2011-10-09 23:13:50 +00:00
Dr. Stephen Henson
dc100d87b5 Backport of password based CMS support from HEAD. 2011-10-09 15:28:02 +00:00
Dr. Stephen Henson
1fe83b4afe use keyformat for -x509toreq, don't hard code PEM 2011-09-23 21:48:50 +00:00
Dr. Stephen Henson
370385571c PR: 2347 
Submitted by: Tomas Mraz <tmraz@redhat.com>
Reviewed by: steve

Fix usage message.
 2011-09-23 13:12:41 +00:00
Dr. Stephen Henson
e34a303ce1 make depend 2011-09-16 23:15:22 +00:00