generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
10,593 Commits 16 Branches 258 Tags
Commit Graph

1517 Commits

Author SHA1 Message Date
Adam Langley
9a8646510b chacha20poly1305 
Add support for Chacha20 + Poly1305.
 2013-10-01 14:59:22 -04:00
Dr. Stephen Henson
9d1e475db6 Custom key wrap option for cms utility. 
(cherry picked from commit 5711885a2b31bfb623fb3738ce92a4cce4316bc7)
 2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
4a26fd6e3b Add -keyopt option to cms utility. 
Add support for custom public key parameters in the cms utility using
the -keyopt switch. Works for -sign and also -encrypt if -recip is used.
(cherry picked from commit 02498cc885b801f38f33c0a0d08d4603fd6350c7)
 2013-10-01 14:01:18 +01:00
Ben Laurie
63fe322160 Merge remote-tracking branch 'agl/1.0.2alpn' into agl-alpn 
Conflicts:
	ssl/ssl3.h
	ssl/t1_lib.c
 2013-10-01 12:20:02 +01:00
Ben Laurie
c808798013 Produce PEM we would consume. 2013-09-25 13:55:06 +01:00
Ben Laurie
379f21ce5c Show useful errors. 2013-09-24 23:13:22 +01:00
Dr. Stephen Henson
65a87d3cc3 Dual DTLS version methods. 
Add new methods DTLS_*_method() which support both DTLS 1.0 and DTLS 1.2 and
pick the highest version the peer supports during negotiation.

As with SSL/TLS options can change this behaviour specifically
SSL_OP_NO_DTLSv1 and SSL_OP_NO_DTLSv1_2.
(cherry picked from commit c6913eeb762edffddecaaba5c84909d7a7962927)

Conflicts:

	CHANGES
 2013-09-18 13:46:02 +01:00
Dr. Stephen Henson
acec5a6244 Provisional DTLS 1.2 support. 
Add correct flags for DTLS 1.2, update s_server and s_client to handle
DTLS 1.2 methods.

Currently no support for version negotiation: i.e. if client/server selects
DTLS 1.2 it is that or nothing.
(cherry picked from commit c3b344e36a088283731b4f65a70e85b100f55686)

Conflicts:

	apps/s_server.c
 2013-09-18 13:46:02 +01:00
Dr. Stephen Henson
9ecf6e93af add -badsig option to corrupt CRL signatures for testing too 
(cherry picked from commit 139cd16cc58330840890f914c318f00de6bfd831)
 2013-09-14 13:53:44 +01:00
Scott Deboy
8ae78c6bd9 Initialize next_proto in s_server - resolves incorrect attempts to free 
Cherry pick of b0d27cb9028cbf552612baa42255737cca0e32d2.
 2013-09-13 11:31:39 -04:00
Adam Langley
b0d6f3c58f Support ALPN. 
This change adds support for ALPN[1] in OpenSSL. ALPN is the IETF
blessed version of NPN and we'll be supporting both ALPN and NPN for
some time yet.

Cherry-picked from 6f017a8f9db3a79f3a3406cf8d493ccd346db691.

[1] https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-00
 2013-09-13 11:27:22 -04:00
Dr. Stephen Henson
9855026c43 fix printout of expiry days if -enddate is used in ca 
(cherry picked from commit f7ac0ec89d0daefdea2956c55c17f1246e81c0a6)
 2013-08-19 21:55:07 +01:00
Dr. Stephen Henson
aaaa18392d new command line option -stdname to ciphers utility 
(cherry picked from commit 51b9115b6dcaf94718de3c8b4d97b00f8cd63cd5)
 2013-08-19 20:25:39 +01:00
Dr. Stephen Henson
8c33e40d2e Add new test option set the version in generated certificates: this 
is needed to test some profiles/protocols which reject certificates
with unsupported versions.
(cherry picked from commit df316fd43c5b1e063b84279f245087a578b67e9b)
 2013-08-19 18:10:04 +01:00
Dr. Stephen Henson
0d04af1e72 option to output corrupted signature in certificates for testing purposes 
(cherry picked from commit 96cfba0fb46a392697295eb6c1350e3110411a75)
 2013-08-19 18:09:44 +01:00
Dr. Stephen Henson
8f17495800 update usage messages 
(cherry picked from commit 7c8ac5050473ec938f2c2e3e5c9063d680be36a1)
 2013-08-19 18:09:26 +01:00
Dr. Stephen Henson
95c1a24853 add -naccept <n> option to s_server to automatically exit after <n> connections 
(cherry picked from commit b5cadfb564a604c0ba1c49984ac796cfd8310731)
 2013-08-19 17:42:02 +01:00
Dr. Stephen Henson
08374de10f with -rev close connection if client sends "CLOSE" 
(cherry picked from commit 685755937a4f9f8b16f8953f631e14808f785c39)
 2013-08-19 14:14:05 +01:00
Dr. Stephen Henson
506e70a216 Add simple external session cache to s_server. This serialises sessions 
just like a "real" server making it easier to trace any problems.

(manually applied from commit 35b0ea4efe24dee3194964588655d1a3187c6e63)
 2013-08-19 14:13:56 +01:00
Dr. Stephen Henson
0cca92cdd3 Remove commented out debug line. 2013-08-19 14:13:38 +01:00
Dr. Stephen Henson
5b430cfc44 Make no-ec compilation work. 
(cherry picked from commit 14536c8c9c0abb894afcadb9a58b4b29fc8f7a4d)
 2013-08-19 14:13:38 +01:00
Dr. Stephen Henson
171c4da568 Add -rev test option to s_server to just reverse order of characters received 
by client and send back to server. Also prints an abbreviated summary of
the connection parameters.
(cherry picked from commit 4f3df8bea2981b1547eaae8704f0207c7766c2fa)
 2013-08-19 14:13:38 +01:00
Dr. Stephen Henson
04611fb0f1 Add -brief option to s_client and s_server to summarise connection details. 
New option -verify_quiet to shut up the verify callback unless there is
an error.

(manually applied from commit 2a7cbe77b3abb244c2211d22d7aa3416b97c9342)
 2013-08-19 14:13:24 +01:00
Trevor
e27711cfdd Trying cherrypick: 
Add support for arbitrary TLS extensions.

Contributed by Trevor Perrin.

Conflicts:

	CHANGES
	ssl/ssl.h
	ssl/ssltest.c
	test/testssl

Fix compilation due to #endif.

Cherrypicking more stuff.

Cleanup of custom extension stuff.

serverinfo rejects non-empty extensions.

Omit extension if no relevant serverinfo data.

Improve error-handling in serverinfo callback.

Cosmetic cleanups.

s_client documentation.

s_server documentation.

SSL_CTX_serverinfo documentation.

Cleaup -1 and NULL callback handling for custom extensions, add tests.

Cleanup ssl_rsa.c serverinfo code.

Whitespace cleanup.

Improve comments in ssl.h for serverinfo.

Whitespace.

Cosmetic cleanup.

Reject non-zero-len serverinfo extensions.

Whitespace.

Make it build.

Conflicts:

	test/testssl
 2013-07-03 11:53:30 +01:00
Dr. Stephen Henson
90e7f983b5 Typo: don't call RAND_cleanup during app startup. 2013-06-12 21:16:31 +01:00
Dr. Stephen Henson
af908bc48b Don't use RC2 with PKCS#12 files in FIPS mode. 
(cherry picked from commit cdb6c48445ded3daafab32e5f266943d07bb512b)
 2013-06-05 15:06:02 +01:00
Andy Polyakov
e815d72b1f RFC6689 support: add missing commit (git noob alert). 2013-05-15 20:41:51 +02:00
Dr. Stephen Henson
f25c3c0542 Call RAND_cleanup in openssl application. 
(cherry picked from commit 944bc29f9004cf8851427ebfa83ee70b8399da57)
 2013-03-28 14:29:11 +00:00
Dr. Stephen Henson
f8a69166ed New -force_pubkey option to x509 utility to supply a different public 
key to the one in a request. This is useful for cases where the public
key cannot be used for signing e.g. DH.
(cherry picked from commit 43206a2d7cc87c959535c0f69e2aa3b364eafd6e)
 2013-02-25 15:25:27 +00:00
Dr. Stephen Henson
1a932ae094 -named_curve option handled automatically now. 2013-01-18 15:41:06 +00:00
Dr. Stephen Henson
57912ed329 Add code to download CRLs based on CRLDP extension. 
Just a sample, real world applications would have to be cleverer.
 2013-01-18 15:38:13 +00:00
Dr. Stephen Henson
e998f8aeb8 cipher is not used in s_server any more. 2013-01-18 15:05:28 +00:00
Dr. Stephen Henson
e318431e54 New option to add CRLs for s_client and s_server. 2013-01-18 14:37:14 +00:00
Dr. Stephen Henson
6a10f38daa initial support for delta CRL generations by diffing two full CRLs 2013-01-17 18:51:50 +00:00
Dr. Stephen Henson
c095078890 Typo (PR2959). 2013-01-17 18:21:54 +00:00
Dr. Stephen Henson
7c283d9e97 add option to get a certificate or CRL from a URL 2013-01-17 16:08:02 +00:00
Dr. Stephen Henson
75a8ff9263 make update 2013-01-15 16:24:07 +00:00
Dr. Stephen Henson
bf1d32e52a Change default bits to 1024 2013-01-07 16:13:48 +00:00
Dr. Stephen Henson
3341b820cc add support for separate verify can chain stores to s_client (backport from HEAD) 2012-12-30 16:27:15 +00:00
Dr. Stephen Henson
ede5f6cf74 add -chain options to s_client (backrpot from HEAD) 2012-12-30 16:17:29 +00:00
Dr. Stephen Henson
8c3f868983 remove unused cipher functionality from s_client 2012-12-30 00:03:40 +00:00
Dr. Stephen Henson
5477ff9ba2 make JPAKE work again, fix memory leaks 2012-12-29 23:58:44 +00:00
Dr. Stephen Henson
15387e4ce0 Delegate command line handling for many common options in s_client/s_server to 
the SSL_CONF APIs.

This is complicated a little because the SSL_CTX structure is not available
when the command line is processed: so just check syntax of commands initially
and store them, ready to apply later.

(backport from HEAD)
 2012-12-29 14:16:41 +00:00
Dr. Stephen Henson
bc200e691c SSL/TLS record tracing code (backport from HEAD). 2012-12-26 22:40:46 +00:00
Dr. Stephen Henson
78b5d89ddf Add support for printing out and retrieving EC point formats extension. 
(backport from HEAD)
 2012-12-26 18:13:49 +00:00
Dr. Stephen Henson
fde8dc1798 add Suite B verification flags 2012-12-26 16:57:39 +00:00
Dr. Stephen Henson
3c87a2bdfa contify 
(backport from HEAD)
 2012-12-26 16:49:59 +00:00
Dr. Stephen Henson
2001129f09 new ctrl to retrive value of received temporary key in server key exchange message, print out details in s_client 
(backport from HEAD)
 2012-12-26 16:23:36 +00:00
Dr. Stephen Henson
a50ecaee56 store and print out message digest peer signed with in TLS 1.2 
(backport from HEAD)
 2012-12-26 16:23:13 +00:00
Dr. Stephen Henson
ccf6a19e2d Add three Suite B modes to TLS code, supporting RFC6460. 
(backport from HEAD)
 2012-12-26 16:17:40 +00:00