generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
10,787 Commits 16 Branches 258 Tags
ced6dc5cefca57b08e077951a9710c33b709e99e
Commit Graph

1532 Commits

Author SHA1 Message Date
Ben Laurie
8c4e09f74f Whitespace fixes. 2014-02-09 19:31:07 +00:00
Ben Laurie
d65db21976 Const fix. 2014-02-09 08:07:16 -08:00
Ben Laurie
8acf1ff4b4 More cleanup. 
(cherry picked from commit 5eda213ebe)
Conflicts:
	apps/s_client.c
	apps/s_server.c
 2014-02-09 08:07:04 -08:00
Ben Laurie
8b41df41c2 Make it build. 
(cherry picked from commit a6a48e87bc)
Conflicts:
	ssl/s3_clnt.c
	ssl/t1_lib.c
 2014-02-09 08:02:40 -08:00
Ben Laurie
130ebe34c8 Fix whitespace, new-style comments. 2014-02-08 16:19:30 -08:00
Scott Deboy
7612511b3b Re-add alert variables removed during rebase 
Whitespace fixes

(cherry picked from commit e9add063b5)
Conflicts:
	ssl/s3_clnt.c
 2014-02-08 16:19:01 -08:00
Scott Deboy
fc213217e8 Update custom TLS extension and supplemental data 'generate' callbacks to support sending an alert. 
If multiple TLS extensions are expected but not received, the TLS extension and supplemental data 'generate' callbacks are the only chance for the receive-side to trigger a specific TLS alert during the handshake.

Removed logic which no-op'd TLS extension generate callbacks (as the generate callbacks need to always be called in order to trigger alerts), and updated the serverinfo-specific custom TLS extension callbacks to track which custom TLS extensions were received by the client, where no-ops for 'generate' callbacks are appropriate.

(cherry picked from commit ac20719d99)
Conflicts:
	ssl/t1_lib.c
 2014-02-08 16:17:24 -08:00
Scott Deboy
40632f6b77 Free generated supp data after handshake completion, add comment regarding use of num_renegotiations in TLS and supp data generation callbacks 
(cherry picked from commit 67c408cee9)
Conflicts:
	apps/s_client.c
	apps/s_server.c
 2014-02-08 16:14:23 -08:00
Scott Deboy
038bec784e Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions) 
Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API
Tests exercising the new supplemental data registration and callback api can be found in ssltest.c.
Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.

(cherry picked from commit 36086186a9)
Conflicts:
	Configure
	apps/s_client.c
	apps/s_server.c
	ssl/ssl.h
	ssl/ssl3.h
	ssl/ssltest.c
 2014-02-08 16:12:15 -08:00
Andy Polyakov
2cc5142fb1 Improve WINCE support. 
Submitted by: Pierre Delaage
(cherry picked from commit a006fef78e)

Resolved conflicts:

	crypto/bio/bss_dgram.c
	ssl/d1_lib.c
	util/pl/VC-32.pl
 2014-02-01 22:48:56 +01:00
Dr. Stephen Henson
285f7fb0f9 Add cert callback retry test. 
(cherry picked from commit 3323314fc1)
 2014-01-27 14:41:38 +00:00
Dr. Stephen Henson
3fcf327e26 Add -engine_impl option to dgst which will use an implementation of 
an algorithm from the supplied engine instead of just the default one.
(cherry picked from commit bb845ee044)
 2014-01-23 18:35:42 +00:00
Dr. Stephen Henson
bc35b8e435 make update 2013-12-01 23:09:44 +00:00
Piotr Sikora
edc687ba0f Fix compilation with no-nextprotoneg. 
PR#3106
 2013-11-14 01:20:58 +00:00
Dr. Stephen Henson
044f8ca87d Extend SSL_CONF 
Extend SSL_CONF to return command value types.

Add certificate and key options.

Update documentation.
(cherry picked from commit ec2f7e568e)
 2013-11-02 13:41:19 +00:00
Ben Laurie
1ebaf97c44 Constification. 2013-10-07 12:44:40 +01:00
Dr. Stephen Henson
9d1e475db6 Custom key wrap option for cms utility. 
(cherry picked from commit 5711885a2b)
 2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
4a26fd6e3b Add -keyopt option to cms utility. 
Add support for custom public key parameters in the cms utility using
the -keyopt switch. Works for -sign and also -encrypt if -recip is used.
(cherry picked from commit 02498cc885)
 2013-10-01 14:01:18 +01:00
Ben Laurie
63fe322160 Merge remote-tracking branch 'agl/1.0.2alpn' into agl-alpn 
Conflicts:
	ssl/ssl3.h
	ssl/t1_lib.c
 2013-10-01 12:20:02 +01:00
Ben Laurie
c808798013 Produce PEM we would consume. 2013-09-25 13:55:06 +01:00
Ben Laurie
379f21ce5c Show useful errors. 2013-09-24 23:13:22 +01:00
Dr. Stephen Henson
65a87d3cc3 Dual DTLS version methods. 
Add new methods DTLS_*_method() which support both DTLS 1.0 and DTLS 1.2 and
pick the highest version the peer supports during negotiation.

As with SSL/TLS options can change this behaviour specifically
SSL_OP_NO_DTLSv1 and SSL_OP_NO_DTLSv1_2.
(cherry picked from commit c6913eeb76)

Conflicts:

	CHANGES
 2013-09-18 13:46:02 +01:00
Dr. Stephen Henson
acec5a6244 Provisional DTLS 1.2 support. 
Add correct flags for DTLS 1.2, update s_server and s_client to handle
DTLS 1.2 methods.

Currently no support for version negotiation: i.e. if client/server selects
DTLS 1.2 it is that or nothing.
(cherry picked from commit c3b344e36a)

Conflicts:

	apps/s_server.c
 2013-09-18 13:46:02 +01:00
Dr. Stephen Henson
9ecf6e93af add -badsig option to corrupt CRL signatures for testing too 
(cherry picked from commit 139cd16cc5)
 2013-09-14 13:53:44 +01:00
Scott Deboy
8ae78c6bd9 Initialize next_proto in s_server - resolves incorrect attempts to free 
Cherry pick of b0d27cb902.
 2013-09-13 11:31:39 -04:00
Adam Langley
b0d6f3c58f Support ALPN. 
This change adds support for ALPN[1] in OpenSSL. ALPN is the IETF
blessed version of NPN and we'll be supporting both ALPN and NPN for
some time yet.

Cherry-picked from 6f017a8f9d.

[1] https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-00
 2013-09-13 11:27:22 -04:00
Dr. Stephen Henson
9855026c43 fix printout of expiry days if -enddate is used in ca 
(cherry picked from commit f7ac0ec89d)
 2013-08-19 21:55:07 +01:00
Dr. Stephen Henson
aaaa18392d new command line option -stdname to ciphers utility 
(cherry picked from commit 51b9115b6d)
 2013-08-19 20:25:39 +01:00
Dr. Stephen Henson
8c33e40d2e Add new test option set the version in generated certificates: this 
is needed to test some profiles/protocols which reject certificates
with unsupported versions.
(cherry picked from commit df316fd43c)
 2013-08-19 18:10:04 +01:00
Dr. Stephen Henson
0d04af1e72 option to output corrupted signature in certificates for testing purposes 
(cherry picked from commit 96cfba0fb4)
 2013-08-19 18:09:44 +01:00
Dr. Stephen Henson
8f17495800 update usage messages 
(cherry picked from commit 7c8ac50504)
 2013-08-19 18:09:26 +01:00
Dr. Stephen Henson
95c1a24853 add -naccept <n> option to s_server to automatically exit after <n> connections 
(cherry picked from commit b5cadfb564)
 2013-08-19 17:42:02 +01:00
Dr. Stephen Henson
08374de10f with -rev close connection if client sends "CLOSE" 
(cherry picked from commit 685755937a)
 2013-08-19 14:14:05 +01:00
Dr. Stephen Henson
506e70a216 Add simple external session cache to s_server. This serialises sessions 
just like a "real" server making it easier to trace any problems.

(manually applied from commit 35b0ea4efe)
 2013-08-19 14:13:56 +01:00
Dr. Stephen Henson
0cca92cdd3 Remove commented out debug line. 2013-08-19 14:13:38 +01:00
Dr. Stephen Henson
5b430cfc44 Make no-ec compilation work. 
(cherry picked from commit 14536c8c9c)
 2013-08-19 14:13:38 +01:00
Dr. Stephen Henson
171c4da568 Add -rev test option to s_server to just reverse order of characters received 
by client and send back to server. Also prints an abbreviated summary of
the connection parameters.
(cherry picked from commit 4f3df8bea2)
 2013-08-19 14:13:38 +01:00
Dr. Stephen Henson
04611fb0f1 Add -brief option to s_client and s_server to summarise connection details. 
New option -verify_quiet to shut up the verify callback unless there is
an error.

(manually applied from commit 2a7cbe77b3)
 2013-08-19 14:13:24 +01:00
Trevor
e27711cfdd Trying cherrypick: 
Add support for arbitrary TLS extensions.

Contributed by Trevor Perrin.

Conflicts:

	CHANGES
	ssl/ssl.h
	ssl/ssltest.c
	test/testssl

Fix compilation due to #endif.

Cherrypicking more stuff.

Cleanup of custom extension stuff.

serverinfo rejects non-empty extensions.

Omit extension if no relevant serverinfo data.

Improve error-handling in serverinfo callback.

Cosmetic cleanups.

s_client documentation.

s_server documentation.

SSL_CTX_serverinfo documentation.

Cleaup -1 and NULL callback handling for custom extensions, add tests.

Cleanup ssl_rsa.c serverinfo code.

Whitespace cleanup.

Improve comments in ssl.h for serverinfo.

Whitespace.

Cosmetic cleanup.

Reject non-zero-len serverinfo extensions.

Whitespace.

Make it build.

Conflicts:

	test/testssl
 2013-07-03 11:53:30 +01:00
Dr. Stephen Henson
90e7f983b5 Typo: don't call RAND_cleanup during app startup. 2013-06-12 21:16:31 +01:00
Dr. Stephen Henson
af908bc48b Don't use RC2 with PKCS#12 files in FIPS mode. 
(cherry picked from commit cdb6c48445)
 2013-06-05 15:06:02 +01:00
Andy Polyakov
e815d72b1f RFC6689 support: add missing commit (git noob alert). 2013-05-15 20:41:51 +02:00
Dr. Stephen Henson
f25c3c0542 Call RAND_cleanup in openssl application. 
(cherry picked from commit 944bc29f90)
 2013-03-28 14:29:11 +00:00
Dr. Stephen Henson
f8a69166ed New -force_pubkey option to x509 utility to supply a different public 
key to the one in a request. This is useful for cases where the public
key cannot be used for signing e.g. DH.
(cherry picked from commit 43206a2d7c)
 2013-02-25 15:25:27 +00:00
Dr. Stephen Henson
1a932ae094 -named_curve option handled automatically now. 2013-01-18 15:41:06 +00:00
Dr. Stephen Henson
57912ed329 Add code to download CRLs based on CRLDP extension. 
Just a sample, real world applications would have to be cleverer.
 2013-01-18 15:38:13 +00:00
Dr. Stephen Henson
e998f8aeb8 cipher is not used in s_server any more. 2013-01-18 15:05:28 +00:00
Dr. Stephen Henson
e318431e54 New option to add CRLs for s_client and s_server. 2013-01-18 14:37:14 +00:00
Dr. Stephen Henson
6a10f38daa initial support for delta CRL generations by diffing two full CRLs 2013-01-17 18:51:50 +00:00
Dr. Stephen Henson
c095078890 Typo (PR2959). 2013-01-17 18:21:54 +00:00