generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
openssl/ssl
History
Dr. Stephen Henson d61ff83be9 Add new "valid_flags" field to CERT_PKEY structure which determines what 
the certificate can be used for (if anything). Set valid_flags field
in new tls1_check_chain function. Simplify ssl_set_cert_masks which used
to have similar checks in it.

Add new "cert_flags" field to CERT structure and include a "strict mode".
This enforces some TLS certificate requirements (such as only permitting
certificate signature algorithms contained in the supported algorithms
extension) which some implementations ignore: this option should be used
with caution as it could cause interoperability issues.
2012-06-28 12:45:49 +00:00
..
.cvsignore
Add emacs cache files to .cvsignore.
2005-04-11 14:17:07 +00:00
bio_ssl.c
OPENSSL_NO_SOCK fixes.
2012-04-16 17:42:36 +00:00
d1_both.c
PR: 2755
2012-03-06 13:47:43 +00:00
d1_clnt.c
Version skew reduction: trivia (I hope).
2012-06-03 22:00:21 +00:00
d1_enc.c
Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and
2012-05-10 16:03:52 +00:00
d1_lib.c
correct error codes
2012-04-18 15:36:12 +00:00
d1_meth.c
Let the TLSv1_method() etc. functions return a const SSL_METHOD
2005-08-14 21:48:33 +00:00
d1_pkt.c
PR: 2756
2012-03-09 15:52:33 +00:00
d1_srtp.c
Submitted by: Eric Rescorla <ekr@rtfm.com>
2012-02-11 22:53:31 +00:00
d1_srvr.c
PR: 2778(part)
2012-03-31 18:03:02 +00:00
dtls1.h
PR: 2658
2011-12-31 22:59:57 +00:00
install-ssl.com
After some adjustments, apply the changes OpenSSL 1.0.0d on OpenVMS
2011-03-19 10:58:14 +00:00
kssl_lcl.h
Merge from 1.0.0-stable branch.
2009-04-23 16:32:42 +00:00
kssl.c
Version skew reduction: trivia (I hope).
2012-06-03 22:00:21 +00:00
kssl.h
make kerberos work with OPENSSL_NO_SSL_INTERN
2011-05-11 22:50:18 +00:00
Makefile
Initial record tracing code. Print out all fields in SSL/TLS records
2012-06-15 12:46:09 +00:00
s2_clnt.c
s2_clnt.c: compensate for compiler bug.
2012-05-16 12:47:36 +00:00
s2_enc.c
Update ssl library to support EVP_PKEY MAC API. Include generic MAC support.
2007-06-04 17:04:40 +00:00
s2_lib.c
Updates from 1.0.0-stable
2009-04-04 19:54:06 +00:00
s2_meth.c
Type-checked (and modern C compliant) OBJ_bsearch.
2008-10-12 14:32:47 +00:00
s2_pkt.c
Use new common flags and fix resulting warnings.
2009-02-15 14:08:51 +00:00
s2_srvr.c
Fix some warnings caused by __owur. Temporarily (I hope) remove the more
2011-11-14 00:36:10 +00:00
s3_both.c
recognise X9.42 DH certificates on servers
2012-04-18 17:03:29 +00:00
s3_clnt.c
Version skew reduction: trivia (I hope).
2012-06-03 22:00:21 +00:00
s3_enc.c
Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576)
2012-01-04 23:16:15 +00:00
s3_lib.c
Add new "valid_flags" field to CERT_PKEY structure which determines what
2012-06-28 12:45:49 +00:00
s3_meth.c
Type-checked (and modern C compliant) OBJ_bsearch.
2008-10-12 14:32:47 +00:00
s3_pkt.c
PR: 2811
2012-05-11 13:34:29 +00:00
s3_srvr.c
Add support for application defined signature algorithms for use with
2012-06-22 14:03:31 +00:00
s23_clnt.c
RFC 5878 support.
2012-05-30 10:10:58 +00:00
s23_lib.c
Fix warnings.
2010-06-12 14:13:23 +00:00
s23_meth.c
Initial incomplete TLS v1.2 support. New ciphersuites added, new version
2011-04-29 22:56:51 +00:00
s23_pkt.c
Reorder inclusion of header files:
2002-07-10 07:01:54 +00:00
s23_srvr.c
Implement FIPS_mode and FIPS_mode_set
2011-05-19 18:09:02 +00:00
srtp.h
move internal functions to ssl_locl.h
2011-11-21 22:52:13 +00:00
ssl2.h
Initial "opaque SSL" framework. If an application defines
2011-04-29 22:37:12 +00:00
ssl3.h
Version skew reduction: trivia (I hope).
2012-06-03 22:00:21 +00:00
ssl23.h
Import of old SSLeay release: SSLeay 0.9.0b
1998-12-21 10:56:39 +00:00
ssl_algs.c
add GCM ciphers in SSL_library_init
2011-10-10 12:56:18 +00:00
ssl_asn1.c
Version skew reduction: trivia (I hope).
2012-06-03 22:00:21 +00:00
ssl_cert.c
Add new "valid_flags" field to CERT_PKEY structure which determines what
2012-06-28 12:45:49 +00:00
ssl_ciph.c
Don't try to use unvalidated composite ciphers in FIPS mode
2012-04-26 18:55:01 +00:00
ssl_err2.c
Use new-style system-id macros everywhere possible. I hope I haven't
2001-02-20 08:13:47 +00:00
ssl_err.c
Reorganise supported signature algorithm extension processing.
2012-06-25 14:32:30 +00:00
ssl_lib.c
Add new "valid_flags" field to CERT_PKEY structure which determines what
2012-06-28 12:45:49 +00:00
ssl_locl.h
Add new "valid_flags" field to CERT_PKEY structure which determines what
2012-06-28 12:45:49 +00:00
ssl_rsa.c
Rearrange and test authz extension.
2012-06-07 13:20:47 +00:00
ssl_sess.c
Version skew reduction: trivia (I hope).
2012-06-03 22:00:21 +00:00
ssl_stat.c
PR: 1794
2011-11-25 00:17:44 +00:00
ssl_task.c
Security fixes brought forward from 0.9.7.
2002-11-13 15:43:43 +00:00
ssl_txt.c
Initial incomplete TLS v1.2 support. New ciphersuites added, new version
2011-04-29 22:56:51 +00:00
ssl-lib.com
Corrections to the VMS build system.
2011-03-25 16:20:35 +00:00
ssl.h
Add new "valid_flags" field to CERT_PKEY structure which determines what
2012-06-28 12:45:49 +00:00
ssltest.c
PR: 1794
2011-12-14 22:17:06 +00:00
t1_clnt.c
Initial incomplete TLS v1.2 support. New ciphersuites added, new version
2011-04-29 22:56:51 +00:00
t1_enc.c
Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and
2012-05-10 16:03:52 +00:00
t1_lib.c
Add new "valid_flags" field to CERT_PKEY structure which determines what
2012-06-28 12:45:49 +00:00
t1_meth.c
Initial incomplete TLS v1.2 support. New ciphersuites added, new version
2011-04-29 22:56:51 +00:00
t1_reneg.c
Update RI to match latest spec.
2009-12-27 22:58:55 +00:00
t1_srvr.c
Initial incomplete TLS v1.2 support. New ciphersuites added, new version
2011-04-29 22:56:51 +00:00
t1_trce.c
Initial record tracing code. Print out all fields in SSL/TLS records
2012-06-15 12:46:09 +00:00
tls1.h
Reorganise supported signature algorithm extension processing.
2012-06-25 14:32:30 +00:00
tls_srp.c
PR: 1794
2011-12-14 22:17:06 +00:00