| Age | Commit message (Collapse) | Author |
|---|
|
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Support for TLS/DTLS heartbeats.
|
|
|
|
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve
- remove some unncessary SSL_err and permit
an srp user callback to allow a worker to obtain
a user verifier.
- cleanup and comments in s_server and demonstration
for asynchronous srp user lookup
|
|
New function to retrieve compression method from SSL_SESSION structure.
Delete SSL_SESSION_get_id_len and SSL_SESSION_get0_id functions
as they duplicate functionality of SSL_SESSION_get_id. Note: these functions
have never appeared in any release version of OpenSSL.
|
|
|
|
PR: 2655
|
|
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve
Remove unnecessary code for srp and to add some comments to
s_client.
- the callback to provide a user during client connect is
no longer necessary since rfc 5054 a connection attempt
with an srp cipher and no user is terminated when the
cipher is acceptable
- comments to indicate in s_client the (non-)usefulness of
th primalaty tests for non known group parameters.
|
|
|
|
|
|
relevant applications
|
|
|
|
|
|
be the server FQDN: change it.
[Reported by PSW Group]
|
|
|
|
|
|
aspirational __owur annotations.
|
|
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve
Document unknown_psk_identify alert, remove pre-RFC 5054 string from
ssl_stat.c
|
|
|
|
key to the one in a request. This is useful for cases where the public
key cannot be used for signing e.g. DH.
|
|
|
|
Submitted by: Tomas Mraz <tmraz@redhat.com>
Reviewed by: steve
Fix usage message.
|
|
Submitted by: Marcus Meissner <meissner@suse.de>
Reviewed by: steve
Set cnf to NULL to avoid possible double free.
|
|
|
|
FIPS_mode_set is implemented.
|
|
|
|
algorithms extension (including everything we support). Swicth to new
signature format where needed and relax ECC restrictions.
Not TLS v1.2 client certifcate support yet but client will handle case
where a certificate is requested and we don't have one.
|
|
signature algorithms extension and correct signature format for
server key exchange.
All ciphersuites should now work on the server but no client support and
no client certificate support yet.
|
|
checking added, SHA256 PRF support added.
At present only RSA key exchange ciphersuites work with TLS v1.2 as the
new signature format is not yet implemented.
|
|
OPENSSL_NO_SSL_INTERN all ssl related structures are opaque
and internals cannot be directly accessed. Many applications
will need some modification to support this and most likely some
additional functions added to OpenSSL.
The advantage of this option is that any application supporting
it will still be binary compatible if SSL structures change.
|
|
|
|
|
|
|
|
to missing DRBG support in libcrypto.
|
|
Submitted by Steven M. Schweda <sms@antinode.info>
|
|
different options:
"64" The build system will choose /POINTER_SIZE=64=ARGV if
the compiler supports it, otherwise /POINTER_SIZE=64.
"64=" The build system will force /POINTER_SIZE=64.
"64=ARGV" The build system will force /POINTER_SIZE=64=ARGV.
|
|
This meant alarger renumbering in util/libeay.num due to symbols
appearing in 1.0.0-stable and 1.0.1-stable. However, since there's
been no release on this branch yet, it should be harmless.
|
|
|
|
with turning trapping back on.
* test/maketests.com: Do the same check for /POINTER_SIZE=64=ARGV
here.
* test/clean-test.com: A new script for cleaning up.
|
|
directly in main(). 'if needed' also includes when argv is a 32 bit
pointer in an otherwise 64 bit environment.
* apps/makeapps.com: When using /POINTER_SIZE=64, try to use the additional
=ARGV, but only if it's supported. Fortunately, DCL is very helpful
telling us in this case.
|
|
submitted by Steven M. Schweda <sms@antinode.info>
|
|
|
|
|
|
Submitted by: Jim Studt <jim@studt.net>
Reviewed by: steve
Check mac is present before trying to retrieve mac iteration count.
|
|
functions such as rand() ).
|
|
|
|
|
|
|
|
|
|
|
|
|
