summaryrefslogtreecommitdiffstats
path: root/apps
AgeCommit message (Collapse)Author
2013-11-02Extend SSL_CONFDr. Stephen Henson
Extend SSL_CONF to return command value types. Add certificate and key options. Update documentation. (cherry picked from commit ec2f7e568ea18a22ab57326fffe78ef2aa6884f5)
2013-10-07Constification.Ben Laurie
2013-10-01Custom key wrap option for cms utility.Dr. Stephen Henson
(cherry picked from commit 5711885a2b31bfb623fb3738ce92a4cce4316bc7)
2013-10-01Add -keyopt option to cms utility.Dr. Stephen Henson
Add support for custom public key parameters in the cms utility using the -keyopt switch. Works for -sign and also -encrypt if -recip is used. (cherry picked from commit 02498cc885b801f38f33c0a0d08d4603fd6350c7)
2013-10-01Merge remote-tracking branch 'agl/1.0.2alpn' into agl-alpnBen Laurie
Conflicts: ssl/ssl3.h ssl/t1_lib.c
2013-09-25Produce PEM we would consume.Ben Laurie
2013-09-24Show useful errors.Ben Laurie
2013-09-18Dual DTLS version methods.Dr. Stephen Henson
Add new methods DTLS_*_method() which support both DTLS 1.0 and DTLS 1.2 and pick the highest version the peer supports during negotiation. As with SSL/TLS options can change this behaviour specifically SSL_OP_NO_DTLSv1 and SSL_OP_NO_DTLSv1_2. (cherry picked from commit c6913eeb762edffddecaaba5c84909d7a7962927) Conflicts: CHANGES
2013-09-18Provisional DTLS 1.2 support.Dr. Stephen Henson
Add correct flags for DTLS 1.2, update s_server and s_client to handle DTLS 1.2 methods. Currently no support for version negotiation: i.e. if client/server selects DTLS 1.2 it is that or nothing. (cherry picked from commit c3b344e36a088283731b4f65a70e85b100f55686) Conflicts: apps/s_server.c
2013-09-14add -badsig option to corrupt CRL signatures for testing tooDr. Stephen Henson
(cherry picked from commit 139cd16cc58330840890f914c318f00de6bfd831)
2013-09-13Initialize next_proto in s_server - resolves incorrect attempts to freeScott Deboy
Cherry pick of b0d27cb9028cbf552612baa42255737cca0e32d2.
2013-09-13Support ALPN.Adam Langley
This change adds support for ALPN[1] in OpenSSL. ALPN is the IETF blessed version of NPN and we'll be supporting both ALPN and NPN for some time yet. Cherry-picked from 6f017a8f9db3a79f3a3406cf8d493ccd346db691. [1] https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-00
2013-08-19fix printout of expiry days if -enddate is used in caDr. Stephen Henson
(cherry picked from commit f7ac0ec89d0daefdea2956c55c17f1246e81c0a6)
2013-08-19new command line option -stdname to ciphers utilityDr. Stephen Henson
(cherry picked from commit 51b9115b6dcaf94718de3c8b4d97b00f8cd63cd5)
2013-08-19Add new test option set the version in generated certificates: thisDr. Stephen Henson
is needed to test some profiles/protocols which reject certificates with unsupported versions. (cherry picked from commit df316fd43c5b1e063b84279f245087a578b67e9b)
2013-08-19option to output corrupted signature in certificates for testing purposesDr. Stephen Henson
(cherry picked from commit 96cfba0fb46a392697295eb6c1350e3110411a75)
2013-08-19update usage messagesDr. Stephen Henson
(cherry picked from commit 7c8ac5050473ec938f2c2e3e5c9063d680be36a1)
2013-08-19add -naccept <n> option to s_server to automatically exit after <n> connectionsDr. Stephen Henson
(cherry picked from commit b5cadfb564a604c0ba1c49984ac796cfd8310731)
2013-08-19with -rev close connection if client sends "CLOSE"Dr. Stephen Henson
(cherry picked from commit 685755937a4f9f8b16f8953f631e14808f785c39)
2013-08-19Add simple external session cache to s_server. This serialises sessionsDr. Stephen Henson
just like a "real" server making it easier to trace any problems. (manually applied from commit 35b0ea4efe24dee3194964588655d1a3187c6e63)
2013-08-19Remove commented out debug line.Dr. Stephen Henson
2013-08-19Make no-ec compilation work.Dr. Stephen Henson
(cherry picked from commit 14536c8c9c0abb894afcadb9a58b4b29fc8f7a4d)
2013-08-19Add -rev test option to s_server to just reverse order of characters receivedDr. Stephen Henson
by client and send back to server. Also prints an abbreviated summary of the connection parameters. (cherry picked from commit 4f3df8bea2981b1547eaae8704f0207c7766c2fa)
2013-08-19Add -brief option to s_client and s_server to summarise connection details.Dr. Stephen Henson
New option -verify_quiet to shut up the verify callback unless there is an error. (manually applied from commit 2a7cbe77b3abb244c2211d22d7aa3416b97c9342)
2013-07-03Trying cherrypick:Trevor
Add support for arbitrary TLS extensions. Contributed by Trevor Perrin. Conflicts: CHANGES ssl/ssl.h ssl/ssltest.c test/testssl Fix compilation due to #endif. Cherrypicking more stuff. Cleanup of custom extension stuff. serverinfo rejects non-empty extensions. Omit extension if no relevant serverinfo data. Improve error-handling in serverinfo callback. Cosmetic cleanups. s_client documentation. s_server documentation. SSL_CTX_serverinfo documentation. Cleaup -1 and NULL callback handling for custom extensions, add tests. Cleanup ssl_rsa.c serverinfo code. Whitespace cleanup. Improve comments in ssl.h for serverinfo. Whitespace. Cosmetic cleanup. Reject non-zero-len serverinfo extensions. Whitespace. Make it build. Conflicts: test/testssl
2013-06-12Typo: don't call RAND_cleanup during app startup.Dr. Stephen Henson
2013-06-05Don't use RC2 with PKCS#12 files in FIPS mode.Dr. Stephen Henson
(cherry picked from commit cdb6c48445ded3daafab32e5f266943d07bb512b)
2013-05-15RFC6689 support: add missing commit (git noob alert).Andy Polyakov
2013-03-28Call RAND_cleanup in openssl application.Dr. Stephen Henson
(cherry picked from commit 944bc29f9004cf8851427ebfa83ee70b8399da57)
2013-02-25New -force_pubkey option to x509 utility to supply a different publicDr. Stephen Henson
key to the one in a request. This is useful for cases where the public key cannot be used for signing e.g. DH. (cherry picked from commit 43206a2d7cc87c959535c0f69e2aa3b364eafd6e)
2013-01-18-named_curve option handled automatically now.Dr. Stephen Henson
2013-01-18Add code to download CRLs based on CRLDP extension.Dr. Stephen Henson
Just a sample, real world applications would have to be cleverer.
2013-01-18cipher is not used in s_server any more.Dr. Stephen Henson
2013-01-18New option to add CRLs for s_client and s_server.Dr. Stephen Henson
2013-01-17initial support for delta CRL generations by diffing two full CRLsDr. Stephen Henson
2013-01-17Typo (PR2959).Dr. Stephen Henson
2013-01-17add option to get a certificate or CRL from a URLDr. Stephen Henson
2013-01-15make updateDr. Stephen Henson
2013-01-07Change default bits to 1024Dr. Stephen Henson
2012-12-30add support for separate verify can chain stores to s_client (backport from ↵Dr. Stephen Henson
HEAD)
2012-12-30add -chain options to s_client (backrpot from HEAD)Dr. Stephen Henson
2012-12-30remove unused cipher functionality from s_clientDr. Stephen Henson
2012-12-29make JPAKE work again, fix memory leaksDr. Stephen Henson
2012-12-29Delegate command line handling for many common options in s_client/s_server toDr. Stephen Henson
the SSL_CONF APIs. This is complicated a little because the SSL_CTX structure is not available when the command line is processed: so just check syntax of commands initially and store them, ready to apply later. (backport from HEAD)
2012-12-26SSL/TLS record tracing code (backport from HEAD).Dr. Stephen Henson
2012-12-26Add support for printing out and retrieving EC point formats extension.Dr. Stephen Henson
(backport from HEAD)
2012-12-26add Suite B verification flagsDr. Stephen Henson
2012-12-26contifyDr. Stephen Henson
(backport from HEAD)
2012-12-26new ctrl to retrive value of received temporary key in server key exchange ↵Dr. Stephen Henson
message, print out details in s_client (backport from HEAD)
2012-12-26store and print out message digest peer signed with in TLS 1.2Dr. Stephen Henson
(backport from HEAD)
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-13 00:28:21 +0000