Age | Commit message (Collapse) | Author |
|
Extend SSL_CONF to return command value types.
Add certificate and key options.
Update documentation.
(cherry picked from commit ec2f7e568ea18a22ab57326fffe78ef2aa6884f5)
|
|
|
|
(cherry picked from commit 5711885a2b31bfb623fb3738ce92a4cce4316bc7)
|
|
Add support for custom public key parameters in the cms utility using
the -keyopt switch. Works for -sign and also -encrypt if -recip is used.
(cherry picked from commit 02498cc885b801f38f33c0a0d08d4603fd6350c7)
|
|
Conflicts:
ssl/ssl3.h
ssl/t1_lib.c
|
|
|
|
|
|
Add new methods DTLS_*_method() which support both DTLS 1.0 and DTLS 1.2 and
pick the highest version the peer supports during negotiation.
As with SSL/TLS options can change this behaviour specifically
SSL_OP_NO_DTLSv1 and SSL_OP_NO_DTLSv1_2.
(cherry picked from commit c6913eeb762edffddecaaba5c84909d7a7962927)
Conflicts:
CHANGES
|
|
Add correct flags for DTLS 1.2, update s_server and s_client to handle
DTLS 1.2 methods.
Currently no support for version negotiation: i.e. if client/server selects
DTLS 1.2 it is that or nothing.
(cherry picked from commit c3b344e36a088283731b4f65a70e85b100f55686)
Conflicts:
apps/s_server.c
|
|
(cherry picked from commit 139cd16cc58330840890f914c318f00de6bfd831)
|
|
Cherry pick of b0d27cb9028cbf552612baa42255737cca0e32d2.
|
|
This change adds support for ALPN[1] in OpenSSL. ALPN is the IETF
blessed version of NPN and we'll be supporting both ALPN and NPN for
some time yet.
Cherry-picked from 6f017a8f9db3a79f3a3406cf8d493ccd346db691.
[1] https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-00
|
|
(cherry picked from commit f7ac0ec89d0daefdea2956c55c17f1246e81c0a6)
|
|
(cherry picked from commit 51b9115b6dcaf94718de3c8b4d97b00f8cd63cd5)
|
|
is needed to test some profiles/protocols which reject certificates
with unsupported versions.
(cherry picked from commit df316fd43c5b1e063b84279f245087a578b67e9b)
|
|
(cherry picked from commit 96cfba0fb46a392697295eb6c1350e3110411a75)
|
|
(cherry picked from commit 7c8ac5050473ec938f2c2e3e5c9063d680be36a1)
|
|
(cherry picked from commit b5cadfb564a604c0ba1c49984ac796cfd8310731)
|
|
(cherry picked from commit 685755937a4f9f8b16f8953f631e14808f785c39)
|
|
just like a "real" server making it easier to trace any problems.
(manually applied from commit 35b0ea4efe24dee3194964588655d1a3187c6e63)
|
|
|
|
(cherry picked from commit 14536c8c9c0abb894afcadb9a58b4b29fc8f7a4d)
|
|
by client and send back to server. Also prints an abbreviated summary of
the connection parameters.
(cherry picked from commit 4f3df8bea2981b1547eaae8704f0207c7766c2fa)
|
|
New option -verify_quiet to shut up the verify callback unless there is
an error.
(manually applied from commit 2a7cbe77b3abb244c2211d22d7aa3416b97c9342)
|
|
Add support for arbitrary TLS extensions.
Contributed by Trevor Perrin.
Conflicts:
CHANGES
ssl/ssl.h
ssl/ssltest.c
test/testssl
Fix compilation due to #endif.
Cherrypicking more stuff.
Cleanup of custom extension stuff.
serverinfo rejects non-empty extensions.
Omit extension if no relevant serverinfo data.
Improve error-handling in serverinfo callback.
Cosmetic cleanups.
s_client documentation.
s_server documentation.
SSL_CTX_serverinfo documentation.
Cleaup -1 and NULL callback handling for custom extensions, add tests.
Cleanup ssl_rsa.c serverinfo code.
Whitespace cleanup.
Improve comments in ssl.h for serverinfo.
Whitespace.
Cosmetic cleanup.
Reject non-zero-len serverinfo extensions.
Whitespace.
Make it build.
Conflicts:
test/testssl
|
|
|
|
(cherry picked from commit cdb6c48445ded3daafab32e5f266943d07bb512b)
|
|
|
|
(cherry picked from commit 944bc29f9004cf8851427ebfa83ee70b8399da57)
|
|
key to the one in a request. This is useful for cases where the public
key cannot be used for signing e.g. DH.
(cherry picked from commit 43206a2d7cc87c959535c0f69e2aa3b364eafd6e)
|
|
|
|
Just a sample, real world applications would have to be cleverer.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
HEAD)
|
|
|
|
|
|
|
|
the SSL_CONF APIs.
This is complicated a little because the SSL_CTX structure is not available
when the command line is processed: so just check syntax of commands initially
and store them, ready to apply later.
(backport from HEAD)
|
|
|
|
(backport from HEAD)
|
|
|
|
(backport from HEAD)
|
|
message, print out details in s_client
(backport from HEAD)
|
|
(backport from HEAD)
|