summaryrefslogtreecommitdiffstats
path: root/ssl/t1_lib.c
AgeCommit message (Expand)Author
2013-11-01Fix SSL_OP_SINGLE_ECDH_USEPiotr Sikora
2013-10-20Prevent use of RSA+MD5 in TLS 1.2 by default.Dr. Stephen Henson
2013-10-15Add brainpool curves to NID table too.Dr. Stephen Henson
2013-10-15RFC7027 (Brainpool for TLS) support.Dr. Stephen Henson
2013-10-01Re-add accidentally deleted #endif.Ben Laurie
2013-10-01Merge remote-tracking branch 'agl/1.0.2alpn' into agl-alpnBen Laurie
2013-09-18Enable TLS 1.2 ciphers in DTLS 1.2.Dr. Stephen Henson
2013-09-18Enable various DTLS extensions.Dr. Stephen Henson
2013-09-18Use enc_flags when deciding protocol variations.Dr. Stephen Henson
2013-09-18DTLS revision.Dr. Stephen Henson
2013-09-16Various custom extension fixes.Trevor Perrin
2013-09-16Tidy up comments.Rob Stradling
2013-09-16Use TLS version supplied by client when fingerprinting Safari.Rob Stradling
2013-09-16Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.Rob Stradling
2013-09-14Add missing code from SSL_CONF backport.Dr. Stephen Henson
2013-09-13Support ALPN.Adam Langley
2013-08-19Make no-ec compilation work.Dr. Stephen Henson
2013-07-31Cosmetic touchups.Trevor
2013-07-03Trying cherrypick:Trevor
2013-02-06Add and use a constant-time memcmp.Ben Laurie
2013-01-24Fix warning: lenmax isn't used any more.Dr. Stephen Henson
2013-01-19Remove extraneous brackets (clang doesn't like them).Ben Laurie
2013-01-19Can't check a size_t for < 0.Ben Laurie
2013-01-15Add support for broken protocol tests (backport from master branch)Dr. Stephen Henson
2013-01-15Make whitespace consistent with master branch.Dr. Stephen Henson
2012-12-26Reject zero length ec point format list.Dr. Stephen Henson
2012-12-26Use client version when deciding which cipher suites to disable.Dr. Stephen Henson
2012-12-26Use default point formats extension for server side as well as clientDr. Stephen Henson
2012-12-26store and print out message digest peer signed with in TLS 1.2Dr. Stephen Henson
2012-12-26Add three Suite B modes to TLS code, supporting RFC6460.Dr. Stephen Henson
2012-12-26Make tls1_check_chain return a set of flags indicating checks passedDr. Stephen Henson
2012-12-26Abort handshake if signature algorithm used not supported by peer.Dr. Stephen Henson
2012-12-26check EC tmp key matches preferencesDr. Stephen Henson
2012-12-26Add support for certificate stores in CERT structure. This makes itDr. Stephen Henson
2012-12-26stop warningDr. Stephen Henson
2012-12-26New function ssl_set_client_disabled to set masks for any ciphersuitesDr. Stephen Henson
2012-12-26no need to check s->server as default_nid is never used for TLS 1.2 client au...Dr. Stephen Henson
2012-12-26Separate client and server permitted signature algorithm support: by defaultDr. Stephen Henson
2012-12-26Add certificate callback. If set this is called whenever a certificateDr. Stephen Henson
2012-12-26Function tls1_check_ec_server_key is now redundant as we makeDr. Stephen Henson
2012-12-26Add new "valid_flags" field to CERT_PKEY structure which determines whatDr. Stephen Henson
2012-12-26Reorganise supported signature algorithm extension processing.Dr. Stephen Henson
2012-12-26Add support for application defined signature algorithms for use withDr. Stephen Henson
2012-11-22reject zero length point format list or supported curves extensionsDr. Stephen Henson
2012-09-11Minor enhancement to PR#2836 fix. Instead of modifying SSL_get_certificateDr. Stephen Henson
2012-09-11Call OCSP Stapling callback after ciphersuite has been chosen, so theBen Laurie
2012-07-03revert unrelated test codeDr. Stephen Henson
2012-07-03PR: 2840Dr. Stephen Henson
2012-06-27don't use pseudo digests for default values of keysDr. Stephen Henson
2012-06-11Fix memory leak.Ben Laurie
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-22 23:13:31 +0000