Age | Commit message (Collapse) | Author |
|
Cherry-picked from a898936218bc279b5d7cdf76d58a25e7a2d419cb.
|
|
Add support for arbitrary TLS extensions.
Contributed by Trevor Perrin.
Conflicts:
CHANGES
ssl/ssl.h
ssl/ssltest.c
test/testssl
Fix compilation due to #endif.
Cherrypicking more stuff.
Cleanup of custom extension stuff.
serverinfo rejects non-empty extensions.
Omit extension if no relevant serverinfo data.
Improve error-handling in serverinfo callback.
Cosmetic cleanups.
s_client documentation.
s_server documentation.
SSL_CTX_serverinfo documentation.
Cleaup -1 and NULL callback handling for custom extensions, add tests.
Cleanup ssl_rsa.c serverinfo code.
Whitespace cleanup.
Improve comments in ssl.h for serverinfo.
Whitespace.
Cosmetic cleanup.
Reject non-zero-len serverinfo extensions.
Whitespace.
Make it build.
Conflicts:
test/testssl
|
|
MD5 should use little endian order. Fortunately the only ciphersuite
affected is EXP-RC2-CBC-MD5 (TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5) which
is a rarely used export grade ciphersuite.
(cherry picked from commit f306b87d766e6ecf30824635c7c395b67cff9dbc)
|
|
|
|
|
|
|
|
|
|
PR: 1191
Submitted by: Mika Kousa and Pasi Eronen of Nokia Corporation
Reviewed by: Nils Larsch
|
|
and SafeDllSearchMode in Windows.
Submitted by: Richard Levitte
|
|
PR: 353
|
|
Submitted by: D. K. Smetters <smetters@parc.xerox.com>
Reviewed by: Bodo Moeller
|
|
|
|
"openssl list-standard-commands".
|
|
|
|
In testss, use MD5 as digest algorithm so that the resulting
certificates can be used for testssl with RSA.
|
|
|
|
|
|
don't dynamically create them. This allows using ssltest
for approximate performance comparisons:
$ time ./ssltest -num 50 -tls1 -cert ../apps/server2.pem \
[-no_dhe|-dhe1024dsa|-dhe1024]
(server2.pem contains a 1024 bit RSA key, the default has only
512 bits.) Note that these timings contain both the server's and
the client's computations, they are not a good indicator for
server workload in different configurations.
|
|
(including another problem in the s3_srvr.c state machine).
|
|
tls1 did not survive to restarts, so get rid of it.
|
|
|
|
|
|
|