Dr. Stephen Henson
7f9ef5621a
Oops, add missing declaration.
2011-05-12 13:02:25 +00:00
Dr. Stephen Henson
39348038df
make kerberos work with OPENSSL_NO_SSL_INTERN
2011-05-11 22:52:34 +00:00
Dr. Stephen Henson
9472baae0d
Backport TLS v1.2 support from HEAD.
...
This includes TLS v1.2 server and client support but at present
client certificate support is not implemented.
2011-05-11 13:37:52 +00:00
Dr. Stephen Henson
ae17b9ecd5
Typo.
2011-05-11 13:22:54 +00:00
Dr. Stephen Henson
74096890ba
Initial "opaque SSL" framework. If an application defines OPENSSL_NO_SSL_INTERN
...
all ssl related structures are opaque and internals cannot be directly
accessed. Many applications will need some modification to support this and
most likely some additional functions added to OpenSSL.
The advantage of this option is that any application supporting it will still
be binary compatible if SSL structures change.
(backport from HEAD).
2011-05-11 12:56:38 +00:00
Ben Laurie
a149b2466e
Add SRP.
2011-03-16 11:26:40 +00:00
Dr. Stephen Henson
251431ff4f
add TLS v1.1 options to s_server
2010-11-13 12:44:17 +00:00
Dr. Stephen Henson
1eb1cf452b
Backport TLS v1.1 support from HEAD
2010-06-27 14:15:02 +00:00
Dr. Stephen Henson
e97359435e
Fix warnings (From HEAD, original patch by Ben).
2010-06-15 17:25:15 +00:00
Dr. Stephen Henson
ffa304c838
oops, revert more test code arghh!
2010-01-28 17:52:18 +00:00
Dr. Stephen Henson
df21765a3e
In engine_table_select() don't clear out entire error queue: just clear
...
out any we added using ERR_set_mark() and ERR_pop_to_mark() otherwise
errors from other sources (e.g. SSL library) can be wiped.
2010-01-28 17:50:23 +00:00
Dr. Stephen Henson
b52a2738d4
Add ctrl and macro so we can determine if peer support secure renegotiation.
2009-12-08 13:42:32 +00:00
Dr. Stephen Henson
5c33091cfa
commit missing apps code for reneg fix
2009-11-11 14:10:09 +00:00
Dr. Stephen Henson
90528846e8
Add -no_cache option to s_server
2009-10-28 17:49:37 +00:00
Dr. Stephen Henson
0c690586e0
PR: 2064, 728
...
Submitted by: steve@openssl.org
Add support for custom headers in OCSP requests.
2009-09-30 21:41:53 +00:00
Dr. Stephen Henson
2e9802b7a7
PR: 2028
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
Fix DTLS cookie management bugs.
2009-09-04 17:42:06 +00:00
Dr. Stephen Henson
209abea1db
Stop unused variable warning on WIN32 et al.
2009-08-18 11:14:12 +00:00
Dr. Stephen Henson
a4bade7aac
PR: 1997
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
DTLS timeout handling fix.
2009-08-12 13:21:26 +00:00
Dr. Stephen Henson
4386445c18
Change STRING to OPENSSL_STRING etc as common words such
...
as "STRING" cause conflicts with other headers/libraries.
2009-07-27 21:08:53 +00:00
Dr. Stephen Henson
e323afb0ce
Update from HEAD.
2009-06-30 16:10:24 +00:00
Dr. Stephen Henson
67d8ab07e6
Stop warning if dtls disabled.
2009-06-05 14:56:48 +00:00
Dr. Stephen Henson
0454f2c490
PR: 1929
...
Submitted by: Michael Tuexen <tuexen@fh-muenster.de>
Approved by: steve@openssl.org
Updated DTLS MTU bug fix.
2009-05-17 16:04:21 +00:00
Dr. Stephen Henson
9990cb75c1
PR: 1894
...
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org
Fix various typos and stuff.
2009-04-16 17:22:51 +00:00
Dr. Stephen Henson
70531c147c
Make no-engine work again.
2008-12-20 17:04:40 +00:00
Dr. Stephen Henson
2900fc8ae1
Don't stop -cipher from working.
2008-11-30 22:01:31 +00:00
Dr. Stephen Henson
79bd20fd17
Update from stable-branch.
2008-11-24 17:27:08 +00:00
Ben Laurie
f3b7bdadbc
Integrate J-PAKE and TLS-PSK. Increase PSK buffer size. Fix memory leaks.
2008-11-16 12:47:12 +00:00
Dr. Stephen Henson
ed551cddf7
Update from stable branch.
2008-11-12 17:28:18 +00:00
Ben Laurie
6caa4edd3e
Add JPAKE.
2008-10-26 18:40:52 +00:00
Ben Laurie
babb379849
Type-checked (and modern C compliant) OBJ_bsearch.
2008-10-12 14:32:47 +00:00
Ben Laurie
5ce278a77b
More type-checking.
2008-06-04 11:01:43 +00:00
Lutz Jänicke
51e00db226
Document "openssl s_server" -crl_check* options
...
Submitted by: Daniel Black <daniel.subs@internode.on.net>
2008-05-19 07:52:15 +00:00
Lutz Jänicke
f49c687507
Typo. (From 0.9.8-stable/S. Henson)
...
PR: 1672
2008-05-19 06:21:05 +00:00
Dr. Stephen Henson
b7fcc08976
Typo.
2007-09-28 17:18:18 +00:00
Dr. Stephen Henson
67c8e7f414
Support for certificate status TLS extension.
2007-09-26 21:56:59 +00:00
Bodo Möller
86d4bc3aea
fix length parameter in SSL_set_tlsext_opaque_prf_input() calls
2007-09-23 11:08:59 +00:00
Bodo Möller
761772d7e1
Implement the Opaque PRF Input TLS extension
...
(draft-rescorla-tls-opaque-prf-input-00.txt), and do some cleanups and
bugfixes on the way. In particular, this fixes the buffer bounds
checks in ssl_add_clienthello_tlsext() and in ssl_add_serverhello_tlsext().
Note that the opaque PRF Input TLS extension is not compiled by default;
see CHANGES.
2007-09-21 06:54:24 +00:00
Dr. Stephen Henson
d82a612a90
Fix warning: print format option not compatible with size_t.
2007-09-07 13:34:46 +00:00
Dr. Stephen Henson
d24a9c8f5a
Docs and usage messages for RFC4507bis support.
2007-08-23 11:34:48 +00:00
Dr. Stephen Henson
710069c19e
Fix warnings.
2007-08-12 17:44:32 +00:00
Dr. Stephen Henson
6434abbfc6
RFC4507 (including RFC4507bis) TLS stateless session resumption support
...
for OpenSSL.
2007-08-11 23:18:29 +00:00
Dr. Stephen Henson
9c54e18bf0
Fixes for dgst tool. Initialize md_name, sig_name properly. Return error code
...
on failure. Keep output format consistent with previous versions.
Also flush stdout after printing ACCEPT in s_server.
2007-05-21 15:53:30 +00:00
Nils Larsch
7806f3dd4b
replace macros with functions
...
Submitted by: Tracy Camp <tracyx.e.camp@intel.com>
2006-11-29 20:54:57 +00:00
Dr. Stephen Henson
5d20c4fb35
Overhaul of by_dir code to handle dynamic loading of CRLs.
2006-09-17 17:16:28 +00:00
Dr. Stephen Henson
7bf7333d68
If we include winsock2.h then FD_SET wants an unsigned type for an fd.
2006-04-17 12:22:13 +00:00
Ulf Möller
4700aea951
Add BeOS support.
...
PR: 1312
Submitted by: Oliver Tappe <zooey@hirschkaefer.de>
Reviewed by: Ulf Moeller
2006-04-11 21:34:21 +00:00
Bodo Möller
bcbe37b716
Change default curve (for compatibility with a
...
soon-to-be-widely-deployed implementation that doesn't support the
previous default)
Submitted by: Douglas Stebila
2006-03-30 02:41:30 +00:00
Nils Larsch
d916ba1ba1
check if con != NULL before using it
2006-03-18 14:24:02 +00:00
Nils Larsch
a0aa8b4b61
fix signed vs. unsigned warning
2006-03-11 12:18:11 +00:00
Nils Larsch
ddac197404
add initial support for RFC 4279 PSK SSL ciphersuites
...
PR: 1191
Submitted by: Mika Kousa and Pasi Eronen of Nokia Corporation
Reviewed by: Nils Larsch
2006-03-10 23:06:27 +00:00