wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
10691 commits 20 branches 302 tags 153 MiB
Commit graph

1520 commits

Author SHA1 Message Date
Dr. Stephen Henson
bc35b8e435 make update 2013-12-01 23:09:44 +00:00
Piotr Sikora
edc687ba0f Fix compilation with no-nextprotoneg. 
PR#3106
 2013-11-14 01:20:58 +00:00
Dr. Stephen Henson
044f8ca87d Extend SSL_CONF 
Extend SSL_CONF to return command value types.

Add certificate and key options.

Update documentation.
(cherry picked from commit ec2f7e568e)
 2013-11-02 13:41:19 +00:00
Ben Laurie
1ebaf97c44 Constification. 2013-10-07 12:44:40 +01:00
Dr. Stephen Henson
9d1e475db6 Custom key wrap option for cms utility. 
(cherry picked from commit 5711885a2b)
 2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
4a26fd6e3b Add -keyopt option to cms utility. 
Add support for custom public key parameters in the cms utility using
the -keyopt switch. Works for -sign and also -encrypt if -recip is used.
(cherry picked from commit 02498cc885)
 2013-10-01 14:01:18 +01:00
Ben Laurie
63fe322160 Merge remote-tracking branch 'agl/1.0.2alpn' into agl-alpn 
Conflicts:
	ssl/ssl3.h
	ssl/t1_lib.c
 2013-10-01 12:20:02 +01:00
Ben Laurie
c808798013 Produce PEM we would consume. 2013-09-25 13:55:06 +01:00
Ben Laurie
379f21ce5c Show useful errors. 2013-09-24 23:13:22 +01:00
Dr. Stephen Henson
65a87d3cc3 Dual DTLS version methods. 
Add new methods DTLS_*_method() which support both DTLS 1.0 and DTLS 1.2 and
pick the highest version the peer supports during negotiation.

As with SSL/TLS options can change this behaviour specifically
SSL_OP_NO_DTLSv1 and SSL_OP_NO_DTLSv1_2.
(cherry picked from commit c6913eeb76)

Conflicts:

	CHANGES
 2013-09-18 13:46:02 +01:00
Dr. Stephen Henson
acec5a6244 Provisional DTLS 1.2 support. 
Add correct flags for DTLS 1.2, update s_server and s_client to handle
DTLS 1.2 methods.

Currently no support for version negotiation: i.e. if client/server selects
DTLS 1.2 it is that or nothing.
(cherry picked from commit c3b344e36a)

Conflicts:

	apps/s_server.c
 2013-09-18 13:46:02 +01:00
Dr. Stephen Henson
9ecf6e93af add -badsig option to corrupt CRL signatures for testing too 
(cherry picked from commit 139cd16cc5)
 2013-09-14 13:53:44 +01:00
Scott Deboy
8ae78c6bd9 Initialize next_proto in s_server - resolves incorrect attempts to free 
Cherry pick of b0d27cb902.
 2013-09-13 11:31:39 -04:00
Adam Langley
b0d6f3c58f Support ALPN. 
This change adds support for ALPN[1] in OpenSSL. ALPN is the IETF
blessed version of NPN and we'll be supporting both ALPN and NPN for
some time yet.

Cherry-picked from 6f017a8f9d.

[1] https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-00
 2013-09-13 11:27:22 -04:00
Dr. Stephen Henson
9855026c43 fix printout of expiry days if -enddate is used in ca 
(cherry picked from commit f7ac0ec89d)
 2013-08-19 21:55:07 +01:00
Dr. Stephen Henson
aaaa18392d new command line option -stdname to ciphers utility 
(cherry picked from commit 51b9115b6d)
 2013-08-19 20:25:39 +01:00
Dr. Stephen Henson
8c33e40d2e Add new test option set the version in generated certificates: this 
is needed to test some profiles/protocols which reject certificates
with unsupported versions.
(cherry picked from commit df316fd43c)
 2013-08-19 18:10:04 +01:00
Dr. Stephen Henson
0d04af1e72 option to output corrupted signature in certificates for testing purposes 
(cherry picked from commit 96cfba0fb4)
 2013-08-19 18:09:44 +01:00
Dr. Stephen Henson
8f17495800 update usage messages 
(cherry picked from commit 7c8ac50504)
 2013-08-19 18:09:26 +01:00
Dr. Stephen Henson
95c1a24853 add -naccept <n> option to s_server to automatically exit after <n> connections 
(cherry picked from commit b5cadfb564)
 2013-08-19 17:42:02 +01:00
Dr. Stephen Henson
08374de10f with -rev close connection if client sends "CLOSE" 
(cherry picked from commit 685755937a)
 2013-08-19 14:14:05 +01:00
Dr. Stephen Henson
506e70a216 Add simple external session cache to s_server. This serialises sessions 
just like a "real" server making it easier to trace any problems.

(manually applied from commit 35b0ea4efe)
 2013-08-19 14:13:56 +01:00
Dr. Stephen Henson
0cca92cdd3 Remove commented out debug line. 2013-08-19 14:13:38 +01:00
Dr. Stephen Henson
5b430cfc44 Make no-ec compilation work. 
(cherry picked from commit 14536c8c9c)
 2013-08-19 14:13:38 +01:00
Dr. Stephen Henson
171c4da568 Add -rev test option to s_server to just reverse order of characters received 
by client and send back to server. Also prints an abbreviated summary of
the connection parameters.
(cherry picked from commit 4f3df8bea2)
 2013-08-19 14:13:38 +01:00
Dr. Stephen Henson
04611fb0f1 Add -brief option to s_client and s_server to summarise connection details. 
New option -verify_quiet to shut up the verify callback unless there is
an error.

(manually applied from commit 2a7cbe77b3)
 2013-08-19 14:13:24 +01:00
Trevor
e27711cfdd Trying cherrypick: 
Add support for arbitrary TLS extensions.

Contributed by Trevor Perrin.

Conflicts:

	CHANGES
	ssl/ssl.h
	ssl/ssltest.c
	test/testssl

Fix compilation due to #endif.

Cherrypicking more stuff.

Cleanup of custom extension stuff.

serverinfo rejects non-empty extensions.

Omit extension if no relevant serverinfo data.

Improve error-handling in serverinfo callback.

Cosmetic cleanups.

s_client documentation.

s_server documentation.

SSL_CTX_serverinfo documentation.

Cleaup -1 and NULL callback handling for custom extensions, add tests.

Cleanup ssl_rsa.c serverinfo code.

Whitespace cleanup.

Improve comments in ssl.h for serverinfo.

Whitespace.

Cosmetic cleanup.

Reject non-zero-len serverinfo extensions.

Whitespace.

Make it build.

Conflicts:

	test/testssl
 2013-07-03 11:53:30 +01:00
Dr. Stephen Henson
90e7f983b5 Typo: don't call RAND_cleanup during app startup. 2013-06-12 21:16:31 +01:00
Dr. Stephen Henson
af908bc48b Don't use RC2 with PKCS#12 files in FIPS mode. 
(cherry picked from commit cdb6c48445)
 2013-06-05 15:06:02 +01:00
Andy Polyakov
e815d72b1f RFC6689 support: add missing commit (git noob alert). 2013-05-15 20:41:51 +02:00
Dr. Stephen Henson
f25c3c0542 Call RAND_cleanup in openssl application. 
(cherry picked from commit 944bc29f90)
 2013-03-28 14:29:11 +00:00
Dr. Stephen Henson
f8a69166ed New -force_pubkey option to x509 utility to supply a different public 
key to the one in a request. This is useful for cases where the public
key cannot be used for signing e.g. DH.
(cherry picked from commit 43206a2d7c)
 2013-02-25 15:25:27 +00:00
Dr. Stephen Henson
1a932ae094 -named_curve option handled automatically now. 2013-01-18 15:41:06 +00:00
Dr. Stephen Henson
57912ed329 Add code to download CRLs based on CRLDP extension. 
Just a sample, real world applications would have to be cleverer.
 2013-01-18 15:38:13 +00:00
Dr. Stephen Henson
e998f8aeb8 cipher is not used in s_server any more. 2013-01-18 15:05:28 +00:00
Dr. Stephen Henson
e318431e54 New option to add CRLs for s_client and s_server. 2013-01-18 14:37:14 +00:00
Dr. Stephen Henson
6a10f38daa initial support for delta CRL generations by diffing two full CRLs 2013-01-17 18:51:50 +00:00
Dr. Stephen Henson
c095078890 Typo (PR2959). 2013-01-17 18:21:54 +00:00
Dr. Stephen Henson
7c283d9e97 add option to get a certificate or CRL from a URL 2013-01-17 16:08:02 +00:00
Dr. Stephen Henson
75a8ff9263 make update 2013-01-15 16:24:07 +00:00
Dr. Stephen Henson
bf1d32e52a Change default bits to 1024 2013-01-07 16:13:48 +00:00
Dr. Stephen Henson
3341b820cc add support for separate verify can chain stores to s_client (backport from HEAD) 2012-12-30 16:27:15 +00:00
Dr. Stephen Henson
ede5f6cf74 add -chain options to s_client (backrpot from HEAD) 2012-12-30 16:17:29 +00:00
Dr. Stephen Henson
8c3f868983 remove unused cipher functionality from s_client 2012-12-30 00:03:40 +00:00
Dr. Stephen Henson
5477ff9ba2 make JPAKE work again, fix memory leaks 2012-12-29 23:58:44 +00:00
Dr. Stephen Henson
15387e4ce0 Delegate command line handling for many common options in s_client/s_server to 
the SSL_CONF APIs.

This is complicated a little because the SSL_CTX structure is not available
when the command line is processed: so just check syntax of commands initially
and store them, ready to apply later.

(backport from HEAD)
 2012-12-29 14:16:41 +00:00
Dr. Stephen Henson
bc200e691c SSL/TLS record tracing code (backport from HEAD). 2012-12-26 22:40:46 +00:00
Dr. Stephen Henson
78b5d89ddf Add support for printing out and retrieving EC point formats extension. 
(backport from HEAD)
 2012-12-26 18:13:49 +00:00
Dr. Stephen Henson
fde8dc1798 add Suite B verification flags 2012-12-26 16:57:39 +00:00
Dr. Stephen Henson
3c87a2bdfa contify 
(backport from HEAD)
 2012-12-26 16:49:59 +00:00