Commit graph

10324 commits

Author SHA1 Message Date
Ben Laurie
92745f8116 Remove extraneous brackets (clang doesn't like them). 2013-01-19 18:24:00 +00:00
Ben Laurie
17cf9864e0 Add MacOS 64-bit debug target. 2013-01-19 18:23:36 +00:00
Ben Laurie
9ccc6f4382 Can't check a size_t for < 0. 2013-01-19 15:01:18 +00:00
Dr. Stephen Henson
6a10f38daa initial support for delta CRL generations by diffing two full CRLs 2013-01-17 18:51:50 +00:00
Dr. Stephen Henson
c095078890 Typo (PR2959). 2013-01-17 18:21:54 +00:00
Dr. Stephen Henson
c644b83227 constify 2013-01-17 16:35:50 +00:00
Dr. Stephen Henson
75f535315a New functions to set lookup_crls callback and to retrieve internal X509_STORE
from X509_STORE_CTX.
2013-01-17 16:32:33 +00:00
Dr. Stephen Henson
7c283d9e97 add option to get a certificate or CRL from a URL 2013-01-17 16:08:02 +00:00
Dr. Stephen Henson
2aa3ef78b6 print out issuer and subject unique identifier fields in certificates 2013-01-16 15:08:34 +00:00
Dr. Stephen Henson
1c0964e87f add wrapper function for certificate download 2013-01-15 18:01:54 +00:00
Dr. Stephen Henson
5c8d41be85 Generalise OCSP I/O functions to support dowloading of other ASN1
structures using HTTP. Add wrapper function to handle CRL download.
2013-01-15 18:01:31 +00:00
Dr. Stephen Henson
b286640360 Update default dependency flags. 2013-01-15 16:26:04 +00:00
Dr. Stephen Henson
75a8ff9263 make update 2013-01-15 16:24:07 +00:00
Dr. Stephen Henson
50b5966e57 Add support for broken protocol tests (backport from master branch) 2013-01-15 16:18:13 +00:00
Dr. Stephen Henson
8eb4456f93 Make whitespace consistent with master branch. 2013-01-15 15:55:54 +00:00
Ben Laurie
24c45faba0 Fix some clang warnings. 2013-01-13 21:06:36 +00:00
Ben Laurie
010ac38a98 Correct EVP_PKEY_verifyrecover to EVP_PKEY_verify_recover (RT 2955). 2013-01-12 12:51:58 +00:00
Dr. Stephen Henson
1c25ed5dbb In FIPS mode use PKCS#8 format when writing private keys:
traditional format uses MD5 which is prohibited in FIPS mode.
2013-01-07 16:16:43 +00:00
Dr. Stephen Henson
bf1d32e52a Change default bits to 1024 2013-01-07 16:13:48 +00:00
Dr. Stephen Henson
6c86b69729 Add .gitignore from master branch. 2013-01-06 21:34:51 +00:00
Ben Laurie
72dfff2d5e Fix warning. 2013-01-06 21:03:05 +00:00
Dr. Stephen Henson
3341b820cc add support for separate verify can chain stores to s_client (backport from HEAD) 2012-12-30 16:27:15 +00:00
Dr. Stephen Henson
ede5f6cf74 add -chain options to s_client (backrpot from HEAD) 2012-12-30 16:17:29 +00:00
Dr. Stephen Henson
321a9fea75 make no-comp compile 2012-12-30 16:05:03 +00:00
Dr. Stephen Henson
2e00f46b51 stop warning when compiling with no-comp 2012-12-30 01:12:19 +00:00
Dr. Stephen Henson
8c3f868983 remove unused cipher functionality from s_client 2012-12-30 00:03:40 +00:00
Dr. Stephen Henson
d03cc94f47 Update debug-steve* options. 2012-12-29 23:59:18 +00:00
Dr. Stephen Henson
5477ff9ba2 make JPAKE work again, fix memory leaks 2012-12-29 23:58:44 +00:00
Dr. Stephen Henson
46b11600b0 update ordinals 2012-12-29 14:18:14 +00:00
Dr. Stephen Henson
15387e4ce0 Delegate command line handling for many common options in s_client/s_server to
the SSL_CONF APIs.

This is complicated a little because the SSL_CTX structure is not available
when the command line is processed: so just check syntax of commands initially
and store them, ready to apply later.

(backport from HEAD)
2012-12-29 14:16:41 +00:00
Dr. Stephen Henson
49ef33fa34 add SSL_CONF functions and documentation (backport from HEAD) 2012-12-29 13:30:56 +00:00
Dr. Stephen Henson
1166323530 Update ordinals. 2012-12-26 23:53:52 +00:00
Dr. Stephen Henson
29113688a1 Portability fix: use BIO_snprintf and pick up strcasecmp alternative
definitions from e_os.h
2012-12-26 23:51:41 +00:00
Dr. Stephen Henson
44c970746f typo 2012-12-26 22:43:43 +00:00
Dr. Stephen Henson
bc200e691c SSL/TLS record tracing code (backport from HEAD). 2012-12-26 22:40:46 +00:00
Dr. Stephen Henson
a08f8d73cc Reject zero length ec point format list.
Give more meaningful error is attempt made to use incorrect curve.

(from HEAD)
2012-12-26 18:26:11 +00:00
Dr. Stephen Henson
b52f12b3ba handle point format list retrieval for clients too (from HEAD) 2012-12-26 18:20:07 +00:00
Dr. Stephen Henson
78b5d89ddf Add support for printing out and retrieving EC point formats extension.
(backport from HEAD)
2012-12-26 18:13:49 +00:00
Dr. Stephen Henson
b79df62eff return error if Suite B mode is selected and TLS 1.2 can't be used.
(backport from HEAD)
2012-12-26 17:39:02 +00:00
Dr. Stephen Henson
e3c76874ad set auto ecdh parameter selction for Suite B
(backport from HEAD)
2012-12-26 17:35:02 +00:00
Dr. Stephen Henson
4347394a27 add Suite B 128 bit mode offering only combination 2
(backport from HEAD)
2012-12-26 17:34:50 +00:00
Dr. Stephen Henson
53bb723834 Use client version when deciding which cipher suites to disable.
(backport from HEAD)
2012-12-26 17:09:39 +00:00
Dr. Stephen Henson
684a2264c5 Use default point formats extension for server side as well as client
side, if possible.

Don't advertise compressed char2 for SuiteB as it is not supported.
(backport from HEAD)
2012-12-26 17:09:14 +00:00
Dr. Stephen Henson
fde8dc1798 add Suite B verification flags 2012-12-26 16:57:39 +00:00
Dr. Stephen Henson
3c87a2bdfa contify
(backport from HEAD)
2012-12-26 16:49:59 +00:00
Dr. Stephen Henson
1520e6c084 Add ctrl and utility functions to retrieve raw cipher list sent by client in
client hello message. Previously this could only be retrieved on an initial
connection and it was impossible to determine the cipher IDs of any uknown
ciphersuites.
(backport from HEAD)
2012-12-26 16:25:06 +00:00
Dr. Stephen Henson
2001129f09 new ctrl to retrive value of received temporary key in server key exchange message, print out details in s_client
(backport from HEAD)
2012-12-26 16:23:36 +00:00
Dr. Stephen Henson
a50ecaee56 store and print out message digest peer signed with in TLS 1.2
(backport from HEAD)
2012-12-26 16:23:13 +00:00
Dr. Stephen Henson
67d9dcf003 perform sanity checks on server certificate type as soon as it is received instead of waiting until server key exchange
(backport from HEAD)
2012-12-26 16:22:19 +00:00
Dr. Stephen Henson
79dcae32ef give more meaningful error if presented with wrong certificate type by server
(backport from HEAD)
2012-12-26 16:18:15 +00:00