Ben Laurie
92745f8116
Remove extraneous brackets (clang doesn't like them).
2013-01-19 18:24:00 +00:00
Ben Laurie
17cf9864e0
Add MacOS 64-bit debug target.
2013-01-19 18:23:36 +00:00
Ben Laurie
9ccc6f4382
Can't check a size_t for < 0.
2013-01-19 15:01:18 +00:00
Dr. Stephen Henson
6a10f38daa
initial support for delta CRL generations by diffing two full CRLs
2013-01-17 18:51:50 +00:00
Dr. Stephen Henson
c095078890
Typo (PR2959).
2013-01-17 18:21:54 +00:00
Dr. Stephen Henson
c644b83227
constify
2013-01-17 16:35:50 +00:00
Dr. Stephen Henson
75f535315a
New functions to set lookup_crls callback and to retrieve internal X509_STORE
...
from X509_STORE_CTX.
2013-01-17 16:32:33 +00:00
Dr. Stephen Henson
7c283d9e97
add option to get a certificate or CRL from a URL
2013-01-17 16:08:02 +00:00
Dr. Stephen Henson
2aa3ef78b6
print out issuer and subject unique identifier fields in certificates
2013-01-16 15:08:34 +00:00
Dr. Stephen Henson
1c0964e87f
add wrapper function for certificate download
2013-01-15 18:01:54 +00:00
Dr. Stephen Henson
5c8d41be85
Generalise OCSP I/O functions to support dowloading of other ASN1
...
structures using HTTP. Add wrapper function to handle CRL download.
2013-01-15 18:01:31 +00:00
Dr. Stephen Henson
b286640360
Update default dependency flags.
2013-01-15 16:26:04 +00:00
Dr. Stephen Henson
75a8ff9263
make update
2013-01-15 16:24:07 +00:00
Dr. Stephen Henson
50b5966e57
Add support for broken protocol tests (backport from master branch)
2013-01-15 16:18:13 +00:00
Dr. Stephen Henson
8eb4456f93
Make whitespace consistent with master branch.
2013-01-15 15:55:54 +00:00
Ben Laurie
24c45faba0
Fix some clang warnings.
2013-01-13 21:06:36 +00:00
Ben Laurie
010ac38a98
Correct EVP_PKEY_verifyrecover to EVP_PKEY_verify_recover (RT 2955).
2013-01-12 12:51:58 +00:00
Dr. Stephen Henson
1c25ed5dbb
In FIPS mode use PKCS#8 format when writing private keys:
...
traditional format uses MD5 which is prohibited in FIPS mode.
2013-01-07 16:16:43 +00:00
Dr. Stephen Henson
bf1d32e52a
Change default bits to 1024
2013-01-07 16:13:48 +00:00
Dr. Stephen Henson
6c86b69729
Add .gitignore from master branch.
2013-01-06 21:34:51 +00:00
Ben Laurie
72dfff2d5e
Fix warning.
2013-01-06 21:03:05 +00:00
Dr. Stephen Henson
3341b820cc
add support for separate verify can chain stores to s_client (backport from HEAD)
2012-12-30 16:27:15 +00:00
Dr. Stephen Henson
ede5f6cf74
add -chain options to s_client (backrpot from HEAD)
2012-12-30 16:17:29 +00:00
Dr. Stephen Henson
321a9fea75
make no-comp compile
2012-12-30 16:05:03 +00:00
Dr. Stephen Henson
2e00f46b51
stop warning when compiling with no-comp
2012-12-30 01:12:19 +00:00
Dr. Stephen Henson
8c3f868983
remove unused cipher functionality from s_client
2012-12-30 00:03:40 +00:00
Dr. Stephen Henson
d03cc94f47
Update debug-steve* options.
2012-12-29 23:59:18 +00:00
Dr. Stephen Henson
5477ff9ba2
make JPAKE work again, fix memory leaks
2012-12-29 23:58:44 +00:00
Dr. Stephen Henson
46b11600b0
update ordinals
2012-12-29 14:18:14 +00:00
Dr. Stephen Henson
15387e4ce0
Delegate command line handling for many common options in s_client/s_server to
...
the SSL_CONF APIs.
This is complicated a little because the SSL_CTX structure is not available
when the command line is processed: so just check syntax of commands initially
and store them, ready to apply later.
(backport from HEAD)
2012-12-29 14:16:41 +00:00
Dr. Stephen Henson
49ef33fa34
add SSL_CONF functions and documentation (backport from HEAD)
2012-12-29 13:30:56 +00:00
Dr. Stephen Henson
1166323530
Update ordinals.
2012-12-26 23:53:52 +00:00
Dr. Stephen Henson
29113688a1
Portability fix: use BIO_snprintf and pick up strcasecmp alternative
...
definitions from e_os.h
2012-12-26 23:51:41 +00:00
Dr. Stephen Henson
44c970746f
typo
2012-12-26 22:43:43 +00:00
Dr. Stephen Henson
bc200e691c
SSL/TLS record tracing code (backport from HEAD).
2012-12-26 22:40:46 +00:00
Dr. Stephen Henson
a08f8d73cc
Reject zero length ec point format list.
...
Give more meaningful error is attempt made to use incorrect curve.
(from HEAD)
2012-12-26 18:26:11 +00:00
Dr. Stephen Henson
b52f12b3ba
handle point format list retrieval for clients too (from HEAD)
2012-12-26 18:20:07 +00:00
Dr. Stephen Henson
78b5d89ddf
Add support for printing out and retrieving EC point formats extension.
...
(backport from HEAD)
2012-12-26 18:13:49 +00:00
Dr. Stephen Henson
b79df62eff
return error if Suite B mode is selected and TLS 1.2 can't be used.
...
(backport from HEAD)
2012-12-26 17:39:02 +00:00
Dr. Stephen Henson
e3c76874ad
set auto ecdh parameter selction for Suite B
...
(backport from HEAD)
2012-12-26 17:35:02 +00:00
Dr. Stephen Henson
4347394a27
add Suite B 128 bit mode offering only combination 2
...
(backport from HEAD)
2012-12-26 17:34:50 +00:00
Dr. Stephen Henson
53bb723834
Use client version when deciding which cipher suites to disable.
...
(backport from HEAD)
2012-12-26 17:09:39 +00:00
Dr. Stephen Henson
684a2264c5
Use default point formats extension for server side as well as client
...
side, if possible.
Don't advertise compressed char2 for SuiteB as it is not supported.
(backport from HEAD)
2012-12-26 17:09:14 +00:00
Dr. Stephen Henson
fde8dc1798
add Suite B verification flags
2012-12-26 16:57:39 +00:00
Dr. Stephen Henson
3c87a2bdfa
contify
...
(backport from HEAD)
2012-12-26 16:49:59 +00:00
Dr. Stephen Henson
1520e6c084
Add ctrl and utility functions to retrieve raw cipher list sent by client in
...
client hello message. Previously this could only be retrieved on an initial
connection and it was impossible to determine the cipher IDs of any uknown
ciphersuites.
(backport from HEAD)
2012-12-26 16:25:06 +00:00
Dr. Stephen Henson
2001129f09
new ctrl to retrive value of received temporary key in server key exchange message, print out details in s_client
...
(backport from HEAD)
2012-12-26 16:23:36 +00:00
Dr. Stephen Henson
a50ecaee56
store and print out message digest peer signed with in TLS 1.2
...
(backport from HEAD)
2012-12-26 16:23:13 +00:00
Dr. Stephen Henson
67d9dcf003
perform sanity checks on server certificate type as soon as it is received instead of waiting until server key exchange
...
(backport from HEAD)
2012-12-26 16:22:19 +00:00
Dr. Stephen Henson
79dcae32ef
give more meaningful error if presented with wrong certificate type by server
...
(backport from HEAD)
2012-12-26 16:18:15 +00:00