wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/ssl
History
Matt Caswell 604ba26560 Fix SSL_check_chain() 
The function SSL_check_chain() can be used by applications to check that
a cert and chain is compatible with the negotiated parameters. This could
be useful (for example) from the certificate callback. Unfortunately this
function was applying TLSv1.2 sig algs rules and did not work correctly if
TLSv1.3 was negotiated.

We refactor tls_choose_sigalg to split it up and create a new function
find_sig_alg which can (optionally) take a certificate and key as
parameters and find an appropriate sig alg if one exists. If the cert and
key are not supplied then we try to find a cert and key from the ones we
have available that matches the shared sig algs.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9443)
2019-08-14 11:09:16 +01:00
..
record Fix SSL_MODE_RELEASE_BUFFERS functionality 2019-08-05 17:17:25 +01:00
statem Add missing EBCDIC strings 2019-08-14 10:52:31 +01:00
bio_ssl.c Add comments to NULL func ptrs in bio_method_st 2017-12-18 07:04:48 +10:00
build.info Move ssl/t1_ext.c to ssl/statem/extensions_cust.c 2017-04-07 13:41:04 +01:00
d1_lib.c Update copyright year 2018-11-20 13:27:36 +00:00
d1_msg.c issue-8998: Ensure that the alert is generated and reaches the remote 2019-05-30 11:37:42 +01:00
d1_srtp.c Move client parsing of ServerHello extensions into new framework 2016-12-08 17:18:25 +00:00
methods.c Drop support for OPENSSL_NO_TLS1_3_METHOD 2017-06-30 09:41:46 +01:00
packet.c Update copyright year 2018-04-17 15:18:40 +02:00
packet_locl.h Update copyright year 2018-09-11 13:45:17 +01:00
pqueue.c Use void in all function definitions that do not take any arguments 2018-05-11 14:37:48 +02:00
s3_cbc.c Update copyright year 2018-11-20 13:27:36 +00:00
s3_enc.c Update copyright year 2019-02-26 14:05:09 +00:00
s3_lib.c Fix the return value for SSL_get0_chain_certs() 2019-07-17 12:38:46 +01:00
s3_msg.c Update copyright year 2018-02-13 13:59:25 +00:00
ssl_asn1.c Don't use OPENSSL_strdup() for copying alpn_selected 2018-06-21 11:07:45 +01:00
ssl_cert.c Move 'shared_sigalgs' from cert_st to ssl_st 2019-06-26 13:00:27 -05:00
ssl_cert_table.h Update copyright year 2018-03-20 13:08:46 +00:00
ssl_ciph.c Update copyright year 2019-02-26 14:05:09 +00:00
ssl_conf.c Add the ability to configure anti-replay via SSL_CONF 2018-07-02 15:06:12 +01:00
ssl_err.c Don't interleave handshake and other record types in TLSv1.3 2019-02-19 09:37:29 +00:00
ssl_init.c Update copyright year 2019-02-26 14:05:09 +00:00
ssl_lib.c Fix SSL_CTX_set_session_id_context() docs 2019-07-16 13:58:18 +01:00
ssl_locl.h Remove DRBG from SSL structure. 2019-07-16 13:25:31 +10:00
ssl_mcnf.c Move the loading of the ssl_conf module to libcrypto 2018-04-05 15:30:12 +01:00
ssl_rsa.c Update copyright year 2018-03-20 13:08:46 +00:00
ssl_sess.c Following the previous 2 commits also move ecpointformats out of session 2019-06-18 14:26:16 +01:00
ssl_stat.c Merge HRR into ServerHello 2017-12-14 15:06:37 +00:00
ssl_txt.c Address coverity-reported NULL dereference in SSL_SESSION_print() 2018-07-01 18:20:11 -05:00
ssl_utst.c Remove heartbeat support 2016-11-13 16:24:02 -05:00
t1_enc.c Update copyright year 2019-02-26 14:05:09 +00:00
t1_lib.c Fix SSL_check_chain() 2019-08-14 11:09:16 +01:00
t1_trce.c Fix ssl/t1_trce.c to parse certificate chains 2018-09-01 08:58:42 +08:00
tls13_enc.c Add missing EBCDIC strings 2019-08-14 10:52:31 +01:00
tls_srp.c Use the private RNG for data that is not public 2018-04-02 22:22:43 +02:00