wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/doc/ssl
History
Viktor Dukhovni f75b34c8c8 When strict SCT fails record verification failure 
Since with SSL_VERIFY_NONE, the connection may continue and the
session may even be cached, we should save some evidence that the
chain was not sufficiently verified and would have been rejected
with SSL_VERIFY_PEER.  To that end when a CT callback returs failure
we set the verify result to X509_V_ERR_NO_VALID_SCTS.

Note: We only run the CT callback in the first place if the verify
result is still X509_V_OK prior to start of the callback.

RT #4502

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-05-19 00:25:42 -04:00
..
d2i_SSL_SESSION.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
DTLSv1_listen.pod Update DTLSv1_listen documentation 2016-02-05 20:47:36 +00:00
OPENSSL_init_ssl.pod OPENSSL_init_ssl.pod: fix minor typo 2016-02-16 22:49:23 +01:00
ssl.pod Unify <TYPE>_up_ref methods signature and behaviour. 2016-05-16 10:17:33 +01:00
SSL_accept.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_alert_type_string.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_check_chain.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_CIPHER_get_name.pod Add cipher query functions 2016-03-08 09:19:15 -05:00
SSL_clear.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_COMP_add_compression_method.pod Fix spelling in pod files 2016-05-01 19:14:57 -04:00
SSL_CONF_cmd.pod Fix spelling in pod files 2016-05-01 19:14:57 -04:00
SSL_CONF_cmd_argv.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_CONF_CTX_new.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_CONF_CTX_set1_prefix.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_CONF_CTX_set_flags.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_CONF_CTX_set_ssl_ctx.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_connect.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_CTX_add1_chain_cert.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_CTX_add_extra_chain_cert.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_CTX_add_session.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_CTX_config.pod SSL configuration module docs 2015-12-22 15:14:14 +00:00
SSL_CTX_ctrl.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_CTX_dane_enable.pod Enabled DANE only when at least one TLSA RR was added 2016-04-22 10:41:57 -04:00
SSL_CTX_flush_sessions.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_CTX_free.pod Correct another batch of typos 2016-03-22 21:57:26 -04:00
SSL_CTX_get0_param.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_CTX_get_verify_mode.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_CTX_has_client_custom_ext.pod Documentation for new SSL functions 2016-03-04 10:50:11 -05:00
SSL_CTX_load_verify_locations.pod Complete the list of names in doc/ssl/SSL_CTX_load_verify_locations.pod 2016-05-04 20:09:10 +02:00
SSL_CTX_new.pod Unify <TYPE>_up_ref methods signature and behaviour. 2016-05-16 10:17:33 +01:00
SSL_CTX_sess_number.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_CTX_sess_set_cache_size.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_CTX_sess_set_get_cb.pod constify PACKET 2016-02-01 16:21:57 +01:00
SSL_CTX_sessions.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_CTX_set1_curves.pod Remove SSL_{CTX_}set_ecdh_auto() and always enable ECDH 2015-12-04 22:30:36 +01:00
SSL_CTX_set1_sigalgs.pod GH601: Various spelling fixes. 2016-02-05 15:25:50 -05:00
SSL_CTX_set1_verify_cert_store.pod The functions take a SSL *, not a SSL_CTX * 2015-12-23 22:30:31 +01:00
SSL_CTX_set_alpn_select_cb.pod Fix ALPN - more fixes 2016-03-20 21:09:32 -04:00
SSL_CTX_set_cert_cb.pod Turn B<...()> into ...() 2015-11-21 11:50:01 -05:00
SSL_CTX_set_cert_store.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_CTX_set_cert_verify_callback.pod Remove SSLeay history, etc., from docs 2015-10-28 17:23:51 -04:00
SSL_CTX_set_cipher_list.pod Correct another batch of typos 2016-03-22 21:57:26 -04:00
SSL_CTX_set_client_CA_list.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_CTX_set_client_cert_cb.pod Turn B<...()> into ...() 2015-11-21 11:50:01 -05:00
SSL_CTX_set_ct_validation_callback.pod When strict SCT fails record verification failure 2016-05-19 00:25:42 -04:00
SSL_CTX_set_ctlog_list_file.pod Suppress CT callback as appropriate 2016-04-07 14:41:34 -04:00
SSL_CTX_set_custom_cli_ext.pod Custom extension documentation. 2014-08-28 17:06:53 +01:00
SSL_CTX_set_default_passwd_cb.pod Provide getters for default_passwd_cb and userdata 2016-03-02 17:15:46 +00:00
SSL_CTX_set_generate_session_id.pod Remove SSLeay history, etc., from docs 2015-10-28 17:23:51 -04:00
SSL_CTX_set_info_callback.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_CTX_set_max_cert_list.pod Remove SSLeay history, etc., from docs 2015-10-28 17:23:51 -04:00
SSL_CTX_set_min_proto_version.pod Fix spelling in pod files 2016-05-01 19:14:57 -04:00
SSL_CTX_set_mode.pod RT4292: Remove ===== line 2016-02-05 12:47:46 -05:00
SSL_CTX_set_msg_callback.pod Fix typo in SSL_CTX_set_msg_callback docs 2016-02-18 14:12:19 -05:00
SSL_CTX_set_options.pod Make SSL{_CTX,}_{get,set,clear}_options functions 2016-01-11 10:51:02 -05:00
SSL_CTX_set_psk_client_callback.pod Correct another batch of typos 2016-03-22 21:57:26 -04:00
SSL_CTX_set_quiet_shutdown.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_CTX_set_read_ahead.pod Correct faulty L<> links in .pods 2016-03-19 11:39:47 +01:00
SSL_CTX_set_security_level.pod Correct another batch of typos 2016-03-22 21:57:26 -04:00
SSL_CTX_set_session_cache_mode.pod Remove SSLeay history, etc., from docs 2015-10-28 17:23:51 -04:00
SSL_CTX_set_session_id_context.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_CTX_set_split_send_fragment.pod Fix spelling in pod files 2016-05-01 19:14:57 -04:00
SSL_CTX_set_ssl_version.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_CTX_set_timeout.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_CTX_set_tlsext_status_cb.pod Add some documentation of SSL_CTX_set_tlsext_status_type() 2016-05-16 14:42:30 +01:00
SSL_CTX_set_tlsext_ticket_key_cb.pod Correct another batch of typos 2016-03-22 21:57:26 -04:00
SSL_CTX_set_tmp_dh_callback.pod Always generate DH keys for ephemeral DH cipher suites. 2015-12-23 22:26:31 +00:00
SSL_CTX_set_verify.pod fix tab-space mixed indentation 2016-05-09 09:09:55 +01:00
SSL_CTX_use_certificate.pod Fix spelling in pod files 2016-05-01 19:14:57 -04:00
SSL_CTX_use_psk_identity_hint.pod RT2518: fix pod2man errors 2014-09-08 11:18:30 -04:00
SSL_CTX_use_serverinfo.pod Issue #719: 2016-05-02 16:55:14 -04:00
SSL_do_handshake.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_free.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_get0_peer_scts.pod Add doc on when to use SCT callback. 2016-03-12 13:02:34 -05:00
SSL_get_all_async_fds.pod Refactor the async wait fd logic 2016-02-29 12:58:44 +00:00
SSL_get_ciphers.pod Add SSL_CTX_get_ciphers() 2016-04-11 09:59:04 -04:00
SSL_get_client_CA_list.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_get_client_random.pod Fix spelling in pod files 2016-05-01 19:14:57 -04:00
SSL_get_current_cipher.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_get_default_timeout.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_get_error.pod Correct documentation error 2016-05-17 14:21:06 +01:00
SSL_get_extms_support.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_get_fd.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_get_peer_cert_chain.pod Clarify resumed sessions and NULL return. 2016-02-08 02:35:51 +00:00
SSL_get_peer_certificate.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_get_psk_identity.pod add initial support for RFC 4279 PSK SSL ciphersuites 2006-03-10 23:06:27 +00:00
SSL_get_rbio.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_get_session.pod Doc fixes suggested by Claus Assmann 2016-01-27 02:02:22 -05:00
SSL_get_shared_sigalgs.pod Fix spelling in pod files 2016-05-01 19:14:57 -04:00
SSL_get_SSL_CTX.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_get_verify_result.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_get_version.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_library_init.pod Rename INIT funtions, deprecate old ones. 2016-02-10 09:37:03 -05:00
SSL_load_client_CA_file.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_new.pod Unify <TYPE>_up_ref methods signature and behaviour. 2016-05-16 10:17:33 +01:00
SSL_pending.pod Fix typo in SSL_pending docs 2016-03-07 21:42:09 +00:00
SSL_read.pod Remove some SSLv2 references 2015-10-30 09:17:22 +00:00
SSL_rstate_string.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_SESSION_free.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_SESSION_get_hostname.pod Write POD page. 2016-04-14 08:41:29 -04:00
SSL_SESSION_get_time.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_SESSION_has_ticket.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_session_reused.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_set1_host.pod DANE documentation typos 2016-01-06 14:15:12 -05:00
SSL_set_bio.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_set_connect_state.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_set_fd.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_set_session.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_set_shutdown.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_set_verify_result.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_shutdown.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_state_string.pod Fix L<> content in manpages 2015-08-21 15:11:50 -04:00
SSL_want.pod Handle no async jobs in libssl 2016-05-05 19:39:14 +01:00
SSL_write.pod Remove some SSLv2 references 2015-10-30 09:17:22 +00:00