| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Reword a comment | tb | 2022-07-03 | 1 | -2/+2 |
| | | |||||
| * | Unwrap a line | tb | 2022-07-03 | 1 | -3/+2 |
| | | |||||
| * | Stop using ssl{_ctx,}_security() outside of ssl_seclevel.c | tb | 2022-07-02 | 1 | -2/+43 |
| | | | | | | | | | | The API is ugly and we can easily abstract it away. The SSL_SECOP_* stuff is now confined into ssl_seclevel.c and the rest of the library can make use of the more straightforward wrappers, which makes it a lot easier on the eyes. ok beck jsing | ||||
| * | Rename uses 'curve' to 'group' and rework tls1 group API. | tb | 2022-07-02 | 1 | -8/+8 |
| | | | | | | | | | | | This reworks various tls1_ curve APIs to indicate success via a boolean return value and move the output to an out parameter. This makes the caller code easier and more consistent. Based on a suggestion by jsing ok jsing | ||||
| * | Check security level for supported groups. | tb | 2022-06-30 | 1 | -1/+24 |
| | | | | | ok jsing | ||||
| * | Rename variable from tls_version to version since it could also be | tb | 2022-06-30 | 1 | -3/+3 |
| | | | | | a DTLS version at this point. | ||||
| * | Add checks to ensure we do not initiate or negotiate handshakes with | tb | 2022-06-30 | 1 | -1/+7 |
| | | | | | | | versions below the minimum required by the security level. input & ok jsing | ||||
| * | Remove obj_mac.h include. Requested by jsing | tb | 2022-06-30 | 1 | -2/+1 |
| | | |||||
| * | Don't check the signature if a cert is self signed. | tb | 2022-06-29 | 1 | -2/+7 |
| | | | | | ok beck jsing | ||||
| * | Add functions that check security level in certs and cert chains. | tb | 2022-06-29 | 1 | -1/+142 |
| | | | | | ok beck jsing | ||||
| * | missing blank line | tb | 2022-06-29 | 1 | -1/+2 |
| | | |||||
| * | Also check the security level of the 'tmp dh' | tb | 2022-06-29 | 1 | -1/+11 |
| | | | | | ok beck jsing | ||||
| * | Check the security of DH key shares | tb | 2022-06-29 | 1 | -1/+12 |
| | | | | | ok beck, looks good to jsing | ||||
| * | Add a period to a comment | tb | 2022-06-28 | 1 | -2/+2 |
| | | | | | Pointed out by jsing | ||||
| * | Security level >= 3 requires a ciphersuite with PFS | tb | 2022-06-28 | 1 | -3/+4 |
| | | | | | ok beck jsing sthen | ||||
| * | Add a secop handler for tmp_dh | tb | 2022-06-28 | 1 | -1/+19 |
| | | | | | | | | This disallows DHE keys weaker than 1024 bits at level 0 to match OpenSSL behavior. ok beck jsing sthen | ||||
| * | Implement ssl{,_ctx}_security() | tb | 2022-06-28 | 1 | -1/+15 |
| | | | | | ok beck jsing sthen | ||||
| * | Implement the default security level callback | tb | 2022-06-28 | 1 | -0/+194 |
| And here is where the fun starts. The tentacles will grow everywhere. ok beck jsing sthen | |||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |