openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	Rename uses 'curve' to 'group' and rework tls1 group API.	tb	2022-07-02	1	-8/+8
\| \| \| \| \| \| \| \| \| \|	This reworks various tls1_ curve APIs to indicate success via a boolean return value and move the output to an out parameter. This makes the caller code easier and more consistent. Based on a suggestion by jsing ok jsing
*	Check security level for supported groups.	tb	2022-06-30	1	-1/+24
\| \| \| \|	ok jsing
*	Rename variable from tls_version to version since it could also be	tb	2022-06-30	1	-3/+3
\| \| \| \|	a DTLS version at this point.
*	Add checks to ensure we do not initiate or negotiate handshakes with	tb	2022-06-30	1	-1/+7
\| \| \| \| \| \|	versions below the minimum required by the security level. input & ok jsing
*	Remove obj_mac.h include. Requested by jsing	tb	2022-06-30	1	-2/+1
\|
*	Don't check the signature if a cert is self signed.	tb	2022-06-29	1	-2/+7
\| \| \| \|	ok beck jsing
*	Add functions that check security level in certs and cert chains.	tb	2022-06-29	1	-1/+142
\| \| \| \|	ok beck jsing
*	missing blank line	tb	2022-06-29	1	-1/+2
\|
*	Also check the security level of the 'tmp dh'	tb	2022-06-29	1	-1/+11
\| \| \| \|	ok beck jsing
*	Check the security of DH key shares	tb	2022-06-29	1	-1/+12
\| \| \| \|	ok beck, looks good to jsing
*	Add a period to a comment	tb	2022-06-28	1	-2/+2
\| \| \| \|	Pointed out by jsing
*	Security level >= 3 requires a ciphersuite with PFS	tb	2022-06-28	1	-3/+4
\| \| \| \|	ok beck jsing sthen
*	Add a secop handler for tmp_dh	tb	2022-06-28	1	-1/+19
\| \| \| \| \| \| \|	This disallows DHE keys weaker than 1024 bits at level 0 to match OpenSSL behavior. ok beck jsing sthen
*	Implement ssl{,_ctx}_security()	tb	2022-06-28	1	-1/+15
\| \| \| \|	ok beck jsing sthen
*	Implement the default security level callback	tb	2022-06-28	1	-0/+194
	And here is where the fun starts. The tentacles will grow everywhere. ok beck jsing sthen