summaryrefslogtreecommitdiff
path: root/src/lib/libssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Add a cross reference to SSL_get_ex_data_X509_STORE_CTX_idx(3);schwarze2018-02-271-3/+9
| | | | | from Rich Salz <rsalz@openssl.org> via OpenSSL commit 9e183d22 Mar 11 08:56:44 2017 -0500.
* Import SSL_CTX_set_tlsext_use_srtp(3) from OpenSSL, slightly tweaked by me.schwarze2018-02-272-1/+190
|
* Add four options that exist in our tree and are documented in OpenSSL.schwarze2018-02-271-1/+9
|
* sort option list alphabetically in preparation for adding missing options;schwarze2018-02-271-28/+28
| | | | no text change
* Mention that SSL_OP_TLSEXT_PADDING no longer has any effect,schwarze2018-02-271-12/+10
| | | | | and correct the description of SSL_OP_ALL. Found by inspecting <openssl/ssl.h>.
* Merge the documentation of SSL_CIPHER_get_id(3) andschwarze2018-02-271-42/+71
| | | | | the new RETURN VALUES section from OpenSSL, tweaked by me. While here, correct the description of SSL_CIPHER_description(3).
* In ssl.h rev. 1.145 2018/02/22 17:30:25, jsing@ provided SSL_is_server(3).schwarze2018-02-271-9/+34
| | | | | Merge the documentation from OpenSSL, slightliy tweaking the wording for precision. The connection is not necessarily "working" yet.
* In ssl.h rev. 1.144 2018/02/22 17:29:24, jsing@ provided SSL_up_ref(3).schwarze2018-02-271-6/+19
| | | | Merge the documentation from OpenSSL.
* In ssl.h rev. 1.143 2018/02/22 17:27:07, jsing@ providedschwarze2018-02-261-6/+24
| | | | SSL_CTX_get_ciphers(3). Merge the documentation from OpenSSL.
* In ssl.h rev. 1.142 2018/02/22 17:25:18, jsing@ providedschwarze2018-02-261-12/+23
| | | | | SSL_SESSION_up_ref(3). Merge the documentation from OpenSSL, tweaked by me.
* In x509_vfy.h rev. 1.22 2018/02/22 17:15:09, jsing@ providedschwarze2018-02-251-3/+4
| | | | | | X509_STORE_up_ref(3). X509_STORE_new(3) and X509_STORE_free(3) have already been available earlier. Import the documentation from OpenSSL, adding some precision.
* In ssl.h rev. 1.141 2018/02/20 18:07:11, tb@ providedschwarze2018-02-247-12/+106
| | | | | SSL_SESSION_get_protocol_version(3). Import the documentation form OpenSSL, tweaked by me, OK tb@.
* Bump lib{crypto,ssl,tls} minors due to symbol additions.jsing2018-02-221-1/+1
|
* Provide SSL_is_server().jsing2018-02-223-2/+10
|
* Provide SSL_up_ref().jsing2018-02-223-3/+12
|
* Provide SSL_CTX_get_ciphers().jsing2018-02-223-2/+10
|
* Provide SSL_SESSION_up_ref().jsing2018-02-223-3/+12
|
* Crank lib{crypto,ssl,tls} minors after symbol addition.tb2018-02-201-1/+1
|
* Provide SSL_SESSION_get_protocol_version()tb2018-02-203-2/+10
| | | | ok jsing
* Merge new RETURN VALUES section; from Paul Yang viaschwarze2018-02-191-6/+35
| | | | OpenSSL commit 1f13ad31 Dec 25 17:50:39 2017 +0800 tweaked by me.
* In ssl.h rev. 1.139 2018/02/17 15:19:43 and rev. 1.140 2018/02/17 15:32:20,schwarze2018-02-182-1/+148
| | | | | | jsing@ provided SSL_get_client_random(3), SSL_get_server_random(3), and SSL_SESSION_get_master_key(3). Import the documentation from OpenSSL, with some tweaks.
* In ssl.h rev. 1.138 2018/02/17 15:13:12, jsing@ providedschwarze2018-02-182-1/+48
| | | | | SSL_CTX_get0_certificate(3). It is public in OpenSSL, too, but OpenSSL has no documentation, so write some from scratch.
* In tls1.h rev. 1.32 2018/02/17 15:08:21, jsing@ providedschwarze2018-02-181-7/+29
| | | | | | | | SSL_CTX_get_tlsext_status_cb(3) and SSL_CTX_get_tlsext_status_arg(3). Merge the documentation, mostly from Remi Gacogne <rgacogne-github at coredump dot fr> via OpenSSL commit fddfc0af Aug 6 12:54:29 2016 +0200 plus the RETURN VALUES part by me.
* Bump minor due to symbol addition.tb2018-02-181-1/+1
|
* Bump libcrypto/libssl/libtls minors due to symbol additions.tb2018-02-181-1/+1
|
* Bump libcrypto/libssl/libtls minors due to symbol additions.jsing2018-02-171-1/+1
|
* Provide SSL_SESSION_get_master_key()jsing2018-02-173-2/+22
|
* Provide SSL_get_client_random() and SSL_get_server_random()jsing2018-02-173-3/+41
|
* Provide SSL_CTX_get0_certificate()jsing2018-02-173-2/+13
|
* Provide SSL_CTX_get_tlsext_status_cb() and SSL_CTX_get_tlsext_status_arg().jsing2018-02-173-4/+24
|
* In ssl.h rev. 1.136 2018/02/14 17:08:44, jsing@ providedschwarze2018-02-141-15/+32
| | | | | | SSL_CTX_up_ref(3). Merge the related documentation from OpenSSL, but tweak the wording to be less confusing and simplify the RETURN VALUES section.
* In ssl.h rev. 1.135 2018/02/14 16:16:10, jsing@ providedschwarze2018-02-141-4/+42
| | | | | SSL_CTX_get0_param(3) and SSL_get0_param(3). Merge the related documentation from OpenSSL, with small tweaks.
* Bump lib{crypto,ssl,tls} minors due to symbol additions.jsing2018-02-141-1/+1
|
* Provide SSL_CTX_up_ref().jsing2018-02-143-2/+11
|
* Provide SSL_CTX_get0_param() and SSL_get0_param().jsing2018-02-143-5/+20
| | | | | Some applications that use X509_VERIFY_PARAM expect these to exist, since they're also part of the OpenSSL 1.0.2 API.
* Bump lib{crypto,ssl,tls} minors due to symbol addition.jsing2018-02-101-1/+1
|
* Complete the TLS extension rewrite on the client-side.jsing2018-02-084-156/+93
| | | | | | | | | | | The RI logic gets pulled up into ssl3_get_server_hello() and ssl_parse_serverhello_tlsext() gets replaced by tlsext_client_parse(), which allows a CBS to be passed all the way down. This also deduplicates the tlsext_client_build() and tlsext_server_build() code. ok beck@
* Initialize variables to avoid compiler warningsinoguchi2018-01-281-2/+2
| | | | ok jsing@
* Complete the TLS extension handling rewrite for the server-side.jsing2018-01-275-98/+86
| | | | | | | | | | | | | This removes ssl_parse_clienthello_tlsext() and allows the CBS to be passed all the way through from ssl3_get_client_hello(). The renegotation check gets pulled up into ssl3_get_client_hello() which is where other such checks exist. The TLS extension parsing now also ensures that we do not get duplicates of any known extensions (the old pre-rewrite code only did this for some extensions). ok inoguchi@
* Clarify the comment re the F5 EC curves extension bug.jsing2018-01-271-5/+6
| | | | Also reference the knowledge base article instead of a discussion thread.
* Convert ssl3_put_cipher_by_char() to CBB.jsing2018-01-271-9/+26
| | | | | | | While here make the CBS usage in ssl3_get_cipher_by_char() more consistent with other code. ok inoguchi@
* Correct TLS extensions handling when no extensions are present.jsing2017-11-281-1/+13
| | | | | | | | If no TLS extensions are present in a client hello or server hello, omit the entire extensions block, rather than including it with a length of zero. ok beck@ inoguchi@
* Add CBB_discard_child(), which allows for a child CBB to be discarded.jsing2017-11-282-2/+22
| | | | Based on BoringSSL.
* Rename ssl3_client_hello() to ssl3_send_client_hello() for consistency.jsing2017-10-122-5/+5
|
* Fold dtls1_accept() into ssl_accept(), removing a lot of duplicated code.jsing2017-10-124-556/+143
| | | | With review/feedback from inoguchi@
* Drop prototypes for ssl23_*() functions, which no longer exist.jsing2017-10-121-11/+1
|
* Convert ssl3_client_hello() to CBB.jsing2017-10-114-93/+64
| | | | | | | As part of this, change ssl_cipher_list_to_bytes() to take a CBB argument, rather than a pointer/length. Some additional clean up/renames while here. Based on a diff from doug@
* Fully convert ssl3_send_server_hello() to CBB.jsing2017-10-113-53/+19
| | | | Based on a diff from doug@
* Make ssl_bytes_to_cipher_list() take a CBS, rather than a pointer andjsing2017-10-103-29/+19
| | | | | length, since the caller has already been converted to CBS. A small amount of additional clean up whilst here.
* ((remove) (some) (unnecessary) (parentheses))jsing2017-10-101-4/+4
| | | | Part of a diff from doug@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-24 18:39:31 +0000