| Commit message (Expand) | Author | Age | Files | Lines |
|---|
| * | Ensure we only attach an ocsp staple to a leaf certificate, because | beck | 2020-05-22 | 2 | -5/+16 |
| * | Simplify: transform a dangling else into an early return and | tb | 2020-05-21 | 1 | -20/+20 |
| * | Make ssl_set_cert_masks() more consistent and closer to readable. | jsing | 2020-05-21 | 1 | -44/+27 |
| * | Avoid a shadowing issue by renaming cbs and cbb to cbb_hs and cbb_hs, | tb | 2020-05-21 | 1 | -8/+7 |
| * | A failure of tls13_handshake_msg_new() could lead to a NULL deref | tb | 2020-05-21 | 1 | -11/+15 |
| * | Actually set the hrr flag when sending a HelloRetryRequest. | jsing | 2020-05-21 | 1 | -1/+3 |
| * | Revert 1.43 - this fix for PHH in blocking mode breaks SSL_accept and | beck | 2020-05-20 | 1 | -2/+2 |
| * | Replace SSL_PKEY_RSA_ENC/SSL_PKEY_RSA_SIGN with SSL_PKEY_RSA. | jsing | 2020-05-19 | 8 | -46/+31 |
| * | Only send ocsp staples if the client asked for ocsp certificate status. | beck | 2020-05-19 | 1 | -1/+2 |
| * | Add support for TLS 1.3 server to send certificate status | beck | 2020-05-19 | 5 | -15/+38 |
| * | Send alerts back correctly when handling key shares, including | beck | 2020-05-17 | 1 | -8/+19 |
| * | Free handshake message correctly, noticed by tb@ | beck | 2020-05-17 | 1 | -2/+2 |
| * | Send a decode error alert if a server provides an empty certificate list. | jsing | 2020-05-17 | 1 | -2/+2 |
| * | Return TLS13_IO_WANT_POLLIN after processing post-handshake messages. | jsing | 2020-05-16 | 1 | -2/+2 |
| * | Ensure that a TLSv1.3 server has provided a certificate. | jsing | 2020-05-16 | 1 | -1/+9 |
| * | Add TLS13_ERR_NO_CERTIFICATE. | jsing | 2020-05-16 | 2 | -3/+7 |
| * | Avoid sending an empty certificate list from the TLSv1.3 server. | jsing | 2020-05-16 | 1 | -5/+8 |
| * | Fix pesky whitespace. | jsing | 2020-05-13 | 1 | -2/+2 |
| * | Remove a no longer relevant XXX comment. | jsing | 2020-05-13 | 1 | -3/+1 |
| * | Switch back to the legacy stack where the maximum is less than TLSv1.3. | jsing | 2020-05-13 | 1 | -2/+2 |
| * | Switch the legacy version to TLS1_2_VERSION when processing server hello. | jsing | 2020-05-13 | 1 | -2/+2 |
| * | there should only be one i in gratuitous | tb | 2020-05-12 | 1 | -3/+3 |
| * | Enable the TLSv1.3 server. | jsing | 2020-05-11 | 1 | -1/+5 |
| * | Propagate record overflows to the record layer and alert. | jsing | 2020-05-11 | 3 | -6/+8 |
| * | Add record version checks. | jsing | 2020-05-11 | 3 | -18/+28 |
| * | Set the record layer legacy version from the TLSv1.3 server. | jsing | 2020-05-11 | 1 | -1/+5 |
| * | Provide an alert sent record layer callback. | jsing | 2020-05-11 | 4 | -8/+29 |
| * | Move the record layer callbacks into a struct. | jsing | 2020-05-11 | 3 | -35/+33 |
| * | Use ssl_get_new_session() in the TLSv1.3 server. | jsing | 2020-05-11 | 1 | -4/+3 |
| * | Send dummy ChangeCipherSpec messages from the TLSv1.3 server | tb | 2020-05-10 | 3 | -3/+41 |
| * | Honour SSL_VERIFY_FAIL_IF_NO_PEER_CERT in the TLSv1.3 server. | jsing | 2020-05-10 | 3 | -8/+16 |
| * | Provide alert defines for TLSv1.3 and use in the TLSv1.3 code. | jsing | 2020-05-10 | 7 | -65/+97 |
| * | Provide an easy way to get debug information from TLSv1.3 handshakes. | jsing | 2020-05-10 | 2 | -3/+61 |
| * | Use size_t for OCSP response length. | jsing | 2020-05-10 | 8 | -27/+35 |
| * | Only reset TLS extension state when parsing client hello or server hello. | jsing | 2020-05-10 | 1 | -5/+7 |
| * | Correct tlsext_ocsp_resplen check. | jsing | 2020-05-10 | 1 | -2/+2 |
| * | Back out server side CCS sending. It breaks TLSv1.3 client communication | tb | 2020-05-09 | 3 | -34/+3 |
| * | Forcibly ensure that only PSS may be used with RSA in TLS 1.3. | beck | 2020-05-09 | 1 | -2/+8 |
| * | Send dummy ChangeCipherSpec messages from the TLSv1.3 server | tb | 2020-05-09 | 3 | -3/+34 |
| * | Send dummy ChangeCipherSpec messages from the TLSv1.3 client. | jsing | 2020-05-09 | 4 | -6/+45 |
| * | Correct return value check to handle TLS13_IO_EOF case. | jsing | 2020-05-09 | 1 | -2/+2 |
| * | Add a middlebox_compat flag and condition session ID randomisation on it. | jsing | 2020-05-09 | 3 | -4/+7 |
| * | Add support for certificate status requests in TLS 1.3 client | beck | 2020-05-09 | 4 | -12/+81 |
| * | Make the test for the legacy_compression_method vector in the ClientHello | tb | 2020-05-09 | 1 | -12/+7 |
| * | Drop a redundant test. It's effectively doing the same test twice | tb | 2020-05-09 | 1 | -3/+2 |
| * | On receiving an overlong session ID terminate with an illegal_parameter | tb | 2020-05-09 | 1 | -1/+6 |
| * | Add support for HelloRetryRequests in the TLSv1.3 server. | jsing | 2020-05-09 | 2 | -10/+73 |
| * | crazy whitespace on one line | tb | 2020-05-09 | 1 | -2/+2 |
| * | Pull the sending of alerts up into tls13_handshake_perform(). | jsing | 2020-05-09 | 1 | -14/+11 |
| * | Refactor tls13_server_hello_sent(). | jsing | 2020-05-09 | 1 | -30/+36 |
