| Commit message (Collapse) | Author | Age | Files | Lines | ||
|---|---|---|---|---|---|---|
| ... | ||||||
| * | In ssl.h rev. 1.141 2018/02/20 18:07:11, tb@ provided | schwarze | 2018-02-24 | 7 | -12/+106 | |
| | | | | | | SSL_SESSION_get_protocol_version(3). Import the documentation form OpenSSL, tweaked by me, OK tb@. | |||||
| * | Bump lib{crypto,ssl,tls} minors due to symbol additions. | jsing | 2018-02-22 | 1 | -1/+1 | |
| | | ||||||
| * | Provide SSL_is_server(). | jsing | 2018-02-22 | 3 | -2/+10 | |
| | | ||||||
| * | Provide SSL_up_ref(). | jsing | 2018-02-22 | 3 | -3/+12 | |
| | | ||||||
| * | Provide SSL_CTX_get_ciphers(). | jsing | 2018-02-22 | 3 | -2/+10 | |
| | | ||||||
| * | Provide SSL_SESSION_up_ref(). | jsing | 2018-02-22 | 3 | -3/+12 | |
| | | ||||||
| * | Crank lib{crypto,ssl,tls} minors after symbol addition. | tb | 2018-02-20 | 1 | -1/+1 | |
| | | ||||||
| * | Provide SSL_SESSION_get_protocol_version() | tb | 2018-02-20 | 3 | -2/+10 | |
| | | | | | ok jsing | |||||
| * | Merge new RETURN VALUES section; from Paul Yang via | schwarze | 2018-02-19 | 1 | -6/+35 | |
| | | | | | OpenSSL commit 1f13ad31 Dec 25 17:50:39 2017 +0800 tweaked by me. | |||||
| * | In ssl.h rev. 1.139 2018/02/17 15:19:43 and rev. 1.140 2018/02/17 15:32:20, | schwarze | 2018-02-18 | 2 | -1/+148 | |
| | | | | | | | jsing@ provided SSL_get_client_random(3), SSL_get_server_random(3), and SSL_SESSION_get_master_key(3). Import the documentation from OpenSSL, with some tweaks. | |||||
| * | In ssl.h rev. 1.138 2018/02/17 15:13:12, jsing@ provided | schwarze | 2018-02-18 | 2 | -1/+48 | |
| | | | | | | SSL_CTX_get0_certificate(3). It is public in OpenSSL, too, but OpenSSL has no documentation, so write some from scratch. | |||||
| * | In tls1.h rev. 1.32 2018/02/17 15:08:21, jsing@ provided | schwarze | 2018-02-18 | 1 | -7/+29 | |
| | | | | | | | | | SSL_CTX_get_tlsext_status_cb(3) and SSL_CTX_get_tlsext_status_arg(3). Merge the documentation, mostly from Remi Gacogne <rgacogne-github at coredump dot fr> via OpenSSL commit fddfc0af Aug 6 12:54:29 2016 +0200 plus the RETURN VALUES part by me. | |||||
| * | Bump minor due to symbol addition. | tb | 2018-02-18 | 1 | -1/+1 | |
| | | ||||||
| * | Bump libcrypto/libssl/libtls minors due to symbol additions. | tb | 2018-02-18 | 1 | -1/+1 | |
| | | ||||||
| * | Bump libcrypto/libssl/libtls minors due to symbol additions. | jsing | 2018-02-17 | 1 | -1/+1 | |
| | | ||||||
| * | Provide SSL_SESSION_get_master_key() | jsing | 2018-02-17 | 3 | -2/+22 | |
| | | ||||||
| * | Provide SSL_get_client_random() and SSL_get_server_random() | jsing | 2018-02-17 | 3 | -3/+41 | |
| | | ||||||
| * | Provide SSL_CTX_get0_certificate() | jsing | 2018-02-17 | 3 | -2/+13 | |
| | | ||||||
| * | Provide SSL_CTX_get_tlsext_status_cb() and SSL_CTX_get_tlsext_status_arg(). | jsing | 2018-02-17 | 3 | -4/+24 | |
| | | ||||||
| * | In ssl.h rev. 1.136 2018/02/14 17:08:44, jsing@ provided | schwarze | 2018-02-14 | 1 | -15/+32 | |
| | | | | | | | SSL_CTX_up_ref(3). Merge the related documentation from OpenSSL, but tweak the wording to be less confusing and simplify the RETURN VALUES section. | |||||
| * | In ssl.h rev. 1.135 2018/02/14 16:16:10, jsing@ provided | schwarze | 2018-02-14 | 1 | -4/+42 | |
| | | | | | | SSL_CTX_get0_param(3) and SSL_get0_param(3). Merge the related documentation from OpenSSL, with small tweaks. | |||||
| * | Bump lib{crypto,ssl,tls} minors due to symbol additions. | jsing | 2018-02-14 | 1 | -1/+1 | |
| | | ||||||
| * | Provide SSL_CTX_up_ref(). | jsing | 2018-02-14 | 3 | -2/+11 | |
| | | ||||||
| * | Provide SSL_CTX_get0_param() and SSL_get0_param(). | jsing | 2018-02-14 | 3 | -5/+20 | |
| | | | | | | Some applications that use X509_VERIFY_PARAM expect these to exist, since they're also part of the OpenSSL 1.0.2 API. | |||||
| * | Bump lib{crypto,ssl,tls} minors due to symbol addition. | jsing | 2018-02-10 | 1 | -1/+1 | |
| | | ||||||
| * | Complete the TLS extension rewrite on the client-side. | jsing | 2018-02-08 | 4 | -156/+93 | |
| | | | | | | | | | | | | The RI logic gets pulled up into ssl3_get_server_hello() and ssl_parse_serverhello_tlsext() gets replaced by tlsext_client_parse(), which allows a CBS to be passed all the way down. This also deduplicates the tlsext_client_build() and tlsext_server_build() code. ok beck@ | |||||
| * | Initialize variables to avoid compiler warnings | inoguchi | 2018-01-28 | 1 | -2/+2 | |
| | | | | | ok jsing@ | |||||
| * | Complete the TLS extension handling rewrite for the server-side. | jsing | 2018-01-27 | 5 | -98/+86 | |
| | | | | | | | | | | | | | | This removes ssl_parse_clienthello_tlsext() and allows the CBS to be passed all the way through from ssl3_get_client_hello(). The renegotation check gets pulled up into ssl3_get_client_hello() which is where other such checks exist. The TLS extension parsing now also ensures that we do not get duplicates of any known extensions (the old pre-rewrite code only did this for some extensions). ok inoguchi@ | |||||
| * | Clarify the comment re the F5 EC curves extension bug. | jsing | 2018-01-27 | 1 | -5/+6 | |
| | | | | | Also reference the knowledge base article instead of a discussion thread. | |||||
| * | Convert ssl3_put_cipher_by_char() to CBB. | jsing | 2018-01-27 | 1 | -9/+26 | |
| | | | | | | | | While here make the CBS usage in ssl3_get_cipher_by_char() more consistent with other code. ok inoguchi@ | |||||
| * | Correct TLS extensions handling when no extensions are present. | jsing | 2017-11-28 | 1 | -1/+13 | |
| | | | | | | | | | If no TLS extensions are present in a client hello or server hello, omit the entire extensions block, rather than including it with a length of zero. ok beck@ inoguchi@ | |||||
| * | Add CBB_discard_child(), which allows for a child CBB to be discarded. | jsing | 2017-11-28 | 2 | -2/+22 | |
| | | | | | Based on BoringSSL. | |||||
| * | Rename ssl3_client_hello() to ssl3_send_client_hello() for consistency. | jsing | 2017-10-12 | 2 | -5/+5 | |
| | | ||||||
| * | Fold dtls1_accept() into ssl_accept(), removing a lot of duplicated code. | jsing | 2017-10-12 | 4 | -556/+143 | |
| | | | | | With review/feedback from inoguchi@ | |||||
| * | Drop prototypes for ssl23_*() functions, which no longer exist. | jsing | 2017-10-12 | 1 | -11/+1 | |
| | | ||||||
| * | Convert ssl3_client_hello() to CBB. | jsing | 2017-10-11 | 4 | -93/+64 | |
| | | | | | | | | As part of this, change ssl_cipher_list_to_bytes() to take a CBB argument, rather than a pointer/length. Some additional clean up/renames while here. Based on a diff from doug@ | |||||
| * | Fully convert ssl3_send_server_hello() to CBB. | jsing | 2017-10-11 | 3 | -53/+19 | |
| | | | | | Based on a diff from doug@ | |||||
| * | Make ssl_bytes_to_cipher_list() take a CBS, rather than a pointer and | jsing | 2017-10-10 | 3 | -29/+19 | |
| | | | | | | length, since the caller has already been converted to CBS. A small amount of additional clean up whilst here. | |||||
| * | ((remove) (some) (unnecessary) (parentheses)) | jsing | 2017-10-10 | 1 | -4/+4 | |
| | | | | | Part of a diff from doug@ | |||||
| * | Merge dtls1_connect() into ssl3_connect(), removing a large amount of | jsing | 2017-10-10 | 4 | -459/+117 | |
| | | | | | | | | | duplicated code. For now this is essentially adds a diff of the two functions with 'if (SSL_IS_DTLS(s))' - further clean up and improvement will follow. ok inoguchi@ | |||||
| * | Reduce non-functional differences between dtls1_accept() and | jsing | 2017-10-08 | 1 | -34/+42 | |
| | | | | | ssl3_accept() - synchronise comments, whitespace, line wrapping, etc. | |||||
| * | Reduce non-functional differences between dtls1_connect() and | jsing | 2017-10-08 | 1 | -32/+38 | |
| | | | | | ssl3_connect() - synchronise comments, whitespace, line wrapping, etc. | |||||
| * | Fix some style/whitespace/indentation issues in ssl3_accept(). | jsing | 2017-10-08 | 1 | -25/+14 | |
| | | ||||||
| * | Fix some style/whitespace/indentation issues in ssl3_connect(). | jsing | 2017-10-08 | 1 | -10/+9 | |
| | | ||||||
| * | Convert ssl3_send_change_cipher_spec() to use CBB and make it handle DTLS, | jsing | 2017-10-08 | 6 | -57/+52 | |
| | | | | | | | which allows us to drop dtls1_send_change_cipher_spec() entirely. ok inoguchi@ | |||||
| * | Annotate some API-side memory leaks for future resolution. | jsing | 2017-09-25 | 1 | -1/+3 | |
| | | ||||||
| * | Fix various issues in the OCSP extension parsing code: | jsing | 2017-09-25 | 1 | -20/+14 | |
| | | | | | | | | | | | | | | | | | | | - When parsing the OCSP extension we can have multiple responder IDs - pull these out correctly. - Stop using CBS_stow() - it's unnecessary since we just need access to the data and length (which we can get via CBS_data() and CBS_len()). - Use a temporary pointer when calling d2i_*() functions, since it will increment the pointer by the number of bytes it consumed when decoding. The original code incorrectly passes the pointer allocated via CBS_stow() (using malloc()) to a d2i_*() function and then calls free() on the now incremented pointer, most likely resulting in a crash. This issue was reported by Robert Swiecki who found the issue using honggfuzz. ok beck@ | |||||
| * | When building the OCSP extension, only add the length prefixed extensions | jsing | 2017-09-25 | 1 | -6/+6 | |
| | | | | | | | | after we finish building the responder ID list. Otherwise adding to the responder ID list fails. ok beck@ | |||||
| * | Move the full extension building into tlsext_{client,server}hello_build(), | jsing | 2017-08-30 | 2 | -47/+26 | |
| | | | | | | | leaving ssl_add_{client,server}hello_tlsext() as pointer to CBB wrappers. ok doug@ | |||||
| * | Bump libssl/libtls minors due to symbol (re)addition. | jsing | 2017-08-30 | 1 | -1/+1 | |
| | | ||||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |