| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
tls_config_insecure_noverifyname(), so that it is more accurate and keeps
inline with the distinction between DNS hostname and server name.
Requested by tedu@ during s2k15.
|
| |
|
|
| |
configuration.
|
| |
|
|
|
|
|
| |
be those that are TLSv1.2 with AEAD and PFS. Provide a "compat" mode that
allows the previous default ciphers to be selected.
Discussed with tedu@ during s2k15.
|
| |
|
|
|
|
|
|
|
| |
to be converted into a libtls protocols value. This allows for things like:
"tlsv1.0,tlsv1.1" (TLSv1.0 and TLSv1.1)
"all,!tlsv1.0" (all protocols except TLSv1.0)
Discussed with tedu@ and reyk@
|
| |
|
|
| |
Found by reyk@
|
| |
|
|
|
|
|
|
|
|
| |
to an actual host and use "servername" when referring to the name of the
TLS server that we expect to be indentified in the server certificate.
Likewise, rename verify_host to verify_name and use the term "name"
throughout the verification code (rather than host or hostname).
Requested by and ok tedu@
|
| |
|
|
|
|
|
|
|
| |
use for DHE. This enables the use of DHE cipher suites.
Rename tls_config_set_ecdhcurve() to tls_config_set_ecdhecurve() since it
is only used to specify the curve for ephemeral ECDH.
Discussed with reyk@
|
| |
|
|
|
|
|
|
| |
specifying a file. This enables CA verification in privsep'ed
processes that are running chroot'ed without direct access to the
certificate files.
With feedback, tests, and OK from bluhm@
|
|
|
distinguish between LibreSSL (the project) and libressl (the library).
Discussed with many.
|
