| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
| |
No change to generated assembly.
|
| |
|
|
|
|
|
|
|
|
| |
This fixes a bug where by a TLS server with SNI would always only return
the OCSP staple for the default keypair, rather than returning the OCSP
staple associated with the keypair that was selected via SNI.
Issue reported by William Graeber and confirmed by Andreas Bartelt.
Fix tested by William Graeber and Andreas Bartelt - thanks!
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
SSL_get_peer_certificate() increases the ref count whereas extra_certs
do not because SSL_get_peer_cert_chain() won't increase ref counts.
OK beck@
|
| |
|
|
|
|
|
| |
so that it does not send back bogus staples when SNI is in use.
(Further change is required to be able to use staples on all keypairs
and not just the main one)
ok jsing@
|
| |
|
|
| |
ok jmc@
|
| |
|
|
| |
Add support for server side OCSP stapling to netcat.
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
| |
functions.. document with a man page.
bump majors on libtls, libssl, libcrypto
ok jsing@ guenther@
|
| |
|
|
|
|
| |
to indicate that it requires the peer to provide a stapled OCSP response
with the handshake. Provide a "-T muststaple" for nc that uses it.
ok jsing@, guenther@
|
| |
|
|
|
| |
or certificate validation.
ok jsing@
|
| |
|
|
|
| |
split out internals of OCSP verification to allow callback
to verify before TLS handshake is complete
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok jsing@
|
|
|
- Provide access to certificate OCSP URL
- Provide ability to check a raw OCSP reply against an
established TLS ctx
- Check and validate OCSP stapling info in the TLS handshake
if a stapled OCSP response is provided.`
Add example code to show OCSP URL and stapled info
into netcat.
ok jsing@
|
