| Commit message (Expand) | Author | Age | Files | Lines |
|---|
| * | Align tls13_server_select_certificate() with | tb | 2020-06-04 | 1 | -3/+7 |
| * | Improve client certificate selection for TLSv1.3 | tb | 2020-06-04 | 1 | -16/+80 |
| * | mention that TLS_method(3) also supports TLSv1.3; | schwarze | 2020-06-04 | 1 | -3/+3 |
| * | Collapse the x509v3 directory into x509. | jsing | 2020-06-04 | 38 | -47/+44 |
| * | new manual page PKCS7_add_attribute(3); | schwarze | 2020-06-04 | 7 | -12/+201 |
| * | Properly document PKCS7_final(3), which was already mentioned | schwarze | 2020-06-03 | 10 | -32/+263 |
| * | Remove const modifier in return type of tls13_handshake_active_state() | tb | 2020-06-02 | 1 | -3/+3 |
| * | distracting whitespace | tb | 2020-06-02 | 1 | -5/+5 |
| * | Split the handling of post handshake handshake messages into its | tb | 2020-06-01 | 1 | -55/+44 |
| * | Remove expired certificate, ok tb@ | sthen | 2020-06-01 | 1 | -53/+1 |
| * | Send an illegal_parameter alert if a client sends us invalid DH key | tb | 2020-06-01 | 1 | -3/+15 |
| * | Add a mechanism to set an alert in those parts of the read half of | tb | 2020-06-01 | 1 | -3/+21 |
| * | bump to LibreSSL 3.2.1libressl-v3.2.0 | bcook | 2020-06-01 | 1 | -3/+3 |
| * | Replace ssl_max_server_version() with ssl_downgrade_max_version() | jsing | 2020-05-31 | 3 | -30/+6 |
| * | When building a chain look for non-expired certificates first. | jsing | 2020-05-31 | 1 | -8/+29 |
| * | Correct downgrade sentinels when a version pinned method is in use. | jsing | 2020-05-31 | 4 | -7/+40 |
| * | Improve server certificate selection for TLSv1.3. | jsing | 2020-05-29 | 2 | -23/+94 |
| * | Handle the case where we receive a valid 0 byte application data record. | jsing | 2020-05-29 | 1 | -1/+10 |
| * | Wire up the servername callback in the TLSv1.3 server. | jsing | 2020-05-29 | 3 | -3/+45 |
| * | Mop up servername_done, which is unused. | jsing | 2020-05-29 | 3 | -14/+3 |
| * | This patch fixes one bug and one instance of undesirable behaviour. | schwarze | 2020-05-27 | 1 | -9/+1 |
| * | document PKCS7_dataFinal(3); | schwarze | 2020-05-27 | 3 | -3/+162 |
| * | minor cleanup ahead of the following work: | schwarze | 2020-05-26 | 1 | -12/+14 |
| * | Add additional length checks for TLSv1.3 plaintext and inner plaintext. | jsing | 2020-05-26 | 1 | -1/+6 |
| * | Fix some stylistic nits from jsing. | tb | 2020-05-24 | 1 | -8/+11 |
| * | Clear SSL_MODE_AUTO_RETRY in libtls, since we handle WANT_POLLIN correctly. | jsing | 2020-05-24 | 1 | -1/+3 |
| * | Minimally document PKCS7_dataInit(3). | schwarze | 2020-05-24 | 4 | -5/+215 |
| * | Briefly mention the obsolete function OPENSSL_init(3). | schwarze | 2020-05-24 | 1 | -7/+23 |
| * | Enforce that SNI hostnames be correct as per rfc 6066 and 5980. | beck | 2020-05-23 | 2 | -17/+80 |
| * | Enable SSL_MODE_AUTO_RETRY by default. | jsing | 2020-05-23 | 1 | -1/+2 |
| * | Wire up SSL_MODE_AUTO_RETRY mode to retrying after PHH messages. | jsing | 2020-05-23 | 2 | -2/+8 |
| * | Provide the option to retry or return after post-handshake messages. | jsing | 2020-05-23 | 2 | -4/+16 |
| * | fix a confusingly wrapped line | tb | 2020-05-23 | 1 | -3/+3 |
| * | Do not assume that server_group != 0 or tlsext_supportedgroups != NULL | tb | 2020-05-23 | 2 | -9/+15 |
| * | Ensure we only attach an ocsp staple to a leaf certificate, because | beck | 2020-05-22 | 2 | -5/+16 |
| * | Simplify: transform a dangling else into an early return and | tb | 2020-05-21 | 1 | -20/+20 |
| * | Make ssl_set_cert_masks() more consistent and closer to readable. | jsing | 2020-05-21 | 1 | -44/+27 |
| * | Avoid a shadowing issue by renaming cbs and cbb to cbb_hs and cbb_hs, | tb | 2020-05-21 | 1 | -8/+7 |
| * | A failure of tls13_handshake_msg_new() could lead to a NULL deref | tb | 2020-05-21 | 1 | -11/+15 |
| * | Actually set the hrr flag when sending a HelloRetryRequest. | jsing | 2020-05-21 | 1 | -1/+3 |
| * | Revert 1.43 - this fix for PHH in blocking mode breaks SSL_accept and | beck | 2020-05-20 | 1 | -2/+2 |
| * | new manual page for PKCS7_set_content(3) and PKCS7_content_new(3); | schwarze | 2020-05-20 | 4 | -5/+127 |
| * | Replace SSL_PKEY_RSA_ENC/SSL_PKEY_RSA_SIGN with SSL_PKEY_RSA. | jsing | 2020-05-19 | 8 | -46/+31 |
| * | Only send ocsp staples if the client asked for ocsp certificate status. | beck | 2020-05-19 | 1 | -1/+2 |
| * | Add support for TLS 1.3 server to send certificate status | beck | 2020-05-19 | 5 | -15/+38 |
| * | Send alerts back correctly when handling key shares, including | beck | 2020-05-17 | 1 | -8/+19 |
| * | Free handshake message correctly, noticed by tb@ | beck | 2020-05-17 | 1 | -2/+2 |
| * | As done everywhere else, use a local version of MINIMUM() and avoid | deraadt | 2020-05-17 | 5 | -21/+21 |
| * | Send a decode error alert if a server provides an empty certificate list. | jsing | 2020-05-17 | 1 | -2/+2 |
| * | Return TLS13_IO_WANT_POLLIN after processing post-handshake messages. | jsing | 2020-05-16 | 1 | -2/+2 |
