|  | Commit message (Collapse) | Author | Age | Files | Lines | 
|---|
| ... |  | 
| | 
| 
| 
| | ok mpi@ deraadt@ | 
| | 
| 
| 
| | ok beck inoguchi jsing | 
| | 
| 
| 
| | spotted by and ok jsing@ | 
| | |  | 
| | 
| 
| 
| 
| 
| | symbol will be exposed with tb@'s forthcoming bump
ok tb@ | 
| | 
| 
| 
| | ok jsing | 
| | 
| 
| 
| | while here, also apply some minor wording improvements | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | Since we don't support session tickets in LibreSSL at the moment
these functions currently do not have any effect.
Again, symbols will appear with tb@'s reptar sized bump..
ok tb@ | 
| | |  | 
| | |  | 
| | 
| 
| 
| | ok beck jsing | 
| | 
| 
| 
| | ok beck jsing | 
| | 
| 
| 
| 
| 
| 
| | X509_get_extended_key_usage from OpenSSL. Will be linked to the build
after the bump.
input/lgtm schwarze | 
| | 
| 
| 
| 
| 
| | to the build after the bump.
tweak & lgtm schwarze | 
| | 
| 
| 
| | pointed out by schwarze | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | As these still meet the usual expectations for special, I will leave
it up to ingo to decide to either document separately or in one man
page like OpenSSL did.
Will also need Symbols.list additions by tb@ when he starts the rapture
ok tb@ jsing@ | 
| | 
| 
| 
| 
| 
| 
| | X509_get_extended_key_usage from OpenSSL. Will be linked to the build
after the bump.
input/lgtm schwarze | 
| | 
| 
| 
| 
| 
| | to the build after the bump.
tweak & lgtm schwarze | 
| | 
| 
| 
| 
| 
| 
| | These are no longer public, so we can mop them up along with the machinery
needed to set/clear them.
ok beck@ tb@ | 
| | 
| 
| 
| | the vicinity. | 
| | 
| 
| 
| | ok beck jsing | 
| | 
| 
| 
| | ok beck jsing | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | get_cert_chain() needs some error checking. return X509_V_ errors
instead of trying to overload the NULL and then whine in a comment that
this won't really work.
Fix a bug that printed only the first attribute by factoring out the
thing that did the actual printing.
Sprinkle a few changes to accessors here and there.
This is loosely based on what OpenSSL did with some simplifications by
jsing.
ok beck jsing | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | With the introduction of TLSv1.3, we need the ability to determine our
maximum legacy version and to track our peer's maximum legacy version.
This is needed for both the TLS record layer when using TLSv1.3, plus
it is needed for RSA key exhange in TLS prior to TLSv1.3, where the
maximum legacy version is incorporated in the pre-master secret to
avoid downgrade attacks.
This unbreaks RSA KEX for the TLS client when the non-version specific
method is used with TLSv1.0 or TLSv1.1 (clearly no one does this).
ok tb@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | This currently exercises various combinations of TLS versions and their
associated key exchange mechanisms. Note that this currently fails for
TLSv1.0/TLSv1.1 with RSA KEX (to be fixed shortly).
Over time all of the ssl regress should be moved into the dtls and tls
regress tests. | 
| | 
| 
| 
| | and fix some weird typos in comments (duplicate '@' signs) | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| | Now that DTLS1_STATE is opaque, fold DTLS1_STATE_INTERNAL back into
DTLS1_STATE and remove D1I() usage.
ok tb@ | 
| | 
| 
| 
| | plus .Dv NULL, SEE ALSO, HISTORY | 
| | 
| 
| 
| | ok beck jsing | 
| | 
| 
| 
| 
| 
| 
| | X509_STORE_CTX and use accessors instead of reaching directly
into the struct.
ok jsing | 
| | 
| 
| 
| 
| 
| | out of the X509_STORE_CTX.
ok jsing | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| | This code will soon be used in the DTLSv1.2 and TLSv1.2 stack. Also
introduce tls_internal.h and move/rename the read/write/flush callbacks.
ok beck@ tb@ | 
| | 
| 
| 
| | "just commit it" beck | 
| | 
| 
| 
| | ok beck jsing | 
| | 
| 
| 
| | ok beck jsing | 
| | 
| 
| 
| 
| 
| 
| 
| | Some things in ports care about calling these functions. Since we will
not provide private key logging functionality they are documented
as being for compatibility and that they don't do anything.
ok tb@ | 
| | 
| 
| 
| | ok beck jsing | 
| | 
| 
| 
| 
| 
| | encoders many moons ago. OpenSSL removed it in 2015.
ok beck jsing | 
| | 
| 
| 
| 
| | Symbols.list changes to follow with tb's upcoming bump
ok jsing@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | This function currently has a long return type that may be <= 0 on
error/retry (which is then cast to an int in order to return it up the
stack), or it returns the length of the handshake message (on success).
This obviously means that 0 can be returned for both success and failure,
which is the reason why a separate 'ok' argument has to exist.
Untangle this mess by changing the return value to an int that indicates
success (1) or error/retry (<= 0). The length never needs to actually be
returned as it is already stored in s->internal->init_num (which is where
the return value is read from anyway).
ok tb@ | 
| | |  | 
| | 
| 
| 
| | ok jsing | 
| | 
| 
| 
| 
| 
| 
| 
| | Now that SSL_SESSION is opaque, change tlsext_tick_lifetime_hint from long
to uint32_t (matching RFC4507), rather than continuing to work around an
inappropriate type choice.
ok tb@ | 
| | 
| 
| 
| | ok beck jsing | 
| | 
| 
| 
| 
| 
| | Prompted by a diff by Jonas Termansen.
ok jsing | 
| | 
| 
| 
| | ok jsing | 
| | 
| 
| 
| | for associating X.501 Attributes with private keys | 
| | 
| 
| 
| | describing five functions to change arrays of X.501 Attribute objects |