| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
get_cert_chain() needs some error checking. return X509_V_ errors
instead of trying to overload the NULL and then whine in a comment that
this won't really work.
Fix a bug that printed only the first attribute by factoring out the
thing that did the actual printing.
Sprinkle a few changes to accessors here and there.
This is loosely based on what OpenSSL did with some simplifications by
jsing.
ok beck jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the introduction of TLSv1.3, we need the ability to determine our
maximum legacy version and to track our peer's maximum legacy version.
This is needed for both the TLS record layer when using TLSv1.3, plus
it is needed for RSA key exhange in TLS prior to TLSv1.3, where the
maximum legacy version is incorporated in the pre-master secret to
avoid downgrade attacks.
This unbreaks RSA KEX for the TLS client when the non-version specific
method is used with TLSv1.0 or TLSv1.1 (clearly no one does this).
ok tb@
|
| |
|
|
|
|
|
|
|
| |
This currently exercises various combinations of TLS versions and their
associated key exchange mechanisms. Note that this currently fails for
TLSv1.0/TLSv1.1 with RSA KEX (to be fixed shortly).
Over time all of the ssl regress should be moved into the dtls and tls
regress tests.
|
| |
|
|
| |
and fix some weird typos in comments (duplicate '@' signs)
|
| | |
|
| |
|
|
|
|
|
| |
Now that DTLS1_STATE is opaque, fold DTLS1_STATE_INTERNAL back into
DTLS1_STATE and remove D1I() usage.
ok tb@
|
| |
|
|
| |
plus .Dv NULL, SEE ALSO, HISTORY
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
|
|
|
| |
X509_STORE_CTX and use accessors instead of reaching directly
into the struct.
ok jsing
|
| |
|
|
|
|
| |
out of the X509_STORE_CTX.
ok jsing
|
| | |
|
| |
|
|
|
|
|
| |
This code will soon be used in the DTLSv1.2 and TLSv1.2 stack. Also
introduce tls_internal.h and move/rename the read/write/flush callbacks.
ok beck@ tb@
|
| |
|
|
| |
"just commit it" beck
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
|
|
|
|
| |
Some things in ports care about calling these functions. Since we will
not provide private key logging functionality they are documented
as being for compatibility and that they don't do anything.
ok tb@
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
|
|
| |
encoders many moons ago. OpenSSL removed it in 2015.
ok beck jsing
|
| |
|
|
|
| |
Symbols.list changes to follow with tb's upcoming bump
ok jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This function currently has a long return type that may be <= 0 on
error/retry (which is then cast to an int in order to return it up the
stack), or it returns the length of the handshake message (on success).
This obviously means that 0 can be returned for both success and failure,
which is the reason why a separate 'ok' argument has to exist.
Untangle this mess by changing the return value to an int that indicates
success (1) or error/retry (<= 0). The length never needs to actually be
returned as it is already stored in s->internal->init_num (which is where
the return value is read from anyway).
ok tb@
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
| |
Now that SSL_SESSION is opaque, change tlsext_tick_lifetime_hint from long
to uint32_t (matching RFC4507), rather than continuing to work around an
inappropriate type choice.
ok tb@
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
|
|
| |
Prompted by a diff by Jonas Termansen.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
for associating X.501 Attributes with private keys
|
| |
|
|
| |
describing five functions to change arrays of X.501 Attribute objects
|
| | |
|
| |
|
|
| |
documenting five X.501 Attribute read accessors
|
| |
|
|
| |
removed and the former is still needed, as pointed out by kettenis
|
| | |
|
| |
|
|
|
|
|
|
|
| |
portability annoyance since not all systems have u_char. Remove
the now unused includes sys/types.h and stdio.h.
u_char diff from Jonas Termansen
ok deraadt
|
| | |
|
| | |
|
| |
|
|
|
|
| |
After tb@'s commit x509/x509_lu.c rev. 1.33, it is no longer necessary
to talk about X509_LU_* constants as return values from these functions.
Feedback and OK from tb@.
|
| |
|
|
|
|
|
| |
that we know that it only returns 0 or 1. Eliminate the last uses
of X509_LU_{FAIL,RETRY}.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
documenting five X.501 Attribute write accessors
|
| |
|
|
|
|
|
|
|
|
|
| |
Initialize stmp.type and stmp.data.ptr so that a user-defined lookup
method need not take responsibility of initializing those. Get rid of
current_method, which was never really used. Stop potentially returning
a negative value since most callers assume Boolean return values already.
In addition, garbage collect the pointless j variable.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
| |
This reduces the number of reacharounds into libcrypto internals.
ok jsing
|
| |
|
|
|
|
|
| |
extension. This is part of OpenSSL commit df4c395c which didn't make
it into our tree for some reason.
ok jsing
|
| |
|
|
| |
ok jsing
|
| | |
|
| |
|
|
|
|
| |
reality while there.
ok jsing
|
| |
|
|
|
|
| |
Prompted by a diff by Jonas Termansen, discussed with deraadt, millert
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
