aboutsummaryrefslogtreecommitdiff
path: root/ssl
AgeCommit message (Expand)AuthorFilesLines
2018-09-21Fix the max psk len for TLSv1.3Matt Caswell1-1/+1
2018-09-21Delay setting the sig algs until after the cert_cb has been calledMatt Caswell1-15/+17
2018-09-19Reset TLS 1.3 ciphers in SSL_CTX_set_ssl_version()Benjamin Kaduk1-0/+4
2018-09-18ssl/ssl_ciph.c: make set_ciphersuites staticDr. Matthias St. Pierre2-2/+1
2018-09-12Fix a possible recursion in SSLfatal handlingBernd Edlinger1-2/+3
2018-09-11Update copyright yearMatt Caswell1-1/+1
2018-09-07Do not reset SNI data in SSL_do_handshake()Matt Caswell2-7/+5
2018-09-07Simplify SSL_get_servername() to avoid session referencesBen Kaduk1-11/+7
2018-09-07Restore historical SSL_get_servername() behaviorBen Kaduk1-5/+2
2018-09-07Ensure certificate callbacks work correctly in TLSv1.3Matt Caswell1-2/+3
2018-09-07Process KeyUpdate and NewSessionTicket messages after a close_notifyMatt Caswell3-27/+49
2018-09-05key zeroization fix for a branch path of tls13_final_finish_macShane Lontis1-0/+1
2018-09-04Don't use an RSA-PSS cert for RSA key exchangeMatt Caswell1-3/+7
2018-09-04Send a NewSessionTicket after using an external PSKMatt Caswell1-0/+2
2018-09-04Ignore EPIPE when sending NewSessionTickets in TLSv1.3Matt Caswell1-1/+32
2018-09-03Rename SSL[_CTX]_add1_CA_list -> SSL[_CTX]_add1_to_CA_listRichard Levitte1-2/+6
2018-09-01Fix ssl/t1_trce.c to parse certificate chainsErik Forsberg1-10/+17
2018-08-30Fix a mem leak on error in the PSK codeMatt Caswell1-0/+1
2018-08-22Don't detect a downgrade where the server has a protocol version holeMatt Caswell1-3/+10
2018-08-22Use the same min-max version range on the client consistentlyMatt Caswell5-63/+79
2018-08-22Allow TLS-1.3 ciphersuites in @SECLEVEL=3 and aboveTomas Mraz1-1/+2
2018-08-20Add support for SSL_CTX_set_post_handshake_auth()Matt Caswell2-0/+9
2018-08-20Change Post Handshake auth so that it is opt-inMatt Caswell3-20/+5
2018-08-15Turn on TLSv1.3 downgrade protection by defaultMatt Caswell2-4/+2
2018-08-15Update code for the final RFC version of TLSv1.3 (RFC8446)Matt Caswell5-67/+5
2018-08-14Move SSL_DEBUG md fprintf after assignmentDmitry Yakovlev1-3/+5
2018-08-09Improve fallback protectionMatt Caswell1-0/+3
2018-08-08Tolerate encrypted or plaintext alertsMatt Caswell6-14/+44
2018-08-08Ensure that we write out alerts correctly after early_dataMatt Caswell7-15/+36
2018-08-08Fix a missing call to SSLfatalMatt Caswell1-9/+13
2018-08-07Fix setting of ssl_strings_inited.Rich Salz1-1/+1
2018-08-07ssl/*: switch to switch to Thread-Sanitizer-friendly primitives.Andy Polyakov6-80/+49
2018-08-07Harmonize use of sk_TYPE_find's return value.Andy Polyakov1-4/+1
2018-08-06Ensure we send an alert on error when processing a ticketMatt Caswell1-4/+10
2018-07-31Fix some TLSv1.3 alert issuesMatt Caswell2-1/+6
2018-07-26Improve backwards compat for SSL_get_servername()Benjamin Kaduk1-1/+4
2018-07-20Add TODO comment for a nonsensical public APIBenjamin Kaduk1-0/+9
2018-07-20Normalize SNI hostname handling for SSL and SSL_SESSIONBenjamin Kaduk4-20/+43
2018-07-20const-ify some input SSL * argumentsBenjamin Kaduk1-3/+3
2018-07-20Validate legacy_versionMatt Caswell2-0/+13
2018-07-19Don't skip over early_data if we sent an HRRMatt Caswell1-1/+3
2018-07-18Check that the public key OID matches the sig algMatt Caswell3-10/+32
2018-07-17Fix no-pskMatt Caswell1-1/+6
2018-07-17Always issue new tickets when using TLSv1.3 stateful ticketsMatt Caswell1-1/+2
2018-07-17Don't remove sessions from the cache during PHA in TLSv1.3Matt Caswell1-9/+0
2018-07-13As a server don't select TLSv1.3 if we're not capable of itMatt Caswell1-3/+35
2018-07-13Use ssl_version_supported() when choosing server versionMatt Caswell3-19/+11
2018-07-13Do not use GOST sig algs in TLSv1.3 where possibleMatt Caswell1-0/+41
2018-07-06Introduce the recv_max_early_data settingMatt Caswell3-5/+63
2018-07-03Remove TLSv1.3 tickets from the client cache as we use themMatt Caswell2-5/+15
generated by cgit v1.1 at 2024-07-13 14:03:24 +0000