| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
* Many XMPP servers are configured with multiple domains (virtual hosts)
* In order to establish successfully the TLS connection you have to specify
which virtual host you are trying to connect.
* Test this, for example with ::
* Fail:
openssl s_client -connect talk.google.com:5222 -starttls xmpp
* Works:
openssl s_client -connect talk.google.com:5222 -starttls xmpp -xmpphost gmail.com
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* When the host used in "-connect" is not what the remote XMPP server expects
the server will return an error like this:
<stream:error>
<host-unknown xmlns='urn:ietf:params:xml:ns:xmpp-streams'/>
</stream:error>
* But the actual code will stay on the loop forever because the stop condition
"/stream:features>" will never happen,
* Make this more robust: The stop condition should be that BIO_read failed
* Test if for example with ::
openssl s_client -connect random.jabb3r.net:5222 -starttls xmpp
|
| |
|
|
|
|
|
|
| |
* Some XMPP Servers (OpenFire) use double quotes.
* This makes s_client starttls work with this servers.
* Tested with OpenFire servers from http://xmpp.net/ ::
openssl s_client -connect coderollers.com:5222 -starttls xmpp
|
| |
|
|
| |
OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
(cherry picked from commit 90e7f983b573c3f3c722a02db4491a1b1cd87e8c)
|
| |
|
|
|
| |
Preliminary documentation for chain and verify stores and certificate chain
setting functions.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
This fix ensures that
* A HelloRequest is retransmitted if not responded by a ClientHello
* The HelloRequest "consumes" the sequence number 0. The subsequent
ServerHello uses the sequence number 1.
* The client also expects the sequence number of the ServerHello to
be 1 if a HelloRequest was received earlier.
This patch fixes the RFC violation.
|
| |
|
|
|
|
| |
Reported by: Prashant Jaikumar <rmstar@gmail.com>
Fix handling of application data received before a handshake.
|
| |
|
|
|
|
| |
PR: 3028
Fix bug introduced in PEM_X509_INFO_bio which wouldn't process RSA keys
correctly if they appeared first.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Add X9.42 DH KDF. Move sharedinfo generation code to CMS library as the
same structure is used by DH and ECDH.
Move ASN1_OBJECT typedef to ossl_typ.h so it can be picked up by dh headers
without the need to use ASN1.
|
| |
|
|
|
| |
Add support for DH parameter generation using DSA methods including
FIPS 186-3.
|
| |
|
|
| |
Make DHparams_dup work properly with X9.42 DH parameters.
|
| | |
|
| |
|
|
| |
Don't need to use temporary buffer if remaining length equals digest length.
|
| |
|
|
|
| |
Check and set AlgorithmIdenfier parameters for key wrap algorithms.
Currently these just set parameters to NULL.
|
| |
|
|
|
| |
Bug would emerge when XTS is added to bsaes-armv7.pl. Pointed out by
Ard Biesheuvel of Linaro.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Force no SSL2 when custom extensions in use.
Don't clear extension state when cert is set.
Clear on renegotiate.
|
| |
|
|
|
| |
Conflicts:
ssl/ssltest.c
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This change adds support for ALPN[1] in OpenSSL. ALPN is the IETF
blessed version of NPN and we'll be supporting both ALPN and NPN for
some time yet.
[1] https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-00
Conflicts:
ssl/ssl3.h
ssl/t1_lib.c
|
| |
|
|
|
|
|
| |
Update ecdsatest to use ECDSA_sign_setup and ECDSA_sign_ex, this
avoids the nonce generation which would otherwise break the test.
Reinstate ecdsatest.
|
| |
|
|
| |
Disable ECDSA test temporarily: it is incompatible with ECDSA nonces.
|
| |
|
|
| |
Add some ECDH CMS tests.
|
| |
|
|
|
|
|
| |
Add a script to generate keys and certificates for the S/MIME and CMS
tests.
Update certificates and add EC examples.
|
| | |
|
| |
|
|
|
|
| |
For RSA and DSA keys return an appropriate RecipientInfo type. By setting
CMS_RECIPINFO_NONE for DSA keys an appropriate error is returned if
an attempt is made to use DSA with enveloped data.
|
| |
|
|
|
|
| |
Add support for ECDH in enveloped data. The CMS ctrls for the EC ASN1
method decode/encode the appropriate parameters from the CMS ASN1 data
and send appropriate data to the EC public key method.
|
| |
|
|
| |
Add X9.62 KDF to EC EVP_PKEY_METHOD.
|
| |
|
|
|
| |
Add OIDs for KDF schemes from RFC5753 and add cross references for
each type and the appropriate digest to use.
|
| |
|
|
|
| |
Add hooks to support key agreement recipient info type (KARI) using
algorithm specific code in the relevant public key ASN1 method.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Add support for key wrap algorithms via EVP interface.
Generalise AES wrap algorithm and add to modes, making existing
AES wrap algorithm a special case.
Move test code to evptests.txt
|
| | |
|
