summaryrefslogtreecommitdiff
path: root/lib/libssl/ssl_tlsext.c
AgeCommit message (Expand)Author
2021-09-10Do not ignore SSL_TLSEXT_ERR_FATAL from the ALPN callbackTheo Buehler
2021-09-02Correct the is_server flag in the call to the debug callback to be correct.Bob Beck
2021-06-29Use appropriate TLS version when building client sigalg extensions.Joel Sing
2021-06-27Change ssl_sigalgs_build() to perform sigalg list selection.Joel Sing
2021-06-11Only use SSL_AD_* internally.Joel Sing
2021-06-08Simplify tlsext_ecpf_parse()Theo Buehler
2021-06-08Adjust alert for ECPF without uncompressed point formatTheo Buehler
2021-05-16Make local header inclusion consistent.Joel Sing
2021-05-16Explicitly include <openssl/opensslconf.h> in files using OPENSSL_NO_*Joel Sing
2021-04-22Only hash known CH extensionsTheo Buehler
2021-03-29Move finished and peer finished to the handshake struct.Joel Sing
2021-03-21Move the TLSv1.3 handshake struct inside the shared handshake struct.Joel Sing
2021-03-10Improve internal version handling.Joel Sing
2021-02-08Remove bogus DTLS checks to disable ECC and OCSP.Joel Sing
2020-10-14Replace SSL_IS_DTLS with SSL_is_dtls().Joel Sing
2020-10-11Constipate srtp_known_profiles, pushing it into .data.rel.roPhilip Guenther
2020-10-11Constipate ssl3_ciphers and tls1[23]_sigalgs*, pushing them intoPhilip Guenther
2020-09-09Set alpn_selected_len = 0 when alpn_selected is NULLKinichiro Inoguchi
2020-08-03Only parse a client's status_request in the CHTheo Buehler
2020-08-03Ensure clients only send a status_request in the CHTheo Buehler
2020-08-03Correctly handle server requests for an OCSP responseTheo Buehler
2020-07-03zap trailing whitespace on one lineTheo Buehler
2020-07-03Make the message type available to the extension functionsTheo Buehler
2020-07-03Improve argument order for the internal tlsext APITheo Buehler
2020-06-06Implement a rolling hash of the ClientHello message, Enforce RFC 8446Bob Beck
2020-05-29Mop up servername_done, which is unused.Joel Sing
2020-05-24Fix some stylistic nits from jsing.Theo Buehler
2020-05-23Enforce that SNI hostnames be correct as per rfc 6066 and 5980.Bob Beck
2020-05-23Do not assume that server_group != 0 or tlsext_supportedgroups != NULLTheo Buehler
2020-05-19Only send ocsp staples if the client asked for ocsp certificate status.Bob Beck
2020-05-19Add support for TLS 1.3 server to send certificate statusBob Beck
2020-05-13Fix pesky whitespace.Joel Sing
2020-05-10Use size_t for OCSP response length.Joel Sing
2020-05-10Only reset TLS extension state when parsing client hello or server hello.Joel Sing
2020-05-09Add support for certificate status requests in TLS 1.3 clientBob Beck
2020-05-09Add support for HelloRetryRequests in the TLSv1.3 server.Joel Sing
2020-04-21Handle TLSv1.3 key shares other than X25519 on the server side.Joel Sing
2020-02-18drop unused include <openssl/curve25519.h>Theo Buehler
2020-02-16Avoid potential NULL dereference when parsing a server keyshare extension.Joel Sing
2020-02-06Correctly handle key share extensions in a hello retry request.Joel Sing
2020-02-01Correctly unpack client key shares.Joel Sing
2020-01-30Provide struct/functions for handling TLSv1.3 key shares.Joel Sing
2020-01-26Add sigalgs for server side to enable client certificate processingBob Beck
2020-01-25Only discard the extension block for client hello and server helloJoel Sing
2020-01-25Only send an RI extension for pre-TLSv1.3 versions.Joel Sing
2020-01-22Rename failure into alert_desc in tlsext_ocsp_server_parse().Theo Buehler
2020-01-22fix previous: alert_desc needs to be an int.Theo Buehler
2020-01-22Avoid modifying alert in the success path.Theo Buehler
2019-11-16Revert previous deduplication diff, I broke portable in a strange way.Bob Beck
2019-11-15Deduplicate some extension processing code.Bob Beck