summaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Expand)Author
2020-06-04When X509_ATTRIBUTE_create() receives an invalid NID (e.g., -1), returnIngo Schwarze
2020-06-04minor polishing:Ingo Schwarze
2020-06-04Align tls13_server_select_certificate() withTheo Buehler
2020-06-04Improve client certificate selection for TLSv1.3Theo Buehler
2020-06-04mention that TLS_method(3) also supports TLSv1.3;Ingo Schwarze
2020-06-04Collapse the x509v3 directory into x509.Joel Sing
2020-06-04new manual page PKCS7_add_attribute(3);Ingo Schwarze
2020-06-03Properly document PKCS7_final(3), which was already mentionedIngo Schwarze
2020-06-02Remove const modifier in return type of tls13_handshake_active_state()Theo Buehler
2020-06-02distracting whitespaceTheo Buehler
2020-06-01Split the handling of post handshake handshake messages into itsTheo Buehler
2020-06-01Remove expired certificate, ok tb@Stuart Henderson
2020-06-01Send an illegal_parameter alert if a client sends us invalid DH keyTheo Buehler
2020-06-01Add a mechanism to set an alert in those parts of the read half ofTheo Buehler
2020-06-01bump to LibreSSL 3.2.1Brent Cook
2020-05-31Replace ssl_max_server_version() with ssl_downgrade_max_version()Joel Sing
2020-05-31When building a chain look for non-expired certificates first.Joel Sing
2020-05-31Correct downgrade sentinels when a version pinned method is in use.Joel Sing
2020-05-31Fix printing long doubles on architectures with hm and lm bits.mortimer
2020-05-31Remove an outdated BUGS section.Visa Hankala
2020-05-29Add a fix from ncurses 20200523 via Hiltjo Posthuma that preventsNicholas Marriott
2020-05-29Improve server certificate selection for TLSv1.3.Joel Sing
2020-05-29Handle the case where we receive a valid 0 byte application data record.Joel Sing
2020-05-29Wire up the servername callback in the TLSv1.3 server.Joel Sing
2020-05-29Mop up servername_done, which is unused.Joel Sing
2020-05-29from edgar pettijohn: correct return type in pcap_open_live.3;Jason McIntyre
2020-05-27This patch fixes one bug and one instance of undesirable behaviour.Ingo Schwarze
2020-05-27document PKCS7_dataFinal(3);Ingo Schwarze
2020-05-27add support for pcap_breakloop when reading packets from files.David Gwynne
2020-05-26minor cleanup ahead of the following work:Ingo Schwarze
2020-05-26Add additional length checks for TLSv1.3 plaintext and inner plaintext.Joel Sing
2020-05-25from edgar pettijohn:Jason McIntyre
2020-05-25Add missing .Xr and .Nm, reword and simplify few sentencesAlexandre Ratchov
2020-05-24Fix some stylistic nits from jsing.Theo Buehler
2020-05-24Clear SSL_MODE_AUTO_RETRY in libtls, since we handle WANT_POLLIN correctly.Joel Sing
2020-05-24Minimally document PKCS7_dataInit(3).Ingo Schwarze
2020-05-24Briefly mention the obsolete function OPENSSL_init(3).Ingo Schwarze
2020-05-23Enforce that SNI hostnames be correct as per rfc 6066 and 5980.Bob Beck
2020-05-23Enable SSL_MODE_AUTO_RETRY by default.Joel Sing
2020-05-23Wire up SSL_MODE_AUTO_RETRY mode to retrying after PHH messages.Joel Sing
2020-05-23Provide the option to retry or return after post-handshake messages.Joel Sing
2020-05-23fix a confusingly wrapped lineTheo Buehler
2020-05-23Do not assume that server_group != 0 or tlsext_supportedgroups != NULLTheo Buehler
2020-05-22Ensure we only attach an ocsp staple to a leaf certificate, becauseBob Beck
2020-05-21Simplify: transform a dangling else into an early return andTheo Buehler
2020-05-21Make ssl_set_cert_masks() more consistent and closer to readable.Joel Sing
2020-05-21Avoid a shadowing issue by renaming cbs and cbb to cbb_hs and cbb_hs,Theo Buehler
2020-05-21A failure of tls13_handshake_msg_new() could lead to a NULL derefTheo Buehler
2020-05-21Actually set the hrr flag when sending a HelloRetryRequest.Joel Sing
2020-05-20Revert 1.43 - this fix for PHH in blocking mode breaks SSL_accept andBob Beck