Ben Jencks
6f120920d3
ITS#7506 tls_o.c: Fix Diffie-Hellman parameter usage.
...
If a DHParamFile or olcDHParamFile is specified, then it will be used,
otherwise a hardcoded 1024 bit parameter will be used. This allows the use of
larger parameters; previously only 512 or 1024 bit parameters would ever be
used.
2013-09-07 06:33:39 -07:00
Howard Chu
ca310ebff4
Add channel binding support
...
Currently only implemented for OpenSSL.
Needs an option to set the criticality flag.
2013-08-26 23:31:48 -07:00
Philip Guenther
c6cf495247
ITS#7645 more OpenSSL TLS versions
2013-07-29 07:01:15 -07:00
Kurt Zeilenga
0fd1bf30b8
Happy New Year
2013-01-02 10:22:57 -08:00
Howard Chu
bb921063e0
ITS#7194 fix IPv6 URL detection
2012-03-08 19:35:44 -08:00
Hallvard Furuseth
1a931a86ee
Silence 'assign away const' warning
2012-01-24 01:45:51 +01:00
Kurt Zeilenga
2bbf9804b9
Happy New Year!
2012-01-01 07:10:53 -08:00
Kurt Zeilenga
966cef8c9a
Happy New Year
2011-01-05 00:42:37 +00:00
Hallvard Furuseth
16b7df8397
ITS#6625 Remove some LDAP_R_COMPILEs
2010-12-06 11:31:58 +00:00
Kurt Zeilenga
3dadeb3efe
happy belated New Year
2010-04-13 22:17:29 +00:00
Howard Chu
86c361cdb8
In tmp_rsa_cb, new API is in 0.9.8 inclusive, not exclusive
2010-04-12 03:21:05 +00:00
Hallvard Furuseth
7b22b22202
ITS#6355: Fix uninitialiezed lso_tmp_rsa_cb() return value
2009-10-30 17:08:57 +00:00
Ralf Haferkamp
8fcdc29405
In case of certificate verification failures include failure reason
...
into the error message (openssl only)
2009-09-30 16:25:23 +00:00
Howard Chu
e0431681ad
On OpenSSL 0.9.8 and newer, use RSA_generate_key_ex since
...
RSA_generate_key is deprecated
2009-09-25 23:31:24 +00:00
Pierangelo Masarati
9abaf38d1f
silence warnings
2009-08-19 12:23:27 +00:00
Hallvard Furuseth
791035d93f
Fix last commit: cast strcasecmp unsigned char* to char*
2009-08-07 21:46:25 +00:00
Howard Chu
e229b7c398
In session_chkhost get the last CN, not the first.
2009-08-07 11:59:42 +00:00
Howard Chu
d4f2a06887
Check for CN length match as well in chkhost
2009-07-30 21:52:09 +00:00
Howard Chu
de91bde800
ITS#6192 add all digests. Also stop using SSLeay-compatible function
...
names, we're only concerned with OpenSSL these days.
2009-07-01 23:46:36 +00:00
Howard Chu
a1861fd162
ITS#5849 patch was wrong, don't X509_free session cert
2009-03-02 17:43:38 +00:00
Howard Chu
b886c2ad8a
ITS#5937 fix ancient IPv6 typo
2009-02-10 13:27:22 +00:00
Howard Chu
f9fd0f0cc4
ITS#5655 for new structure
2009-01-26 02:16:46 +00:00
Howard Chu
4dff3e6807
Switch to using modular TLS code, single-implementation version
2009-01-26 02:06:45 +00:00
Kurt Zeilenga
4af9eb9715
Update copyright notices
2009-01-22 00:40:04 +00:00
Howard Chu
187efdad6c
ITS#5849 free peer cert after retrieving DN
2008-12-05 09:00:24 +00:00
Howard Chu
a225b02f17
Modular TLS support, proof of concept. tls2.c would replace tls.c,
...
but I'm leaving tls.c intact for now.
2008-08-13 16:18:51 +00:00