1547 Commits

Author	SHA1	Message	Date
Trevor	a398f821fa	Add support for arbitrary TLS extensions. ... Contributed by Trevor Perrin.	2013-06-12 17:01:13 +01:00
Dr. Stephen Henson	c6913eeb76	Dual DTLS version methods. ... Add new methods DTLS_*_method() which support both DTLS 1.0 and DTLS 1.2 and pick the highest version the peer supports during negotiation. As with SSL/TLS options can change this behaviour specifically SSL_OP_NO_DTLSv1 and SSL_OP_NO_DTLSv1_2.	2013-04-09 14:02:48 +01:00
Dr. Stephen Henson	3d1160d58b	Call RAND_cleanup in openssl application. ... (cherry picked from commit 944bc29f90)	2013-03-28 14:29:39 +00:00
Dr. Stephen Henson	c3b344e36a	Provisional DTLS 1.2 support. ... Add correct flags for DTLS 1.2, update s_server and s_client to handle DTLS 1.2 methods. Currently no support for version negotiation: i.e. if client/server selects DTLS 1.2 it is that or nothing.	2013-03-26 15:16:41 +00:00
Andy Polyakov	a006fef78e	Improve WINCE support. ... Submitted by: Pierre Delaage	2013-01-19 21:23:13 +01:00
Dr. Stephen Henson	4badfebefc	Typo (PR2959).	2013-01-17 18:20:18 +00:00
Dr. Stephen Henson	abd01ea214	Change default bits to 1024	2013-01-07 16:18:31 +00:00
Dr. Stephen Henson	b252cf0d98	make JPAKE work again, fix memory leaks	2012-12-29 23:38:20 +00:00
Dr. Stephen Henson	89a5e2f704	missing tab	2012-12-26 19:12:57 +00:00
Dr. Stephen Henson	09d0d67c13	add missing newline	2012-12-21 16:24:48 +00:00
Dr. Stephen Henson	bbdfbacdef	add -rmd option to set OCSP response signing digest	2012-12-16 00:10:03 +00:00
Dr. Stephen Henson	99fc818e93	Return success when the responder is active. ... Don't verify our own responses.	2012-12-15 02:56:02 +00:00
Dr. Stephen Henson	265f835e3e	typo	2012-12-15 00:29:12 +00:00
Dr. Stephen Henson	33826fd028	Add support for '-' as input and output filenames in ocsp utility. ... Recognise verification arguments.	2012-12-14 23:30:56 +00:00
Dr. Stephen Henson	92821996de	oops, revert, committed in error	2012-12-14 23:29:58 +00:00
Dr. Stephen Henson	11e2957d5f	apps/ocsp.c	2012-12-14 23:28:19 +00:00
Dr. Stephen Henson	51e7a4378a	New verify flag to return success if we have any certificate in the ... trusted store instead of the default which is to return an error if we can't build the complete chain.	2012-12-13 18:14:46 +00:00
Dr. Stephen Henson	60938ae772	add -crl_download option to s_server	2012-12-12 03:35:31 +00:00
Dr. Stephen Henson	4e71d95260	add -cert_chain option to s_client	2012-12-12 00:50:26 +00:00
Ben Laurie	fefc111a2a	Make openssl verify return errors.	2012-12-11 16:05:14 +00:00
Dr. Stephen Henson	1e8b9e7e69	add -badsig option to ocsp utility too.	2012-12-09 16:21:46 +00:00
Ben Laurie	30c278aa6b	Fix OCSP checking.	2012-12-07 18:47:47 +00:00
Dr. Stephen Henson	0090a686c0	Add code to download CRLs based on CRLDP extension. ... Just a sample, real world applications would have to be cleverer.	2012-12-06 18:43:40 +00:00
Dr. Stephen Henson	f5a7d5b164	remove print_ssl_cert_checks() from openssl application: it is no longer used	2012-12-06 18:36:51 +00:00
Dr. Stephen Henson	3bf15e2974	Integrate host, email and IP address checks into X509_verify. ... Add new verify options to set checks. Remove previous -check* commands from s_client and s_server.	2012-12-05 18:35:20 +00:00
Dr. Stephen Henson	fbeb85ecb9	don't print verbose policy check messages when -quiet is selected even on error	2012-12-04 23:18:44 +00:00
Dr. Stephen Henson	2e8cb108dc	initial support for delta CRL generations by diffing two full CRLs	2012-12-04 18:35:36 +00:00
Dr. Stephen Henson	256f9573c5	make -subj always override config file	2012-12-04 18:35:04 +00:00
Dr. Stephen Henson	b6b094fb77	check mval for NULL too	2012-12-04 17:25:34 +00:00
Dr. Stephen Henson	0db46a7dd7	fix leak	2012-12-03 16:32:52 +00:00
Dr. Stephen Henson	2537d46903	oops, really check brief mode only ;-)	2012-12-03 03:40:57 +00:00
Dr. Stephen Henson	5447f836a0	don't check errno is zero, just print out message	2012-12-03 03:39:23 +00:00
Dr. Stephen Henson	66d9f2e521	if no error code and -brief selected print out connection closed instead of read error	2012-12-03 03:33:44 +00:00
Dr. Stephen Henson	139cd16cc5	add -badsig option to corrupt CRL signatures for testing too	2012-12-02 16:48:25 +00:00
Dr. Stephen Henson	fdb78f3d88	New option to add CRLs for s_client and s_server.	2012-12-02 16:16:28 +00:00
Dr. Stephen Henson	95ea531864	add option to get a certificate or CRL from a URL	2012-12-02 14:00:22 +00:00
Dr. Stephen Henson	df316fd43c	Add new test option set the version in generated certificates: this ... is needed to test some profiles/protocols which reject certificates with unsupported versions.	2012-11-30 19:24:13 +00:00
Dr. Stephen Henson	84bafb7471	Print out point format list for clients too.	2012-11-26 18:39:38 +00:00
Dr. Stephen Henson	55b66f084d	set cmdline flag in s_server	2012-11-26 12:51:12 +00:00
Dr. Stephen Henson	96cfba0fb4	option to output corrupted signature in certificates for testing purposes	2012-11-25 22:29:52 +00:00
Dr. Stephen Henson	a5afc0a8f4	Don't display messages about verify depth in s_server if -quiet it set. ... Add support for separate verify and chain stores in s_client.	2012-11-23 18:56:25 +00:00
Dr. Stephen Henson	20b431e3a9	Add support for printing out and retrieving EC point formats extension.	2012-11-22 15:20:53 +00:00
Dr. Stephen Henson	1740c9fbfc	support -quiet with -msg or -trace	2012-11-21 17:11:42 +00:00
Dr. Stephen Henson	191b3f0ba9	only use a default curve if not already set	2012-11-21 16:47:25 +00:00
Dr. Stephen Henson	5c1393bfc3	PR: 2908 ... Submitted by: Dmitry Belyavsky <beldmit@gmail.com> Fix DH double free if parameter generation fails.	2012-11-21 14:02:40 +00:00
Dr. Stephen Henson	f7ac0ec89d	fix printout of expiry days if -enddate is used in ca	2012-11-20 15:22:15 +00:00
Dr. Stephen Henson	22b5d7c80b	fix leaks	2012-11-20 00:24:52 +00:00
Dr. Stephen Henson	685755937a	with -rev close connection if client sends "CLOSE"	2012-11-19 23:41:24 +00:00
Dr. Stephen Henson	7c8ac50504	update usage messages	2012-11-19 23:20:40 +00:00
Dr. Stephen Henson	98a7edf9f0	make depend	2012-11-19 13:18:09 +00:00