mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-01 19:28:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
fbb82a60dc
openssl/ssl
History
Viktor Dukhovni fbb82a60dc Move peer chain security checks into x509_vfy.c 
A new X509_VERIFY_PARAM_set_auth_level() function sets the
authentication security level.  For verification of SSL peers, this
is automatically set from the SSL security level.  Otherwise, for
now, the authentication security level remains at (effectively) 0
by default.

The new "-auth_level" verify(1) option is available in all the
command-line tools that support the standard verify(1) options.

New verify(1) tests added to check enforcement of chain signature
and public key security levels.  Also added new tests of enforcement
of the verify_depth limit.

Updated documentation.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-04-03 11:35:35 -04:00
..
record Use return "" not set a var and return. 2016-03-31 16:27:52 -04:00
statem Resolve DTLS cookie and version before session resumption. 2016-03-27 23:59:00 +02:00
bio_ssl.c Make BIO opaque 2016-03-29 17:40:54 +01:00
build.info
d1_lib.c Fix no-sock 2016-03-21 16:33:59 +00:00
d1_msg.c
d1_srtp.c
Makefile.in Remove the remainder of util/mk1mf.pl and companion scripts 2016-03-21 11:02:00 +01:00
methods.c Allow different protocol version when trying to reuse a session 2016-03-27 23:58:50 +02:00
packet_locl.h Refactor ClientHello extension parsing 2016-03-03 13:53:26 +01:00
pqueue.c
s3_cbc.c
s3_enc.c Lazily initialise the compression buffer 2016-03-07 21:39:27 +00:00
s3_lib.c RT4458: Fix #ifndef line for GOST 2016-03-31 11:19:15 -04:00
s3_msg.c Implement write pipeline support in libssl 2016-03-07 21:39:27 +00:00
ssl_asn1.c
ssl_cert.c Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
ssl_ciph.c Check algo_strength using SSL_STRONG_MASK 2016-03-22 22:00:12 +01:00
ssl_conf.c Remove #error from include files. 2016-03-20 19:48:36 -04:00
ssl_err.c Allow different protocol version when trying to reuse a session 2016-03-27 23:58:50 +02:00
ssl_init.c Swap the init code to use CRYPTO_ONCE 2016-03-07 17:17:21 +00:00
ssl_lib.c Make BIO opaque 2016-03-29 17:40:54 +01:00
ssl_locl.h Allow different protocol version when trying to reuse a session 2016-03-27 23:58:50 +02:00
ssl_mcnf.c
ssl_rsa.c fix no-ec build 2016-03-03 13:27:34 +00:00
ssl_sess.c Allow different protocol version when trying to reuse a session 2016-03-27 23:58:50 +02:00
ssl_stat.c Use return "" not set a var and return. 2016-03-31 16:27:52 -04:00
ssl_txt.c Add support for minimum and maximum protocol version supported by a cipher 2016-03-09 19:10:28 +01:00
ssl_utst.c
t1_enc.c Remove #error from include files. 2016-03-20 19:48:36 -04:00
t1_ext.c Remove #error from include files. 2016-03-20 19:48:36 -04:00
t1_lib.c Fix ALPN - more fixes 2016-03-20 21:09:32 -04:00
t1_reneg.c
t1_trce.c Adds CT validation to SSL connections 2016-03-04 10:50:10 -05:00
tls_srp.c