Matt Caswell
|
9873297900
Separate ca_names handling for client and server
|
6 years ago |
Matt Caswell
|
01666a8c1d
Fix a DTLS memory leak
|
6 years ago |
Mansour Ahmadi
|
61bef9bde0
Add a missing check on s->s3->tmp.pkey
|
6 years ago |
Matt Caswell
|
524006dd1b
Delay setting the sig algs until after the cert_cb has been called
|
6 years ago |
Matt Caswell
|
f273ff953a
Ignore EPIPE when sending NewSessionTickets in TLSv1.3
|
6 years ago |
Matt Caswell
|
de9e884b2f
Tolerate encrypted or plaintext alerts
|
6 years ago |
Matt Caswell
|
b4f001eb1a
Fix a missing call to SSLfatal
|
6 years ago |
Matt Caswell
|
84475ccb70
Don't remove sessions from the cache during PHA in TLSv1.3
|
6 years ago |
Matt Caswell
|
5d263fb78b
Make the anti-replay feature optional
|
6 years ago |
Matt Caswell
|
b6ff436fcb
Fix a NULL ptr deref in error path in tls_process_cke_dhe()
|
6 years ago |
Matt Caswell
|
e880d4e58d
Use stateful tickets if we are doing anti-replay
|
6 years ago |
Matt Caswell
|
6cc0b3c217
Respect SSL_OP_NO_TICKET in TLSv1.3
|
6 years ago |
Matt Caswell
|
6a11d5c5ed
Restructure the ticket construction code
|
6 years ago |
Matt Caswell
|
c35e96691f
Don't change a session once its in the cache
|
6 years ago |
Matt Caswell
|
6cf2dbd9fa
Don't store the ticket nonce in the session
|
6 years ago |
Matt Caswell
|
4ff1a52666
Fix TLSv1.3 ticket nonces
|
6 years ago |
Matt Caswell
|
36ff232cf2
Change the default number of NewSessionTickets we send to 2
|
6 years ago |
Matt Caswell
|
9d0a8bb71e
Enable the ability to set the number of TLSv1.3 session tickets sent
|
6 years ago |
Matt Caswell
|
61fb59238d
Rework the decrypt ticket callback
|
6 years ago |
Matt Caswell
|
c0638adeec
Fix ticket callbacks in TLSv1.3
|
6 years ago |
Matt Caswell
|
f20404fce9
Don't fail on an out-of-order CCS in DTLS
|
6 years ago |
Matt Caswell
|
a682365728
Check the return from EVP_PKEY_get0_DH()
|
6 years ago |
Matt Caswell
|
7f9f5f71e4
Make sure info callback knows about all handshake start events
|
6 years ago |
Kurt Roeckx
|
4cffafe967
Use the private RNG for data that is not public
|
7 years ago |
Matt Caswell
|
803cc8c7d4
Revert commit 4a56d9a2
|
6 years ago |
Rich Salz
|
c6d38183d6
Rewrite the X509->alert mapping code
|
6 years ago |
Matt Caswell
|
9d5db9c9ab
Assert that alpn_selected is NULL before we assign it
|
6 years ago |
Todd Short
|
4bfb96f2ad
Place ticket keys into secure memory
|
6 years ago |
Kurt Roeckx
|
16cfc2c90d
Don't use a ssl specific DRBG anymore
|
6 years ago |
Matt Caswell
|
f023ba2df8
Don't update the session cache when processing a client certificate in TLSv1.3
|
6 years ago |