Admit unknown pkey types at security level 0
[openssl.git] / ssl /
2018-12-05 Matt CaswellFix some SSL_export_keying_material() issues
2018-12-05 Matt CaswellRevert "Reduce stack usage in tls13_hkdf_expand"
2018-11-27 Paul YangFix access zero memory if SSL_DEBUG is enabled
2018-11-24 David WoodhouseHonour mandatory digest on private key in has_usable_cert()
2018-11-21 Paul YangFix wrong return value in ssl3_ctx_ctrl
2018-11-20 Matt CaswellUpdate copyright year
2018-11-14 Matt CaswellFix no-ec and no-tls1_2
2018-11-12 Viktor DukhovniAdded missing signature algorithm reflection functions
2018-11-12 Matt CaswellSeparate ca_names handling for client and server
2018-11-12 Matt CaswellDon't negotiate TLSv1.3 if our EC cert isn't TLSv1...
2018-11-10 Tomas MrazUnbreak SECLEVEL 3 regression causing it to not accept...
2018-11-08 Matt CaswellGive a better error if an attempt is made to set a...
2018-11-08 Matt CaswellIgnore disabled ciphers when deciding if we are using ECC
2018-11-05 PauliFix return formatting.
2018-11-05 PauliCleanse the key log buffer.
2018-11-04 Benjamin KadukRestore sensible "sess_accept" counter tracking
2018-10-30 Matt CaswellDon't call the client_cert_cb immediately in TLSv1.3
2018-10-29 Richard Levittessl/statem: Don't compare size_t with less than zero
2018-10-26 Matt CaswellProperly handle duplicated messages from the next epoch
2018-10-19 Matt CaswellBuffer a ClientHello with a cookie received via DTLSv1_...
2018-10-19 Matt CaswellUse the read and write buffers in DTLSv1_listen()
2018-10-19 Matt CaswellFix a DTLS memory leak
2018-10-18 armfazhFix tls_cbc_digest_record is slow using SHA-384 and...
2018-10-17 Mansour AhmadiAdd a missing check on s->s3->tmp.pkey
2018-10-15 Matt CaswellFix no-psk
2018-10-12 Andy Polyakovssl/s3_enc.c: fix logical errors in ssl3_final_finish_mac.
2018-09-24 Bernd EdlingerReduce stack usage in tls13_hkdf_expand
2018-09-21 Matt CaswellFix the max psk len for TLSv1.3
2018-09-21 Matt CaswellDelay setting the sig algs until after the cert_cb...
2018-09-19 Benjamin KadukReset TLS 1.3 ciphers in SSL_CTX_set_ssl_version()
2018-09-18 Dr. Matthias St... ssl/ssl_ciph.c: make set_ciphersuites static
2018-09-12 Bernd EdlingerFix a possible recursion in SSLfatal handling
2018-09-11 Matt CaswellUpdate copyright year
2018-09-07 Matt CaswellDo not reset SNI data in SSL_do_handshake()
2018-09-07 Ben KadukSimplify SSL_get_servername() to avoid session references
2018-09-07 Ben KadukRestore historical SSL_get_servername() behavior
2018-09-07 Matt CaswellEnsure certificate callbacks work correctly in TLSv1.3
2018-09-07 Matt CaswellProcess KeyUpdate and NewSessionTicket messages after...
2018-09-04 Shane Lontiskey zeroization fix for a branch path of tls13_final_fi...
2018-09-04 Matt CaswellDon't use an RSA-PSS cert for RSA key exchange
2018-09-04 Matt CaswellSend a NewSessionTicket after using an external PSK
2018-09-04 Matt CaswellIgnore EPIPE when sending NewSessionTickets in TLSv1.3
2018-09-03 Richard LevitteRename SSL[_CTX]_add1_CA_list -> SSL[_CTX]_add1_to_CA_list
2018-09-01 Erik ForsbergFix ssl/t1_trce.c to parse certificate chains
2018-08-30 Matt CaswellFix a mem leak on error in the PSK code
2018-08-22 Matt CaswellDon't detect a downgrade where the server has a protoco...
2018-08-22 Matt CaswellUse the same min-max version range on the client consis...
2018-08-22 Tomas MrazAllow TLS-1.3 ciphersuites in @SECLEVEL=3 and above
2018-08-20 Matt CaswellAdd support for SSL_CTX_set_post_handshake_auth()
2018-08-20 Matt CaswellChange Post Handshake auth so that it is opt-in
2018-08-15 Matt CaswellTurn on TLSv1.3 downgrade protection by default
2018-08-15 Matt CaswellUpdate code for the final RFC version of TLSv1.3 (RFC8446)
2018-08-14 Dmitry YakovlevMove SSL_DEBUG md fprintf after assignment
2018-08-09 Matt CaswellImprove fallback protection
2018-08-08 Matt CaswellTolerate encrypted or plaintext alerts
2018-08-08 Matt CaswellEnsure that we write out alerts correctly after early_data
2018-08-08 Matt CaswellFix a missing call to SSLfatal
2018-08-07 Rich SalzFix setting of ssl_strings_inited.
2018-08-07 Andy Polyakovssl/*: switch to switch to Thread-Sanitizer-friendly...
2018-08-07 Andy PolyakovHarmonize use of sk_TYPE_find's return value.
2018-08-06 Matt CaswellEnsure we send an alert on error when processing a...
2018-07-31 Matt CaswellFix some TLSv1.3 alert issues
2018-07-26 Benjamin KadukImprove backwards compat for SSL_get_servername()
2018-07-20 Benjamin KadukAdd TODO comment for a nonsensical public API
2018-07-20 Benjamin KadukNormalize SNI hostname handling for SSL and SSL_SESSION
2018-07-20 Benjamin Kadukconst-ify some input SSL * arguments
2018-07-20 Matt CaswellValidate legacy_version
2018-07-19 Matt CaswellDon't skip over early_data if we sent an HRR
2018-07-18 Matt CaswellCheck that the public key OID matches the sig alg
2018-07-17 Matt CaswellFix no-psk
2018-07-17 Matt CaswellAlways issue new tickets when using TLSv1.3 stateful...
2018-07-17 Matt CaswellDon't remove sessions from the cache during PHA in...
2018-07-13 Matt CaswellAs a server don't select TLSv1.3 if we're not capable...
2018-07-13 Matt CaswellUse ssl_version_supported() when choosing server version
2018-07-13 Matt CaswellDo not use GOST sig algs in TLSv1.3 where possible
2018-07-06 Matt CaswellIntroduce the recv_max_early_data setting
2018-07-03 Matt CaswellRemove TLSv1.3 tickets from the client cache as we...
2018-07-03 Matt CaswellRestore behaviour from commit 36ff232cf that was incorr...
2018-07-02 Matt CaswellAdd the ability to configure anti-replay via SSL_CONF
2018-07-02 Matt CaswellAdd setters to set the early_data callback
2018-07-02 Matt CaswellMake the anti-replay feature optional
2018-07-02 Matt CaswellFix a NULL ptr deref in error path in tls_process_cke_dhe()
2018-07-01 Benjamin KadukAddress coverity-reported NULL dereference in SSL_SESSI...
2018-06-29 PauliCheck return from BN_set_word.
2018-06-27 Matt CaswellReturn a fatal error if application data is encountered...
2018-06-27 Matt CaswellReturn SSL_ERROR_WANT_READ if SSL_shutdown() encounters...
2018-06-27 Matt CaswellAuto retry if we ditch records during shutdown
2018-06-26 Matt CaswellUse stateful tickets if we are doing anti-replay
2018-06-26 Matt CaswellRespect SSL_OP_NO_TICKET in TLSv1.3
2018-06-26 Matt CaswellRestructure the ticket construction code
2018-06-26 Matt CaswellUpdate SSL_SESSION_print for TLSv1.3
2018-06-25 Matt CaswellDon't change a session once its in the cache
2018-06-22 Nicola TuveriRemove __cplusplus preamble from internal headers
2018-06-21 Matt CaswellDon't use OPENSSL_strdup() for copying alpn_selected
2018-06-19 Matt CaswellFix enable-ssl3 enable-ssl3-method
2018-06-11 Matt CaswellRemodel the if sequence for handling alerts
2018-06-11 Matt CaswellDon't send a warning alert in TLSv1.3
2018-06-11 Matt CaswellFix TLSv1.3 alert handling
2018-06-07 Marcus HueweDo not free a session before calling the remove_session_cb
2018-06-07 Matt CaswellReformulate the if condition in tls_process_new_session...
next