Option to set current cert to server certificate.

Oops, get selection logic right.

Re-add alert variables removed during rebase
Whitespace fixes

Update custom TLS extension and supplemental data 'generate' callbacks to support sending an alert.

If multiple TLS extensions are expected but not received, the TLS extension and supplement

Update custom TLS extension and supplemental data 'generate' callbacks to support sending an alert.

If multiple TLS extensions are expected but not received, the TLS extension and supplemental data 'generate' callbacks are the only chance for the receive-side to trigger a specific TLS alert during the handshake.

Removed logic which no-op'd TLS extension generate callbacks (as the generate callbacks need to always be called in order to trigger alerts), and updated the serverinfo-specific custom TLS extension callbacks to track which custom TLS extensions were received by the client, where no-ops for 'generate' callbacks are appropriate.

show more ...

Return per-certificate chain if extra chain is NULL.

If an application calls the macro SSL_CTX_get_extra_chain_certs
return either the old "shared" extra certificates or those associated

Return per-certificate chain if extra chain is NULL.

If an application calls the macro SSL_CTX_get_extra_chain_certs
return either the old "shared" extra certificates or those associated
with the current certificate.

This means applications which call SSL_CTX_use_certificate_chain_file
and retrieve the additional chain using SSL_CTX_get_extra_chain_certs
will still work. An application which only wants to check the shared
extra certificates can call the new macro
SSL_CTX_get_extra_chain_certs_only

show more ...

New ctrl to set current certificate.

New ctrl sets current certificate based on certain criteria. Currently
two options: set the first valid certificate as current and set the
next v

New ctrl to set current certificate.

New ctrl sets current certificate based on certain criteria. Currently
two options: set the first valid certificate as current and set the
next valid certificate as current. Using these an application can
iterate over all certificates in an SSL_CTX or SSL structure.

show more ...

Replace EDH-RSA-DES-CBC-SHA, etc. with DHE-RSA-DES-CBC-SHA

Replace the full ciphersuites with "EDH-" in their labels with "DHE-"
so that all DHE ciphersuites are referred to in the same

Replace EDH-RSA-DES-CBC-SHA, etc. with DHE-RSA-DES-CBC-SHA

Replace the full ciphersuites with "EDH-" in their labels with "DHE-"
so that all DHE ciphersuites are referred to in the same way.

Leave backward-compatible aliases for the ciphersuites in question so
that configurations which specify these explicitly will continue
working.

show more ...

change SSL3_CK_EDH_* to SSL_CK_DHE_* (with backward-compatibility)

This change normalizes the SSL_CK_DHE_ #defines to use the common term
"DHE", while permitting older code that uses the

change SSL3_CK_EDH_* to SSL_CK_DHE_* (with backward-compatibility)

This change normalizes the SSL_CK_DHE_ #defines to use the common term
"DHE", while permitting older code that uses the more uncommon "EDH"
constants to compile properly.

show more ...

use SSL_kDHE throughout instead of SSL_kEDH

DHE is the standard term used by the RFCs and by other TLS
implementations. It's useful to have the internal variables use the
standard t

use SSL_kDHE throughout instead of SSL_kEDH

DHE is the standard term used by the RFCs and by other TLS
implementations. It's useful to have the internal variables use the
standard terminology.

This patch leaves a synonym SSL_kEDH in place, though, so that older
code can still be built against it, since that has been the
traditional API. SSL_kEDH should probably be deprecated at some
point, though.

show more ...

use SSL_kECDHE throughout instead of SSL_kEECDH

ECDHE is the standard term used by the RFCs and by other TLS
implementations. It's useful to have the internal variables use the
stan

use SSL_kECDHE throughout instead of SSL_kEECDH

ECDHE is the standard term used by the RFCs and by other TLS
implementations. It's useful to have the internal variables use the
standard terminology.

This patch leaves a synonym SSL_kEECDH in place, though, so that older
code can still be built against it, since that has been the
traditional API. SSL_kEECDH should probably be deprecated at some
point, though.

show more ...

Additional "chain_cert" functions.

PR#3169

This patch, which currently applies successfully against master and
1_0_2, adds the following functions:

SSL_[CTX_]select_cur

Additional "chain_cert" functions.

PR#3169

This patch, which currently applies successfully against master and
1_0_2, adds the following functions:

SSL_[CTX_]select_current_cert() - set the current certificate without
disturbing the existing structure.

SSL_[CTX_]get0_chain_certs() - get the current certificate's chain.

SSL_[CTX_]clear_chain_certs() - clear the current certificate's chain.

The patch also adds these functions to, and fixes some existing errors
in, SSL_CTX_add1_chain_cert.pod.

show more ...

Enable PSK in FIPS mode.

Enable PSK ciphersuites with AES or DES3 in FIPS mode.

Tidy up comments.

Fix compilation with no-ec and/or no-tlsext.

Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions)
Removed prior audit proof logic - audit proof support was implemented u

Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions)
Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API
Tests exercising the new supplemental data registration and callback api can be found in ssltest.c.
Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.

show more ...

Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.
OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.

Make no-ec compilation work.

Return 1 when setting ECDH auto mode.

Support ALPN.

This change adds support for ALPN[1] in OpenSSL. ALPN is the IETF
blessed version of NPN and we'll be supporting both ALPN and NPN for
some time yet.

[1] https

Support ALPN.

This change adds support for ALPN[1] in OpenSSL. ALPN is the IETF
blessed version of NPN and we'll be supporting both ALPN and NPN for
some time yet.

[1] https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-00

Conflicts:
ssl/ssl3.h
ssl/t1_lib.c

show more ...

Add support for arbitrary TLS extensions.

Contributed by Trevor Perrin.

Enable TLS 1.2 ciphers in DTLS 1.2.

Port TLS 1.2 GCM code to DTLS. Enable use of TLS 1.2 only ciphers when in
DTLS 1.2 mode too.

Use enc_flags when deciding protocol variations.

Use the enc_flags field to determine whether we should use explicit IV,
signature algorithms or SHA256 default PRF instead of hard coding

Use enc_flags when deciding protocol variations.

Use the enc_flags field to determine whether we should use explicit IV,
signature algorithms or SHA256 default PRF instead of hard coding which
versions support each requirement.

show more ...

DTLS revision.

Revise DTLS code. There was a *lot* of code duplication in the
DTLS code that generates records. This makes it harder to maintain and
sometimes a TLS update is omitted

DTLS revision.

Revise DTLS code. There was a *lot* of code duplication in the
DTLS code that generates records. This makes it harder to maintain and
sometimes a TLS update is omitted by accident from the DTLS code.

Specifically almost all of the record generation functions have code like
this:

some_pointer = buffer + HANDSHAKE_HEADER_LENGTH;
... Record creation stuff ...
set_handshake_header(ssl, SSL_MT_SOMETHING, message_len);

...

write_handshake_message(ssl);

Where the "Record creation stuff" is identical between SSL/TLS and DTLS or
in some cases has very minor differences.

By adding a few fields to SSL3_ENC to include the header length, some flags
and function pointers for handshake header setting and handshake writing the
code can cope with both cases.

Note: although this passes "make test" and some simple DTLS tests there may
be some minor differences in the DTLS code that have to be accounted for.

show more ...

Print out point format list for clients too.

Add support for printing out and retrieving EC point formats extension.