Fixed d2i_X509 in-place not re-hashing the ex_flags
[oweals/openssl.git] / ssl /
2019-01-27 Ping Yuadd an additional async notification communication...
2019-01-24 Matt CaswellRevert "Keep the DTLS timer running after the end of...
2019-01-15 Matt CaswellDon't get the mac type in TLSv1.3
2019-01-15 Matt CaswellAdd missing entries in ssl_mac_pkey_id
2019-01-08 Matt CaswellDon't artificially limit the size of the ClientHello
2019-01-07 Viktor DukhovniMore configurable crypto and ssl library initialization
2019-01-07 Matt CaswellDon't complain if we receive the cryptopro extension...
2019-01-06 Dmitry BelyavskiyRestore compatibility with GOST2001 implementations.
2019-01-04 Matt CaswellFix a RUN_ONCE bug
2019-01-03 Dmitry BelyavskiyEliminate unused buffers from ssl3_change_cipher_state
2019-01-03 Dmitry BelyavskiyRemove unused variables from tls1_change_cipher_state
2018-12-30 Bernd EdlingerFix a minor nit in the hkdflabel size
2018-12-15 Kurt RoeckxUse (D)TLS_MAX_VERSION_INTERNAL internally
2018-12-07 Boris Pismennyssl: Linux TLS Tx Offload
2018-12-06 Richard LevitteFollowing the license change, modify the boilerplates...
2018-12-06 Richard LevitteRefactor the computation of API version limits
2018-12-05 Matt CaswellFix some SSL_export_keying_material() issues
2018-12-05 Matt CaswellRevert "Reduce stack usage in tls13_hkdf_expand"
2018-12-01 Antoine SalonFix usage of deprecated SSL_set_tmp_ecdh()
2018-11-27 Paul YangFix access zero memory if SSL_DEBUG is enabled
2018-11-20 Matt CaswellUpdate copyright year
2018-11-15 Matt CaswellAdd a missing SSLfatal call
2018-11-15 Antoine SalonAdd SSL_CTX_set_tmp_ecdh.pod
2018-11-14 Matt CaswellFix no-ec and no-tls1_2
2018-11-12 Viktor DukhovniAdded missing signature algorithm reflection functions
2018-11-12 Matt CaswellSeparate ca_names handling for client and server
2018-11-12 Matt CaswellDon't negotiate TLSv1.3 if our EC cert isn't TLSv1...
2018-11-10 Tomas MrazUnbreak SECLEVEL 3 regression causing it to not accept...
2018-11-10 David WoodhouseAdd EVP_PKEY_supports_digest_nid()
2018-11-10 David WoodhouseHonour mandatory digest on private key in has_usable_cert()
2018-11-08 Matt CaswellGive a better error if an attempt is made to set a...
2018-11-08 Matt CaswellIgnore disabled ciphers when deciding if we are using ECC
2018-11-05 PauliFix return formatting.
2018-11-05 PauliCleanse the key log buffer.
2018-11-04 Benjamin KadukRestore sensible "sess_accept" counter tracking
2018-10-30 Matt CaswellDon't call the client_cert_cb immediately in TLSv1.3
2018-10-29 Richard Levittessl/statem: Don't compare size_t with less than zero
2018-10-29 Richard LevitteAdd automatic initializations support for EVP_MAC objects
2018-10-26 Matt CaswellProperly handle duplicated messages from the next epoch
2018-10-19 Matt CaswellBuffer a ClientHello with a cookie received via DTLSv1_...
2018-10-19 Matt CaswellUse the read and write buffers in DTLSv1_listen()
2018-10-19 Matt CaswellFix a DTLS memory leak
2018-10-18 armfazhFix tls_cbc_digest_record is slow using SHA-384 and...
2018-10-17 Mansour AhmadiAdd a missing check on s->s3->tmp.pkey
2018-10-12 Andy Polyakovssl/s3_enc.c: fix logical errors in ssl3_final_finish_mac.
2018-10-03 Richard LevitteRemove SSL_version_str
2018-09-25 Matt CaswellFix no-psk
2018-09-24 Bernd EdlingerReduce stack usage in tls13_hkdf_expand
2018-09-21 Matt CaswellFix the max psk len for TLSv1.3
2018-09-21 Matt CaswellDelay setting the sig algs until after the cert_cb...
2018-09-19 Benjamin KadukReset TLS 1.3 ciphers in SSL_CTX_set_ssl_version()
2018-09-18 Dr. Matthias St... ssl/ssl_ciph.c: make set_ciphersuites static
2018-09-12 Bernd EdlingerFix a possible recursion in SSLfatal handling
2018-09-11 Matt CaswellUpdate copyright year
2018-09-07 Matt CaswellDo not reset SNI data in SSL_do_handshake()
2018-09-07 Ben KadukSimplify SSL_get_servername() to avoid session references
2018-09-07 Ben KadukRestore historical SSL_get_servername() behavior
2018-09-07 Matt CaswellEnsure certificate callbacks work correctly in TLSv1.3
2018-09-07 Matt CaswellProcess KeyUpdate and NewSessionTicket messages after...
2018-09-04 Shane Lontiskey zeroization fix for a branch path of tls13_final_fi...
2018-09-04 Matt CaswellDon't use an RSA-PSS cert for RSA key exchange
2018-09-04 Matt CaswellSend a NewSessionTicket after using an external PSK
2018-09-04 Matt CaswellIgnore EPIPE when sending NewSessionTickets in TLSv1.3
2018-09-03 Richard LevitteRename SSL[_CTX]_add1_CA_list -> SSL[_CTX]_add1_to_CA_list
2018-09-01 Erik ForsbergFix ssl/t1_trce.c to parse certificate chains
2018-08-30 Matt CaswellFix a mem leak on error in the PSK code
2018-08-22 Matt CaswellDon't detect a downgrade where the server has a protoco...
2018-08-22 Matt CaswellUse the same min-max version range on the client consis...
2018-08-22 Tomas MrazAllow TLS-1.3 ciphersuites in @SECLEVEL=3 and above
2018-08-20 Matt CaswellAdd support for SSL_CTX_set_post_handshake_auth()
2018-08-20 Matt CaswellChange Post Handshake auth so that it is opt-in
2018-08-15 Matt CaswellTurn on TLSv1.3 downgrade protection by default
2018-08-15 Matt CaswellUpdate code for the final RFC version of TLSv1.3 (RFC8446)
2018-08-14 Dmitry YakovlevMove SSL_DEBUG md fprintf after assignment
2018-08-09 Matt CaswellImprove fallback protection
2018-08-08 Matt CaswellTolerate encrypted or plaintext alerts
2018-08-08 Matt CaswellEnsure that we write out alerts correctly after early_data
2018-08-08 Matt CaswellFix a missing call to SSLfatal
2018-08-07 Rich SalzFix setting of ssl_strings_inited.
2018-08-07 Andy Polyakovssl/*: switch to switch to Thread-Sanitizer-friendly...
2018-08-07 Andy PolyakovHarmonize use of sk_TYPE_find's return value.
2018-08-06 Matt CaswellEnsure we send an alert on error when processing a...
2018-07-31 Matt CaswellFix some TLSv1.3 alert issues
2018-07-26 Benjamin KadukImprove backwards compat for SSL_get_servername()
2018-07-20 Benjamin KadukAdd TODO comment for a nonsensical public API
2018-07-20 Benjamin KadukNormalize SNI hostname handling for SSL and SSL_SESSION
2018-07-20 Benjamin Kadukconst-ify some input SSL * arguments
2018-07-20 Matt CaswellValidate legacy_version
2018-07-19 Matt CaswellDon't skip over early_data if we sent an HRR
2018-07-18 Matt CaswellCheck that the public key OID matches the sig alg
2018-07-17 Matt CaswellFix no-psk
2018-07-17 Matt CaswellAlways issue new tickets when using TLSv1.3 stateful...
2018-07-17 Matt CaswellDon't remove sessions from the cache during PHA in...
2018-07-13 Matt CaswellAs a server don't select TLSv1.3 if we're not capable...
2018-07-13 Matt CaswellUse ssl_version_supported() when choosing server version
2018-07-13 Matt CaswellDo not use GOST sig algs in TLSv1.3 where possible
2018-07-06 Matt CaswellIntroduce the recv_max_early_data setting
2018-07-03 Matt CaswellRemove TLSv1.3 tickets from the client cache as we...
2018-07-03 Matt CaswellRestore behaviour from commit 36ff232cf that was incorr...
2018-07-02 Matt CaswellAdd the ability to configure anti-replay via SSL_CONF
next