aboutsummaryrefslogtreecommitdiff
path: root/openssl/src
Commit message (Collapse)AuthorAgeFilesLines
* openssl/ssl: fix some of the comment text where I missed replacing NPN with ALPNCody P Schafer2015-09-011-3/+3
|
* Merge pull request #259 from jedisct1/dhSteven Fackler2015-09-014-2/+107
|\ | | | | Add support for DHE for forward secrecy
| * Add support for set_tmp_dh() and RFC5114 DH parameters for forward secrecy.Frank Denis2015-08-314-2/+107
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | rust-openssl didn't support forward secrecy at all. This adds support for DHE, by exposing set_tmp_dh() as well as the RFC5114 parameters, which are conveniently exposed since OpenSSL 1.0.2. With OpenSSL >= 1.0.2, and the rfc5114 feature gate, enabling DHE is as simple as (here for 2048-bit MODP group with 256-bit prime order subgroup): use openssl::dh::DH; let dh = DH::get_2048_256().unwrap(); ctx.set_tmp_dh(dh).unwrap(); With OpenSSL < 1.0.2, DH::from_params() can be used to manually specify the DH parameters (here for 2048-bit MODP group with 256-bit prime order subgroup): use openssl::bn::BigNum; use openssl::dh::DH; let p = BigNum::from_hex_str("87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F25D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA3016C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0EF13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D967E144E5140564251CCACB83E6B486F6B3CA3F7971506026C0B857F689962856DED4010ABD0BE621C3A3960A54E710C375F26375D7014103A4B54330C198AF126116D2276E11715F693877FAD7EF09CADB094AE91E1A1597").unwrap(); let g = BigNum::from_hex_str("3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF205407F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC831D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6184B523D1DB246C32F63078490F00EF8D647D148D47954515E2327CFEF98C582664B4C0F6CC41659").unwrap(); let q = BigNum::from_hex_str("8CF83642A709A097B447997640129DA299B1A47D1EB3750BA308B0FE64F5FBD3").unwrap(); let dh = DH::from_params(p, g, q).unwrap(); ctx.set_tmp_dh(dh).unwrap();
* | Release v0.6.5Steven Fackler2015-08-311-1/+1
|/
* Merge pull request #251 from ebarnard/evp_bytestokeySteven Fackler2015-08-234-23/+138
|\ | | | | Expose EVP_BytesToKey
| * Expose EVP_BytesToKeyEdward Barnard2015-08-234-23/+138
| | | | | | | | | | This is based on work by pyrho. Closes #88
* | Merge pull request #253 from manuels/masterSteven Fackler2015-08-192-0/+35
|\ \ | | | | | | Add get_state_string()
| * | Add get_state_string()Manuel Schölling2015-08-172-0/+35
| | |
* | | Merge pull request #240 from jethrogb/topic/x509_req_extensionSteven Fackler2015-08-152-9/+33
|\ \ \ | |/ / |/| | Implement certificate extensions for certificate requests
| * | Implement certificate extensions for certificate requestsJethro Beekman2015-07-082-9/+33
| | |
* | | Grab errno for directstream want errorsSteven Fackler2015-08-101-7/+2
| | |
* | | Handle WantWrite and WantRead errorsSteven Fackler2015-08-081-0/+8
| |/ |/|
* | Merge pull request #243 from manuels/masterSteven Fackler2015-08-022-2/+41
|\ \ | | | | | | Fix probelms with DTLS when no packets are pending.
| * | Fix probelms with DTLS when no packets are pending.Manuel Schölling2015-07-182-2/+41
| |/ | | | | | | | | | | | | | | | | | | | | When using DTLS you might run into the situation where no packets are pending, so SSL_read returns len=0. On a TLS connection this means that the connection was closed, but on DTLS it does not (a DTLS connection cannot be closed in the usual sense). This commit fixes a bug introduced by c8d23f3. Conflicts: openssl/src/ssl/mod.rs
* | Merge pull request #242 from awelkie/masterSteven Fackler2015-08-021-11/+16
|\ \ | | | | | | Added AES CTR-mode under feature flag.
| * | Added AES CTR-mode under feature flag.Allen Welkie2015-07-151-11/+16
| |/
* | Expose ssl::initpanicbit2015-07-261-1/+3
| |
* | Add function to write RSA public key as PEMAndrew Dunham2015-07-231-0/+32
|/
* Add missing C-string conversion, fixing recent build errorsJethro Beekman2015-07-081-3/+6
|
* Merge pull request #227 from jethrogb/topic/x509_nameSteven Fackler2015-07-082-7/+47
|\ | | | | Allow setting of arbitrary X509 names
| * Fix/add more X509generator testsJethro Beekman2015-07-082-4/+6
| |
| * Add X509generator.add_names methodJethro Beekman2015-07-081-0/+11
| |
| * Add public add_name method to X509GeneratorJethro Beekman2015-07-081-3/+16
| |
| * Replace CN field by names vectorJethro Beekman2015-07-081-4/+18
| |
* | Merge pull request #221 from jethrogb/topic/ssl_optionsSteven Fackler2015-07-081-29/+46
|\ \ | |/ |/| Several SSL option fixes
| * Decouple C SSL Option bit flags from Rust versionJethro Beekman2015-07-011-29/+46
| | | | | | | | | | | | | | The OpenSSL "SSL_OP_*" flags are in constant flux between different OpenSSL versions. To avoid having to change the Rust definitions, we implement our own numbering system in Rust, and use an automatically-generated C shim to convert the bitflags at runtime.
* | Merge pull request #233 from jethrogb/topic/x509_extensionSteven Fackler2015-07-084-122/+289
|\ \ | | | | | | Allow setting of arbitrary X509 extensions
| * | tabs to spacesJethro Beekman2015-07-011-76/+76
| | |
| * | Add documentation on X509 ExtensionsJethro Beekman2015-07-011-0/+42
| | |
| * | Add Issuer Alternative Name extensionJethro Beekman2015-07-011-0/+5
| | |
| * | Add Subject Alternate Name extensionJethro Beekman2015-07-012-1/+35
| | |
| * | Add arbitrary X509 extensions by OID stringJethro Beekman2015-07-013-15/+35
| | |
| * | Add arbitrary X509 extensions by NIDJethro Beekman2015-07-012-2/+8
| | |
| * | Add public generic extension interface to X509GeneratorJethro Beekman2015-07-012-13/+49
| | | | | | | | | | | | | | | | | | * Add add_extension and add_extensions functions * Deprecate set_usage and set_ext_usage * Change test to use add_extension
| * | Implement arbitrary X509 Extended Key Usage valuesJethro Beekman2015-07-012-3/+6
| | |
| * | Implement "extensions" field in X509generator, and change existing ↵Jethro Beekman2015-07-013-25/+53
| | | | | | | | | | | | extensions to use that
| * | Turn assertions into unwraps such that tests provide useful output on panic.Jethro Beekman2015-07-011-7/+3
| | |
| * | Turn "dirty hack" into slightly less dirty hack, with potential to become ↵Jethro Beekman2015-07-011-18/+10
| | | | | | | | | | | | non-dirty
| * | Move X509 extensions to seperate module, implement ToString instead of ↵Jethro Beekman2015-07-012-70/+75
| |/ | | | | | | custom AsStr
* / Release v0.6.4Steven Fackler2015-07-061-1/+1
|/
* Add a test that checks whether 3 known subject attributes can be retrieved ↵Jethro Beekman2015-06-301-0/+29
| | | | by NID
* Fix NID definitions to match OpenSSL. The previous numbers were introduced ↵Jethro Beekman2015-06-301-2/+5
| | | | incorrectly in #213
* Fix backcompat methodSteven Fackler2015-06-291-1/+1
|
* Fix build with alpn featureSteven Fackler2015-06-292-3/+3
|
* ssl: support ALPNCody P Schafer2015-06-292-15/+213
| | | | | | | | | | Heavily based on the existing NPN wrapping code. Naming of public functions is identical to the NPN ones with `s/npn/alpn/` applied to prevent devs from needing to remember 2 names (and to let my copy the npn tests and perform the subistution to generate the apln tests). It might make sense to (at some point) use macros or a trait to cut down the duplication.
* ssl/NPN: factor out encoding of the protocol listCody P Schafer2015-06-291-8/+19
| | | | | The intention is to allow the encoding to be reused by the ALPN support code.
* ssl: use a common helper to generate new ex data indexes, switch NPN to a ↵Cody P Schafer2015-06-291-33/+17
| | | | | | | | | | | lazyref Rather than having the verification data idx generation and NPN use there own (similar) impls to generate indexes with destructors, unify them. Make NPNs use of indexes more idomatic by storing the index in a lazyref rather than having a function with static data members.
* More docsSteven Fackler2015-06-281-0/+16
|
* Fix windows buildSteven Fackler2015-06-281-0/+2
|
* DocsSteven Fackler2015-06-281-18/+10
|
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-02 19:30:09 +0000