aboutsummaryrefslogtreecommitdiff
path: root/openssl/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Revert "Use AsRef for backwards compatibility with passing IV as Vec"Steven Fackler2015-11-161-5/+4
| | | | This reverts commit d2d20a83778b7c363322997332bf1ff5deef92d5.
* Provide public_decrypt, private_encrypt for PKEYThom May2015-10-281-12/+115
|
* Better debug implsSteven Fackler2015-10-261-3/+7
|
* Get nonblocking tests working on OSX/WindowsAlex Crichton2015-10-222-120/+189
|
* Nonblocking streams support.Jamie Turner2015-10-203-2/+405
|
* Release v0.6.7Steven Fackler2015-10-141-1/+1
|
* Revert "Merge pull request #280 from ltratt/libressl_build"Steven Fackler2015-10-142-3/+4
| | | | | This reverts commit aad933e5077b2c73e1f05d7314e442531a562bcf, reversing changes made to 60ee731408facdc8e3dfc000fdee2f1291fad664.
* Merge pull request #286 from jedisct1/use_certificate_chainSteven Fackler2015-10-131-0/+10
|\ | | | | Add set_certificate_chain_file()
| * Add set_certificate_chain_file()Frank Denis2015-10-121-0/+10
| | | | | | | | | | | | | | | | SSL_CTX_use_certificate_chain_file() is preferred over SSL_CTX_use_certificate_file(). It allows the use of complete certificate chains instead of loading only the first certificate in a PEM file.
* | Merge pull request #284 from bheart/cfb-modeSteven Fackler2015-10-122-1/+80
|\ \ | |/ |/| AES CFB-mode feature
| * AES CFB{1,8,128} mode supportWill Tange2015-10-112-1/+80
| |
* | Merge pull request #280 from ltratt/libressl_buildSteven Fackler2015-10-102-4/+3
|\ \ | | | | | | Fix build on LibreSSL.
| * | Fix build on LibreSSL.Laurence Tratt2015-10-032-4/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | LibreSSL has deprecated SSLv3_method, so this commit makes that a compile-time feature. It also removes a test referencing SSL_OP_CISCO_ANYCONNECT, as the LibreSSL header says it is amongst "Obsolete flags kept for compatibility. No sane code should use them."
* | | Merge pull request #277 from nixpulvis/read_public_pemSteven Fackler2015-10-101-0/+26
|\ \ \ | |_|/ |/| | Add public key PEM read function.
| * | Add public key PEM read function.Nathan Lilienthal2015-10-011-0/+26
| | |
* | | Release v0.6.6Steven Fackler2015-10-051-1/+1
| |/ |/|
* | Update documentation about SSLv23John Downey2015-10-021-1/+2
|/ | | | | | | In OpenSSL world, the SSLv23 option is a poorly name method that will negotiate what version of TLS or SSL to use. It starts with the best version the library supports and then precedes to keep trying all the way down to SSL 2.0.
* Add an ecdh_auto descriptionFrank Denis2015-09-251-0/+4
|
* Add SSL::set_ecdh_auto()Frank Denis2015-09-251-0/+8
| | | | | This sets automatic curve selection and enables ECDH support. Requires LibreSSL or OpenSSL >= 1.0.2, so behind a feature gate.
* Enable testing on Windows via AppVeyorAlex Crichton2015-09-222-57/+164
| | | | | | | This abolishes the test.sh script which spawns a bunch of `openssl` instances to instead run/manage the binary in-process (providing more isolation to boot). The tests have been updated accordingly and the `connected_socket` dependency was also dropped in favor of `net2` as it the former doesn't work on Windows.
* Merge pull request #266 from jmesmon/alpnSteven Fackler2015-09-162-5/+51
|\ | | | | ssl/npn+alpn: adjust protocol selection to fail if no protocols match
| * ssl/alpn: test mismatch between protocols resulting in NoneCody P Schafer2015-09-161-0/+43
| |
| * ssl/npn+alpn: adjust protocol selection to fail if no protocols matchCody P Schafer2015-09-011-2/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The current behavior causes a server written using rust-openssl to (if it cannot negotiate a protocol) fallback to the first protocol it has avaliable. This makes it impossible to detect protocol mismatches. This updates our selection to be more similar to how openssl's s_server behaves: non-matching protocols are not supplied with a fallback. Note that some setups may actually want a fallback protocol supplied via ALPN. To support those cases, we should consider adding a generic callback that allows protocol selection to be entirely controlled by the programmer. For the purposes of having a sane default, however, not supplying a default (and mimicing s_server's behavior) is the best choice.
| * openssl/ssl: fix some of the comment text where I missed replacing NPN with ALPNCody P Schafer2015-09-011-3/+3
| |
* | Merge pull request #261 from jedisct1/try_ssl_nullSteven Fackler2015-09-162-28/+7
|\ \ | | | | | | Use try_ssl_null!() when relevant
| * | Use try_ssl_null!() when relevantFrank Denis2015-09-132-28/+7
| | |
* | | Add DH::from_pem() to load DH parameters from a fileFrank Denis2015-09-131-1/+27
|/ /
* | Merge pull request #270 from mvdnes/crypto_segvSteven Fackler2015-09-111-7/+67
|\ \ | | | | | | Check if public/private RSA key is properly loaded
| * | Fix one call to RSA_size found by testsMathijs van de Nes2015-09-111-1/+1
| | |
| * | Add tests to ensure a panic occurs instead of segvMathijs van de Nes2015-09-111-0/+32
| | |
| * | Check rsa.is_null() before passing it to RSA_sizeMathijs van de Nes2015-09-101-1/+22
| | | | | | | | | | | | RSA_size will cause an segmentation fault if it is null
| * | Check _fromstr function for successMathijs van de Nes2015-09-101-6/+13
| |/
* / Make the docs say that load_pub/save_pub methods take DER bytesAlex Gaynor2015-09-091-2/+2
|/
* Merge pull request #259 from jedisct1/dhSteven Fackler2015-09-014-2/+107
|\ | | | | Add support for DHE for forward secrecy
| * Add support for set_tmp_dh() and RFC5114 DH parameters for forward secrecy.Frank Denis2015-08-314-2/+107
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | rust-openssl didn't support forward secrecy at all. This adds support for DHE, by exposing set_tmp_dh() as well as the RFC5114 parameters, which are conveniently exposed since OpenSSL 1.0.2. With OpenSSL >= 1.0.2, and the rfc5114 feature gate, enabling DHE is as simple as (here for 2048-bit MODP group with 256-bit prime order subgroup): use openssl::dh::DH; let dh = DH::get_2048_256().unwrap(); ctx.set_tmp_dh(dh).unwrap(); With OpenSSL < 1.0.2, DH::from_params() can be used to manually specify the DH parameters (here for 2048-bit MODP group with 256-bit prime order subgroup): use openssl::bn::BigNum; use openssl::dh::DH; let p = BigNum::from_hex_str("87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F25D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA3016C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0EF13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D967E144E5140564251CCACB83E6B486F6B3CA3F7971506026C0B857F689962856DED4010ABD0BE621C3A3960A54E710C375F26375D7014103A4B54330C198AF126116D2276E11715F693877FAD7EF09CADB094AE91E1A1597").unwrap(); let g = BigNum::from_hex_str("3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF205407F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC831D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6184B523D1DB246C32F63078490F00EF8D647D148D47954515E2327CFEF98C582664B4C0F6CC41659").unwrap(); let q = BigNum::from_hex_str("8CF83642A709A097B447997640129DA299B1A47D1EB3750BA308B0FE64F5FBD3").unwrap(); let dh = DH::from_params(p, g, q).unwrap(); ctx.set_tmp_dh(dh).unwrap();
* | Release v0.6.5Steven Fackler2015-08-311-1/+1
|/
* Merge pull request #251 from ebarnard/evp_bytestokeySteven Fackler2015-08-234-23/+138
|\ | | | | Expose EVP_BytesToKey
| * Expose EVP_BytesToKeyEdward Barnard2015-08-234-23/+138
| | | | | | | | | | This is based on work by pyrho. Closes #88
* | Merge pull request #253 from manuels/masterSteven Fackler2015-08-192-0/+35
|\ \ | | | | | | Add get_state_string()
| * | Add get_state_string()Manuel Schölling2015-08-172-0/+35
| | |
* | | Merge pull request #240 from jethrogb/topic/x509_req_extensionSteven Fackler2015-08-152-9/+33
|\ \ \ | |/ / |/| | Implement certificate extensions for certificate requests
| * | Implement certificate extensions for certificate requestsJethro Beekman2015-07-082-9/+33
| | |
* | | Grab errno for directstream want errorsSteven Fackler2015-08-101-7/+2
| | |
* | | Handle WantWrite and WantRead errorsSteven Fackler2015-08-081-0/+8
| |/ |/|
* | Merge pull request #243 from manuels/masterSteven Fackler2015-08-022-2/+41
|\ \ | | | | | | Fix probelms with DTLS when no packets are pending.
| * | Fix probelms with DTLS when no packets are pending.Manuel Schölling2015-07-182-2/+41
| |/ | | | | | | | | | | | | | | | | | | | | When using DTLS you might run into the situation where no packets are pending, so SSL_read returns len=0. On a TLS connection this means that the connection was closed, but on DTLS it does not (a DTLS connection cannot be closed in the usual sense). This commit fixes a bug introduced by c8d23f3. Conflicts: openssl/src/ssl/mod.rs
* | Merge pull request #242 from awelkie/masterSteven Fackler2015-08-021-11/+16
|\ \ | | | | | | Added AES CTR-mode under feature flag.
| * | Added AES CTR-mode under feature flag.Allen Welkie2015-07-151-11/+16
| |/
* | Expose ssl::initpanicbit2015-07-261-1/+3
| |
* | Add function to write RSA public key as PEMAndrew Dunham2015-07-231-0/+32
|/
generated by cgit v1.2.3 (git 2.25.1) at 2026-03-14 10:53:39 +0000