kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
34de91e377
boringssl/ssl
History
David Benjamin 34de91e377 Revise server-side ECDSA certificate checks. 
This is in preparation for simplifying tls1_check_group_id, called by
tls1_check_ec_cert, which, in turn, is in preparation for moving the
peer group list to SSL_HANDSHAKE.

It also helps with bug #55. Move the key usage check to the certificate
configuration sanity check. There's no sense in doing it late. Also
remove the ECDSA peer curve check as we configure certificates
externally. With only one certificate, there's no sense in trying to
remove it.

BUG=55

Change-Id: I8c116337770d96cc9cfd4b4f0ca7939a4f05a1a9
Reviewed-on: https://boringssl-review.googlesource.com/11524
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-10-09 17:04:41 +00:00
..
test Move some fields from tmp to hs. 2016-10-09 16:47:31 +00:00
CMakeLists.txt Add TLS 1.3 1-RTT. 2016-07-18 09:54:46 +00:00
custom_extensions.c Move extensions bitmasks into SSL_HANDSHAKE. 2016-10-09 16:48:52 +00:00
d1_both.c Take the version parameter out of ssl_do_msg_callback. 2016-09-21 18:55:27 +00:00
d1_lib.c Remove RC4 from TLS for real. 2016-09-16 03:06:36 +00:00
d1_pkt.c Take the version parameter out of ssl_do_msg_callback. 2016-09-21 18:55:27 +00:00
d1_srtp.c Fix ssl_ctx_make_profiles error handling. 2016-09-27 13:27:06 +00:00
dtls_method.c Don't return invalid versions in version_from_wire. 2016-09-21 19:51:45 +00:00
dtls_record.c Take the version parameter out of ssl_do_msg_callback. 2016-09-21 18:55:27 +00:00
handshake_client.c Move next_proto_neg_seen into SSL_HANDSHAKE. 2016-10-09 16:50:13 +00:00
handshake_server.c Move next_proto_neg_seen into SSL_HANDSHAKE. 2016-10-09 16:50:13 +00:00
internal.h Move next_proto_neg_seen into SSL_HANDSHAKE. 2016-10-09 16:50:13 +00:00
s3_both.c Move some fields from tmp to hs. 2016-10-09 16:47:31 +00:00
s3_enc.c Splitting SSL session state. 2016-07-29 21:22:46 +00:00
s3_lib.c Move some fields from tmp to hs. 2016-10-09 16:47:31 +00:00
s3_pkt.c Take the version parameter out of ssl_do_msg_callback. 2016-09-21 18:55:27 +00:00
ssl_aead_ctx.c Use C99 for size_t loops. 2016-09-12 19:44:24 +00:00
ssl_asn1.c Updating NewSessionTicket message and updating PSK to Draft 15. 2016-10-06 14:36:12 +00:00
ssl_buffer.c Add SSL_is_dtls. 2016-08-02 20:43:58 +00:00
ssl_cert.c Move some fields from tmp to hs. 2016-10-09 16:47:31 +00:00
ssl_cipher.c Add GENERIC selector for TLS 1.3 AEAD-only cipher suites. 2016-10-06 19:37:40 +00:00
ssl_ecdh.c Implement SSL_CTX_set1_curves_list() 2016-09-30 00:45:19 +00:00
ssl_file.c Check for sk_X509_NAME_push failures. 2016-09-27 13:18:37 +00:00
ssl_lib.c Revise server-side ECDSA certificate checks. 2016-10-09 17:04:41 +00:00
ssl_rsa.c Revise server-side ECDSA certificate checks. 2016-10-09 17:04:41 +00:00
ssl_session.c Updating NewSessionTicket message and updating PSK to Draft 15. 2016-10-06 14:36:12 +00:00
ssl_stat.c Factor out the client_cert_cb code. 2016-07-20 09:25:52 +00:00
ssl_test.cc Add GENERIC selector for TLS 1.3 AEAD-only cipher suites. 2016-10-06 19:37:40 +00:00
t1_enc.c Splitting SSL session state. 2016-07-29 21:22:46 +00:00
t1_lib.c Move next_proto_neg_seen into SSL_HANDSHAKE. 2016-10-09 16:50:13 +00:00
tls13_both.c Implement BORINGSSL_UNSAFE_FUZZER_MODE for TLS 1.3. 2016-08-19 19:11:34 +00:00
tls13_client.c Move some fields from tmp to hs. 2016-10-09 16:47:31 +00:00
tls13_enc.c const-correct a variable. 2016-09-06 18:19:37 +00:00
tls13_server.c Move some fields from tmp to hs. 2016-10-09 16:47:31 +00:00
tls_method.c Moving TLS 1.3 version negotiation into extension. 2016-09-27 20:12:22 +00:00
tls_record.c Take the version parameter out of ssl_do_msg_callback. 2016-09-21 18:55:27 +00:00