kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
559f0644a5
boringssl/ssl
History
Alessandro Ghedini 559f0644a5 Support setting per-connection OCSP staple 
Right now the only way to set an OCSP response is SSL_CTX_set_ocsp_response
however this assumes that all the SSLs generated from a SSL_CTX share the
same OCSP response, which is wrong.

This is similar to the OpenSSL "function" SSL_get_tlsext_status_ocsp_resp,
the main difference being that this doesn't take ownership of the OCSP buffer.

In order to avoid memory duplication in case SSL_CTX has its own response,
a CRYPTO_BUFFER is used for both SSL_CTX and SSL.

Change-Id: I3a0697f82b805ac42a22be9b6bb596aa0b530025
Reviewed-on: https://boringssl-review.googlesource.com/12660
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-12-08 20:29:43 +00:00
..
test Support setting per-connection OCSP staple 2016-12-08 20:29:43 +00:00
CMakeLists.txt Add TLS 1.3 1-RTT. 2016-07-18 09:54:46 +00:00
custom_extensions.c Pass explicit hs parameters into custom_extensions.c. 2016-12-06 19:49:36 +00:00
d1_both.c Replace hash_current_message with get_current_message. 2016-11-15 06:52:10 +00:00
d1_lib.c Move a few more functions into *_method.c. 2016-12-08 16:29:19 +00:00
d1_pkt.c Expose SSL_max_seal_overhead. 2016-11-09 16:51:46 +00:00
d1_srtp.c Fix ssl_ctx_make_profiles error handling. 2016-09-27 13:27:06 +00:00
dtls_method.c Move a few more functions into *_method.c. 2016-12-08 16:29:19 +00:00
dtls_record.c Take the version parameter out of ssl_do_msg_callback. 2016-09-21 18:55:27 +00:00
handshake_client.c Move client_version into SSL_HANDSHAKE. 2016-12-08 16:39:52 +00:00
handshake_server.c Support setting per-connection OCSP staple 2016-12-08 20:29:43 +00:00
internal.h Move client_version into SSL_HANDSHAKE. 2016-12-08 16:39:52 +00:00
s3_both.c Match state machine functions with new calling convention. 2016-12-06 19:36:45 +00:00
s3_enc.c Move key_block into SSL_HANDSHAKE. 2016-11-09 17:02:33 +00:00
s3_lib.c Move a few more functions into *_method.c. 2016-12-08 16:29:19 +00:00
s3_pkt.c Expose SSL_max_seal_overhead. 2016-11-09 16:51:46 +00:00
ssl_aead_ctx.c Validate input iv/mac sizes in SSL_AEAD_CTX_new. 2016-10-28 21:25:35 +00:00
ssl_asn1.c Revise some integer sizes. 2016-12-08 16:48:44 +00:00
ssl_buffer.c Add SSL_is_dtls. 2016-08-02 20:43:58 +00:00
ssl_cert.c Make more functions static. 2016-12-08 16:29:58 +00:00
ssl_cipher.c Trim ssl_create_cipher_list slightly. 2016-11-03 22:19:53 +00:00
ssl_ecdh.c Implement SSL_CTX_set1_curves_list() 2016-09-30 00:45:19 +00:00
ssl_file.c Check for sk_X509_NAME_push failures. 2016-09-27 13:18:37 +00:00
ssl_lib.c Support setting per-connection OCSP staple 2016-12-08 20:29:43 +00:00
ssl_rsa.c Rename X.509 members in |SSL_SESSION| and |CERT|. 2016-11-09 20:07:57 +00:00
ssl_session.c Revise some integer sizes. 2016-12-08 16:48:44 +00:00
ssl_stat.c Add the certificate_required alert. 2016-10-10 15:48:06 +00:00
ssl_test.cc Fix SSL_clear's interaction with session resumption. 2016-12-08 16:57:57 +00:00
t1_enc.c Pass explicit hs parameters into t1_enc.c. 2016-12-06 19:49:46 +00:00
t1_lib.c Support setting per-connection OCSP staple 2016-12-08 20:29:43 +00:00
tls13_both.c Support setting per-connection OCSP staple 2016-12-08 20:29:43 +00:00
tls13_client.c Pass explicit parameters elsewhere. 2016-12-06 19:54:58 +00:00
tls13_enc.c Pass explicit hs parameters to tls13_*.c. 2016-12-06 19:49:24 +00:00
tls13_server.c Typedef ssl_early_callback_ctx to SSL_CLIENT_HELLO. 2016-12-07 19:52:11 +00:00
tls_method.c Move a few more functions into *_method.c. 2016-12-08 16:29:19 +00:00
tls_record.c Skipping early data on 0RTT rejection. 2016-12-01 20:16:08 +00:00