boringssl/ssl
David Benjamin 6a8d70c528 Trim tls1_check_chain and CERT_PKEY flags.
Many are now unused. Only two are currently considered in cipher selection:
CERT_PKEY_VALID and CERT_PKEY_SIGN. (As per previous commits, this is either
bizarre due to limited slots or redundant with ssl_early_callback_ctx. We can
probably prune this too.)

This also fixes a bug where DTLS 1.0 went through a TLS 1.2 codepath. As the
DTLS code is currently arranged, all version comparisons must be done via
macros like SSL_USE_SIGALGS. (Probably we should add functions to map from DTLS
to TLS versions and slowly move the library to using the TLS version as
in-memory representation.)

Change-Id: I89bcf5b7b9ea5cdecf54f4445156586377328fe0
Reviewed-on: https://boringssl-review.googlesource.com/2286
Reviewed-by: Adam Langley <agl@google.com>
2014-11-18 22:20:53 +00:00
..
pqueue Test insertion of duplicates in pqueue_test. 2014-11-06 01:46:57 +00:00
test Add DTLS-SRTP tests. 2014-11-18 22:16:53 +00:00
CMakeLists.txt Merge the get_ssl_method hooks between TLS and SSLv3. 2014-09-30 22:58:59 +00:00
d1_both.c Remove DTLSv1_listen. 2014-11-10 22:39:24 +00:00
d1_clnt.c Remove SSL3_FLAGS_POP_BUFFER. 2014-11-10 23:59:13 +00:00
d1_enc.c Remove KSSL_DEBUG. 2014-11-04 19:35:38 +00:00
d1_lib.c Remove DTLSv1_listen. 2014-11-10 22:39:24 +00:00
d1_meth.c Inital import. 2014-06-20 13:17:32 -07:00
d1_pkt.c Remove #if 0'd code documenting an old bug. 2014-11-10 22:45:17 +00:00
d1_srtp.c Add less dangerous versions of SRTP functions. 2014-10-27 21:58:09 +00:00
d1_srvr.c Remove psk_identity_hint from SSL_SESSION. 2014-11-10 23:59:47 +00:00
s3_both.c Remove remnant of MS SGC second ClientHello. 2014-11-04 00:25:13 +00:00
s3_cbc.c Add a few more constant-time utility functions. 2014-11-10 13:45:32 -08:00
s3_clnt.c Remove TLS strict mode. 2014-11-18 22:20:33 +00:00
s3_enc.c Extended master secret support. 2014-10-24 21:19:44 +00:00
s3_lib.c Remove SSL_get_peer_signature_nid and don't compute digests for peer_key. 2014-11-18 22:18:54 +00:00
s3_meth.c Merge the get_ssl_method hooks between TLS and SSLv3. 2014-09-30 22:58:59 +00:00
s3_pkt.c Remove support for processing fragmented alerts 2014-11-13 22:58:30 +00:00
s3_srvr.c Don't resume sessions if the negotiated version doesn't match. 2014-11-13 22:05:12 +00:00
s23_clnt.c Remove some remnants of SSLv2. 2014-11-17 20:27:13 +00:00
s23_lib.c Remove default_timeout hook. 2014-08-18 17:25:20 +00:00
s23_meth.c unifdef a bunch of OPENSSL_NO_* ifdefs. 2014-08-28 00:41:34 +00:00
s23_pkt.c Inital import. 2014-06-20 13:17:32 -07:00
s23_srvr.c Remove Suite B mode. 2014-08-14 22:00:16 +00:00
ssl_algs.c Remove indirection in loading ciphers. 2014-09-15 21:06:10 +00:00
ssl_asn1.c Remove psk_identity_hint from SSL_SESSION. 2014-11-10 23:59:47 +00:00
ssl_cert.c Remove CERT_PKEY_EXPLICIT_SIGN flag. 2014-11-18 22:19:06 +00:00
ssl_ciph.c Remove client-side support for ServerKeyExchange in the RSA key exchange. 2014-11-10 23:00:09 +00:00
ssl_error.c Remove support for processing fragmented alerts 2014-11-13 22:58:30 +00:00
ssl_lib.c Remove some remnants of SSLv2. 2014-11-17 20:27:13 +00:00
ssl_locl.h Trim tls1_check_chain and CERT_PKEY flags. 2014-11-18 22:20:53 +00:00
ssl_rsa.c Prune removed key types from SSL_PKEY_*. 2014-08-20 02:15:32 +00:00
ssl_sess.c Remove some remnants of SSLv2. 2014-11-17 20:27:13 +00:00
ssl_stat.c unifdef a bunch of OPENSSL_NO_* ifdefs. 2014-08-28 00:41:34 +00:00
ssl_test.c Remove psk_identity_hint from SSL_SESSION. 2014-11-10 23:59:47 +00:00
ssl_txt.c Remove some remnants of SSLv2. 2014-11-17 20:27:13 +00:00
t1_enc.c Remove KSSL_DEBUG. 2014-11-04 19:35:38 +00:00
t1_lib.c Trim tls1_check_chain and CERT_PKEY flags. 2014-11-18 22:20:53 +00:00
t1_reneg.c Port ssl3_get_client_hello to CBS. 2014-07-15 18:30:09 +00:00