kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
6c7aed048c
boringssl/ssl
History
David Benjamin 6c7aed048c Client-side OCSP stapling support. 
Remove the old implementation which was excessively general. This mirrors the
SCT support and adds a single boolean flag to request an OCSP response with no
responder IDs, extensions, or frills. The response, if received, is stored on
the SSL_SESSION so that it is available for (re)validation on session
resumption; Chromium revalidates the saved auth parameters on resume.

Server support is unimplemented for now. This API will also need to be adjusted
in the future if we implement RFC 6961.

Change-Id: I533c029b7f7ea622d814d05f934fdace2da85cb1
Reviewed-on: https://boringssl-review.googlesource.com/1671
Reviewed-by: Adam Langley <agl@google.com>
2014-08-29 00:39:33 +00:00
..
pqueue Convert all zero-argument functions to '(void)' 2014-08-21 01:06:07 +00:00
test Test client auth under TLS 1.2 hash mismatch and SSL 3. 2014-08-29 00:23:50 +00:00
CMakeLists.txt Add visibility rules. 2014-07-31 22:03:11 +00:00
d1_both.c Introduce a hash_message parameter to ssl_get_message. 2014-08-27 01:54:50 +00:00
d1_clnt.c Client-side OCSP stapling support. 2014-08-29 00:39:33 +00:00
d1_enc.c Remove crypto/comp and SSL_COMP support code. 2014-06-24 17:22:06 +00:00
d1_lib.c Remove SSL_OP_CISCO_ANYCONNECT. 2014-08-18 17:57:01 +00:00
d1_meth.c Inital import. 2014-06-20 13:17:32 -07:00
d1_pkt.c Remove SSL_OP_CISCO_ANYCONNECT. 2014-08-18 17:57:01 +00:00
d1_srtp.c Fix typo in DTLS-SRTP extension parsing. 2014-07-18 00:52:51 +00:00
d1_srvr.c Client-side OCSP stapling support. 2014-08-29 00:39:33 +00:00
s3_both.c unifdef a bunch of OPENSSL_NO_* ifdefs. 2014-08-28 00:41:34 +00:00
s3_cbc.c Remove OPENSSL_NO_SHA512 2014-08-04 20:13:54 +00:00
s3_clnt.c Client-side OCSP stapling support. 2014-08-29 00:39:33 +00:00
s3_enc.c unifdef a bunch of OPENSSL_NO_* ifdefs. 2014-08-28 00:41:34 +00:00
s3_lib.c Client-side OCSP stapling support. 2014-08-29 00:39:33 +00:00
s3_meth.c Inital import. 2014-06-20 13:17:32 -07:00
s3_pkt.c Revise hash management for reading the Finished message. 2014-08-27 01:55:17 +00:00
s3_srvr.c Client-side OCSP stapling support. 2014-08-29 00:39:33 +00:00
s23_clnt.c unifdef a bunch of OPENSSL_NO_* ifdefs. 2014-08-28 00:41:34 +00:00
s23_lib.c Remove default_timeout hook. 2014-08-18 17:25:20 +00:00
s23_meth.c unifdef a bunch of OPENSSL_NO_* ifdefs. 2014-08-28 00:41:34 +00:00
s23_pkt.c Inital import. 2014-06-20 13:17:32 -07:00
s23_srvr.c Remove Suite B mode. 2014-08-14 22:00:16 +00:00
ssl_algs.c Inital import. 2014-06-20 13:17:32 -07:00
ssl_asn1.c Client-side OCSP stapling support. 2014-08-29 00:39:33 +00:00
ssl_cert.c unifdef a bunch of OPENSSL_NO_* ifdefs. 2014-08-28 00:41:34 +00:00
ssl_ciph.c unifdef a bunch of OPENSSL_NO_* ifdefs. 2014-08-28 00:41:34 +00:00
ssl_error.c Refactor server-side CertificateVerify handling. 2014-08-27 01:55:27 +00:00
ssl_lib.c Client-side OCSP stapling support. 2014-08-29 00:39:33 +00:00
ssl_locl.h Client-side OCSP stapling support. 2014-08-29 00:39:33 +00:00
ssl_rsa.c Prune removed key types from SSL_PKEY_*. 2014-08-20 02:15:32 +00:00
ssl_sess.c Client-side OCSP stapling support. 2014-08-29 00:39:33 +00:00
ssl_stat.c unifdef a bunch of OPENSSL_NO_* ifdefs. 2014-08-28 00:41:34 +00:00
ssl_test.c Convert all zero-argument functions to '(void)' 2014-08-21 01:06:07 +00:00
ssl_txt.c Remove SSL_OP_CISCO_ANYCONNECT. 2014-08-18 17:57:01 +00:00
t1_clnt.c Inital import. 2014-06-20 13:17:32 -07:00
t1_enc.c unifdef a bunch of OPENSSL_NO_* ifdefs. 2014-08-28 00:41:34 +00:00
t1_lib.c Client-side OCSP stapling support. 2014-08-29 00:39:33 +00:00
t1_meth.c Inital import. 2014-06-20 13:17:32 -07:00
t1_reneg.c Port ssl3_get_client_hello to CBS. 2014-07-15 18:30:09 +00:00
t1_srvr.c Inital import. 2014-06-20 13:17:32 -07:00