aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fix maintainer mode flagslloyd2013-12-141-2/+2
|
* Add cpuid support for new x86 feature flags like AVX2 and RDSEEDlloyd2013-12-143-88/+118
|
* Make it possible to remove Boost dependency by disabling a few moduleslloyd2013-12-146-7/+18
| | | | (though including X.509 and TLS).
* Use -Werror only when --maintainer-mode is set as warnings will sneaklloyd2013-12-142-6/+9
| | | | | in on platforms/configs I don't test regularly, and that shouldn't break end-user builds.
* Add --cc-abi-flags option to configure.pylloyd2013-12-141-10/+12
|
* Add --write-hash-file to dist.py, producing a sha256sum filelloyd2013-12-121-9/+35
| | | | and clearsigning it, instead of signing the individual archives.
* Move OCB test to AEAD test framework. Disable Threefish benchmark.lloyd2013-12-114-33/+20
|
* Cleanupslloyd2013-12-101-38/+42
|
* Make SIMD_Scalar a templatelloyd2013-12-104-65/+73
|
* s/default_nonce_size/default_nonce_length/lloyd2013-12-1018-17/+29
|
* Add Threefish-512lloyd2013-12-1010-4/+315
|
* Have default TLS policy reject SSLv3. Add TLS::Policy::acceptable_ciphersuitelloyd2013-12-103-8/+20
| | | | | to allow either party to filter out specific ciphersuites they don't wish to support for whatever reason.
* Add simple config readerlloyd2013-12-103-11/+131
|
* Place BMW's expansion constant into a named variable as by C rules thelloyd2013-12-091-2/+4
| | | | | bare constant is signed meaning signed overflow could occur. Reported by Rian Hunter.
* Add key length multiplelloyd2013-12-052-5/+8
|
* Turn off asking for client cert in TLS server examplelloyd2013-12-051-2/+10
|
* Add SIVlloyd2013-12-0511-54/+452
|
* Support the normal names for CCM in TLS policy configlloyd2013-12-045-34/+33
|
* Better checklloyd2013-12-021-1/+1
|
* Add a check on API revisionslloyd2013-12-021-1/+4
|
* Python 3 fixlloyd2013-12-011-1/+1
|
* First pass at automatic OCSP checkslloyd2013-11-298-60/+112
|
* Remove timeout from HTTPlloyd2013-11-292-23/+16
|
* Disable RC4 in TLS by defaultlloyd2013-11-293-3/+5
|
* Move OCSP to x509 subdir as they are quite entangledlloyd2013-11-296-8/+1
|
* Split chain creation and checkinglloyd2013-11-292-87/+104
|
* Have OCSP responses return an enum allowing a range of conditions to be ↵lloyd2013-11-2911-315/+368
| | | | | | | | | | expressed (good status, cert revoked, some other error, etc). Add a certificate store backed by files (requiring boost filesystem). Change Certificate_Store interface somewhat to support retrieval without copying.
* Remove trailing null byte from X509_Time::to_stringlloyd2013-11-291-8/+16
| | | | Make invalid tag case report the value
* Add OCSP example. Fix minor compile issues.lloyd2013-11-285-4/+28
|
* Add OCSP::online_check which queries the certs responderlloyd2013-11-283-3/+42
|
* Fix URL parsinglloyd2013-11-281-7/+15
|
* Don't reject a signature using an untrusted hash if it is the selflloyd2013-11-281-1/+1
| | | | signature of a root cert
* Print OCSP and CRL locations in X509_Certificate::to_stringlloyd2013-11-281-0/+5
|
* Support HTTP POST (many OCSP responders don't like GET-based requests)lloyd2013-11-286-132/+243
|
* Test fixlloyd2013-11-281-4/+5
|
* Give everything setting a feature test macro in build.h a version codelloyd2013-11-28184-189/+195
| | | | | | so application code can check for the specific API it expects without having to keep track of what versions APIs x,y,z changed. Arbitrarily set all current API versions to 20131128.
* wget it ourselves, and include the hash of the file in the outputlloyd2013-11-282-24/+57
|
* Fix file rename in info.txt and add a check for this in configurelloyd2013-11-282-1/+5
|
* TLS in-memory session manager now requires a rng object as alloyd2013-11-284-16/+31
| | | | | constructor argument, previously it used the global rng which caused a serialization point across server threads.
* Add a simple HTTP 1.0 GET using asio (for CRLs and OCSP)lloyd2013-11-276-2/+139
|
* Include Perl's build flags. Bug 254lloyd2013-11-231-1/+1
|
* merge of '68c716734951de7d2d263d5ed5162e963d6c32be'lloyd2013-11-206-55/+19
|\ | | | | | | and '714a603d145c840eec1464ea31d0d07c2bf640fa'
| * merge of '022cd3c92c37dee696d0c3c0c197f8df8981ccbb'lloyd2013-11-201-0/+5
| |\ | | | | | | | | | and '83151ac7a83013a2874f78978df5c4739b879775'
| | * Direct people interested in TLS to 1.11lloyd2013-11-201-0/+5
| | |
| * | Compile fixes for Python wrapperlloyd2013-11-205-55/+14
| | |
* | | Only service small allocations out of the mlock poollloyd2013-11-202-2/+5
| | |
* | | Add a basic DTLS policylloyd2013-11-201-0/+13
| | |
* | | Fix old style cast warningslloyd2013-11-201-30/+30
|/ /
* | Generalize file reading test runner, use it for KDF and PBKDFlloyd2013-11-1810-726/+1196
| |
* | Generalize the HKDF file readinglloyd2013-11-171-12/+30
| |