botan.git - Unnamed repository; edit this file 'description' to name the repository.

	Commit message (Collapse)	Author	Age	Files	Lines
*	Give everything setting a feature test macro in build.h a version code	lloyd	2013-11-28	1	-1/+1
\| \| \| \| \| \|	so application code can check for the specific API it expects without having to keep track of what versions APIs x,y,z changed. Arbitrarily set all current API versions to 20131128.
*	Change Credentials_Manager::trusted_certificate_authorities to return	lloyd	2012-11-13	2	-11/+22
\| \| \| \| \| \| \| \| \|	a list of Certificate_Stores instead of a list of actual certs, allowing for instance the ability to reference a DB cert store without actually pulling all the certs into memory. Add Certificate_Store::all_subjects which returns the DNs of all contained certificates.
*	Move the hostname check last as it's the least 'important' error.	lloyd	2012-09-06	1	-3/+3
\| \| \| \|	Only check it if the cert is otherwise valid.
*	Doxygen warning fixes	lloyd	2012-07-09	1	-2/+32
\|
*	The messages for assertion checks were done both ways, both "assertion	lloyd	2012-07-09	1	-0/+2
\| \| \| \| \| \|	X is true" and "assertion X is false". Convert all of them to the form "assertion X is true" thus making it clear what it is that we are attempting to assert by testing the expression provided.
*	Reorder Credentials_Manager with cert stuff first, then SRP, then PSK	lloyd	2012-06-26	1	-66/+69
\|
*	Some post merge fixups.	lloyd	2012-05-25	2	-34/+9
\| \| \| \| \|	Fix some bugs that triggered if DEFAULT_BUFFERSIZE was either too small or an odd size.
*	Replace 0 and NULL pointer constants with nullptr. Also fix an old	lloyd	2012-05-18	1	-1/+1
\| \| \| \|	style cast in secmem.h
*	Fairly huge update that replaces the old secmem types with std::vector	lloyd	2012-05-18	2	-2/+2
\| \| \| \| \| \|	using a custom allocator. Currently our allocator just does new/delete with a memset before deletion, and the mmap and mlock allocators have been removed.
*	Huge pile of post merge fixups, mtn really fucked that merge	lloyd	2012-04-25	1	-1/+2
\|
*	Various dependency/amalgamation fixes	lloyd	2012-04-19	1	-0/+5
\|
*	Only do the hostname/DNS comparison if it is set. Otherwise, we have	lloyd	2012-04-17	1	-1/+1
\| \| \| \|	nothing meaningful to compare to.
*	Finish up server side SRP support, a little ugly but it works.	lloyd	2012-04-06	2	-19/+55
\| \| \| \| \| \|	Add SRP hooks in the examples Fix next protocol support in the tls_server example.
*	Revert the session_ticket callback in credentials manager. If a PSK	lloyd	2012-03-23	2	-17/+2
\| \| \| \| \| \| \| \| \| \| \|	manager is being used, it could be easily used for session tickets as well, and if it's not the generate-on-first-call technique is easy to write. Avoid offering the session ticket extension if we know we don't have a key. For one thing it will cause us to avoid using stateful sessions, but additionally OpenSSL 1.0.1 is very intolerant of empty NewSessionTicket messages so definitely worth avoiding when we can.
*	Add a special hook in credentials manager for the session ticket key,	lloyd	2012-03-23	2	-0/+16
\| \| \| \| \|	with a default implementation that creates a new random key on the first call.
*	Actually check CA signatures in Credentials_Manager. This area needs a	lloyd	2012-02-01	2	-15/+18
\| \| \| \|	lot more work before this can be deployed.
*	Split up the psk function as the server also wants to be able to look	lloyd	2012-01-27	2	-15/+27
\| \| \| \|	up a PSK from an identity.
*	Credentials hooks for PSK	lloyd	2012-01-27	2	-2/+27
\|
*	Deleting the return of private_key_for in the TLS server forces the	lloyd	2012-01-26	1	-0/+2
\| \| \| \| \| \| \| \| \| \| \| \| \|	credentials server to return a new copy each time which is slow and mostly pointless. Instead, specify that the key remains owned by the credentials manager. This is theoretically an issue if you have thousands of keys to manage; the credentials server doesn't actually know when they have gone out of scope until its destructor runs. So it could be forced to use a lot of memory in the meantime. I'm not sure that this is a case worth optimizing for, at least until someone comes along who actually has this as a problem.
*	We can now actually handle multiple certificate types in the server	lloyd	2012-01-24	2	-6/+37
\| \| \| \| \|	and will choose one depending on which ciphersuites the client offered.
*	The credentials manager interface seems a much better place for cert	lloyd	2012-01-23	2	-1/+56
\| \| \| \| \| \| \| \| \|	checking, allowed client auth CAs, etc than the policy class. With this change, most users won't ever need to modify the default policy which is likely a good thing. Remove copy and paste of the credentials manager implemenation in the examples.
*	Fix unused param warnings. Comments in header	lloyd	2012-01-03	2	-25/+32
\|
*	Add Credentials_Manager which is an interface to something that knows	lloyd	2012-01-03	3	-0/+130
	what certs, keys, etc are available to the app. Needs polishing but it seems like it should be sound.