From e29024608fca1b811aa72a7aafd930a42740b968 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 13 Aug 2016 11:13:49 -0400 Subject: Address some issues with PR 492 Adds copyright notices for Juraj Somorovsky and Christian Mainka of Hackmanit for the changes in 7c7fcecbe6a and 6d327f879c Add Policy::check_peer_key_acceptable which lets the app set an arbitrary callback for examining keys - both the end entity signature keys from certificates and the peer PFS public keys. Default impl checks that the algorithm size matches the min keylength. This centralizes this logic and lets the application do interesting things. Adds a policy for ECDSA group size checks. Increases default policy minimums to 2048 RSA and 256 ECC. (Maybe I'm an optimist after all.) --- doc/license.txt | 2 ++ doc/todo.rst | 1 + 2 files changed, 3 insertions(+) (limited to 'doc') diff --git a/doc/license.txt b/doc/license.txt index ef0b97ac1..f292a0d59 100644 --- a/doc/license.txt +++ b/doc/license.txt @@ -29,6 +29,8 @@ Copyright (C) 1999-2013,2014,2015,2016 Jack Lloyd 2015,2016 Daniel Neus 2015 Uri Blumenthal 2015,2016 Kai Michaelis + 2016 Juraj Somorovsky + 2016 Christian Mainka All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/doc/todo.rst b/doc/todo.rst index 930c23fbd..d57c319b7 100644 --- a/doc/todo.rst +++ b/doc/todo.rst @@ -25,6 +25,7 @@ TLS * Make DTLS support optional at build time * Make TLS v1.0 and v1.1 optional at build time +* Make finite field DH optional at build time * Curve25519 key exchange * TLS OCSP stapling (RFC 6066) * Encrypt-then-MAC extension (RFC 7366) -- cgit v1.2.3