 David Woodhouse
|
c8dcf10cb9
openssl: Add SSL_OP_LEGACY_SERVER_CONNECT to allow-insecure-crypto
|
3 éve |
|
David Woodhouse
|
2bb5457f16
Factor out openconnect_install_ctx_verify() for OpenSSL
|
3 éve |
 Daniel Lenski
|
9070a12a67
Fix missing newlines in ssl_nonblock_{read,write}() error message
|
3 éve |
|
David Woodhouse
|
32dd02ea88
Add DTLS support to ssl_nonblock_read() / ssl_nonblock_write()
|
3 éve |
|
David Woodhouse
|
7f42c35e5c
Fix up string handling for ciphersuite_config
|
3 éve |
|
Daniel Lenski
|
4e07eecaf0
with --allow-insecure-crypto, additionally attempt to disable insecure systemwide minimum crypto settings
|
3 éve |
|
Daniel Lenski
|
3e237a7585
only set OpenSSL security level to 0 when --allow-insecure-crypto is specified
|
3 éve |
 Elias Norberg
|
4864ee1734
Always set security level to 0 for openssl versions >= 1.1.0
|
4 éve |
|
Daniel Lenski
|
ccf17dd065
clarify some error messages which apply equally to TLS and DTLS sockets
|
4 éve |
|
Daniel Lenski
|
685d880b27
add --allow-insecure-crypto, and corresponding API functions, to explicitly enable 3DES/RC4/SHA1
|
4 éve |
 Jordy Zomer
|
f07242df8a
Use OpenSSL X509_check_host() and X509_check_ip() correctly.
|
4 éve |
|
Daniel Lenski
|
03dad77837
use run-time version numbers (per dwmw)
|
4 éve |
|
Daniel Lenski
|
8aa72856ee
include negotiated [D]TLS version in ciphersuite string for OpenSSL (GnuTLS already does this)
|
4 éve |
|
Daniel Lenski
|
dd4693b605
log ciphersuite on every new HTTPS connection, not just AnyConnect protocol
|
4 éve |
|
Daniel Lenski
|
5b12bfc7b9
allow cipher list overrides with OpenSSL as well
|
4 éve |
|
Daniel Lenski
|
5eb2c0b2a1
show exact GnuTLS/OpenSSL version in --version/--help text
|
4 éve |
|
David Woodhouse
|
a9b366f306
Fix potential NULL dereference in openconnect_get_peer_cert_chain()
|
4 éve |
|
David Woodhouse
|
d727f7fe8c
openssl: Fix certificate load failure harder
|
5 éve |
|
David Woodhouse
|
b324d6630c
openssl: Check for SSL_CTX_use_PrivateKey() failure in PKCS#12
|
5 éve |
|
David Woodhouse
|
92ddc4ba95
openssl: Fix error path when loading certificate fails
|
5 éve |
|
David Woodhouse
|
50536a893a
Fix EAP-TTLS build for OpenSSL 1.0.2 and earlier
|
5 éve |
 Rosen Penev
|
460c060dda
Fix compilation without deprecated OpenSSL 1.1 APIs
|
5 éve |
|
David Woodhouse
|
b795ff3525
Add Pulse Connect Secure support
|
5 éve |
|
David Woodhouse
|
442f911c5f
More free_pass() for TPMv1 passwords
|
5 éve |
|
David Woodhouse
|
5f6e4282d6
Use free_pass() for freeing certificate passwords
|
5 éve |
|
David Woodhouse
|
3453c36ab9
Fall back to tpm2tss engine
|
6 éve |
|
David Woodhouse
|
9f93019d66
Remove legacy tpm2tss PEM support
|
6 éve |
|
David Woodhouse
|
810ea0034a
Remove static ui_vpninfo hack for ENGINE callbacks
|
6 éve |
|
David Woodhouse
|
79bb45470f
Switch to standard TSS2 PEM format
|
6 éve |
|
David Woodhouse
|
ce6158fc70
Add support for files from the *other* OpenSSL TPM2 engine. FFS.
|
6 éve |
