- e95b0ca Set the minumum TLS version to (D)TLS 1.2 by default by David Benjamin · 10 months ago
- f374e1a Add some tests for SSL_CTX_set_keylog_callback by David Benjamin · 11 months ago
- a792f88 Fix a number of cases overwriting certificates, keys, etc. with SSL_CREDENTIAL by David Benjamin · 12 months ago
- 91a3f26 Add an SSL_CREDENTIAL API for ECDSA/RSA and delegated credentials by David Benjamin · 1 year, 1 month ago
- a6e2be4 Add tests for what happens when no certificate is configured by David Benjamin · 1 year ago
- ec2a08d Introduce a test helper for asserting on the error by David Benjamin · 1 year ago
- 5d88014 Deprecate and simplify SSL_CTX_check_private_key by David Benjamin · 1 year ago
- 0ff377a Add some utilities for testing temporary files by David Benjamin · 1 year, 1 month ago
- 4fe29eb Test an unusual split between context and connection configuration by David Benjamin · 1 year, 1 month ago
- fbb4133 Add SSL_get0_chain method by Gabriel Redner · 1 year, 1 month ago
- 58906ea Merge <openssl/x509v3.h> into <openssl/x509.h> by David Benjamin · 1 year, 3 months ago
- 3309ca6 Add ALPS codepoint supports for split handshake by Victor Tan · 1 year, 5 months ago
- dd68e4b Add OPENSSL_zalloc by David Benjamin · 1 year, 5 months ago
- 558960d Add support for the new ALPS codepoint by Victor Tan · 1 year, 8 months ago
- a36ac0a Use std::make_unique when possible by David Benjamin · 1 year, 8 months ago
- 556a973f Add SSL_CIPHER_get_handshake_digest by David Benjamin · 1 year, 9 months ago
- 6cf9820 Align NIDs vs group IDs in TLS group APIs by David Benjamin · 1 year, 9 months ago
- 335523a Align remaining TLS ECDH APIs on "group" terminology by David Benjamin · 1 year, 9 months ago
- 2da5ba9 Align on using the "group" over "curve" for ECDH in TLS by David Benjamin · 1 year, 9 months ago
- b0251b1 Disable TLS_RSA_WITH_3DES_EDE_CBC_SHA by default by David Benjamin · 1 year, 11 months ago
- 2eaf070 Add a thread test for ex_data by David Benjamin · 1 year, 10 months ago
- a972b78 Add APIs to query a list of possible strings for TLS features by David Benjamin · 1 year, 10 months ago
- b1c6f45 Add back support for TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 by Adam Langley · 1 year, 10 months ago
- 1b724a6 Align Kyber names with draft-tls-westerbaan-xyber768d00 by David Benjamin · 1 year, 10 months ago
- 4ae4fb7 Drop CECPQ2 support. by Adam Langley · 1 year, 11 months ago
- a438519 Fix miscellaneous size_t truncations by David Benjamin · 2 years ago
- bf1b792 Remove SSL_CIPHER_get_rfc_name by David Benjamin · 1 year, 11 months ago
- f7d37fb Fix various malloc failure paths. by David Benjamin · 2 years, 1 month ago
- c7b255e Add NO_CHECK_TIME to SSLTest.ECHBuiltinVerifier too by David Benjamin · 2 years, 3 months ago
- 28f96c2 Fix timebomb by disabling time check in this test by Bob Beck · 2 years, 3 months ago
- 3a1b730 Don't allow the caller to configure invalid signature algorithms. by David Benjamin · 2 years, 3 months ago
- 1045897 Allow using the TLS exporter in more cases. by Nick Harper · 2 years, 4 months ago
- 80eb814 Remove the experimental in-place record APIs. by David Benjamin · 2 years, 5 months ago
- 10fef97 Prefer established session properties mid renegotiation. by David Benjamin · 2 years, 6 months ago
- ebd8b89 Track SSL_ERROR_ZERO_RETURN explicitly. by David Benjamin · 2 years, 7 months ago
- 401137f Add a test for SSL_CTX_set_quiet_shutdown. by David Benjamin · 2 years, 7 months ago
- 4da5a94 Fix SSL_load_client_CA_file when given an empty file. by David Benjamin · 2 years, 7 months ago
- 5cb597e Test that close_notify state does not impair SSL_ERROR_SYSCALL. by David Benjamin · 2 years, 7 months ago
- b95c7e5 Fix up book-keeping between the write buffer and pending writes. by David Benjamin · 2 years, 8 months ago
- 64bf8c5 Fix an edge case in SSL_write's retry mechanism. by David Benjamin · 2 years, 8 months ago
- 5697a92 Add SSL_CTX_get_num_tickets. by David Benjamin · 2 years, 8 months ago
- dfddbc4 Align with OpenSSL on TLS 1.3 cipher suite constants. by David Benjamin · 2 years, 8 months ago
- 955ef79 Rewrite SSL_add_file_cert_subjects_to_stack by David Benjamin · 2 years, 9 months ago
- 3f180b8 Implement SSL_CTX_set_num_tickets. by David Benjamin · 2 years, 10 months ago
- 50e7ea5 LSC: Apply clang-tidy's modernize-use-bool-literals to boringssl by Anton Bikineev · 3 years, 1 month ago
- 4f1fae3 Fix the easy -Wformat-signedness errors. by David Benjamin · 3 years, 3 months ago
- c3c540b Remove non-standard X.509 DNS wildcard matching. by David Benjamin · 3 years, 3 months ago
- 7e7e6b6 Add |SSL_set1_host| and |SSL_set_hostflags|. by Adam Langley · 3 years, 3 months ago
- b3ed071 Add SSL_has_pending. by David Benjamin · 3 years, 4 months ago
- 7a4df8e Tidy up SSLTest.SetVersion. by David Benjamin · 3 years, 5 months ago
- 1a668b3 Switch to the new, simpler WHATWG URL formulation. by David Benjamin · 3 years, 6 months ago
- 18b6836 Update to draft-ietf-tls-esni-13. by David Benjamin · 3 years, 9 months ago
- ba423c9 Implement ClientHelloOuter handshakes. by David Benjamin · 3 years, 9 months ago
- a10017c Reduce bouncing on the cache lock in ssl_update_cache. by David Benjamin · 3 years, 9 months ago
- 9cbe737 Validate ECH public names. by David Benjamin · 3 years, 9 months ago
- 9734e44 More reliably report handshake errors through SSL_write. by David Benjamin · 3 years, 9 months ago
- e9c5d72 Add an option to permute ClientHello extension order. by David Benjamin · 3 years, 9 months ago
- 83a4993 Add most of an ECH client implementation. by David Benjamin · 3 years, 10 months ago
- 24545c5 Add a basic API to make ECHConfigs. by David Benjamin · 3 years, 9 months ago
- c890ae5 Make ECH server APIs take EVP_HPKE_KEY. by David Benjamin · 3 years, 9 months ago
- c3b373b Rename SSL_ECH_SERVER_CONFIG_LIST to SSL_ECH_KEYS. by David Benjamin · 3 years, 9 months ago
- 47cefed Don't copy client's session ID into server's session. by Adam Langley · 3 years, 9 months ago
- 1d58cd1 Shift the KEM dependency in HPKE up a step. by David Benjamin · 3 years, 10 months ago
- 9b2cdb7 Add SSL_can_release_private_key. by David Benjamin · 4 years ago
- f39c81d Introduce EVP_HPKE_{AEAD,KDF} types. by David Benjamin · 3 years, 10 months ago
- 9f70097 Remove HKDF-SHA384 and HKDF-SHA512 from HPKE. by David Benjamin · 3 years, 10 months ago
- 94a63a5 Implement ECH draft 10 and update HPKE to draft 08. by Steven Valdez · 3 years, 10 months ago
- 2f3958a Fix issuerUID and subjectUID parsing in the key usage checker. by David Benjamin · 3 years, 11 months ago
- 12a3e7e Check for invalid ALPN inputs in SSL_(CTX_)set_alpn_protos. by David Benjamin · 3 years, 11 months ago
- 00e434d Add ECH server (draft-ietf-tls-esni-09). by Daniel McArdle · 4 years ago
- c47bfce Define TLSEXT_TYPE_quic_transport_parameters to the old code point for now. by David Benjamin · 4 years, 1 month ago
- 3d8b8c3 Add support for the new QUIC TLS extension codepoint by David Schinazi · 4 years, 2 months ago
- ca058c0 Revert "Add support for the new QUIC TLS extension codepoint" by Adam Langley · 4 years, 3 months ago
- 7ba96a6 Add support for the new QUIC TLS extension codepoint by David Schinazi · 4 years, 3 months ago
- 51607f1 Implement draft-vvv-tls-alps-01. by Steven Valdez · 4 years, 7 months ago
- 3989c99 Fix crash when flushing an SSL BIO. by David Benjamin · 4 years, 5 months ago
- 5e08695 Fix handling of quic_early_data_context. by Nick Harper · 4 years, 5 months ago
- 74161f4 Enforce presence of ALPN when QUIC is in use. by Nick Harper · 4 years, 7 months ago
- 1b81947 Test resumability of same, different, and default ticket keys. by David Benjamin · 4 years, 9 months ago
- 53a17f5 Add a |SSL_process_tls13_new_session_ticket|. by Adam Langley · 4 years, 9 months ago
- 8519432 Modify how QUIC 0-RTT go/no-go decision is made. by Nick Harper · 4 years, 10 months ago
- 7c52299 Restrict when 0-RTT will be accepted in QUIC. by Nick Harper · 4 years, 10 months ago
- e32549e Disable TLS 1.3 compatibility mode for QUIC. by Nick Harper · 4 years, 10 months ago
- f9e0cda Add SSL_SESSION_copy_without_early_data. by David Benjamin · 5 years ago
- 72cff81 Require QUIC method with Transport Parameters and vice versa by Nick Harper · 5 years ago
- 6bfd25c Add is_quic bit to SSL_SESSION by Nick Harper · 5 years ago
- 964256d Add |SSL_CTX_get0_chain|. by Adam Langley · 5 years ago
- 5298ef9 Configure QUIC secrets inside set_{read,write}_state. by David Benjamin · 5 years ago
- 80ddfc7 Allow setting QUIC transport parameters after parsing the client's by Nick Harper · 5 years ago
- 1e85905 Revise QUIC encryption secret APIs. by David Benjamin · 5 years ago
- 2fb729d Don't infinite loop when QUIC tests fail. by David Benjamin · 5 years ago
- 472d91c Fix a couple of comment typos. by Adam Langley · 5 years ago
- f9cc26f Require handshake flights end at record boundaries. by David Benjamin · 5 years ago
- 4f3e821 ssl_test: test early data with split handshakes. by Matthew Braithwaite · 5 years ago
- 243b5cc Fix MSan error in SSLTest.Handoff test. by David Benjamin · 5 years ago
- 134fb89 SSLTest.Handoff: extend to include a session resumption. by Matthew Braithwaite · 5 years ago
- ee0716f Defer early keys to QUIC clients to after certificate reverification. by David Benjamin · 5 years ago
- fd32089 Defer releasing early secrets to QUIC servers. by David Benjamin · 5 years ago
- 58d56f4 Enable TLS 1.3 by default. by Matthew Braithwaite · 5 years ago
- ff746c1 Add GrowableArray<T> to ssl/internal.h. by Daniel McArdle · 5 years ago