1. c27fabf Fix typos caught by check-names.sh by Manuel Pégourié-Gonnard · 6 years ago
  2. 93c8262 Clarify conditions related to resumption in client by Manuel Pégourié-Gonnard · 6 years ago
  3. 754b9f3 Introduce getter function for renego_status by Manuel Pégourié-Gonnard · 6 years ago
  4. 3652e99 Add getter function for handshake->resume by Manuel Pégourié-Gonnard · 6 years ago
  5. 44b1076 Remove now-redundant code by Manuel Pégourié-Gonnard · 6 years ago
  6. 33cb3e1 Remove cache callbacks from config on client by Manuel Pégourié-Gonnard · 6 years ago
  7. 594a1bb Fix a few style issues by Manuel Pégourié-Gonnard · 6 years ago
  8. 320eb7a Expand documentation of new options a bit by Manuel Pégourié-Gonnard · 6 years ago
  9. 8a0944c Fix renaming oversight in documentation by Manuel Pégourié-Gonnard · 6 years ago
  10. e431563 Remove backticks in doxygen in config.h by Manuel Pégourié-Gonnard · 6 years ago
  11. f1c6ad4 Declare dependency on tickets for two ssl-opt.sh tests by Manuel Pégourié-Gonnard · 6 years ago
  12. 26ac9c4 Exclude new negative options from config.pl full by Manuel Pégourié-Gonnard · 6 years ago
  13. f130b10 Restore config.h defaults by Manuel Pégourié-Gonnard · 6 years ago
  14. 29f2dd0 Address review comments by Jarno Lamsa · 6 years ago
  15. dbf6073 Fix ssl_cli resumption guards by Jarno Lamsa · 6 years ago
  16. 4f74f6d Fix check-files, check-names and check-generated-features by Jarno Lamsa · 6 years ago
  17. 0905c3d Add test to all.sh by Jarno Lamsa · 6 years ago
  18. 18f0662 Add changelog entry by Jarno Lamsa · 6 years ago
  19. ac57e82 Doxygen for new config options by Jarno Lamsa · 6 years ago
  20. 5b52b27 Skip resumption tests if resumption not defined by Jarno Lamsa · 6 years ago
  21. 5165169 Fix test issues by Jarno Lamsa · 6 years ago
  22. 085e8a5 Enable new configs in baremetal config by Jarno Lamsa · 6 years ago
  23. 59bd12b Add new config MBEDTLS_SSL_SESSION_RESUMPTION by Jarno Lamsa · 6 years ago
  24. 590bf51 Enable MBEDTLS_SSL_SESSION_CACHE by default by Jarno Lamsa · 6 years ago
  25. 7be1406 Add config MBEDTLS_SSL_SESSION_CACHE by Jarno Lamsa · 6 years ago
  26. 4e24c44 Merge pull request #592 from ARMmbed/static_config_extended_ms by Manuel Pégourié-Gonnard · 6 years ago
  27. af5ab91 Detect mismatching compile-time and cmd line config in ssl-opt.sh by Hanno Becker · 6 years ago
  28. aa9fc6d Update query_config.c by Hanno Becker · 6 years ago
  29. ab1ce76 Mention possibility of hardcoding SSL config in ssl.h by Hanno Becker · 6 years ago
  30. f765ce6 Remove ExtendedMS configuration API if hardcoded at compile-time by Hanno Becker · 6 years ago
  31. 57e72c7 Move getter functions for SSL configuration to ssl_internal.h by Hanno Becker · 6 years ago
  32. 4c4a2e1 Don't break func'def after linkage type, fixing check-names.sh by Hanno Becker · 6 years ago
  33. 1ab322b Remove extended_ms field from HS param if ExtendedMS enforced by Hanno Becker · 6 years ago
  34. a49ec56 Introduce getter function for `extended_ms` field in HS struct by Hanno Becker · 6 years ago
  35. 3010d55 Introduce helper macro indicating if use of ExtendedMS is enforced by Hanno Becker · 6 years ago
  36. 03b64fa Rearrange ExtendedMasterSecret parsing logic by Hanno Becker · 6 years ago
  37. aabbb58 Exemplify harcoding SSL config at compile-time in example of ExtMS by Hanno Becker · 6 years ago
  38. 393338c Merge pull request #586 from ARMmbed/remove_peer_crt_after_handshake_no_digest-baremetal by Manuel Pégourié-Gonnard · 6 years ago
  39. 79cf74a Merge pull request #583 from ARMmbed/remove_peer_crt_after_handshake-baremetal by Manuel Pégourié-Gonnard · 6 years ago
  40. 8dcd80e Merge pull request #578 from ARMmbed/x509_parse_bf-baremetal by Manuel Pégourié-Gonnard · 6 years ago
  41. cc3b7cc Merge pull request #579 from Patater/bm-dont-use-non-existent-encrypt-then-mac by Manuel Pégourié-Gonnard · 6 years ago
  42. e256f7c Add test for !KEEP_PEER_CERTIFICATE + !RENEGOTIAITON to all.sh by Hanno Becker · 6 years ago
  43. 5882dd0 Remove CRT digest from SSL session if !RENEGO + !KEEP_PEER_CERT by Hanno Becker · 6 years ago
  44. 0528f82 Clarify documentation of serialized session format by Hanno Becker · 6 years ago
  45. d972f00 Use consistent error messages in check_config.h by Hanno Becker · 6 years ago
  46. 17daaa5 Move return statement in ssl_srv_check_client_no_crt_notification by Hanno Becker · 6 years ago
  47. 2326d20 Validate consistency of certificate hash type and length in session by Hanno Becker · 6 years ago
  48. fd5dc8a Fix unused variable warning in ssl_parse_certificate_coordinate() by Hanno Becker · 6 years ago
  49. 488c8de Add missing compile time guard in ssl_client2 by Hanno Becker · 6 years ago
  50. b6f7241 Update programs/ssl/query_config.c by Hanno Becker · 6 years ago
  51. b7fab76 ssl_client2: Reset peer CRT info string on reconnect by Hanno Becker · 6 years ago
  52. c39e23e Add further debug statements on assertion failures by Hanno Becker · 6 years ago
  53. 42de8f8 Fix typo in documentation of ssl_parse_certificate_chain() by Hanno Becker · 6 years ago
  54. e9839c0 Add debug output in case of assertion failure by Hanno Becker · 6 years ago
  55. 2984bd2 Add config sanity check for !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE by Hanno Becker · 6 years ago
  56. f9ca30d ssl_client2: Zeroize peer CRT info buffer when reconnecting by Hanno Becker · 6 years ago
  57. 890d7ee Reintroduce numerous ssl-opt.sh tests if !MBEDTLS_SSL_KEEP_PEER_CERT by Hanno Becker · 6 years ago
  58. 975c463 ssl_client2: Extract peer CRT info from verification callback by Hanno Becker · 6 years ago
  59. 24bc570 Improve documentation of mbedtls_ssl_get_peer_cert() by Hanno Becker · 6 years ago
  60. 3ed6457 Improve documentation of MBEDTLS_SSL_KEEP_PEER_CERTIFICATE by Hanno Becker · 6 years ago
  61. dd68931 Fix indentation of Doxygen comment in ssl_internal.h by Hanno Becker · 6 years ago
  62. 9d64b78 Set peer CRT length only after successful allocation by Hanno Becker · 6 years ago
  63. 257ef65 Remove question in comment about verify flags on cli vs. server by Hanno Becker · 6 years ago
  64. e669770 Remove misleading and redundant guard around restartable ECC field by Hanno Becker · 6 years ago
  65. 92820a1 Add test for !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE to all.sh by Hanno Becker · 6 years ago
  66. 34106f6 Free peer CRT chain immediately after verifying it by Hanno Becker · 6 years ago
  67. 0cc7af5 Parse peer's CRT chain in-place from the input buffer by Hanno Becker · 6 years ago
  68. 6c83db7 Free peer's public key as soon as it's no longer needed by Hanno Becker · 6 years ago
  69. 1757247 Correct compile-time guards for ssl_clear_peer_cert() by Hanno Becker · 6 years ago
  70. 597ffe4 Adapt ChangeLog by Hanno Becker · 6 years ago
  71. bfab9df Guard mbedtls_ssl_get_peer_cert() by new compile-time option by Hanno Becker · 6 years ago
  72. 8b6d2cd Add dependency to ssl-opt.sh tests which need peer CRT debug info by Hanno Becker · 6 years ago
  73. 81d11aa Adapt mbedtls_ssl_parse_certificate() to removal of peer_cert field by Hanno Becker · 6 years ago
  74. 5062897 Adapt ssl_clear_peer_cert() to removal of `peer_cert` field by Hanno Becker · 6 years ago
  75. d5258fa Adapt mbedtls_ssl_session_copy() to removal of `peer_cert` field by Hanno Becker · 6 years ago
  76. cd90126 Adapt client auth detection in ssl_parse_certificate_verify() by Hanno Becker · 6 years ago
  77. b265f5f Use mbedtls_ssl_get_peer_cert() to query peer cert in cert_app by Hanno Becker · 6 years ago
  78. 0833c10 Adapt server-side signature verification to use raw public key by Hanno Becker · 6 years ago
  79. 69fad13 Adapt client-side signature verification to use raw public key by Hanno Becker · 6 years ago
  80. 53b6b7e Adapt ssl_get_ecdh_params_from_cert() to use raw public key by Hanno Becker · 6 years ago
  81. 374800a Adapt ssl_write_encrypted_pms() to use raw public key by Hanno Becker · 6 years ago
  82. cf291d6 Make a copy of peer's raw public key after verifying its CRT chain by Hanno Becker · 6 years ago
  83. 3bf8cdf Add field for peer's raw public key to TLS handshake param structure by Hanno Becker · 6 years ago
  84. 32c530e Add raw public key buffer bounds to mbedtls_x509_crt struct by Hanno Becker · 6 years ago
  85. 2e6d347 Remove peer CRT from mbedtls_ssl_session if !KEEP_PEER_CERT by Hanno Becker · 6 years ago
  86. 4a2f8e5 Add peer CRT digest to session tickets by Hanno Becker · 6 years ago
  87. e4aeb76 Parse and verify peer CRT chain in local variable by Hanno Becker · 7 years ago
  88. df75938 Mitigate triple handshake attack by comparing digests only by Hanno Becker · 7 years ago
  89. 3008d28 Compute digest of peer's end-CRT in mbedtls_ssl_parse_certificate() by Hanno Becker · 7 years ago
  90. 9fb6e2e Extend mbedtls_ssl_session by buffer holding peer CRT digest by Hanno Becker · 7 years ago
  91. c88289a Update version_features.c by Hanno Becker · 6 years ago
  92. b90f655 Add configuration option to remove peer CRT after handshake by Hanno Becker · 7 years ago
  93. 869144b Improve documentation of mbedtls_ssl_get_peer_cert() by Hanno Becker · 7 years ago
  94. f02d550 Re-classify errors on missing peer CRT by Hanno Becker · 6 years ago
  95. a177b38 Simplify session cache implementation via mbedtls_ssl_session_copy() by Hanno Becker · 6 years ago
  96. 58fccf2 Give ssl_session_copy() external linkage by Hanno Becker · 6 years ago
  97. 35e4177 Allow passing any X.509 CRT chain to ssl_parse_certificate_chain() by Hanno Becker · 7 years ago
  98. 3cf5061 Introduce helper function for peer CRT chain verification by Hanno Becker · 7 years ago
  99. a7c1df6 Don't progress TLS state machine on peer CRT chain parsing error by Hanno Becker · 7 years ago
  100. ae39b9e Make use of macro and helper detecting whether CertRequest allowed by Hanno Becker · 6 years ago