Skip to content
Permalink
Branch: master
Commits on May 22, 2019
  1. Update s2n_connection_get_selected_cert docs for client

    raycoll committed May 21, 2019
  2. Add s2n_connection_get_selected_cert to public API

    raycoll committed May 17, 2019
    This function will allow the application to retrieve the certificate
    that was selected during the handshake. This function is needed for use
    cases where multiple certificates are configured in a single s2n_config
    object.
Commits on May 21, 2019
  1. Add more test cases for multiple certificates by name

    Sungwon Yang authored and raycoll committed May 21, 2019
    Add SANs with mixed case to validate the case insensitivity
    when searhing for the matching certificate
    
    The SANs in the certificate:
    Alligator.com
    BEAVER.com
    CATfish.com
    www.Dolphin.com
    WWW.elephant.com
    WWW.FALCON.com
    www.GORILLA.com
    WWW.HORSE.COM
    www.impala.COM
    wWw.JaCkAl.CoM
  2. Reformat macros

    fatrat1117 committed May 17, 2019
  3. Use multiple certs per s2n_config in s2n_self_talk_test.c

    raycoll committed May 20, 2019
    To get some basic coverage in unit tests for multicert. A majority of
    test coverage is in integration tests.
  4. Skip certificate lookup for single cert

    raycoll committed May 18, 2019
    Avoid spending extra computation matching a certificate with a domain
    name if there aren't multiple choices.
  5. Merge pull request #1067 from xonatius/asan

    alexw91 committed May 21, 2019
    Add AddressSanitizer to travis build
  6. Enable s2n_map to be mutable after s2n_map_complete

    Sungwon Yang authored and raycoll committed May 20, 2019
    Add a function to unlock s2n_map for the use case where lookup and add
    operations are repeated
Commits on May 20, 2019
  1. Merge pull request #1065 from raycoll/fix_multisan

    alexeblee committed May 20, 2019
    Fix Multiple SAN server cert integration test
  2. Add AddressSanitizer to travis build

    xonatius committed May 17, 2019
    AddressSanitizer helps detecting memory corruption, buffer overruns and use after free.
    
    Example of detected bugs: https://travis-ci.org/xonatius/s2n/jobs/533950514#L3880
    
    https://github.com/google/sanitizers/wiki/AddressSanitizer
  3. Use logical OR to set server_name_used

    raycoll committed May 20, 2019
  4. Send back the ServerName extension on cert match

    raycoll committed May 18, 2019
    When a matching certificate is found based on the ServerName extension,
    s2n server will send the extension back to the client. If the
    server_named_used field is already set by the application in the
    ClientHello callback, s2n will not unset it.
  5. Merge pull request #1064 from andrewhop/bike_fix

    andrewhop committed May 20, 2019
    Fix BIKE compressed_idx_dv_ar_cleanup to cleanup the correct memory l…
  6. Fix Multiple SAN server cert integration test

    raycoll committed May 20, 2019
    Previously, this test had the multiple SAN cert as the "default"
    certificate so some tests would have missed a regression in SAN matching
    since the multisan cert would be served on a mismatch.
  7. Fix BIKE compressed_idx_dv_ar_cleanup to cleanup the correct memory l…

    andrewhop committed May 20, 2019
    …ength
  8. Merge pull request #1062 from GaneshRapolu/patch-1

    alexw91 committed May 20, 2019
    Update map->immutable check to be consistent with the rest of the file.
Commits on May 19, 2019
Commits on May 18, 2019
  1. Add trailing newline to s2n_bike_test.c

    raycoll committed May 17, 2019
  2. Merge pull request #1044 from andrewhop/fuzz

    andrewhop committed May 18, 2019
    Add targeted fuzz test for hybrid ECDHE SIKE s2n_client_key_recv
Commits on May 17, 2019
  1. Merge pull request #1050 from andrewhop/master

    andrewhop committed May 17, 2019
    Update hybrid ecdhe sike known answer test to be more consistent
  2. Fix shadowed declaration warning

    xonatius authored and raycoll committed May 17, 2019
    Some compilers complain when argument of the function shadows the global
    declaration:
    
    decode.c:57: warning: declaration of 'split_e' shadows a global declaration
    decode.c:58: warning: shadowed declaration is here
  3. Make return handling of ASN1_STRING_to_UTF8 explicit

    raycoll committed May 16, 2019
    Make it clear that we need to take different action for less than,
    equal, and greater than zero.
  4. Add CN to fuzz test s2n_select_server_cert_test

    raycoll committed May 7, 2019
    and update corpus files
  5. Store certificate san_names in s2n_array

    raycoll committed May 3, 2019
    And avoid holding onto a GENERAL_NAMES and X509 object for the
    lifetime of the s2n_cert_chain_and_key.
  6. Support CN for server cert selection

    raycoll committed May 3, 2019
    After this change, s2n will use the CommonName entry from the Subject of
    to select from certificates added to s2n_config. Usage of CN has been
    deprecated since RFC2818 in favor of SAN. This change only uses the CN
    if no valid SANs are available in the cert.
    
    Specifics:
    - Multiple CommonNames are supported, though practically usage should be
      very rare. A CAB thread on dropping support for it:
      https://cabforum.org/pipermail/public/2016-April/007242.html .
  7. Allow s2n server to send server_name extension

    xonatius committed May 16, 2019
    RFC6066 Section 3 requires server to send an empty server_name extension
    when client server_name extension was used to make a decision on a
    certificate or other security options:
    
       A server that receives a client hello containing the "server_name"
       extension MAY use the information contained in the extension to guide
       its selection of an appropriate certificate to return to the client,
       and/or other aspects of security policy.  In this event, the server
       SHALL include an extension of type "server_name" in the (extended)
       server hello.  The "extension_data" field of this extension SHALL be
       empty.
    
    This change allows client hello callback to return 1 to indicate such
    usage.
    
    https://tools.ietf.org/html/rfc6066#section-3
Commits on May 16, 2019
  1. Update comments in s2n_hybrid_ecdhe_sike_fuzz_test

    andrewhop committed May 16, 2019
  2. Merge pull request #1055 from drucker-nir/bike2

    alexw91 committed May 16, 2019
    Adding BIKE to S2N pq-crypto
  3. 1) Extending the VERBOSE levels from 0:3 to 0:4 (set default 0). 2) A…

    Drucker
    Drucker committed May 16, 2019
    …dding some comments
Older
You can’t perform that action at this time.