eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
mbedtls/include/mbedtls
History
Janos Follath 088ce43ffe Implement optional CA list suppression in Certificate Request 
According to RFC5246 the server can indicate the known Certificate
Authorities or can constrain the aurhorisation space by sending a
certificate list. This part of the message is optional and if omitted,
the client may send any certificate in the response.

The previous behaviour of mbed TLS was to always send the name of all the
CAs that are configured as root CAs. In certain cases this might cause
usability and privacy issues for example:
- If the list of the CA names is longer than the peers input buffer then
  the handshake will fail
- If the configured CAs belong to third parties, this message gives away
  information on the relations to these third parties

Therefore we introduce an option to suppress the CA list in the
Certificate Request message.

Providing this feature as a runtime option comes with a little cost in
code size and advantages in maintenance and flexibility.
2017-05-16 10:22:37 +01:00
..
aes.h Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
aesni.h Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
arc4.h Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
asn1.h Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
asn1write.h Add mbedtls_asn1_write_len() support for 3 and 4 byte lengths 2016-08-25 15:42:27 +01:00
base64.h Fix references to non-standard SIZE_T_MAX 2015-10-05 15:23:11 +01:00
bignum.h Fix for MPI divide on MSVC 2016-01-03 00:24:34 +00:00
blowfish.h Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
bn_mul.h Fix segfault on x32 by using better register constraints in bn_mul.h 2016-05-23 14:29:28 +01:00
camellia.h Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
ccm.h Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
certs.h Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
check_config.h Remove obsolote ECP abstraction macros 2017-05-11 22:42:14 +01:00
cipher.h Refactor and change CMAC interface 2016-10-13 13:51:11 +01:00
cipher_internal.h Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
cmac.h Clarify CMAC API 2016-12-14 15:27:22 +00:00
compat-1.3.h Remove obsolete macros from compat-1.3.h 2017-05-16 10:22:37 +01:00
config.h Apply review feedback on ECP interface 2017-05-11 22:42:14 +01:00
ctr_drbg.h Fix a fairly common typo in comments 2015-09-25 04:27:22 +02:00
debug.h Fix a typo that confuses check-names.sh 2016-03-18 16:47:10 +00:00
des.h Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
dhm.h Clarified function param in dhm.h 2016-05-25 00:59:37 +01:00
ecdh.h Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
ecdsa.h Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
ecjpake.h Fix check-doxy-blocks.pl errors (cmac.c ecjpake.h) 2017-05-12 00:18:04 +01:00
ecp.h Apply review feedback on ECP interface 2017-05-11 22:42:14 +01:00
ecp_internal.h Apply feedback to ECP internal interface documentation 2017-05-11 22:42:14 +01:00
entropy.h Documentation and entropy self test changes (#610) 2016-09-13 13:30:02 +01:00
entropy_poll.h Add config macro for min bytes hw entropy 2016-10-13 13:48:48 +01:00
error.h Remove CMAC as a separate and independent error group 2016-10-13 13:51:12 +01:00
gcm.h Fix documentation for mbedtls_gcm_finish() 2016-10-13 13:54:47 +01:00
havege.h Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
hmac_drbg.h Fix a fairly common typo in comments 2015-09-25 04:27:22 +02:00
md.h Clean up comment formatting in md.h 2016-10-13 13:51:12 +01:00
md2.h Various fixes to doxygen API generation 2016-01-03 16:14:14 +00:00
md4.h Various fixes to doxygen API generation 2016-01-03 16:14:14 +00:00
md5.h Various fixes to doxygen API generation 2016-01-03 16:14:14 +00:00
md_internal.h Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
memory_buffer_alloc.h Clarifies documentation on reported memory statistics 2016-05-23 14:29:29 +01:00
net.h Rename net.{c,h} to net_sockets.{c,h} 2016-10-13 13:48:48 +01:00
net_sockets.h Rename net.{c,h} to net_sockets.{c,h} 2016-10-13 13:48:48 +01:00
oid.h Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
padlock.h Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
pem.h Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
pk.h Fixes minor typos in comments in pk.h and ctr_drbg.c 2016-05-23 14:29:30 +01:00
pk_internal.h Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
pkcs5.h Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
pkcs11.h Fix macroization of inline in C++ 2015-10-05 11:41:36 +01:00
pkcs12.h Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
platform.h Puts platform time abstraction into its own header 2016-07-13 14:46:18 +01:00
platform_time.h Puts platform time abstraction into its own header 2016-07-13 14:46:18 +01:00
ripemd160.h Various fixes to doxygen API generation 2016-01-03 16:14:14 +00:00
rsa.h Clarify Comments and Fix Typos (#651) 2016-11-06 12:45:15 +00:00
sha1.h Various fixes to doxygen API generation 2016-01-03 16:14:14 +00:00
sha256.h Various fixes to doxygen API generation 2016-01-03 16:14:14 +00:00
sha512.h Various fixes to doxygen API generation 2016-01-03 16:14:14 +00:00
ssl.h Implement optional CA list suppression in Certificate Request 2017-05-16 10:22:37 +01:00
ssl_cache.h Abstracts away time()/stdlib.h into platform 2016-04-26 14:49:59 +01:00
ssl_ciphersuites.h Merge branch 'development' into misc 2015-10-27 16:57:34 +00:00
ssl_cookie.h Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
ssl_internal.h Merge fix for IE Certificate Compatibility 2016-10-13 17:21:01 +01:00
ssl_ticket.h Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
threading.h Apply review feedback on ECP interface 2017-05-11 22:42:14 +01:00
timing.h Fix a fairly common typo in comments 2015-09-25 04:27:22 +02:00
version.h Update library version number to 2.4.1 2016-12-13 16:00:52 +00:00
x509.h Clarify Comments and Fix Typos (#651) 2016-11-06 12:45:15 +00:00
x509_crl.h Reintroduce line deleted by accident 2016-01-04 12:40:15 +01:00
x509_crt.h Allow the entry_name size to be set in config.h 2016-09-16 11:42:35 +01:00
x509_csr.h Fix typo in docs for mbedtls_x509write_csr_der() 2016-10-13 13:53:56 +01:00
xtea.h Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00