mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-01-28 00:32:20 +01:00
0abaa89787
- nginx: add necessary defines and function - Implement Certificate Authorities for TLS 1.3 - Implement secret logging for TLS 1.3. Can be used for example with: ./configure CPPFLAGS="-DWOLFSSL_SSLKEYLOGFILE -DSHOW_SECRETS -DHAVE_SECRET_CALLBACK -DWOLFSSL_SSLKEYLOGFILE_OUTPUT='\"/tmp/secrets\"'" - Implement session context checking for tickets - Check for authorized responder in OCSP basic response - Fix handling call to ocsp->statusCb - compat: Translate SOCKET_PEER_CLOSED_E to WOLFSSL_ERROR_SYSCALL - Fix wolfSSL_CTX_set_session_cache_mode - WOLFSSL_SESS_CACHE_OFF means nothing should be on - WOLFSSL_SESS_CACHE_NO_INTERNAL turns off only the internal cache - Respect ssl->options.internalCacheOff - Implement SSL_SESSION_set_time - wolfSSL_SSL_in_init: fix detection for TLS 1.3 - Fix handling call to ssl->alpnSelect - SendTls13NewSessionTicket: always generate new ID - When we send a new ticket for the same session (for example we resumed a connection and are sending a new ticket so that the client can resume in the future), we need to generate a new ID so that we don't overwrite the old session in the cache. Overwriting the session results in the `diff` calculation in `DoClientTicketCheck()` producing the wrong value and failing to resume. Add nginx github action test - Fix memory leaks - wolfSSL_OCSP_basic_verify: implement OCSP_TRUSTOTHER flag - AKID: implement matching on issuer name and serial number - ocsp: check for a chain match for OCSP responder - Split CreateTicket into CreateTicket and SetupTicket - SendCertificateStatus: free response.buffer - Use heap hint when allocating responseBuffer - Remove responseBuffer from internal API's that don't use it anywhere