[openssl/openssl] 3c95ef: RFC7250 (RPK) support

Todd Short noreply at github.com
Tue Mar 28 17:53:51 UTC 2023

  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: 3c95ef22df55cb2d9dc64ce1f3be6e5a8ee63206
  Author: Todd Short <tshort at akamai.com>
  Date:   2023-03-28 (Tue, 28 Mar 2023)

  Changed paths:
    M CHANGES.md
    M NEWS.md
    M apps/lib/s_cb.c
    M apps/s_client.c
    M apps/s_server.c
    M crypto/err/openssl.txt
    M crypto/x509/x509_txt.c
    M crypto/x509/x509_vfy.c
    M doc/build.info
    M doc/man1/openssl-s_client.pod.in
    M doc/man1/openssl-s_server.pod.in
    M doc/man3/SSL_CTX_dane_enable.pod
    A doc/man3/SSL_get0_peer_rpk.pod
    A doc/man3/SSL_set1_server_cert_type.pod
    M doc/man3/X509_STORE_CTX_get_error.pod
    M doc/man3/X509_STORE_CTX_new.pod
    M doc/man3/X509_verify.pod
    M doc/man3/X509_verify_cert.pod
    M doc/man3/d2i_SSL_SESSION.pod
    M include/crypto/x509.h
    M include/openssl/ssl.h.in
    M include/openssl/sslerr.h
    M include/openssl/tls1.h
    M include/openssl/x509_vfy.h.in
    M ssl/ssl_asn1.c
    M ssl/ssl_cert.c
    M ssl/ssl_err.c
    M ssl/ssl_lib.c
    M ssl/ssl_local.h
    M ssl/ssl_sess.c
    M ssl/statem/extensions.c
    M ssl/statem/extensions_clnt.c
    M ssl/statem/extensions_cust.c
    M ssl/statem/extensions_srvr.c
    M ssl/statem/statem_clnt.c
    M ssl/statem/statem_lib.c
    M ssl/statem/statem_local.h
    M ssl/statem/statem_srvr.c
    M ssl/t1_lib.c
    M ssl/t1_trce.c
    M test/build.info
    M test/ext_internal_test.c
    A test/recipes/70-test_certtypeext.t
    A test/recipes/90-test_rpk.t
    A test/rpktest.c
    M test/sslapitest.c
    M util/libcrypto.num
    M util/libssl.num
    M util/perl/TLSProxy/Message.pm

  Log Message:
  RFC7250 (RPK) support

Add support for the RFC7250 certificate-type extensions.
Alows the use of only private keys for connection (i.e. certs not needed).

Add APIs
Add unit tests
Add documentation
Add s_client/s_server support

Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18185)

More information about the openssl-commits mailing list