[openssl-dev] OpenSSL patches and enhancements from Akamai
Short, Todd
tshort at akamai.com
Fri Feb 13 15:05:53 UTC 2015
Hello openssl-dev:
We at Akamai have a number of enhancements and fixes for OpenSSL that we would like to contribute. Before I inundate rt at openssl.org<mailto:rt at openssl.org> and openssl-dev mailing lists, I am asking if there’s a desire to provide the changes as one large patch file, or as separate patch files. These have yet to be merged into the latest branch and still have to be formatted to the new coding standards, so they aren’t going to be posted immediately.
A brief description of some of the patches:
* More flexible configuration stanza handling
* Limit memory consumption of secure BNs
* Adding "struct iovec" variants to ssl IO (configurable, disabled by default)
* IPv6 support in s_client/s_server
* Increment ssl session miss counter properly
* Add convenience method to set preferred cipher list
* Add lookups of client sessions from a cache, if so configured
* Rebranding of SSL_ERROR_WANT_X509_LOOKUP as SSL_ERROR_WANT_EVENT, making event type to wait for visible in SSL->rwstate, letting TLS_SRP have its own event type instead of piggybacking on SSL_X509_LOOKUP.
* Add task for decryption of client key exchange response
* Add task for generating client certificate verify message
* Add task for signing of server key exchange message
* Async handling of tlsext servername callback
* Simplify (and improve) the X509 name parsing routine.
* Add short name "Email" to "emailAddress" object (crypto/object*)
* Check x509 store ref counter on free
* Add --preserve-dates option to x509 app
* Check that in matching issuer/subject certs, that a self-signed subject also has a self-signed issuer
Rich Salz (and other Akamai employees) had his hand in a number of these changes.
--
-Todd Short
// tshort at akamai.com<mailto:tshort at akamai.com>
// “One if by land, two if by sea, three if by the Internet."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150213/a9b7901f/attachment.html>
More information about the openssl-dev
mailing list