[PATCH 3 of 3] SSL: added additional verify context check for OpenSSL

2025-03-08 Thread Maxim Dounin
# HG changeset patch # User Maxim Dounin # Date 1741457467 -10800 # Sat Mar 08 21:11:07 2025 +0300 # Node ID 094e0ea330f5416750aa663647f60462a0c4b0cf # Parent 4dc9fb4dd95248df980aefbf946b4f299dcae00f SSL: added additional verify context check for OpenSSL. When using TLSv1.3, OpenSSL 1.1.1e+

[PATCH] Tests: tests for SSL verification context checks

2025-03-08 Thread Maxim Dounin
# HG changeset patch # User Maxim Dounin # Date 1741458004 -10800 # Sat Mar 08 21:20:04 2025 +0300 # Node ID a23ab99972ae28e2bd2ce9badfaa2e52c6a03e24 # Parent 00307a7f3cadcc3a1eb4f9446e779e8a093657c4 Tests: tests for SSL verification context checks. diff --git a/ssl_verify_context.t b/ssl_v

[PATCH 2 of 3] SSL: reworked restriction on hosts other than negotiated

2025-03-08 Thread Maxim Dounin
# HG changeset patch # User Maxim Dounin # Date 1741455881 -10800 # Sat Mar 08 20:44:41 2025 +0300 # Node ID 4dc9fb4dd95248df980aefbf946b4f299dcae00f # Parent 48cff1a93a0e8ed50699e9201a805d5e14aab84d SSL: reworked restriction on hosts other than negotiated. Following 5095:4fbef397c753, atte

[PATCH 1 of 3] SSL: added trusted certificates into session id context

2025-03-08 Thread Maxim Dounin
# HG changeset patch # User Maxim Dounin # Date 1741442050 -10800 # Sat Mar 08 16:54:10 2025 +0300 # Node ID 48cff1a93a0e8ed50699e9201a805d5e14aab84d # Parent 1996ea0bc55d2bc950297f9d7990a5b07948f5e2 SSL: added trusted certificates into session id context. This ensures that sessions cannot

[PATCH 0 of 3] SSL certificate verification context checks

2025-03-08 Thread Maxim Dounin
Hello! The following patch series somewhat improves checking of the SSL context where the client certificate was verified. Notably: - Session ID context now includes trusted certificates list, so a session cannot be restored in a server block with different trusted certificates list (even if