* set_hs:
Add tests for mbedtls_set_hs_ca_chain()
Add tests for mbedtls_ssl_set_hs_authmode()
Add support for SNI CA and authmode in ssl_server2
Add mbedtls_ssl_set_hs_authmode
While at it, fix the following:
- on server with RSA_PSK, we don't want to set flags (client auth happens via
the PSK, no cert is expected).
- use safer tests (eg == OPTIONAL vs != REQUIRED)
* snprintf:
Rationalize other snprintf() uses
Rationalize snprintf() usage in X.509 modules
Add tests for snprintf
Include fixed snprintf for Windows in platform.c
- Added in each tests program to be sure they are run (putting them in a test
suite/function specific to the platform layer would cause them to be skipped
when PLATFORM_C is not defined).
- Platforms have already moved from a standard to a broken snprintf in the
past [1], so make sure to catch that if it ever happens again.
[1]: http://sourceforge.net/p/mingw-w64/mailman/message/31241434/
openssl s_server up to 1.0.2.a included uses a 512-bit prime for DH by
default. Since we now require 1024 bit at least, make s_server use decent
params. (1.0.2b and up use acceptable params by default.)
Just applying rename.pl with this file:
mbedtls_cipher_get_key_size mbedtls_cipher_get_key_bitlen
mbedtls_pk_get_size mbedtls_pk_get_bitlen
MBEDTLS_BLOWFISH_MIN_KEY MBEDTLS_BLOWFISH_MIN_KEY_BITS
MBEDTLS_BLOWFISH_MAX_KEY MBEDTLS_BLOWFISH_MAX_KEY_BITS
* profiles:
Update Changelog for the profiles branch
Add SSL presets.
Implement sig_hashes
Create API for mbedtls_ssl_conf_sig_hashes().
Small internal changes in curve checking
Extra check in verify_with_profile()
Clarify a point in the documentation
Fix define for ssl_conf_curves()
Add mbedtls_ssl_conf_cert_profile()
Implement cert profile checking
Change data structure of profiles to bitfields
Add pre-defined profiles for cert verification
Create cert profile API (unimplemented yet)
Remove duplicated tests for x509_verify_info()
Add tests for dhm_min_bitlen
Add dhmlen option in ssl_client2.c
Add ssl_conf_dhm_min_bitlen()
- allows to express 'none' or 'all' more easily than lists
- more compact and easier to declare statically
- easier to check too
Only drawback: if we ever have more than 32 curves, we'll need an ABI change to
make that field a uint64_t.
