wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
9229 commits 20 branches 302 tags 153 MiB
Commit graph

9229 commits

This branch
This branch
All branches
Author SHA1 Message Date
Dr. Stephen Henson
031c78901b make update 2010-01-15 15:24:19 +00:00
Dr. Stephen Henson
ce1ec9c35e PR: 2125 
Submitted by: "Alon Bar-Lev" <alon.barlev@gmail.com>

Fix gcc-aix compilation issue.
 2010-01-14 17:51:29 +00:00
Dr. Stephen Henson
bd5f21a4ae Fix version handling so it can cope with a major version >3. 
Although it will be many years before TLS v2.0 or later appears old versions
of servers have a habit of hanging around for a considerable time so best
if we handle this properly now.
 2010-01-13 19:08:02 +00:00
Dr. Stephen Henson
1b31b5ad56 Modify compression code so it avoids using ex_data free functions. This 
stops applications that call CRYPTO_free_all_ex_data() prematurely leaking
memory.
 2010-01-13 18:57:40 +00:00
Dr. Stephen Henson
97438f38df update and sync ordinals 2010-01-12 17:34:39 +00:00
Dr. Stephen Henson
0e0c6821fa PR: 2136 
Submitted by: Willy Weisz <weisz@vcpc.univie.ac.at>

Add options to output hash using older algorithm compatible with OpenSSL
versions before 1.0.0
 2010-01-12 17:29:34 +00:00
Dr. Stephen Henson
423c66f10e Simplify RI+SCSV logic: 
1. Send SCSV is not renegotiating, never empty RI.
2. Send RI if renegotiating.
 2010-01-07 19:04:52 +00:00
Andy Polyakov
74f2260694 ia64-mont.pl: addp4 is not needed when referring to stack (this is 32-bit 
HP-UX thing).
 2010-01-07 15:36:59 +00:00
Andy Polyakov
25d1d62275 http://cvs.openssl.org/chngview?cn=19053 made me wonder if bind() and 
connect() are as finicky as sendto() when it comes to socket address
length. As it turned out they are, therefore the fix. Note that you
can't reproduce the problem on Linux, it was failing on Solaris,
FreeBSD, most likely on more...
 2010-01-07 13:12:30 +00:00
Andy Polyakov
9b5ca55695 sendto is reportedly picky about destination socket address length. 
PR: 2114
Submitted by: Robin Seggelmann
 2010-01-07 10:42:39 +00:00
Andy Polyakov
cba9ffc32a Fix compilation on older Linux. Linux didn't always have sockaddr_storage, 
not to mention that first sockaddr_storage had __ss_family, not ss_family.
In other words it makes more sense to avoid sockaddr_storage...
 2010-01-06 21:22:56 +00:00
Dr. Stephen Henson
76998a71bc Updates to conform with draft-ietf-tls-renegotiation-03.txt: 
1. Add provisional SCSV value.
2. Don't send SCSV and RI at same time.
3. Fatal error is SCSV received when renegotiating.
 2010-01-06 17:37:09 +00:00
Dr. Stephen Henson
dd792d6222 Missing commit from change ofr compress_meth to unsigned 2010-01-06 17:35:27 +00:00
Dr. Stephen Henson
82a107eaa8 compress_meth should be unsigned 2010-01-06 14:01:45 +00:00
Dr. Stephen Henson
f8e1ab79f5 ENGINE_load_capi() now exists on all platforms (but no op on non-WIN32) 2010-01-06 13:21:08 +00:00
Andy Polyakov
1f23001d07 ppc64-mont.pl: commentary update. 2010-01-06 10:58:59 +00:00
Andy Polyakov
dacdcf3c15 Add Montgomery multiplication module for IA-64. 2010-01-06 10:57:55 +00:00
Dr. Stephen Henson
60c52245e1 PR: 2102 
Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com>

Remove duplicate definitions.
 2010-01-05 17:57:33 +00:00
Dr. Stephen Henson
2a30fec786 Typo 2010-01-05 17:49:49 +00:00
Dr. Stephen Henson
3ddf85033d PR: 2132 
Submitted by: steve

Fix bundled pod2man.pl to handle alternative comment formats.
 2010-01-05 17:32:54 +00:00
Dr. Stephen Henson
6084c797a8 Remove tabs on blank lines: they produce warnings in pod2man 2010-01-05 17:16:54 +00:00
Dr. Stephen Henson
2be3d6ebc8 Client side compression algorithm sanity checks: ensure old compression 
algorithm matches current and give error if compression is disabled and
server requests it (shouldn't happen unless server is broken).
 2010-01-01 14:39:37 +00:00
Dr. Stephen Henson
e6f418bcb7 Compression handling on session resume was badly broken: it always 
used compression algorithms in client hello (a legacy from when
the compression algorithm wasn't serialized with SSL_SESSION).
 2009-12-31 14:13:30 +00:00
Dr. Stephen Henson
5e63121758 Include CHANGES entry for external cache 2009-12-31 13:58:57 +00:00
Andy Polyakov
2f4c1dc86c b_sock.c: correct indirect calls on WinSock platforms. 
PR: 2130
Submitted by: Eugeny Gostyukhin
 2009-12-30 12:55:23 +00:00
Andy Polyakov
f87e307875 Adapt mingw config for newer mingw environment. Note modified conditional 
compilation in e_capi.c.
PR: 2113
 2009-12-30 11:46:54 +00:00
Andy Polyakov
70b76d392f ppccap.c: fix compiler warning and perform sanity check outside signal masking. 
ppc64-mont.pl: clarify comment and fix spelling.
 2009-12-29 11:18:16 +00:00
Andy Polyakov
6a9d28f9e4 Deploy multilib config-line parameter. It was added in February to allow 
for kind of installation suggested in ticket #2003 from August. What it
effectively does now, is arrange pre-configured default $libdir value.
Note that it also fixes ENGINESDIR, i.e. harmonizes it with install path.
 2009-12-29 10:33:37 +00:00
Andy Polyakov
3fc2efd241 PA-RISC assembler: missing symbol and typos. 2009-12-28 16:13:35 +00:00
Dr. Stephen Henson
76774c5ea1 return v1.1 methods for client/server 2009-12-28 00:31:16 +00:00
Dr. Stephen Henson
35b0ea4efe Add simple external session cache to s_server. This serialises sessions 
just like a "real" server making it easier to trace any problems.
 2009-12-27 23:24:45 +00:00
Dr. Stephen Henson
73527122c9 Typo 2009-12-27 23:02:50 +00:00
Dr. Stephen Henson
d68015764e Update RI to match latest spec. 
MCSV is now called SCSV.

Don't send SCSV if renegotiating.

Also note if RI is empty in debug messages.
 2009-12-27 22:58:55 +00:00
Andy Polyakov
b57599b70c Update sha512-parisc.pl and add make rules. 2009-12-27 21:05:19 +00:00
Andy Polyakov
cb3b9b1323 Throw in more PA-RISC assembler. 2009-12-27 20:49:40 +00:00
Andy Polyakov
beef714599 Switch to new uplink assembler. 2009-12-27 20:38:32 +00:00
Andy Polyakov
d741cf2267 ppccap.c: tidy up. 
ppc64-mont.pl: missing predicate in commentary.
 2009-12-27 11:25:24 +00:00
Andy Polyakov
b4b48a107c ppc64-mont.pl: adapt for 32-bit and engage for all builds. 2009-12-26 21:30:13 +00:00
Dr. Stephen Henson
7e765bf29a Traditional Yuletide commit ;-) 
Add Triple DES CFB1 and CFB8 to algorithm list and NID translation.
 2009-12-25 14:13:11 +00:00
Bodo Möller
8580f8015f Use properly local variables for thread-safety. 
Submitted by: Martin Rex
 2009-12-22 11:52:17 +00:00
Bodo Möller
f21516075f Constify crypto/cast. 2009-12-22 11:46:00 +00:00
Bodo Möller
7427379e9b Constify crypto/cast. 2009-12-22 10:58:33 +00:00
Dr. Stephen Henson
fbed9f8158 Alert to use is now defined in spec: update code 2009-12-17 15:42:52 +00:00
Dr. Stephen Henson
e50858c559 PR: 2127 
Submitted by: Tomas Mraz <tmraz@redhat.com>

Check for lookup failures in EVP_PBE_CipherInit().
 2009-12-17 15:27:57 +00:00
Dr. Stephen Henson
ef51b4b9b4 New option to enable/disable connection to unpatched servers 2009-12-16 20:25:59 +00:00
Dr. Stephen Henson
c27c9cb4f7 Allow initial connection (but no renegoriation) to servers which don't support 
RI.

Reorganise RI checking code and handle some missing cases.
 2009-12-14 13:56:04 +00:00
Dr. Stephen Henson
22c2155595 Move SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION out of SSL_OP_ALL and move SSL_OP_NO_TLSv1_1 2009-12-11 00:23:12 +00:00
Dr. Stephen Henson
b5c002d5a8 clarify docs 2009-12-09 18:16:50 +00:00
Dr. Stephen Henson
4db82571ba Document option clearning functions. 
Initial secure renegotiation documentation.
 2009-12-09 17:59:29 +00:00
Dr. Stephen Henson
89408580ed remove DEBUG_UNUSED from config for now 2009-12-09 15:56:24 +00:00