wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7642 commits 20 branches 302 tags 153 MiB
Commit graph

788 commits

Author SHA1 Message Date
Bodo Möller
cec9bce126 fix whitespace 2008-05-28 22:22:50 +00:00
Mark J. Cox
2c0fa03dc6 Fix flaw if 'Server Key exchange message' is omitted from a TLS 
handshake which could lead to a cilent crash as found using the
Codenomicon TLS test suite (CVE-2008-1672)

Reviewed by: openssl-security@openssl.org

Obtained from: mark@awe.com
 2008-05-28 07:29:27 +00:00
Mark J. Cox
d3b3a6d389 Fix double-free in TLS server name extensions which could lead to a remote 
crash found by Codenomicon TLS test suite (CVE-2008-0891)

Reviewed by: openssl-security@openssl.org

Obtained from: jorton@redhat.com
 2008-05-28 07:26:33 +00:00
Lutz Jänicke
b0118409a9 Reword comment to be much shorter to stop other people from complaining 
about "overcommenting"
 2008-05-26 06:21:10 +00:00
Lutz Jänicke
5f23288692 Clear error queue when starting SSL_CTX_use_certificate_chain_file 
PR: 1417, 1513
Submitted by: Erik de Castro Lopo <mle+openssl@mega-nerd.com>
 2008-05-23 10:37:22 +00:00
Dr. Stephen Henson
db533c96e3 TLS ticket key setting callback: this allows and application to set 
its own TLS ticket keys.
 2008-04-30 16:11:33 +00:00
Dr. Stephen Henson
8831eb7624 Do not permit stateless session resumption is session IDs mismatch. 2008-04-29 17:22:01 +00:00
Dr. Stephen Henson
3c8f315021 Support ticket renewal in state machine (not used at present). 2008-04-29 16:41:53 +00:00
Dr. Stephen Henson
0f2e636602 Status strings for ticket states. 2008-04-29 16:38:26 +00:00
Dr. Stephen Henson
d3eef3e5af Fix from HEAD. 2008-04-25 16:27:25 +00:00
Dr. Stephen Henson
3edad44d6e Avoid "initializer not constant" errors when compiling in pedantic mode. 2008-04-02 11:15:05 +00:00
Ben Laurie
9c04747623 Make depend. 2007-11-15 13:32:53 +00:00
Dr. Stephen Henson
236860735e Allow new session ticket when resuming. 2007-11-03 13:07:39 +00:00
Dr. Stephen Henson
5f95651316 Ensure the ticket expected flag is reset when a stateless resumption is 
successful.
 2007-10-18 11:39:11 +00:00
Andy Polyakov
ccac657556 New unused field crippled ssl_ctx_st in 0.9.8"f". 2007-10-17 21:22:58 +00:00
Andy Polyakov
a9c23ea079 Don't let DTLS ChangeCipherSpec increment handshake sequence number. From 
HEAD with a twist: server interoperates with non-compliant client.
PR: 1587
 2007-10-17 21:17:49 +00:00
Dr. Stephen Henson
33ffe2a7f7 Don't try to lookup zero length session. 2007-10-17 17:30:15 +00:00
Dr. Stephen Henson
7c717aafc6 Allow TLS tickets and session ID to both be present if lifetime hint is -1. 
This never happens in normal SSL sessions but can be useful if the session
is being used as a "blob" to contain other data.
 2007-10-17 11:27:25 +00:00
Andy Polyakov
ffe181c366 Make ssl compile. 2007-10-14 14:07:46 +00:00
Dr. Stephen Henson
43490dfb89 Avoid shadow and signed/unsigned warnings. 2007-10-12 00:29:06 +00:00
Dr. Stephen Henson
a523276786 Backport certificate status request TLS extension support to 0.9.8. 2007-10-12 00:00:36 +00:00
Ben Laurie
bb99ce5f80 make update, and more DTLS stuff. 2007-10-11 14:36:59 +00:00
Andy Polyakov
49f42ec0f6 Respect cookie length set by app_gen_cookie_cb [from HEAD]. 
Submitted by: Alex Lam
 2007-10-09 19:31:53 +00:00
Andy Polyakov
91d509f0d9 Make DTLS1 record layer MAC calculation RFC compliant. From HEAD with a 
twist: server interoperates with non-compliant pre-0.9.8f client.
 2007-10-09 19:22:01 +00:00
Andy Polyakov
d5e858c55f Prohibit RC4 in DTLS [from HEAD]. 2007-10-05 21:05:27 +00:00
Andy Polyakov
d4736ae701 Set client_version earlier in DTLS (this is 0.9.8 specific). 2007-10-03 10:18:06 +00:00
Andy Polyakov
3e1158522a Oops! This was erroneously left out commit #16633. 2007-10-01 06:28:48 +00:00
Andy Polyakov
57191f86d9 Explicit IV update [from HEAD]. 2007-09-30 22:03:07 +00:00
Andy Polyakov
0a89c575de Make ChangeCipherSpec compliant with DTLS RFC4347. From HEAD with a twist: 
server interoperates with non-compliant pre-0.9.8f.
 2007-09-30 21:20:59 +00:00
Andy Polyakov
4c860910df DTLS RFC4347 says HelloVerifyRequest resets Finished MAC. From HEAD with a 
twist: server allows for non-compliant Finished calculations in order to
enable interop with pre-0.9.8f.
 2007-09-30 19:36:32 +00:00
Andy Polyakov
0fc3d51b7d DTLS RFC4347 requires client to use rame random field in reply to 
HelloVerifyRequest [from HEAD].
 2007-09-30 19:15:46 +00:00
Andy Polyakov
c4b0d7879e Switch for RFC-compliant version encoding in DTLS. From HEAD with a twist: 
server accepts even non-compliant encoding in order to enable interop with
pre-0.9.8f clients.
 2007-09-30 18:55:59 +00:00
Dr. Stephen Henson
aab1ec3f36 Update from HEAD. 2007-09-28 16:29:24 +00:00
Dr. Stephen Henson
07d9808496 Fix from HEAD. 2007-09-23 15:55:54 +00:00
Bodo Möller
4ab0088bfe More changes from HEAD: 
- no need to disable SSL 2.0 for SSL_CTRL_SET_TLSEXT_HOSTNAME
  now that ssl23_client_hello takes care of that

- fix buffer overrun checks in ssl_add_serverhello_tlsext()
 2007-09-21 14:05:08 +00:00
Dr. Stephen Henson
3bd1690bfb Fixes from HEAD. 2007-09-21 13:40:51 +00:00
Ben Laurie
4f2b7d48b1 make depend 2007-09-19 12:17:11 +00:00
Ben Laurie
458c3900e1 Lingering "security" fix. 2007-09-19 12:16:21 +00:00
Dr. Stephen Henson
25b0e072dd PR: 1582 2007-09-17 17:30:01 +00:00
Dr. Stephen Henson
927a28ba3b gcc 4.2 fixes to avoid use or function pointer casts in OpenSSL. 
Fix various "computed value not used" warnings too.
 2007-09-06 12:43:54 +00:00
Dr. Stephen Henson
a938c4284e Update from HEAD. 2007-08-31 00:28:51 +00:00
Dr. Stephen Henson
c2079de880 Update from HEAD. 2007-08-28 01:12:44 +00:00
Dr. Stephen Henson
afdbadc704 Update from HEAD. 2007-08-20 12:44:22 +00:00
Dr. Stephen Henson
865a90eb4f Backport of TLS extension code to OpenSSL 0.9.8. 
Include server name and RFC4507bis support.

This is not compiled in by default and must be explicitly enabled with
the Configure option enable-tlsext
 2007-08-12 18:59:03 +00:00
Dr. Stephen Henson
761f3b403b Fix more unused value warnings. 2007-07-04 13:09:27 +00:00
Bodo Möller
2c12e7f6f5 Ensure that AES remains the preferred cipher at any given key length. 
(This does not really require a special case for Camellia.)
 2007-04-25 07:58:32 +00:00
Bodo Möller
c3cc4662af Add SEED encryption algorithm. 
PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller
 2007-04-23 23:50:26 +00:00
Bodo Möller
6fd3f3260d stricter session ID context matching 2007-03-21 14:33:01 +00:00
Bodo Möller
d9e262443c oops -- this should have been in 0.9.8e 2007-03-21 14:18:27 +00:00
Dr. Stephen Henson
295de18c8a Fix kerberos ciphersuite bugs introduced with PR:1336. 2007-03-09 14:06:34 +00:00