Commit graph

161 commits

Author SHA1 Message Date
Dr. Stephen Henson
7f9ef5621a Oops, add missing declaration. 2011-05-12 13:02:25 +00:00
Dr. Stephen Henson
39348038df make kerberos work with OPENSSL_NO_SSL_INTERN 2011-05-11 22:52:34 +00:00
Dr. Stephen Henson
9472baae0d Backport TLS v1.2 support from HEAD.
This includes TLS v1.2 server and client support but at present
client certificate support is not implemented.
2011-05-11 13:37:52 +00:00
Dr. Stephen Henson
ae17b9ecd5 Typo. 2011-05-11 13:22:54 +00:00
Dr. Stephen Henson
74096890ba Initial "opaque SSL" framework. If an application defines OPENSSL_NO_SSL_INTERN
all ssl related structures are opaque and internals cannot be directly
accessed. Many applications will need some modification to support this and
most likely some additional functions added to OpenSSL.

The advantage of this option is that any application supporting it will still
be binary compatible if SSL structures change.

(backport from HEAD).
2011-05-11 12:56:38 +00:00
Ben Laurie
a149b2466e Add SRP. 2011-03-16 11:26:40 +00:00
Dr. Stephen Henson
251431ff4f add TLS v1.1 options to s_server 2010-11-13 12:44:17 +00:00
Dr. Stephen Henson
1eb1cf452b Backport TLS v1.1 support from HEAD 2010-06-27 14:15:02 +00:00
Dr. Stephen Henson
e97359435e Fix warnings (From HEAD, original patch by Ben). 2010-06-15 17:25:15 +00:00
Dr. Stephen Henson
ffa304c838 oops, revert more test code arghh! 2010-01-28 17:52:18 +00:00
Dr. Stephen Henson
df21765a3e In engine_table_select() don't clear out entire error queue: just clear
out any we added using ERR_set_mark() and ERR_pop_to_mark() otherwise
errors from other sources (e.g. SSL library) can be wiped.
2010-01-28 17:50:23 +00:00
Dr. Stephen Henson
b52a2738d4 Add ctrl and macro so we can determine if peer support secure renegotiation. 2009-12-08 13:42:32 +00:00
Dr. Stephen Henson
5c33091cfa commit missing apps code for reneg fix 2009-11-11 14:10:09 +00:00
Dr. Stephen Henson
90528846e8 Add -no_cache option to s_server 2009-10-28 17:49:37 +00:00
Dr. Stephen Henson
0c690586e0 PR: 2064, 728
Submitted by: steve@openssl.org

Add support for custom headers in OCSP requests.
2009-09-30 21:41:53 +00:00
Dr. Stephen Henson
2e9802b7a7 PR: 2028
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix DTLS cookie management bugs.
2009-09-04 17:42:06 +00:00
Dr. Stephen Henson
209abea1db Stop unused variable warning on WIN32 et al. 2009-08-18 11:14:12 +00:00
Dr. Stephen Henson
a4bade7aac PR: 1997
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS timeout handling fix.
2009-08-12 13:21:26 +00:00
Dr. Stephen Henson
4386445c18 Change STRING to OPENSSL_STRING etc as common words such
as "STRING" cause conflicts with other headers/libraries.
2009-07-27 21:08:53 +00:00
Dr. Stephen Henson
e323afb0ce Update from HEAD. 2009-06-30 16:10:24 +00:00
Dr. Stephen Henson
67d8ab07e6 Stop warning if dtls disabled. 2009-06-05 14:56:48 +00:00
Dr. Stephen Henson
0454f2c490 PR: 1929
Submitted by: Michael Tuexen <tuexen@fh-muenster.de>
Approved by: steve@openssl.org

Updated DTLS MTU bug fix.
2009-05-17 16:04:21 +00:00
Dr. Stephen Henson
9990cb75c1 PR: 1894
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org

Fix various typos and stuff.
2009-04-16 17:22:51 +00:00
Dr. Stephen Henson
70531c147c Make no-engine work again. 2008-12-20 17:04:40 +00:00
Dr. Stephen Henson
2900fc8ae1 Don't stop -cipher from working. 2008-11-30 22:01:31 +00:00
Dr. Stephen Henson
79bd20fd17 Update from stable-branch. 2008-11-24 17:27:08 +00:00
Ben Laurie
f3b7bdadbc Integrate J-PAKE and TLS-PSK. Increase PSK buffer size. Fix memory leaks. 2008-11-16 12:47:12 +00:00
Dr. Stephen Henson
ed551cddf7 Update from stable branch. 2008-11-12 17:28:18 +00:00
Ben Laurie
6caa4edd3e Add JPAKE. 2008-10-26 18:40:52 +00:00
Ben Laurie
babb379849 Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
Ben Laurie
5ce278a77b More type-checking. 2008-06-04 11:01:43 +00:00
Lutz Jänicke
51e00db226 Document "openssl s_server" -crl_check* options
Submitted by: Daniel Black <daniel.subs@internode.on.net>
2008-05-19 07:52:15 +00:00
Lutz Jänicke
f49c687507 Typo. (From 0.9.8-stable/S. Henson)
PR: 1672
2008-05-19 06:21:05 +00:00
Dr. Stephen Henson
b7fcc08976 Typo. 2007-09-28 17:18:18 +00:00
Dr. Stephen Henson
67c8e7f414 Support for certificate status TLS extension. 2007-09-26 21:56:59 +00:00
Bodo Möller
86d4bc3aea fix length parameter in SSL_set_tlsext_opaque_prf_input() calls 2007-09-23 11:08:59 +00:00
Bodo Möller
761772d7e1 Implement the Opaque PRF Input TLS extension
(draft-rescorla-tls-opaque-prf-input-00.txt), and do some cleanups and
bugfixes on the way.  In particular, this fixes the buffer bounds
checks in ssl_add_clienthello_tlsext() and in ssl_add_serverhello_tlsext().

Note that the opaque PRF Input TLS extension is not compiled by default;
see CHANGES.
2007-09-21 06:54:24 +00:00
Dr. Stephen Henson
d82a612a90 Fix warning: print format option not compatible with size_t. 2007-09-07 13:34:46 +00:00
Dr. Stephen Henson
d24a9c8f5a Docs and usage messages for RFC4507bis support. 2007-08-23 11:34:48 +00:00
Dr. Stephen Henson
710069c19e Fix warnings. 2007-08-12 17:44:32 +00:00
Dr. Stephen Henson
6434abbfc6 RFC4507 (including RFC4507bis) TLS stateless session resumption support
for OpenSSL.
2007-08-11 23:18:29 +00:00
Dr. Stephen Henson
9c54e18bf0 Fixes for dgst tool. Initialize md_name, sig_name properly. Return error code
on failure. Keep output format consistent with previous versions.

Also flush stdout after printing ACCEPT in s_server.
2007-05-21 15:53:30 +00:00
Nils Larsch
7806f3dd4b replace macros with functions
Submitted by: Tracy Camp <tracyx.e.camp@intel.com>
2006-11-29 20:54:57 +00:00
Dr. Stephen Henson
5d20c4fb35 Overhaul of by_dir code to handle dynamic loading of CRLs. 2006-09-17 17:16:28 +00:00
Dr. Stephen Henson
7bf7333d68 If we include winsock2.h then FD_SET wants an unsigned type for an fd. 2006-04-17 12:22:13 +00:00
Ulf Möller
4700aea951 Add BeOS support.
PR: 1312
Submitted by: Oliver Tappe <zooey@hirschkaefer.de>
Reviewed by: Ulf Moeller
2006-04-11 21:34:21 +00:00
Bodo Möller
bcbe37b716 Change default curve (for compatibility with a
soon-to-be-widely-deployed implementation that doesn't support the
previous default)

Submitted by: Douglas Stebila
2006-03-30 02:41:30 +00:00
Nils Larsch
d916ba1ba1 check if con != NULL before using it 2006-03-18 14:24:02 +00:00
Nils Larsch
a0aa8b4b61 fix signed vs. unsigned warning 2006-03-11 12:18:11 +00:00
Nils Larsch
ddac197404 add initial support for RFC 4279 PSK SSL ciphersuites
PR: 1191
Submitted by: Mika Kousa and Pasi Eronen of Nokia Corporation
Reviewed by: Nils Larsch
2006-03-10 23:06:27 +00:00