Dr. Stephen Henson
f4e1169341
Modify client hello version when renegotiating to enhance interop with
...
some servers.
2012-02-09 15:42:10 +00:00
Dr. Stephen Henson
febec8ff23
typo
2012-02-02 19:18:24 +00:00
Andy Polyakov
0208ab2e3f
bn_nist.c: make new optimized code dependent on BN_LLONG.
2012-02-02 07:46:05 +00:00
Andy Polyakov
faed798c32
hpux-parisc2-*: engage assembler.
2012-02-02 07:41:29 +00:00
Dr. Stephen Henson
f71c6e52f7
Add support for distinct certificate chains per key type and per SSL
...
structure.
Before this the only way to add a custom chain was in the parent SSL_CTX
(which is shared by all key types and SSL structures) or rely on auto
chain building (which is performed on each handshake) from the trust store.
2012-01-31 14:00:10 +00:00
Dr. Stephen Henson
9ade64dedf
code tidy
2012-01-27 14:21:38 +00:00
Dr. Stephen Henson
c526ed410c
Revise ssl code to use a CERT_PKEY structure when outputting a
...
certificate chain instead of an X509 structure.
This makes it easier to enhance code in future and the chain
output functions have access to the CERT_PKEY structure being
used.
2012-01-26 16:00:34 +00:00
Dr. Stephen Henson
4379d0e457
Tidy/enhance certificate chain output code.
...
New function ssl_add_cert_chain which adds a certificate chain to
SSL internal BUF_MEM. Use this function in ssl3_output_cert_chain
and dtls1_output_cert_chain instead of partly duplicating code.
2012-01-26 15:47:32 +00:00
Dr. Stephen Henson
7568d15acd
allow key agreement for SSL/TLS certificates
2012-01-26 14:57:45 +00:00
Dr. Stephen Henson
08e4ea4884
initialise dh_clnt
2012-01-26 14:37:46 +00:00
Andy Polyakov
98909c1d5b
ghash-x86.pl: engage original MMX version in no-sse2 builds.
2012-01-25 17:56:08 +00:00
Dr. Stephen Henson
ccd395cbcc
add example for DH certificate generation
2012-01-25 16:33:39 +00:00
Dr. Stephen Henson
0d60939515
add support for use of fixed DH client certificates
2012-01-25 14:51:49 +00:00
Dr. Stephen Henson
2ff5ac55c5
oops revert debug change
2012-01-22 13:52:39 +00:00
Dr. Stephen Henson
1db5f356f5
return error if md is NULL
2012-01-22 13:12:14 +00:00
Andy Polyakov
e6903980af
x86_64-xlate.pl: proper solution for RT#2620.
2012-01-21 11:34:53 +00:00
Dr. Stephen Henson
855d29184e
Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
...
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
2012-01-18 18:15:27 +00:00
Dr. Stephen Henson
ac07bc8602
fix CHANGES entry
2012-01-17 14:20:32 +00:00
Dr. Stephen Henson
8e1dc4d7ca
Support for fixed DH ciphersuites.
...
The cipher definitions of these ciphersuites have been around since SSLeay
but were always disabled. Now OpenSSL supports DH certificates they can be
finally enabled.
Various additional changes were needed to make them work properly: many
unused fixed DH sections of code were untested.
2012-01-16 18:19:14 +00:00
Andy Polyakov
a985410d2d
cryptlib.c: sscanf warning.
2012-01-15 17:13:57 +00:00
Andy Polyakov
0ecedec82d
Fix OPNESSL vs. OPENSSL typos.
...
PR: 2613
Submitted by: Leena Heino
2012-01-15 13:39:10 +00:00
Dr. Stephen Henson
9bd20155ba
fix warning
2012-01-15 13:30:41 +00:00
Andy Polyakov
5d13669a2c
cryptlib.c: make even non-Windows builds "strtoull-agnostic".
2012-01-14 18:46:15 +00:00
Andy Polyakov
adb5a2694a
sha512-sparcv9.pl: work around V8+ warning.
2012-01-13 09:18:05 +00:00
Andy Polyakov
23b93b587b
aes-ppc.pl, sha512-ppc.pl: comply even with Embedded ABI specification
...
(most restrictive about r2 and r13 usage).
2012-01-13 09:16:52 +00:00
Andy Polyakov
a50bce82ec
Sanitize usage of <ctype.h> functions. It's important that characters
...
are passed zero-extended, not sign-extended.
PR: 2682
2012-01-12 16:21:35 +00:00
Andy Polyakov
713f49119f
ec_pmeth.c: fix typo in commentary.
...
PR: 2677
Submitted by: Annue Yousar
2012-01-12 13:22:51 +00:00
Andy Polyakov
677741f87a
doc/apps: formatting fixes.
...
PR: 2683
Submitted by: Annie Yousar
2012-01-11 21:58:19 +00:00
Andy Polyakov
5beb93e114
speed.c: typo in pkey_print_message.
...
PR: 2681
Submitted by: Annie Yousar
2012-01-11 21:48:31 +00:00
Andy Polyakov
62d7dd5ffd
ecdsa.pod: typo.
...
PR: 2678
Submitted by: Annie Yousar
2012-01-11 21:41:32 +00:00
Andy Polyakov
6e913f9901
asn1/t_x509.c: fix serial number print, harmonize with a_int.c.
...
PR: 2675
Submitted by: Annie Yousar
2012-01-11 21:12:22 +00:00
Andy Polyakov
e255024bf7
aes-sparcv9.pl: clean up regexp
...
PR: 2685
2012-01-11 15:30:53 +00:00
Dr. Stephen Henson
8fa397a6bc
fix warning (revert original patch)
2012-01-10 14:36:41 +00:00
Andy Polyakov
03cf7e784c
cmac.c: optimize make_kn and move zero_iv to const segment.
2012-01-06 13:19:16 +00:00
Andy Polyakov
ce0727f9bd
bn_nist.c: harmonize buf in BN_nist_mod_256 with other mod functions.
2012-01-06 13:17:47 +00:00
Bodo Möller
8e85545284
Update for 0.9.8s and 1.0.0f, and for 1.0.1 branch.
...
(While the 1.0.0f CHANGES entry on VOS PRNG seeding was missing
in HEAD, the actual code is here already.)
2012-01-05 13:48:55 +00:00
Bodo Möller
6620bf3444
Fix usage indentation
2012-01-05 13:16:30 +00:00
Bodo Möller
7bb1cc9505
Fix for builds without DTLS support.
...
Submitted by: Brian Carlstrom
2012-01-05 10:22:41 +00:00
Dr. Stephen Henson
59e68615ce
PR: 2671
...
Submitted by: steve
Update maximum message size for certifiate verify messages to support
4096 bit RSA keys again as TLS v1.2 messages is two bytes longer.
2012-01-05 00:28:43 +00:00
Dr. Stephen Henson
192540b522
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
...
Reviewed by: steve
Send fatal alert if heartbeat extension has an illegal value.
2012-01-05 00:23:17 +00:00
Dr. Stephen Henson
e2ca32fc2b
disable heartbeats if tlsext disabled
2012-01-05 00:07:46 +00:00
Dr. Stephen Henson
4d0bafb4ae
update CHANGES
2012-01-04 23:54:17 +00:00
Dr. Stephen Henson
e745572493
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de>
...
Reviewed by: steve
Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and
Kenny Paterson.
2012-01-04 23:52:26 +00:00
Dr. Stephen Henson
27dfffd5b7
Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576)
2012-01-04 23:16:15 +00:00
Dr. Stephen Henson
d0dc991c62
Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)
2012-01-04 23:15:51 +00:00
Dr. Stephen Henson
2ec0497f08
fix CHANGES
2012-01-04 23:10:44 +00:00
Dr. Stephen Henson
6bf896d9b1
Check GOST parameters are not NULL (CVE-2012-0027)
2012-01-04 23:03:40 +00:00
Dr. Stephen Henson
be71c37296
Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577)
2012-01-04 23:01:54 +00:00
Dr. Stephen Henson
0015572372
update FAQ
2012-01-04 20:05:58 +00:00
Dr. Stephen Henson
6074fb0979
fix warnings
2012-01-04 14:45:47 +00:00