Dr. Stephen Henson
f86d65110d
0.9.8 version of PR#1931 fix.
2009-05-18 16:22:43 +00:00
Dr. Stephen Henson
4730ea8a38
Fix from 1.0.0-stable branch.
2009-05-18 16:12:56 +00:00
Dr. Stephen Henson
b7d0d35a13
Modified PR#1929 update from 1.0.0-stable.
2009-05-17 16:42:14 +00:00
Dr. Stephen Henson
e12ceb2c92
Reverted fix to PR#1931.. breaks compilation in 0.9.8.
2009-05-17 16:28:13 +00:00
Dr. Stephen Henson
76428da729
Fix from 1.0.0-stable.
2009-05-16 16:23:35 +00:00
Dr. Stephen Henson
6bf4ca0840
Update from 1.0.0-stable.
2009-05-16 16:18:45 +00:00
Dr. Stephen Henson
efa59b8d59
Updates from 1.0.0-stable.
2009-05-16 15:51:59 +00:00
Richard Levitte
48f48d96ce
Functional VMS changes submitted by sms@antinode.info (Steven M. Schweda).
...
Thank you\!
(note: not tested for now, a few nightly builds should give indications though)
2009-05-15 16:37:29 +00:00
Dr. Stephen Henson
26b82246b1
Update from 1.0.0-stable.
2009-05-13 11:52:29 +00:00
Dr. Stephen Henson
5d577d7eb0
Update from 1.0.0-stable.
2009-04-28 22:02:16 +00:00
Dr. Stephen Henson
a224fe14e9
PR: 1751
...
Submitted by: David Woodhouse <dwmw2@infradead.org>
Approved by: steve@openssl.org
Compatibility patches for Cisco VPN client DTLS.
2009-04-19 18:08:12 +00:00
Dr. Stephen Henson
caeb429055
Update from 1.0.0-stable.
2009-04-16 16:43:18 +00:00
Dr. Stephen Henson
b00c36e366
PR: 1829
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
DTLS timer bug fix from 1.0.0-stable with fixes.
2009-04-14 15:20:48 +00:00
Dr. Stephen Henson
1f9a128519
PR: 1647
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
DTLS Renogotiation bug fix.
2009-04-14 14:28:33 +00:00
Dr. Stephen Henson
0d399f97dd
Submitted by: Darryl Miles <darryl-mailinglists@netbauds.net>
...
Approved by: steve@openssl.org
Handle non-blocking I/O properly in SSL_shutdown() call.
2009-04-07 16:28:30 +00:00
Dr. Stephen Henson
3fdc2c906d
PR: 1795
...
Submitted by: Peter Edwards <peter.edwards@vordel.com>
Approved by: steve@openssl.org
Avoid race condition by sorting cipher list straight away.
2009-04-07 12:10:12 +00:00
Dr. Stephen Henson
6252f3bc7c
PR: 1827
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
Fix application data in handshake bug.
2009-04-02 22:34:59 +00:00
Dr. Stephen Henson
4e319926d7
PR: 1828
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
Fix DTLS retransmission bug.
2009-04-02 22:32:16 +00:00
Dr. Stephen Henson
e4f456918f
PR: 1826
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
Client random bug fix.
2009-04-02 22:28:35 +00:00
Dr. Stephen Henson
c342341ea1
Ooops, revert patch... due to non-portable gettimeofday call.
2009-04-02 22:19:07 +00:00
Dr. Stephen Henson
9d396bee8e
PR: 1829
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
DTLS timer bug fix.
2009-04-02 22:16:02 +00:00
Dr. Stephen Henson
a9427c2536
PR: 1838
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
DTLS fragment bug.
2009-04-02 22:12:13 +00:00
Dr. Stephen Henson
1fde5b65c6
Fix from HEAD.
2009-03-12 17:31:18 +00:00
Ben Laurie
241d088156
Fix memory leak.
2009-02-23 16:02:47 +00:00
Dr. Stephen Henson
72f6453c48
PR: 1835
...
Submitted by: Damien Miller <djm@mindrot.org>
Approved by: steve@openssl.org
Fix various typos.
2009-02-14 21:50:14 +00:00
Dr. Stephen Henson
a00c3c4019
Properly check EVP_VerifyFinal() and similar return values
...
(CVE-2008-5077).
Submitted by: Ben Laurie, Bodo Moeller, Google Security Team
2009-01-07 10:48:23 +00:00
Lutz Jänicke
f4677b7960
Fix compilation with -no-comp by adding some more #ifndef OPENSSL_NO_COMP
...
Some #include statements were not properly protected. This will go unnoted
on most systems as openssl/comp.h tends to be installed as a system header
file by default but may become visible when cross compiling.
2009-01-05 14:43:07 +00:00
Dr. Stephen Henson
4b253d904d
Avoid signed/unsigned compare warnings.
2008-12-29 00:17:36 +00:00
Dr. Stephen Henson
2c17b493b1
Make -DKSSL_DEBUG work again.
2008-11-10 18:55:07 +00:00
Lutz Jänicke
4db3e88459
Firstly, the bitmap we use for replay protection was ending up with zero
...
length, so a _single_ pair of packets getting switched around would
cause one of them to be 'dropped'.
Secondly, it wasn't even _dropping_ the offending packets, in the
non-blocking case. It was just returning garbage instead.
PR: #1752
Submitted by: David Woodhouse <dwmw2@infradead.org>
2008-10-13 06:43:06 +00:00
Lutz Jänicke
ab073bad4f
When the underlying BIO_write() fails to send a datagram, we leave the
...
offending record queued as 'pending'. The DTLS code doesn't expect this,
and we end up hitting an OPENSSL_assert() in do_dtls1_write().
The simple fix is just _not_ to leave it queued. In DTLS, dropping
packets is perfectly acceptable -- and even preferable. If we wanted a
service with retries and guaranteed delivery, we'd be using TCP.
PR: #1703
Submitted by: David Woodhouse <dwmw2@infradead.org>
2008-10-10 10:41:32 +00:00
Bodo Möller
d875413a0b
Make sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't
...
enable disabled ciphersuites.
2008-09-22 21:22:51 +00:00
Dr. Stephen Henson
e852835da6
Make update: delete duplicate error code.
2008-09-17 17:11:09 +00:00
Dr. Stephen Henson
52702f6f92
Updates to build system from FIPS branch. Make fipscanisterbuild work and
...
build FIPS test programs.
2008-09-17 15:56:42 +00:00
Bodo Möller
446881468c
update comment
2008-09-14 19:50:53 +00:00
Bodo Möller
c198c26226
oops
2008-09-14 18:16:09 +00:00
Andy Polyakov
54d6ddba69
dtls1_write_bytes consumers expect amount of bytes written per call, not
...
overall [from HEAD].
PR: 1604
2008-09-14 17:57:03 +00:00
Dr. Stephen Henson
1af12ff1d1
Fix error code discrepancy.
...
Make update.
2008-09-14 16:43:37 +00:00
Bodo Möller
200d00c854
Fix SSL state transitions.
...
Submitted by: Nagendra Modadugu
2008-09-14 14:02:01 +00:00
Bodo Möller
36a4a67b2b
Some precautions to avoid potential security-relevant problems.
2008-09-14 13:42:40 +00:00
Andy Polyakov
3413424f01
DTLS didn't handle alerts correctly [from HEAD].
...
PR: 1632
2008-09-13 18:25:36 +00:00
Dr. Stephen Henson
8f59c61d1d
If tickets disabled behave as if no ticket received to support
...
stateful resume.
2008-09-03 22:13:04 +00:00
Bodo Möller
f9f6f0e9f0
sanity check
...
PR: 1679
2008-08-13 19:44:44 +00:00
Dr. Stephen Henson
14748adb09
Make ssl code consistent with FIPS branch. The new code has no effect
...
at present because it asserts either noop flags or is inside
OPENSSL_FIPS #ifdef's.
2008-06-16 16:56:43 +00:00
Dr. Stephen Henson
0278e15fa3
If auto load ENGINE lookup fails retry adding builtin ENGINEs.
2008-06-05 15:13:03 +00:00
Dr. Stephen Henson
56ef1cbc40
include engine.h if needed.
2008-06-05 11:23:35 +00:00
Dr. Stephen Henson
591371566e
Update from HEAD.
2008-06-04 22:39:29 +00:00
Dr. Stephen Henson
4aefb1dd98
Backport more ENGINE SSL client auth code to 0.9.8.
2008-06-04 18:35:27 +00:00
Dr. Stephen Henson
aa03989791
Backport ssl client auth ENGINE support to 0.9.8.
2008-06-04 18:01:40 +00:00
Bodo Möller
cec9bce126
fix whitespace
2008-05-28 22:22:50 +00:00