Dr. Stephen Henson
2d3855fc6e
PR: 2127
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Check for lookup failures in EVP_PBE_CipherInit().
2009-12-17 15:28:45 +00:00
Dr. Stephen Henson
1cd47f5f6e
Ooops revert stuff which shouldn't have been part of previous commit.
2009-12-16 20:33:11 +00:00
Dr. Stephen Henson
675564835c
New option to enable/disable connection to unpatched servers
2009-12-16 20:28:30 +00:00
Dr. Stephen Henson
2456cd58c4
Allow initial connection (but no renegoriation) to servers which don't support
...
RI.
Reorganise RI checking code and handle some missing cases.
2009-12-14 13:55:39 +00:00
Ben Laurie
43a107026d
Missing error code.
2009-12-12 15:57:53 +00:00
Ben Laurie
ef0498a00b
Use gcc 4.4.
2009-12-12 15:57:19 +00:00
Dr. Stephen Henson
f1784f2fd2
Move SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION out of SSL_OP_ALL
2009-12-11 00:20:58 +00:00
Dr. Stephen Henson
730f5752ff
clarify docs
2009-12-09 18:17:09 +00:00
Dr. Stephen Henson
a88c73b43a
Document option clearning functions.
...
Initial secure renegotiation documentation.
2009-12-09 18:00:52 +00:00
Dr. Stephen Henson
a6d204e241
Add patch to crypto/evp which didn't apply from PR#2124
2009-12-09 15:02:14 +00:00
Dr. Stephen Henson
941baf6641
Revert lhash patch for PR#2124
2009-12-09 15:00:20 +00:00
Dr. Stephen Henson
b41a614686
Check s3 is not NULL
2009-12-09 14:53:51 +00:00
Dr. Stephen Henson
aac751832a
PR: 2124
...
Submitted by: Jan Pechanec <Jan.Pechanec@Sun.COM>
Check for memory allocation failures.
2009-12-09 13:38:20 +00:00
Dr. Stephen Henson
52a08e90d1
Add ctrls to clear options and mode.
...
Change RI ctrl so it doesn't clash.
2009-12-09 13:25:38 +00:00
Dr. Stephen Henson
6b5f0458fe
Send no_renegotiation alert as required by spec.
2009-12-08 19:06:09 +00:00
Dr. Stephen Henson
b52a2738d4
Add ctrl and macro so we can determine if peer support secure renegotiation.
2009-12-08 13:42:32 +00:00
Dr. Stephen Henson
10f99d7b77
Add support for magic cipher suite value (MCSV). Make secure renegotiation
...
work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.
NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.
Change mismatch alerts to handshake_failure as required by spec.
Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.
2009-12-08 13:15:12 +00:00
Dr. Stephen Henson
593222afe1
PR: 2121
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Add extension support to DTLS code mainly using existing implementation for
TLS.
2009-12-08 11:38:18 +00:00
Dr. Stephen Henson
7b1856e5a1
PR: 2111
...
Submitted by: Martin Olsson <molsson@opera.com>
Check for bn_wexpand errors in bn_mul.c
2009-12-02 15:28:05 +00:00
Dr. Stephen Henson
3d5d81bf39
Replace the broken SPKAC certification with the correct version.
2009-12-02 14:41:24 +00:00
Dr. Stephen Henson
50f06b46f4
Check it actually compiles this time ;-)
2009-12-02 14:25:55 +00:00
Dr. Stephen Henson
be6076c0ad
PR: 2120
...
Submitted by: steve@openssl.org
Initialize fields correctly if pem_str or info are NULL in EVP_PKEY_asn1_new().
2009-12-02 13:57:03 +00:00
Dr. Stephen Henson
6125e07d79
check DSA_sign() return value properly
2009-12-01 18:41:50 +00:00
Dr. Stephen Henson
d5b8c46499
PR: 2115
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
Add Renegotiation extension to DTLS, fix DTLS ClientHello processing bug.
2009-12-01 17:41:42 +00:00
Dr. Stephen Henson
7805e23588
PR: 1432
...
Submitted by: "Andrzej Chmielowiec" <achmielowiec@enigma.com.pl>, steve@openssl.org
Approved by: steve@openssl.org
Truncate hash if it is too large: as required by FIPS 186-3.
2009-12-01 17:32:33 +00:00
Dr. Stephen Henson
9117b9d17a
PR: 2118
...
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Approved by: steve@openssl.org
Check return value of ECDSA_sign() properly.
2009-11-30 13:53:42 +00:00
Dr. Stephen Henson
e274c8fb72
typo
2009-11-29 13:45:18 +00:00
Andy Polyakov
e8dbd66e2b
cms-test.pl: use EXE_EXT (from HEAD).
...
PR: 2107
2009-11-26 21:12:12 +00:00
Andy Polyakov
8b9b23603f
bss_dgram.c: re-fix BIO_CTRL_DGRAM_GET_PEER (from HEAD).
2009-11-26 20:56:05 +00:00
Bodo Möller
aefb9dc5e5
Make CHANGES in the OpenSSL_1_0_0-stable branch consistent with the
...
one in the OpenSSL_0_9_8-stable branch.
2009-11-26 18:37:11 +00:00
Andy Polyakov
a8c1b19a31
x86_64-xlate.pl: fix typo introduced in last commit.
...
PR: 2109
2009-11-23 19:51:24 +00:00
Andy Polyakov
29c8d2a54a
x86_64-xlate.pl: new gas requires sign extension.
...
x86masm.pl: fix linker warning.
PR: 2094,2095
2009-11-22 12:52:18 +00:00
Andy Polyakov
87827be0c2
VC-32.pl: bufferoverlowu.lib only when needed and remove duplicate code
...
(update from HEAD).
PR: 2086
2009-11-22 12:26:15 +00:00
Andy Polyakov
e4572e5210
bio_sock.c and bss_dgram.c: update from HEAD.
...
PR: 2069
2009-11-22 12:24:43 +00:00
Dr. Stephen Henson
3e8e12a6b6
Servers can't end up talking SSLv2 with legacy renegotiation disabled
2009-11-18 15:09:35 +00:00
Dr. Stephen Henson
5ddbb8f41a
Don't use SSLv2 compatible client hello if we don't tolerate legacy renegotiation
2009-11-18 14:45:32 +00:00
Dr. Stephen Henson
3c44e92bcb
Include a more meaningful error message when rejecting legacy renegotiation
2009-11-18 14:19:52 +00:00
Dr. Stephen Henson
5e8d95f590
PR: 2103
...
Submitted by: Rob Austein <sra@hactrn.net>
Approved by: steve@openssl.org
Initialise atm.flags to 0.
2009-11-17 13:25:35 +00:00
Dr. Stephen Henson
2156704924
PR: 2101 (additional)
...
Submitted by: Roumen Petrov <openssl@roumenpetrov.info>
Approved by: steve@openssl.org
Another mingw fix.
2009-11-15 19:06:21 +00:00
Dr. Stephen Henson
4e49aa0ca3
PR: 2095
...
Submitted by: Arkadiusz Miskiewicz <arekm@maven.pl>
Approved by: steve@openssl.org
Fix for out range of signed 32bit displacement error on newer binutils
in file sha1-x86_64.pl
2009-11-13 14:23:44 +00:00
Dr. Stephen Henson
d5d1c53735
PR: 2101
...
Submitted by: Doug Kaufman <dkaufman@rahul.net>
Approved by: steve@openssl.org
Fixes for tests in cms-test.pl
2009-11-13 13:44:14 +00:00
Richard Levitte
1aac5c0ee8
Add test_cms
2009-11-13 08:45:52 +00:00
Dr. Stephen Henson
4434328b0a
PR: 2088
...
Submitted by: Aleksey Samsonov <s4ms0n0v@gmail.com>
Approved by: steve@openssl.org
Fix memory leak in d2i_PublicKey().
2009-11-12 19:57:39 +00:00
Dr. Stephen Henson
9b2cfb890c
set engine to NULL after releasing it
2009-11-12 19:24:34 +00:00
Richard Levitte
b2f364ec62
Compiling vms.mar doesn't work on other than VAX.
2009-11-12 14:05:04 +00:00
Richard Levitte
b7aeb4c9b5
Another symbol longer than 31 characters.
2009-11-12 14:04:26 +00:00
Richard Levitte
370f48da2a
Typo
2009-11-12 14:03:57 +00:00
Richard Levitte
32def77ace
Everywhere was a little too much.
2009-11-12 14:03:35 +00:00
Dr. Stephen Henson
531c81ece8
PR: 2098
...
Submitted by: Corinna Vinschen <vinschen@redhat.com>
Approved by: steve@openssl.org
For Cygwin enable zlib and mdc2 by default.
2009-11-11 19:04:56 +00:00
Dr. Stephen Henson
73582b8117
add missing parts of reneg port, fix apps patch
2009-11-11 14:51:29 +00:00