wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7596 commits 20 branches 302 tags 153 MiB
Commit graph

781 commits

Author SHA1 Message Date
Dr. Stephen Henson
3c8f315021 Support ticket renewal in state machine (not used at present). 2008-04-29 16:41:53 +00:00
Dr. Stephen Henson
0f2e636602 Status strings for ticket states. 2008-04-29 16:38:26 +00:00
Dr. Stephen Henson
d3eef3e5af Fix from HEAD. 2008-04-25 16:27:25 +00:00
Dr. Stephen Henson
3edad44d6e Avoid "initializer not constant" errors when compiling in pedantic mode. 2008-04-02 11:15:05 +00:00
Ben Laurie
9c04747623 Make depend. 2007-11-15 13:32:53 +00:00
Dr. Stephen Henson
236860735e Allow new session ticket when resuming. 2007-11-03 13:07:39 +00:00
Dr. Stephen Henson
5f95651316 Ensure the ticket expected flag is reset when a stateless resumption is 
successful.
 2007-10-18 11:39:11 +00:00
Andy Polyakov
ccac657556 New unused field crippled ssl_ctx_st in 0.9.8"f". 2007-10-17 21:22:58 +00:00
Andy Polyakov
a9c23ea079 Don't let DTLS ChangeCipherSpec increment handshake sequence number. From 
HEAD with a twist: server interoperates with non-compliant client.
PR: 1587
 2007-10-17 21:17:49 +00:00
Dr. Stephen Henson
33ffe2a7f7 Don't try to lookup zero length session. 2007-10-17 17:30:15 +00:00
Dr. Stephen Henson
7c717aafc6 Allow TLS tickets and session ID to both be present if lifetime hint is -1. 
This never happens in normal SSL sessions but can be useful if the session
is being used as a "blob" to contain other data.
 2007-10-17 11:27:25 +00:00
Andy Polyakov
ffe181c366 Make ssl compile. 2007-10-14 14:07:46 +00:00
Dr. Stephen Henson
43490dfb89 Avoid shadow and signed/unsigned warnings. 2007-10-12 00:29:06 +00:00
Dr. Stephen Henson
a523276786 Backport certificate status request TLS extension support to 0.9.8. 2007-10-12 00:00:36 +00:00
Ben Laurie
bb99ce5f80 make update, and more DTLS stuff. 2007-10-11 14:36:59 +00:00
Andy Polyakov
49f42ec0f6 Respect cookie length set by app_gen_cookie_cb [from HEAD]. 
Submitted by: Alex Lam
 2007-10-09 19:31:53 +00:00
Andy Polyakov
91d509f0d9 Make DTLS1 record layer MAC calculation RFC compliant. From HEAD with a 
twist: server interoperates with non-compliant pre-0.9.8f client.
 2007-10-09 19:22:01 +00:00
Andy Polyakov
d5e858c55f Prohibit RC4 in DTLS [from HEAD]. 2007-10-05 21:05:27 +00:00
Andy Polyakov
d4736ae701 Set client_version earlier in DTLS (this is 0.9.8 specific). 2007-10-03 10:18:06 +00:00
Andy Polyakov
3e1158522a Oops! This was erroneously left out commit #16633. 2007-10-01 06:28:48 +00:00
Andy Polyakov
57191f86d9 Explicit IV update [from HEAD]. 2007-09-30 22:03:07 +00:00
Andy Polyakov
0a89c575de Make ChangeCipherSpec compliant with DTLS RFC4347. From HEAD with a twist: 
server interoperates with non-compliant pre-0.9.8f.
 2007-09-30 21:20:59 +00:00
Andy Polyakov
4c860910df DTLS RFC4347 says HelloVerifyRequest resets Finished MAC. From HEAD with a 
twist: server allows for non-compliant Finished calculations in order to
enable interop with pre-0.9.8f.
 2007-09-30 19:36:32 +00:00
Andy Polyakov
0fc3d51b7d DTLS RFC4347 requires client to use rame random field in reply to 
HelloVerifyRequest [from HEAD].
 2007-09-30 19:15:46 +00:00
Andy Polyakov
c4b0d7879e Switch for RFC-compliant version encoding in DTLS. From HEAD with a twist: 
server accepts even non-compliant encoding in order to enable interop with
pre-0.9.8f clients.
 2007-09-30 18:55:59 +00:00
Dr. Stephen Henson
aab1ec3f36 Update from HEAD. 2007-09-28 16:29:24 +00:00
Dr. Stephen Henson
07d9808496 Fix from HEAD. 2007-09-23 15:55:54 +00:00
Bodo Möller
4ab0088bfe More changes from HEAD: 
- no need to disable SSL 2.0 for SSL_CTRL_SET_TLSEXT_HOSTNAME
  now that ssl23_client_hello takes care of that

- fix buffer overrun checks in ssl_add_serverhello_tlsext()
 2007-09-21 14:05:08 +00:00
Dr. Stephen Henson
3bd1690bfb Fixes from HEAD. 2007-09-21 13:40:51 +00:00
Ben Laurie
4f2b7d48b1 make depend 2007-09-19 12:17:11 +00:00
Ben Laurie
458c3900e1 Lingering "security" fix. 2007-09-19 12:16:21 +00:00
Dr. Stephen Henson
25b0e072dd PR: 1582 2007-09-17 17:30:01 +00:00
Dr. Stephen Henson
927a28ba3b gcc 4.2 fixes to avoid use or function pointer casts in OpenSSL. 
Fix various "computed value not used" warnings too.
 2007-09-06 12:43:54 +00:00
Dr. Stephen Henson
a938c4284e Update from HEAD. 2007-08-31 00:28:51 +00:00
Dr. Stephen Henson
c2079de880 Update from HEAD. 2007-08-28 01:12:44 +00:00
Dr. Stephen Henson
afdbadc704 Update from HEAD. 2007-08-20 12:44:22 +00:00
Dr. Stephen Henson
865a90eb4f Backport of TLS extension code to OpenSSL 0.9.8. 
Include server name and RFC4507bis support.

This is not compiled in by default and must be explicitly enabled with
the Configure option enable-tlsext
 2007-08-12 18:59:03 +00:00
Dr. Stephen Henson
761f3b403b Fix more unused value warnings. 2007-07-04 13:09:27 +00:00
Bodo Möller
2c12e7f6f5 Ensure that AES remains the preferred cipher at any given key length. 
(This does not really require a special case for Camellia.)
 2007-04-25 07:58:32 +00:00
Bodo Möller
c3cc4662af Add SEED encryption algorithm. 
PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller
 2007-04-23 23:50:26 +00:00
Bodo Möller
6fd3f3260d stricter session ID context matching 2007-03-21 14:33:01 +00:00
Bodo Möller
d9e262443c oops -- this should have been in 0.9.8e 2007-03-21 14:18:27 +00:00
Dr. Stephen Henson
295de18c8a Fix kerberos ciphersuite bugs introduced with PR:1336. 2007-03-09 14:06:34 +00:00
Ben Laurie
3370b694b9 Make local function static. 2007-03-08 15:52:04 +00:00
Bodo Möller
b2710ee19a remove inconsistency between builds with and without Camellia enabled 2007-02-19 17:55:07 +00:00
Bodo Möller
bbfcc4724d fix incorrect strength bit values for certain Kerberos ciphersuites 
Submitted by: Victor Duchovni
 2007-02-19 14:47:21 +00:00
Bodo Möller
5f4cc234fb Some fixes for ciphersuite string processing: 
- add a workaround provided by Victor Duchovni so that 128- and
  256-bit variants of otherwise identical ciphersuites are treated
  correctly;

- also, correctly skip invalid parts of ciphersuite description strings.

Submitted by: Victor Duchovni, Bodo Moeller
 2007-02-17 06:52:42 +00:00
Nils Larsch
d31a13953c ensure that the EVP_CIPHER_CTX object is initialized 
PR: 1490
 2007-02-16 20:40:07 +00:00
Nils Larsch
6555dfa486 use user-supplied malloc functions for persistent kssl objects 
PR: 1467
Submitted by: Andrei Pelinescu-Onciul <andrei@iptel.org>
 2007-02-10 10:40:24 +00:00
Nils Larsch
f418265865 ensure that a ec key is used 
PR: 1476
 2007-02-07 20:36:40 +00:00