wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7659 commits 20 branches 302 tags 153 MiB
Commit graph

176 commits

Author SHA1 Message Date
Dr. Stephen Henson
0633bca11c Updates from 0.9.8-stable 2007-12-14 01:16:16 +00:00
Dr. Stephen Henson
a416ca47ac Merge from 0.9.8-stable. 2007-04-25 13:15:51 +00:00
Dr. Stephen Henson
1139eeecbc Merge from 0.9.8 stable branch. 2007-04-24 11:30:51 +00:00
Dr. Stephen Henson
aeb9ccfaad And so it begins... 2007-03-22 00:39:24 +00:00
Bodo Möller
d9e262443c oops -- this should have been in 0.9.8e 2007-03-21 14:18:27 +00:00
Bodo Möller
b2710ee19a remove inconsistency between builds with and without Camellia enabled 2007-02-19 17:55:07 +00:00
Nils Larsch
d4a6240005 replace macros with functions 
Submitted by: Tracy Camp <tracyx.e.camp@intel.com>
 2006-11-29 20:47:15 +00:00
Bodo Möller
b610f46bae Make sure that AES ciphersuites get priority over Camellia ciphersuites 
in the default cipher string.
 2006-06-14 13:52:49 +00:00
Bodo Möller
e18eef3d7a Camellia cipher, contributed by NTT 
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
 2006-06-09 15:42:21 +00:00
Bodo Möller
c55d882fab Avoid contradictive error code assignments. 
"make error".
 2006-01-08 21:52:46 +00:00
Bodo Möller
2e885232c2 Some error code cleanups (SSL lib. used SSL_R_... codes reserved for alerts) 2006-01-08 19:41:25 +00:00
Mark J. Cox
64932f9e4a Add fixes for CAN-2005-2969 
Bump release ready for OpenSSL_0_9_8a tag
 2005-10-11 10:16:21 +00:00
Nils Larsch
cac0d4ee6f - let SSL_CTX_set_cipher_list and SSL_set_cipher_list return an 
error if the cipher list is empty
- fix last commit in ssl_create_cipher_list
- clean up ssl_create_cipher_list
 2005-06-10 19:51:16 +00:00
Bodo Möller
aa4ce7315f Fix various incorrect error function codes. 
("perl util/ck_errf.pl */*.c */*/*.c" still reports many more.)
 2005-04-26 18:53:22 +00:00
Bodo Möller
beb056b303 fix SSLerr stuff for DTLS1 code; 
move some functions from exported header <openssl/dtl1.h> into "ssl_locl.h";
fix silly indentation (a TAB is *not* always 4 spaces)
 2005-04-26 18:08:00 +00:00
Ben Laurie
36d16f8ee0 Add DTLS support. 2005-04-26 16:02:40 +00:00
Ben Laurie
41a15c4f0f Give everything prototypes (well, everything that's actually used). 2005-03-31 09:26:39 +00:00
Ben Laurie
0821bcd4de Constification. 2005-03-30 10:26:02 +00:00
Dr. Stephen Henson
5d7c222db8 New X509_VERIFY_PARAM structure and associated functionality. 
This tidies up verify parameters and adds support for integrated policy
checking.

Add support for policy related command line options. Currently only in smime
application.

WARNING: experimental code subject to change.
 2004-09-06 18:43:01 +00:00
Richard Levitte
6713a4835f Move some COMP functions to be inside the #ifndef OPENSSL_NO_COMP 
wrapping preprocessor directive.  This also removes a duplicate
declaration.
 2004-05-20 23:47:57 +00:00
Geoff Thorpe
d095b68d63 Deprecate quite a few recursive includes from the ssl.h API header and 
remove some unnecessary includes from the internal header ssl_locl.h. This
then requires adding includes for bn.h in four C files.
 2004-05-17 18:53:47 +00:00
Richard Levitte
0020502a07 SSL_COMP_get_compression_method is a typo (a missing 's' at the end of 
the symbol name).
 2004-03-25 21:32:30 +00:00
Richard Levitte
875a644a90 Constify d2i, s2i, c2i and r2i functions and other associated 
functions and macros.

This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const.  Those will be removed when this change has been
properly reviewed.
 2004-03-15 23:15:26 +00:00
Richard Levitte
3822740ce3 We're getting a clash with C++ because it has a type called 'list'. 
Therefore, change all instances of the symbol 'list' to something else.

PR: 758
Submitted by: Frédéric Giudicelli <groups@newpki.org>
 2003-11-29 10:25:37 +00:00
Dr. Stephen Henson
a08ced78c8 Avoid warnings: add missing prototype, don't shadow. 2003-10-10 23:07:24 +00:00
Richard Levitte
377dcdba44 Add functionality to get information on compression methods (not quite complete). 2003-10-06 12:18:39 +00:00
Richard Levitte
8242354952 Make sure int SSL_COMP_add_compression_method() checks if a certain 
compression identity is already present among the registered
compression methods, and if so, reject the addition request.

Declare SSL_COMP_get_compression_method() so it can be used properly.

Change ssltest.c so it checks what compression methods are available
and enumerates them.  As a side-effect, built-in compression methods
will be automagically loaded that way.  Additionally, change the
identities for ZLIB and RLE to be conformant to
draft-ietf-tls-compression-05.txt.

Finally, make update.

Next on my list: have the built-in compression methods added
"automatically" instead of requiring that the author call
SSL_COMP_add_compression_method() or
SSL_COMP_get_compression_methods().
 2003-10-06 11:00:15 +00:00
Geoff Thorpe
4879ec7bf3 Session cache implementations shouldn't have to access SSL_SESSION 
elements directly, so this missing functionality is required.

PR: 276
 2003-02-15 20:38:57 +00:00
Dr. Stephen Henson
cf56663fb7 Option to disable SSL auto chain build 2003-02-12 17:06:02 +00:00
Bodo Möller
0e9035ac98 SSL_add_dir_cert_subjects_to_stack now exists for WIN32 2003-02-05 16:40:29 +00:00
Geoff Thorpe
e90e719739 Fix a warning, and do some constification as a lucky side-effect :-) 2002-12-08 05:19:43 +00:00
Richard Levitte
7ba666fa0e Since it's defined in draft-ietf-tls-compression-04.txt, let's make 
ZLIB a known compression method, with the identity 1.
 2002-12-08 02:41:11 +00:00
Ben Laurie
54a656ef08 Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
Geoff Thorpe
e0db2eed8d Correct and enhance the behaviour of "internal" session caching as it 
relates to SSL_CTX flags and the use of "external" session caching. The
existing flag, "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" remains but is
supplemented with a complimentary flag, "SSL_SESS_CACHE_NO_INTERNAL_STORE".
The bitwise OR of the two flags is also defined as
"SSL_SESS_CACHE_NO_INTERNAL" and is the flag that should be used by most
applications wanting to implement session caching *entirely* by its own
provided callbacks. As the documented behaviour contradicted actual
behaviour up until recently, and since that point behaviour has itself been
inconsistent anyway, this change should not introduce any compatibility
problems. I've adjusted the relevant documentation to elaborate about how
this works.

Kudos to "Nadav Har'El" <nyh@math.technion.ac.il> for diagnosing these
anomalies and testing this patch for correctness.

PR: 311
 2002-10-29 00:33:04 +00:00
Richard Levitte
677532629d makedepend complains when a header file is included more than once in 
the same source file.
 2002-10-14 10:02:36 +00:00
Richard Levitte
ef0baf60aa Typo 2002-10-10 08:32:39 +00:00
Richard Levitte
7ba3a4c3d2 RFC 2712 redefines the codes for use of Kerberos 5 in SSL/TLS. 
PR: 189
 2002-10-10 07:59:03 +00:00
Bodo Möller
ea26226046 ECC ciphersuite support 
Submitted by: Douglas Stebila <douglas.stebila@sun.com>
(Authors: Vipul Gupta and Sumit Gupta, Sun Microsystems Laboratories)
 2002-08-09 08:56:08 +00:00
Bodo Möller
5574e0ed41 get rid of OpenSSLDie 2002-08-02 11:48:15 +00:00
Lutz Jänicke
c046fffa16 OpenSSL Security Advisory [30 July 2002] 
Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
 2002-07-30 13:04:04 +00:00
Lutz Jänicke
c6ccf055ba New cipher selection options COMPLEMENTOFALL and COMPLEMENTOFDEFAULT. 
Submitted by:
Reviewed by:
PR: 127
 2002-07-19 19:55:34 +00:00
Bodo Möller
ea4f109c99 AES cipher suites are now official (RFC3268) 2002-07-04 08:51:09 +00:00
Bodo Möller
c21506ba02 New option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS for disabling CBC 
vulnerability workaround (included in SSL_OP_ALL).

PR: #90
 2002-06-14 12:21:11 +00:00
Bodo Möller
98a9092af1 Fix ciphersuite list to enforce low priority for RC4. 2002-05-07 08:36:26 +00:00
Bodo Möller
87108f5af9 ensure that, for each strength, RC4 ciphers have least preference 
in the default ciphersuite list
 2002-05-07 07:59:35 +00:00
Bodo Möller
a4f576a378 disable AES ciphersuites unless explicitly requested 2002-05-05 23:44:27 +00:00
Dr. Stephen Henson
98fa4fe8c5 Fix ASN1 additions for KRB5 2002-03-12 13:32:35 +00:00
Bodo Möller
023ec151df Add 'void *' argument to app_verify_callback. 
Submitted by: D. K. Smetters <smetters@parc.xerox.com>
Reviewed by: Bodo Moeller
 2002-02-28 10:52:56 +00:00
Bodo Möller
8c74b5e56c Bugfix: In ssl3_accept, don't use a local variable 'got_new_session' 
to indicate that a real handshake is taking place (the value will be
lost during multiple invocations). Set s->new_session to 2 instead.
 2002-01-14 23:40:26 +00:00
Ben Laurie
45d87a1ffe Prototype info function. 2002-01-12 15:56:13 +00:00