Ben Laurie
c2b78c31d6
First cut of renegotiation extension.
2009-11-08 14:51:54 +00:00
Ben Laurie
949fbf073a
Disable renegotiation.
2009-11-05 11:28:37 +00:00
Dr. Stephen Henson
07cb0a82d1
PR: 2025
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org
Constify SSL_CIPHER_description
2009-09-12 23:18:43 +00:00
Dr. Stephen Henson
43e9e1a160
PR: 2033
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
DTLS listen support.
2009-09-09 17:06:13 +00:00
Dr. Stephen Henson
da6ce18279
PR: 2006
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
Do not use multiple DTLS records for a single user message
2009-08-26 11:54:14 +00:00
Dr. Stephen Henson
fbc4a24633
PR: 1997
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
DTLS timeout handling fix.
2009-08-13 15:14:32 +00:00
Dr. Stephen Henson
17620eec4c
Fix error codes.
2009-08-06 16:23:17 +00:00
Dr. Stephen Henson
a224fe14e9
PR: 1751
...
Submitted by: David Woodhouse <dwmw2@infradead.org>
Approved by: steve@openssl.org
Compatibility patches for Cisco VPN client DTLS.
2009-04-19 18:08:12 +00:00
Bodo Möller
f9f6f0e9f0
sanity check
...
PR: 1679
2008-08-13 19:44:44 +00:00
Dr. Stephen Henson
14748adb09
Make ssl code consistent with FIPS branch. The new code has no effect
...
at present because it asserts either noop flags or is inside
OPENSSL_FIPS #ifdef's.
2008-06-16 16:56:43 +00:00
Dr. Stephen Henson
4aefb1dd98
Backport more ENGINE SSL client auth code to 0.9.8.
2008-06-04 18:35:27 +00:00
Dr. Stephen Henson
aa03989791
Backport ssl client auth ENGINE support to 0.9.8.
2008-06-04 18:01:40 +00:00
Dr. Stephen Henson
db533c96e3
TLS ticket key setting callback: this allows and application to set
...
its own TLS ticket keys.
2008-04-30 16:11:33 +00:00
Andy Polyakov
ccac657556
New unused field crippled ssl_ctx_st in 0.9.8"f".
2007-10-17 21:22:58 +00:00
Dr. Stephen Henson
a523276786
Backport certificate status request TLS extension support to 0.9.8.
2007-10-12 00:00:36 +00:00
Ben Laurie
bb99ce5f80
make update, and more DTLS stuff.
2007-10-11 14:36:59 +00:00
Dr. Stephen Henson
c2079de880
Update from HEAD.
2007-08-28 01:12:44 +00:00
Dr. Stephen Henson
865a90eb4f
Backport of TLS extension code to OpenSSL 0.9.8.
...
Include server name and RFC4507bis support.
This is not compiled in by default and must be explicitly enabled with
the Configure option enable-tlsext
2007-08-12 18:59:03 +00:00
Bodo Möller
2c12e7f6f5
Ensure that AES remains the preferred cipher at any given key length.
...
(This does not really require a special case for Camellia.)
2007-04-25 07:58:32 +00:00
Bodo Möller
c3cc4662af
Add SEED encryption algorithm.
...
PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller
2007-04-23 23:50:26 +00:00
Bodo Möller
d9e262443c
oops -- this should have been in 0.9.8e
2007-03-21 14:18:27 +00:00
Bodo Möller
b2710ee19a
remove inconsistency between builds with and without Camellia enabled
2007-02-19 17:55:07 +00:00
Nils Larsch
d4a6240005
replace macros with functions
...
Submitted by: Tracy Camp <tracyx.e.camp@intel.com>
2006-11-29 20:47:15 +00:00
Bodo Möller
b610f46bae
Make sure that AES ciphersuites get priority over Camellia ciphersuites
...
in the default cipher string.
2006-06-14 13:52:49 +00:00
Bodo Möller
e18eef3d7a
Camellia cipher, contributed by NTT
...
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
2006-06-09 15:42:21 +00:00
Bodo Möller
c55d882fab
Avoid contradictive error code assignments.
...
"make error".
2006-01-08 21:52:46 +00:00
Bodo Möller
2e885232c2
Some error code cleanups (SSL lib. used SSL_R_... codes reserved for alerts)
2006-01-08 19:41:25 +00:00
Mark J. Cox
64932f9e4a
Add fixes for CAN-2005-2969
...
Bump release ready for OpenSSL_0_9_8a tag
2005-10-11 10:16:21 +00:00
Nils Larsch
cac0d4ee6f
- let SSL_CTX_set_cipher_list and SSL_set_cipher_list return an
...
error if the cipher list is empty
- fix last commit in ssl_create_cipher_list
- clean up ssl_create_cipher_list
2005-06-10 19:51:16 +00:00
Bodo Möller
aa4ce7315f
Fix various incorrect error function codes.
...
("perl util/ck_errf.pl */*.c */*/*.c" still reports many more.)
2005-04-26 18:53:22 +00:00
Bodo Möller
beb056b303
fix SSLerr stuff for DTLS1 code;
...
move some functions from exported header <openssl/dtl1.h> into "ssl_locl.h";
fix silly indentation (a TAB is *not* always 4 spaces)
2005-04-26 18:08:00 +00:00
Ben Laurie
36d16f8ee0
Add DTLS support.
2005-04-26 16:02:40 +00:00
Ben Laurie
41a15c4f0f
Give everything prototypes (well, everything that's actually used).
2005-03-31 09:26:39 +00:00
Ben Laurie
0821bcd4de
Constification.
2005-03-30 10:26:02 +00:00
Dr. Stephen Henson
5d7c222db8
New X509_VERIFY_PARAM structure and associated functionality.
...
This tidies up verify parameters and adds support for integrated policy
checking.
Add support for policy related command line options. Currently only in smime
application.
WARNING: experimental code subject to change.
2004-09-06 18:43:01 +00:00
Richard Levitte
6713a4835f
Move some COMP functions to be inside the #ifndef OPENSSL_NO_COMP
...
wrapping preprocessor directive. This also removes a duplicate
declaration.
2004-05-20 23:47:57 +00:00
Geoff Thorpe
d095b68d63
Deprecate quite a few recursive includes from the ssl.h API header and
...
remove some unnecessary includes from the internal header ssl_locl.h. This
then requires adding includes for bn.h in four C files.
2004-05-17 18:53:47 +00:00
Richard Levitte
0020502a07
SSL_COMP_get_compression_method is a typo (a missing 's' at the end of
...
the symbol name).
2004-03-25 21:32:30 +00:00
Richard Levitte
875a644a90
Constify d2i, s2i, c2i and r2i functions and other associated
...
functions and macros.
This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const. Those will be removed when this change has been
properly reviewed.
2004-03-15 23:15:26 +00:00
Richard Levitte
3822740ce3
We're getting a clash with C++ because it has a type called 'list'.
...
Therefore, change all instances of the symbol 'list' to something else.
PR: 758
Submitted by: Frédéric Giudicelli <groups@newpki.org>
2003-11-29 10:25:37 +00:00
Dr. Stephen Henson
a08ced78c8
Avoid warnings: add missing prototype, don't shadow.
2003-10-10 23:07:24 +00:00
Richard Levitte
377dcdba44
Add functionality to get information on compression methods (not quite complete).
2003-10-06 12:18:39 +00:00
Richard Levitte
8242354952
Make sure int SSL_COMP_add_compression_method() checks if a certain
...
compression identity is already present among the registered
compression methods, and if so, reject the addition request.
Declare SSL_COMP_get_compression_method() so it can be used properly.
Change ssltest.c so it checks what compression methods are available
and enumerates them. As a side-effect, built-in compression methods
will be automagically loaded that way. Additionally, change the
identities for ZLIB and RLE to be conformant to
draft-ietf-tls-compression-05.txt.
Finally, make update.
Next on my list: have the built-in compression methods added
"automatically" instead of requiring that the author call
SSL_COMP_add_compression_method() or
SSL_COMP_get_compression_methods().
2003-10-06 11:00:15 +00:00
Geoff Thorpe
4879ec7bf3
Session cache implementations shouldn't have to access SSL_SESSION
...
elements directly, so this missing functionality is required.
PR: 276
2003-02-15 20:38:57 +00:00
Dr. Stephen Henson
cf56663fb7
Option to disable SSL auto chain build
2003-02-12 17:06:02 +00:00
Bodo Möller
0e9035ac98
SSL_add_dir_cert_subjects_to_stack now exists for WIN32
2003-02-05 16:40:29 +00:00
Geoff Thorpe
e90e719739
Fix a warning, and do some constification as a lucky side-effect :-)
2002-12-08 05:19:43 +00:00
Richard Levitte
7ba666fa0e
Since it's defined in draft-ietf-tls-compression-04.txt, let's make
...
ZLIB a known compression method, with the identity 1.
2002-12-08 02:41:11 +00:00
Ben Laurie
54a656ef08
Security fixes brought forward from 0.9.7.
2002-11-13 15:43:43 +00:00
Geoff Thorpe
e0db2eed8d
Correct and enhance the behaviour of "internal" session caching as it
...
relates to SSL_CTX flags and the use of "external" session caching. The
existing flag, "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" remains but is
supplemented with a complimentary flag, "SSL_SESS_CACHE_NO_INTERNAL_STORE".
The bitwise OR of the two flags is also defined as
"SSL_SESS_CACHE_NO_INTERNAL" and is the flag that should be used by most
applications wanting to implement session caching *entirely* by its own
provided callbacks. As the documented behaviour contradicted actual
behaviour up until recently, and since that point behaviour has itself been
inconsistent anyway, this change should not introduce any compatibility
problems. I've adjusted the relevant documentation to elaborate about how
this works.
Kudos to "Nadav Har'El" <nyh@math.technion.ac.il> for diagnosing these
anomalies and testing this patch for correctness.
PR: 311
2002-10-29 00:33:04 +00:00