wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
9648 commits 20 branches 302 tags 153 MiB
Commit graph

257 commits

Author SHA1 Message Date
Dr. Stephen Henson
376838a606 Process signature algorithms during TLS v1.2 client authentication. 
Make sure message is long enough for signature algorithms.

(backport from HEAD).
 2011-05-12 17:44:59 +00:00
Dr. Stephen Henson
9472baae0d Backport TLS v1.2 support from HEAD. 
This includes TLS v1.2 server and client support but at present
client certificate support is not implemented.
 2011-05-11 13:37:52 +00:00
Dr. Stephen Henson
74096890ba Initial "opaque SSL" framework. If an application defines OPENSSL_NO_SSL_INTERN 
all ssl related structures are opaque and internals cannot be directly
accessed. Many applications will need some modification to support this and
most likely some additional functions added to OpenSSL.

The advantage of this option is that any application supporting it will still
be binary compatible if SSL structures change.

(backport from HEAD).
 2011-05-11 12:56:38 +00:00
Dr. Stephen Henson
3393e0c02c Fix SRP error codes (from HEAD). 2011-03-16 16:55:12 +00:00
Ben Laurie
a149b2466e Add SRP. 2011-03-16 11:26:40 +00:00
Dr. Stephen Henson
c6dd154b3e oops, revert previous patch 2010-08-27 12:10:12 +00:00
Dr. Stephen Henson
35cae95032 PR: 1833 
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix other cases not covered by original patch.
 2010-08-27 11:57:42 +00:00
Dr. Stephen Henson
48ae85b6ff PR: 1833 
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Support for abbreviated handshakes when renegotiating.
 2010-08-26 14:22:40 +00:00
Dr. Stephen Henson
53e7985c8d PR: 1830 
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>, Steve Henson

Support for RFC5705 key extractor.
 2010-07-18 17:39:46 +00:00
Dr. Stephen Henson
b4b15f68c0 Backport TLS v1.1 support from HEAD, ssl/ changes 2010-06-27 14:22:11 +00:00
Dr. Stephen Henson
eb17330837 Updates to conform with draft-ietf-tls-renegotiation-03.txt: 
1. Add provisional SCSV value.
2. Don't send SCSV and RI at same time.
3. Fatal error is SCSV received when renegotiating.
 2010-01-06 17:37:38 +00:00
Dr. Stephen Henson
1f67a3a985 compress_meth should be unsigned 2010-01-05 16:46:39 +00:00
Dr. Stephen Henson
4cba294d79 Client side compression algorithm sanity checks: ensure old compression 
algorithm matches current and give error if compression is disabled and
server requests it (shouldn't happen unless server is broken).
 2010-01-01 14:39:51 +00:00
Dr. Stephen Henson
e642fd7a1c Compression handling on session resume was badly broken: it always 
used compression algorithms in client hello (a legacy from when
the compression algorithm wasn't serialized with SSL_SESSION).
 2010-01-01 00:44:36 +00:00
Dr. Stephen Henson
675564835c New option to enable/disable connection to unpatched servers 2009-12-16 20:28:30 +00:00
Ben Laurie
43a107026d Missing error code. 2009-12-12 15:57:53 +00:00
Dr. Stephen Henson
f1784f2fd2 Move SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION out of SSL_OP_ALL 2009-12-11 00:20:58 +00:00
Dr. Stephen Henson
52a08e90d1 Add ctrls to clear options and mode. 
Change RI ctrl so it doesn't clash.
 2009-12-09 13:25:38 +00:00
Dr. Stephen Henson
b52a2738d4 Add ctrl and macro so we can determine if peer support secure renegotiation. 2009-12-08 13:42:32 +00:00
Dr. Stephen Henson
3c44e92bcb Include a more meaningful error message when rejecting legacy renegotiation 2009-11-18 14:19:52 +00:00
Dr. Stephen Henson
bc9058d041 First cut of renegotiation extension. (port to 1.0.0-stable) 2009-11-09 18:45:42 +00:00
Dr. Stephen Henson
a131de9bb2 PR: 2025 
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org

Constify SSL_CIPHER_description
 2009-09-12 23:18:09 +00:00
Dr. Stephen Henson
53f062d050 PR: 2033 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS listen support.
 2009-09-09 17:05:42 +00:00
Dr. Stephen Henson
c0688f1aef Make update, deleting bogus DTLS error code 2009-09-06 15:55:54 +00:00
Dr. Stephen Henson
17f8d8db61 PR: 2006 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Do not use multiple DTLS records for a single user message
 2009-08-26 11:51:23 +00:00
Dr. Stephen Henson
5a96822f2c Update default dependency flags. 
Make error name discrepancies a fatal error.
Fix error codes.
make update
 2009-08-12 17:08:44 +00:00
Dr. Stephen Henson
a4bade7aac PR: 1997 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS timeout handling fix.
 2009-08-12 13:21:26 +00:00
Dr. Stephen Henson
5135d6b985 Fix error codes and indentation. 2009-07-15 11:32:58 +00:00
Dr. Stephen Henson
29b0c4a01c Add "missing" functions for setting all verify parameters for SSL_CTX and SSL 
structures.
 2009-06-30 11:57:24 +00:00
Dr. Stephen Henson
174ea15647 Typo. 2009-04-28 22:35:42 +00:00
Dr. Stephen Henson
b452f43322 PR: 1751 
Submitted by: David Woodhouse <dwmw2@infradead.org>
Approved by: steve@openssl.org

Compatibility patches for Cisco VPN client DTLS.
 2009-04-19 18:03:13 +00:00
Dr. Stephen Henson
9ae5743515 Disable SSLv2 cipher suites by default and avoid SSLv2 compatible client 
hello if no SSLv2 cipher suites are included. This effectively disables
the broken SSLv2 use by default.
 2009-04-07 17:01:07 +00:00
Dr. Stephen Henson
c9a1778134 Fix error codes. 2009-04-05 11:54:34 +00:00
Dr. Stephen Henson
2dd5ca1fbc Make no-ssl2 work including on Win32 builds. 2009-04-04 17:57:34 +00:00
Ben Laurie
9b9cb004f7 Deal with the unlikely event that EVP_MD_CTX_size() returns an error. 
(Coverity ID 140).
 2008-12-27 02:09:24 +00:00
Ben Laurie
6ba71a7173 Handle the unlikely event that BIO_get_mem_data() returns -ve. 2008-12-27 02:00:38 +00:00
Ben Laurie
f3b7bdadbc Integrate J-PAKE and TLS-PSK. Increase PSK buffer size. Fix memory leaks. 2008-11-16 12:47:12 +00:00
Dr. Stephen Henson
12bf56c017 PR: 1574 
Submitted by: Jouni Malinen <j@w1.fi>
Approved by: steve@openssl.org

Ticket override support for EAP-FAST.
 2008-11-15 17:18:12 +00:00
Geoff Thorpe
6343829a39 Revert the size_t modifications from HEAD that had led to more 
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
 2008-11-12 03:58:08 +00:00
Ben Laurie
5e4430e70d More size_tification. 2008-11-01 16:40:37 +00:00
Ben Laurie
babb379849 Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
Dr. Stephen Henson
3ad74edce8 Add SSL_FIPS flag for FIPS 140-2 approved ciphersuites and add a new 
strength "FIPS" to represent all FIPS approved ciphersuites without NULL
encryption.
 2008-09-10 16:02:09 +00:00
Bodo Möller
1cbf663a6c sanity check 
PR: 1679
 2008-08-13 19:45:06 +00:00
Bodo Möller
474b3b1cc8 Fix error codes for memory-saving patch. 
Also, get rid of compile-time switch OPENSSL_NO_RELEASE_BUFFERS
because it was rather pointless (the new behavior has to be explicitly
requested by setting SSL_MODE_RELEASE_BUFFERS anyway).
 2008-08-04 22:10:38 +00:00
Dr. Stephen Henson
59d2d48f64 Add support for client cert engine setting in s_client app. 
Add appropriate #ifdefs round client cert functions in headers.
 2008-06-03 11:26:27 +00:00
Ben Laurie
8671b89860 Memory saving patch. 2008-06-03 02:48:34 +00:00
Dr. Stephen Henson
c61915c659 Update error codes. 2008-06-01 22:34:40 +00:00
Dr. Stephen Henson
368888bcb6 Add client cert engine to SSL routines. 2008-06-01 22:33:24 +00:00
Dr. Stephen Henson
eafd6e5110 Update error codes, move typedef of SSL, SSL_CTX to ossl_typ.h 2008-06-01 21:18:47 +00:00
Ben Laurie
3c1d6bbc92 LHASH revamp. make depend. 2008-05-26 11:24:29 +00:00