Bodo Möller
caf97dbad0
there is no minimum length for session IDs
...
PR: 274
[previous commit did not include all the changes]
2002-09-20 08:27:44 +00:00
Bodo Möller
5fef7d56ce
there is no minimum length for session IDs
...
PR: 274
2002-09-19 11:43:13 +00:00
Bodo Möller
30c37c52c5
fix race condition
...
PR: 262
2002-09-19 11:27:37 +00:00
Lutz Jänicke
06076d9d31
Reorder cleanup sequence in SSL_CTX_free() to leave ex_data for remove_cb().
...
Submitted by:
Reviewed by:
PR: 212
2002-08-16 17:09:31 +00:00
Bodo Möller
b411e2724f
use correct function code in error message
2002-08-15 16:16:36 +00:00
Richard Levitte
ffcbf991b1
Sometimes, the value of the variable containing the compiler call can
...
become rather large. This becomes a problem when the default 1024
character large buffer that WRITE uses isn't enough. WRITE/SYMBOL
uses a 2048 byte large buffer instead.
2002-08-15 08:29:58 +00:00
Richard Levitte
425d06d178
Instead of returning errors when certain flags are unusable, just ignore them.
...
That will make the test go through even if DH (or in some cases ECDH) aren't
built into OpenSSL.
PR: 216, part 2
2002-08-14 12:18:29 +00:00
Richard Levitte
bf6635038f
Small syntax error corrected. Fortunately, this one only issues a
...
warning, and is thereby ignored by the rest of the command procedure.
The only problem would be if SSL_TASK.C failed to compile, which
hasn't happened in ages...
2002-08-14 11:27:25 +00:00
Bodo Möller
517a0e7fa0
get rid of OpenSSLDie
2002-08-02 10:51:59 +00:00
Lutz Jänicke
bb41724483
OpenSSL Security Advisory [30 July 2002]
...
Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
Submitted by:
Reviewed by:
PR:
2002-07-30 10:19:01 +00:00
Lutz Jänicke
d12eb7b024
"make update"
...
Submitted by:
Reviewed by:
PR:
2002-07-30 09:32:45 +00:00
Bodo Möller
b5b19ae0bd
'SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION' does not belong here,
...
it's 0.9.7 only
2002-07-19 12:37:30 +00:00
Lutz Jänicke
d2cbe66ee1
Ciphers with NULL encryption were not properly handled because they were
...
not covered by the strength bit mask.
Submitted by:
Reviewed by:
PR: 130
2002-07-10 06:41:29 +00:00
Bodo Möller
0ac51fcf0b
emtpy fragments are not necessary for SSL_eNULL
...
(but noone uses it anyway)
2002-07-09 08:48:03 +00:00
Bodo Möller
32a76f2c75
New option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS for disabling CBC
...
vulnerability workaround (included in SSL_OP_ALL).
PR: #90
2002-06-14 12:19:34 +00:00
Richard Levitte
578c1cdefa
make update
2002-06-13 21:57:57 +00:00
Richard Levitte
6c53759a50
Recover from errors
2002-05-23 23:33:22 +00:00
Bodo Möller
35fbadb322
fix warning
2002-05-06 10:42:56 +00:00
Bodo Möller
ea9e248cde
fix casts
2002-05-05 23:01:42 +00:00
Dr. Stephen Henson
64f1ae3868
Win32 VC++ warning fixes.
2002-05-02 01:52:18 +00:00
Richard Levitte
9cf94f9ed3
Fix unsigned vs. signed clash
2002-04-29 10:30:05 +00:00
Richard Levitte
ea599390c6
Make sure the opened directory is closed on exit.
...
Notified by Lorinczy Zsigmond <lzsiga@mail.ahiv.hu>
2002-04-18 16:20:32 +00:00
Bodo Möller
a6ec2d58ba
improve binary compatibility
2002-04-14 08:25:41 +00:00
Bodo Möller
82c77c1b32
Implement known-IV countermeasure.
...
Fix length checks in ssl3_get_client_hello().
Use s->s3->in_read_app_data differently to fix ssl3_read_internal().
2002-04-13 22:49:28 +00:00
Lutz Jänicke
6bcba344b5
Map new X509 verification errors to alert codes (Tom Wu <tom@arcot.com>).
2002-03-19 16:47:09 +00:00
Bodo Möller
7aacd4c458
fix ssl3_pending
2002-03-15 10:53:34 +00:00
Lutz Jänicke
e18ed57afd
Add missing strength entries.
2002-03-14 18:56:59 +00:00
Bodo Möller
ff9722c7f1
use BIO_nwrite() more properly to demonstrate the general idea of
...
BIO_nwrite0/BIO_nwrite (the previous code was OK for BIO pairs but not
in general)
2002-03-14 09:49:10 +00:00
Lutz Jänicke
ec20856622
Fix the fix (Yoram Zahavi)...
2002-02-27 11:26:20 +00:00
Lutz Jänicke
ce1e801013
Make sure to remove bad sessions in SSL_clear() (found by Yoram Zahavi).
2002-02-26 21:50:28 +00:00
Richard Levitte
03a6dcdf31
make update
2002-02-26 14:18:23 +00:00
Lutz Jänicke
76dca45720
Backport from 0.9.7:
...
Make removal from internal session cache more robust and do not store
into internal session cache when it won't be looked up anyway.
2002-02-10 12:52:57 +00:00
Bodo Möller
19fa8cfe5a
Bugfix: In ssl3_accept, don't use a local variable 'got_new_session'
...
to indicate that a real handshake is taking place (the value will be
lost during multiple invocations). Set s->new_session to 2 instead.
2002-01-14 23:42:47 +00:00
Bodo Möller
5f18fe493e
Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c) if
...
the SSL_R_LENGTH_MISMATCH error is detected.
2002-01-14 12:42:38 +00:00
Ulf Möller
c99b94be3e
ssl3_read_bytes bug fix
...
Submitted by: D P Chang <dpc@qualys.com>
Reviewed by: Bodo
2001-12-28 17:13:10 +00:00
Richard Levitte
5dfaf1c437
make update
2001-12-20 22:25:41 +00:00
Bodo Möller
3ece3605ac
remove redundant ERR_load_... declarations
2001-12-17 19:24:39 +00:00
Richard Levitte
479275ef18
make update
...
perl util/mkdef.pl crypto update rewrite
2001-11-15 12:36:30 +00:00
Bodo Möller
c37e7bf580
fix warning
2001-11-14 21:19:47 +00:00
Bodo Möller
a10b85d9e6
make code a little more similar to what it looked like before the fixes
2001-11-10 10:43:51 +00:00
Bodo Möller
a807f6460e
important SSL 2.0 bugfixes
2001-11-10 01:15:29 +00:00
Richard Levitte
d6945e10b5
Addapt VMS scripts to the newer disk layout system ODS-5, which allows more than one period and mixed size characters in file names
2001-10-29 13:06:29 +00:00
Bodo Möller
0b9925be4f
Consistency with s2_... and s23_... variants (no real functional
...
change)
2001-10-25 08:18:56 +00:00
Bodo Möller
3e9ae0c462
Oops
2001-10-25 08:18:36 +00:00
Bodo Möller
96ec4ce0d2
Assume TLS 1.0 if ClientHello fragment is too short.
2001-10-25 06:06:50 +00:00
Bodo Möller
38b3e9edde
Fix SSL handshake functions and SSL_clear() such that SSL_clear()
...
never resets s->method to s->ctx->method when called from within one
of the SSL handshake functions.
2001-10-24 19:05:26 +00:00
Bodo Möller
9ccadf1c6f
In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
...
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.
2001-10-20 17:52:40 +00:00
Bodo Möller
2dbdcd9734
Fix ssl3_get_message to handle message fragmentation correctly.
2001-10-15 17:42:43 +00:00
Bodo Möller
1147fa5a5f
the previous commit accidentily removed 'ret = 1' from the SSL_ST_OK
...
case of ssl3_accept
2001-10-15 17:40:22 +00:00
Bodo Möller
ae9010abd5
comment
2001-09-24 07:57:20 +00:00