Commit graph

389 commits

Author SHA1 Message Date
Bodo Möller
caf97dbad0 there is no minimum length for session IDs
PR: 274
[previous commit did not include all the changes]
2002-09-20 08:27:44 +00:00
Bodo Möller
5fef7d56ce there is no minimum length for session IDs
PR: 274
2002-09-19 11:43:13 +00:00
Bodo Möller
30c37c52c5 fix race condition
PR: 262
2002-09-19 11:27:37 +00:00
Lutz Jänicke
06076d9d31 Reorder cleanup sequence in SSL_CTX_free() to leave ex_data for remove_cb().
Submitted by:
Reviewed by:
PR: 212
2002-08-16 17:09:31 +00:00
Bodo Möller
b411e2724f use correct function code in error message 2002-08-15 16:16:36 +00:00
Richard Levitte
ffcbf991b1 Sometimes, the value of the variable containing the compiler call can
become rather large.  This becomes a problem when the default 1024
character large buffer that WRITE uses isn't enough.  WRITE/SYMBOL
uses a 2048 byte large buffer instead.
2002-08-15 08:29:58 +00:00
Richard Levitte
425d06d178 Instead of returning errors when certain flags are unusable, just ignore them.
That will make the test go through even if DH (or in some cases ECDH) aren't
built into OpenSSL.
PR: 216, part 2
2002-08-14 12:18:29 +00:00
Richard Levitte
bf6635038f Small syntax error corrected. Fortunately, this one only issues a
warning, and is thereby ignored by the rest of the command procedure.
The only problem would be if SSL_TASK.C failed to compile, which
hasn't happened in ages...
2002-08-14 11:27:25 +00:00
Bodo Möller
517a0e7fa0 get rid of OpenSSLDie 2002-08-02 10:51:59 +00:00
Lutz Jänicke
bb41724483 OpenSSL Security Advisory [30 July 2002]
Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
Submitted by:
Reviewed by:
PR:
2002-07-30 10:19:01 +00:00
Lutz Jänicke
d12eb7b024 "make update"
Submitted by:
Reviewed by:
PR:
2002-07-30 09:32:45 +00:00
Bodo Möller
b5b19ae0bd 'SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION' does not belong here,
it's 0.9.7 only
2002-07-19 12:37:30 +00:00
Lutz Jänicke
d2cbe66ee1 Ciphers with NULL encryption were not properly handled because they were
not covered by the strength bit mask.
Submitted by:
Reviewed by:
PR: 130
2002-07-10 06:41:29 +00:00
Bodo Möller
0ac51fcf0b emtpy fragments are not necessary for SSL_eNULL
(but noone uses it anyway)
2002-07-09 08:48:03 +00:00
Bodo Möller
32a76f2c75 New option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS for disabling CBC
vulnerability workaround (included in SSL_OP_ALL).

PR: #90
2002-06-14 12:19:34 +00:00
Richard Levitte
578c1cdefa make update 2002-06-13 21:57:57 +00:00
Richard Levitte
6c53759a50 Recover from errors 2002-05-23 23:33:22 +00:00
Bodo Möller
35fbadb322 fix warning 2002-05-06 10:42:56 +00:00
Bodo Möller
ea9e248cde fix casts 2002-05-05 23:01:42 +00:00
Dr. Stephen Henson
64f1ae3868 Win32 VC++ warning fixes. 2002-05-02 01:52:18 +00:00
Richard Levitte
9cf94f9ed3 Fix unsigned vs. signed clash 2002-04-29 10:30:05 +00:00
Richard Levitte
ea599390c6 Make sure the opened directory is closed on exit.
Notified by Lorinczy Zsigmond <lzsiga@mail.ahiv.hu>
2002-04-18 16:20:32 +00:00
Bodo Möller
a6ec2d58ba improve binary compatibility 2002-04-14 08:25:41 +00:00
Bodo Möller
82c77c1b32 Implement known-IV countermeasure.
Fix length checks in ssl3_get_client_hello().

Use s->s3->in_read_app_data differently to fix ssl3_read_internal().
2002-04-13 22:49:28 +00:00
Lutz Jänicke
6bcba344b5 Map new X509 verification errors to alert codes (Tom Wu <tom@arcot.com>). 2002-03-19 16:47:09 +00:00
Bodo Möller
7aacd4c458 fix ssl3_pending 2002-03-15 10:53:34 +00:00
Lutz Jänicke
e18ed57afd Add missing strength entries. 2002-03-14 18:56:59 +00:00
Bodo Möller
ff9722c7f1 use BIO_nwrite() more properly to demonstrate the general idea of
BIO_nwrite0/BIO_nwrite (the previous code was OK for BIO pairs but not
in general)
2002-03-14 09:49:10 +00:00
Lutz Jänicke
ec20856622 Fix the fix (Yoram Zahavi)... 2002-02-27 11:26:20 +00:00
Lutz Jänicke
ce1e801013 Make sure to remove bad sessions in SSL_clear() (found by Yoram Zahavi). 2002-02-26 21:50:28 +00:00
Richard Levitte
03a6dcdf31 make update 2002-02-26 14:18:23 +00:00
Lutz Jänicke
76dca45720 Backport from 0.9.7:
Make removal from internal session cache more robust and do not store
into internal session cache when it won't be looked up anyway.
2002-02-10 12:52:57 +00:00
Bodo Möller
19fa8cfe5a Bugfix: In ssl3_accept, don't use a local variable 'got_new_session'
to indicate that a real handshake is taking place (the value will be
lost during multiple invocations). Set s->new_session to 2 instead.
2002-01-14 23:42:47 +00:00
Bodo Möller
5f18fe493e Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c) if
the SSL_R_LENGTH_MISMATCH error is detected.
2002-01-14 12:42:38 +00:00
Ulf Möller
c99b94be3e ssl3_read_bytes bug fix
Submitted by: D P Chang <dpc@qualys.com>
Reviewed by: Bodo
2001-12-28 17:13:10 +00:00
Richard Levitte
5dfaf1c437 make update 2001-12-20 22:25:41 +00:00
Bodo Möller
3ece3605ac remove redundant ERR_load_... declarations 2001-12-17 19:24:39 +00:00
Richard Levitte
479275ef18 make update
perl util/mkdef.pl crypto update rewrite
2001-11-15 12:36:30 +00:00
Bodo Möller
c37e7bf580 fix warning 2001-11-14 21:19:47 +00:00
Bodo Möller
a10b85d9e6 make code a little more similar to what it looked like before the fixes 2001-11-10 10:43:51 +00:00
Bodo Möller
a807f6460e important SSL 2.0 bugfixes 2001-11-10 01:15:29 +00:00
Richard Levitte
d6945e10b5 Addapt VMS scripts to the newer disk layout system ODS-5, which allows more than one period and mixed size characters in file names 2001-10-29 13:06:29 +00:00
Bodo Möller
0b9925be4f Consistency with s2_... and s23_... variants (no real functional
change)
2001-10-25 08:18:56 +00:00
Bodo Möller
3e9ae0c462 Oops 2001-10-25 08:18:36 +00:00
Bodo Möller
96ec4ce0d2 Assume TLS 1.0 if ClientHello fragment is too short. 2001-10-25 06:06:50 +00:00
Bodo Möller
38b3e9edde Fix SSL handshake functions and SSL_clear() such that SSL_clear()
never resets s->method to s->ctx->method when called from within one
of the SSL handshake functions.
2001-10-24 19:05:26 +00:00
Bodo Möller
9ccadf1c6f In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.
2001-10-20 17:52:40 +00:00
Bodo Möller
2dbdcd9734 Fix ssl3_get_message to handle message fragmentation correctly. 2001-10-15 17:42:43 +00:00
Bodo Möller
1147fa5a5f the previous commit accidentily removed 'ret = 1' from the SSL_ST_OK
case of ssl3_accept
2001-10-15 17:40:22 +00:00
Bodo Möller
ae9010abd5 comment 2001-09-24 07:57:20 +00:00