Commit graph

8223 commits

Author SHA1 Message Date
Dr. Stephen Henson
1b32943215 Update OID table too. 2010-01-25 16:08:52 +00:00
Dr. Stephen Henson
a231d99d4c PR: 2149
Submitted by: Douglas Stebila <douglas@stebila.ca>

Fix wap OIDs.
2010-01-25 16:08:01 +00:00
Dr. Stephen Henson
714044cc03 oops revert test code from previous commit 2010-01-24 13:52:38 +00:00
Dr. Stephen Henson
5598b99fb3 The fix for PR#1949 unfortunately broke cases where the BIO_CTRL_WPENDING
ctrl is incorrectly implemented (e.g. some versions of Apache). As a workaround
call both BIO_CTRL_INFO and BIO_CTRL_WPENDING if it returns zero. This should
both address the original bug and retain compatibility with the old behaviour.
2010-01-24 13:50:57 +00:00
Dr. Stephen Henson
6899d9bbf6 If legacy renegotiation is not permitted then send a fatal alert if a patched
server attempts to renegotiate with an unpatched client.
2010-01-22 18:49:43 +00:00
Dr. Stephen Henson
cf876a9893 change versions back to 0.9.8m-dev 2010-01-20 18:22:04 +00:00
Dr. Stephen Henson
8b8a2928af prepare for release 2010-01-20 17:26:02 +00:00
Dr. Stephen Henson
031774468c update TABLE 2010-01-20 17:16:52 +00:00
Dr. Stephen Henson
dd28d12add make update 2010-01-20 16:35:30 +00:00
Dr. Stephen Henson
6c61ee8fe3 Support -L options in VC++ link. 2010-01-20 14:04:29 +00:00
Andy Polyakov
b86ebb55ff rand_win.c: handel GetTickCount wrap-around [from HEAD]. 2010-01-19 21:45:45 +00:00
Andy Polyakov
66956eaba3 x86_64-xlate.pl: refine sign extension logic when handling lea [from HEAD].
PR: 2094,2095
2010-01-19 21:45:16 +00:00
Dr. Stephen Henson
444ff35029 revert patch 2010-01-19 19:10:53 +00:00
Dr. Stephen Henson
ff2549be1d PR: 2144
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Better fix for PR#2144
2010-01-19 19:10:03 +00:00
Andy Polyakov
2557c6a812 Valgrind fix to aes-x86_64.pl in 0.9.8. For reference, newer aes-x86_64.pl
don't suffer from the problem after Win64 SEH support was added.
PR: 2075
Submitted by: Peter Klotz
2010-01-17 19:43:49 +00:00
Dr. Stephen Henson
aae48de0f7 PR: 2144
Submitted by: steve@openssl.org

Fix DTLS connection so new_session is reset if we read second client hello:
new_session is used to detect renegotiation.
2010-01-16 19:45:46 +00:00
Dr. Stephen Henson
766708f24b PR: 2133
Submitted by: steve@openssl.org

Add missing DTLS state strings.
2010-01-16 19:18:31 +00:00
Dr. Stephen Henson
fbeb4a9d15 Add strings for DTLS protocol versions 2010-01-16 19:02:43 +00:00
Dr. Stephen Henson
24fc4f656c PR: 1618
Submitted by: steve@openssl.org

Fix bug in 0.9.8-stable time handling in ca.c . NB: this only handles cases
where times are not being checked or printed properly. Issues relating to
time_t becoming negative or wrapping around are *NOT* addressed. OpenSSL
1.0.0 and later does fix these issues by using its own time routines.
2010-01-14 17:44:46 +00:00
Dr. Stephen Henson
c3c3b28818 Fix version handling so it can cope with a major version >3.
Although it will be many years before TLS v2.0 or later appears old versions
of servers have a habit of hanging around for a considerable time so best
if we handle this properly now.
2010-01-13 19:08:45 +00:00
Dr. Stephen Henson
06e2670a57 Modify compression code so it avoids using ex_data free functions. This
stops applications that call CRYPTO_free_all_ex_data() prematurely leaking
memory.
2010-01-13 18:45:03 +00:00
Dr. Stephen Henson
3798a4d059 Simplify RI+SCSV logic:
1. Send SCSV is not renegotiating, never empty RI.
2. Send RI if renegotiating.
2010-01-07 19:09:32 +00:00
Andy Polyakov
5b8246d6eb x86_64-xlate.pl: new gas requires sign extention in lea instruction
[from HEAD].
PR: 2094,2095
2010-01-07 11:22:25 +00:00
Andy Polyakov
2e24bc421d util/pl/VC-32.pl: bufferoverflowu.lib only when actually needed [from HEAD].
PR: 2086
2010-01-07 11:04:49 +00:00
Dr. Stephen Henson
f244ed3ed2 correct error codes 2010-01-06 18:02:07 +00:00
Dr. Stephen Henson
50a095ed16 Updates to conform with draft-ietf-tls-renegotiation-03.txt:
1. Add provisional SCSV value.
2. Don't send SCSV and RI at same time.
3. Fatal error is SCSV received when renegotiating.
2010-01-06 17:59:41 +00:00
Dr. Stephen Henson
37aff2199e Typo 2010-01-05 17:50:12 +00:00
Dr. Stephen Henson
309aa5fbf3 PR: 2132
Submitted by: steve

Fix bundled pod2man.pl to handle alternative comment formats.
2010-01-05 17:33:20 +00:00
Dr. Stephen Henson
5f40948714 Update RI to match latest spec.
MCSV is now called SCSV.

Don't send SCSV if renegotiating.

Also note if RI is empty in debug messages.
2009-12-27 23:03:40 +00:00
Dr. Stephen Henson
c22050be29 Traditional Yuletide commit ;-)
Add Triple DES CFB1 and CFB8 to algorithm list and NID translation.
2009-12-25 14:11:18 +00:00
Bodo Möller
54ca55fd81 Constify crypto/cast. 2009-12-22 11:45:57 +00:00
Bodo Möller
d0e79d7e2c Constify crypto/cast. 2009-12-22 10:59:03 +00:00
Dr. Stephen Henson
c1003dfd15 Ooops, engage ENGINE initialisation code correctly in FIPS builds. 2009-12-17 16:38:18 +00:00
Dr. Stephen Henson
98809a1458 Alert to use is now defined in spec: update code 2009-12-17 15:42:25 +00:00
Dr. Stephen Henson
ccc3df8c33 New option to enable/disable connection to unpatched servers 2009-12-16 20:34:20 +00:00
Dr. Stephen Henson
593a6dbe19 add another missed case 2009-12-14 01:32:47 +00:00
Dr. Stephen Henson
efbe446f1a simplify RI error code and catch extra error case ignored before 2009-12-14 01:28:51 +00:00
Dr. Stephen Henson
725745d105 Allow initial connection (but no renegoriation) to servers which don't support
RI.
2009-12-14 01:09:01 +00:00
Ben Laurie
c0e94f8292 Missing newline. 2009-12-12 11:10:25 +00:00
Dr. Stephen Henson
ef4bd0167c Move SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION out of SSL_OP_ALL 2009-12-11 00:22:12 +00:00
Dr. Stephen Henson
7a8a3ef4f6 clarify docs 2009-12-09 18:17:21 +00:00
Dr. Stephen Henson
98c7b0367d Document option clearning functions.
Initial secure renegotiation documentation.
2009-12-09 18:01:07 +00:00
Dr. Stephen Henson
9e5dea0ffd PR: 2124
Submitted by: Jan Pechanec <Jan.Pechanec@Sun.COM>

Check for memory allocation failures.
2009-12-09 13:41:50 +00:00
Dr. Stephen Henson
cb4823fdd6 Add ctrls to clear options and mode.
Change RI ctrl so it doesn't clash.
2009-12-09 13:15:01 +00:00
Dr. Stephen Henson
17bb051628 Send no_renegotiation alert as required by spec. 2009-12-08 19:05:49 +00:00
Dr. Stephen Henson
59f44e810b Add ctrl and macro so we can determine if peer support secure renegotiation.
Fix SSL_CIPHER initialiser for mcsv
2009-12-08 13:47:28 +00:00
Dr. Stephen Henson
7a014dceb6 Add support for magic cipher suite value (MCSV). Make secure renegotiation
work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.

NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.

Change mismatch alerts to handshake_failure as required by spec.

Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.
2009-12-08 13:15:38 +00:00
Dr. Stephen Henson
1ff44a99a4 PR: 2111
Submitted by: Martin Olsson <molsson@opera.com>

Check for bn_wexpand errors in bn_mul.c
2009-12-02 15:27:19 +00:00
Dr. Stephen Henson
6cf61614e4 Replace the broken SPKAC certification with the correct version. 2009-12-02 14:39:12 +00:00
Dr. Stephen Henson
82e448b92b PR: 2115
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Add Renegotiation extension to DTLS, fix DTLS ClientHello processing bug.
2009-12-01 17:40:46 +00:00