wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
8335 commits 20 branches 302 tags 153 MiB
Commit graph

8335 commits

This branch
This branch
All branches
Author SHA1 Message Date
Dr. Stephen Henson
33d7b5ec07 reword RI description 2010-01-27 18:53:59 +00:00
Dr. Stephen Henson
4b38f35e72 update documentation to reflect new renegotiation options 2010-01-27 17:50:47 +00:00
Dr. Stephen Henson
82c2773423 Some shells print out the directory name if CDPATH is set breaking the 
pod2man test. Use ./util instead to avoid this.
 2010-01-27 16:06:36 +00:00
Dr. Stephen Henson
ded27f709c typo 2010-01-27 14:04:51 +00:00
Dr. Stephen Henson
30dc3e112b stop warnings in fips_test_suite application 2010-01-27 14:03:26 +00:00
Dr. Stephen Henson
371b262f96 stop missing prototype warnings 2010-01-27 13:32:31 +00:00
Dr. Stephen Henson
b3fb2492d5 eliminate some warnings in fips build 2010-01-27 13:21:34 +00:00
Dr. Stephen Henson
93b810637b Bypass algorithm blocking with TLS MD5+SHA1 signature in FIPS mode by 
calling underlying method directly.
 2010-01-27 00:51:24 +00:00
Dr. Stephen Henson
cc62974182 PR: 1949 
Submitted by: steve@openssl.org

More robust fix and workaround for PR#1949. Don't try to work out if there
is any write pending data as this can be unreliable: always flush.
 2010-01-26 19:40:36 +00:00
Dr. Stephen Henson
9413788571 PR: 2138 
Submitted by: Kevin Regan <k.regan@f5.com>

Clear stat structure if -DPURIFY is set to avoid problems on some
platforms which include unitialised fields.
 2010-01-26 18:08:42 +00:00
Dr. Stephen Henson
e8387db0c4 Fix VC++ warning (change had already been made to other branches). 2010-01-26 13:24:08 +00:00
Dr. Stephen Henson
81f28ca567 Typo 2010-01-26 12:29:32 +00:00
Dr. Stephen Henson
1b32943215 Update OID table too. 2010-01-25 16:08:52 +00:00
Dr. Stephen Henson
a231d99d4c PR: 2149 
Submitted by: Douglas Stebila <douglas@stebila.ca>

Fix wap OIDs.
 2010-01-25 16:08:01 +00:00
Dr. Stephen Henson
714044cc03 oops revert test code from previous commit 2010-01-24 13:52:38 +00:00
Dr. Stephen Henson
5598b99fb3 The fix for PR#1949 unfortunately broke cases where the BIO_CTRL_WPENDING 
ctrl is incorrectly implemented (e.g. some versions of Apache). As a workaround
call both BIO_CTRL_INFO and BIO_CTRL_WPENDING if it returns zero. This should
both address the original bug and retain compatibility with the old behaviour.
 2010-01-24 13:50:57 +00:00
Dr. Stephen Henson
6899d9bbf6 If legacy renegotiation is not permitted then send a fatal alert if a patched 
server attempts to renegotiate with an unpatched client.
 2010-01-22 18:49:43 +00:00
Dr. Stephen Henson
cf876a9893 change versions back to 0.9.8m-dev 2010-01-20 18:22:04 +00:00
Dr. Stephen Henson
8b8a2928af prepare for release 2010-01-20 17:26:02 +00:00
Dr. Stephen Henson
031774468c update TABLE 2010-01-20 17:16:52 +00:00
Dr. Stephen Henson
dd28d12add make update 2010-01-20 16:35:30 +00:00
Dr. Stephen Henson
6c61ee8fe3 Support -L options in VC++ link. 2010-01-20 14:04:29 +00:00
Andy Polyakov
b86ebb55ff rand_win.c: handel GetTickCount wrap-around [from HEAD]. 2010-01-19 21:45:45 +00:00
Andy Polyakov
66956eaba3 x86_64-xlate.pl: refine sign extension logic when handling lea [from HEAD]. 
PR: 2094,2095
 2010-01-19 21:45:16 +00:00
Dr. Stephen Henson
444ff35029 revert patch 2010-01-19 19:10:53 +00:00
Dr. Stephen Henson
ff2549be1d PR: 2144 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Better fix for PR#2144
 2010-01-19 19:10:03 +00:00
Andy Polyakov
2557c6a812 Valgrind fix to aes-x86_64.pl in 0.9.8. For reference, newer aes-x86_64.pl 
don't suffer from the problem after Win64 SEH support was added.
PR: 2075
Submitted by: Peter Klotz
 2010-01-17 19:43:49 +00:00
Dr. Stephen Henson
aae48de0f7 PR: 2144 
Submitted by: steve@openssl.org

Fix DTLS connection so new_session is reset if we read second client hello:
new_session is used to detect renegotiation.
 2010-01-16 19:45:46 +00:00
Dr. Stephen Henson
766708f24b PR: 2133 
Submitted by: steve@openssl.org

Add missing DTLS state strings.
 2010-01-16 19:18:31 +00:00
Dr. Stephen Henson
fbeb4a9d15 Add strings for DTLS protocol versions 2010-01-16 19:02:43 +00:00
Dr. Stephen Henson
24fc4f656c PR: 1618 
Submitted by: steve@openssl.org

Fix bug in 0.9.8-stable time handling in ca.c . NB: this only handles cases
where times are not being checked or printed properly. Issues relating to
time_t becoming negative or wrapping around are *NOT* addressed. OpenSSL
1.0.0 and later does fix these issues by using its own time routines.
 2010-01-14 17:44:46 +00:00
Dr. Stephen Henson
c3c3b28818 Fix version handling so it can cope with a major version >3. 
Although it will be many years before TLS v2.0 or later appears old versions
of servers have a habit of hanging around for a considerable time so best
if we handle this properly now.
 2010-01-13 19:08:45 +00:00
Dr. Stephen Henson
06e2670a57 Modify compression code so it avoids using ex_data free functions. This 
stops applications that call CRYPTO_free_all_ex_data() prematurely leaking
memory.
 2010-01-13 18:45:03 +00:00
Dr. Stephen Henson
3798a4d059 Simplify RI+SCSV logic: 
1. Send SCSV is not renegotiating, never empty RI.
2. Send RI if renegotiating.
 2010-01-07 19:09:32 +00:00
Andy Polyakov
5b8246d6eb x86_64-xlate.pl: new gas requires sign extention in lea instruction 
[from HEAD].
PR: 2094,2095
 2010-01-07 11:22:25 +00:00
Andy Polyakov
2e24bc421d util/pl/VC-32.pl: bufferoverflowu.lib only when actually needed [from HEAD]. 
PR: 2086
 2010-01-07 11:04:49 +00:00
Dr. Stephen Henson
f244ed3ed2 correct error codes 2010-01-06 18:02:07 +00:00
Dr. Stephen Henson
50a095ed16 Updates to conform with draft-ietf-tls-renegotiation-03.txt: 
1. Add provisional SCSV value.
2. Don't send SCSV and RI at same time.
3. Fatal error is SCSV received when renegotiating.
 2010-01-06 17:59:41 +00:00
Dr. Stephen Henson
37aff2199e Typo 2010-01-05 17:50:12 +00:00
Dr. Stephen Henson
309aa5fbf3 PR: 2132 
Submitted by: steve

Fix bundled pod2man.pl to handle alternative comment formats.
 2010-01-05 17:33:20 +00:00
Dr. Stephen Henson
5f40948714 Update RI to match latest spec. 
MCSV is now called SCSV.

Don't send SCSV if renegotiating.

Also note if RI is empty in debug messages.
 2009-12-27 23:03:40 +00:00
Dr. Stephen Henson
c22050be29 Traditional Yuletide commit ;-) 
Add Triple DES CFB1 and CFB8 to algorithm list and NID translation.
 2009-12-25 14:11:18 +00:00
Bodo Möller
54ca55fd81 Constify crypto/cast. 2009-12-22 11:45:57 +00:00
Bodo Möller
d0e79d7e2c Constify crypto/cast. 2009-12-22 10:59:03 +00:00
Dr. Stephen Henson
c1003dfd15 Ooops, engage ENGINE initialisation code correctly in FIPS builds. 2009-12-17 16:38:18 +00:00
Dr. Stephen Henson
98809a1458 Alert to use is now defined in spec: update code 2009-12-17 15:42:25 +00:00
Dr. Stephen Henson
ccc3df8c33 New option to enable/disable connection to unpatched servers 2009-12-16 20:34:20 +00:00
Dr. Stephen Henson
593a6dbe19 add another missed case 2009-12-14 01:32:47 +00:00
Dr. Stephen Henson
efbe446f1a simplify RI error code and catch extra error case ignored before 2009-12-14 01:28:51 +00:00
Dr. Stephen Henson
725745d105 Allow initial connection (but no renegoriation) to servers which don't support 
RI.
 2009-12-14 01:09:01 +00:00