Bodo Möller
0bdbc5a86e
fix ssl3_pending
2002-03-15 10:52:03 +00:00
Lutz Jänicke
abecef77cf
Add missing strength classification.
...
Submitted by:
Reviewed by:
PR:
2002-03-14 18:47:51 +00:00
Dr. Stephen Henson
b74dfe6e8e
Initialize cipher context in KRB5
...
("D. Russell" <russelld@aol.net>)
Allow HMAC functions to use an alternative ENGINE.
2002-03-14 18:16:49 +00:00
Bodo Möller
13962f0b15
use BIO_nwrite() more properly
2002-03-14 09:48:32 +00:00
Dr. Stephen Henson
f2cbb15468
Undo previous patch: avoid warnings by #undef'ing
...
duplicate definitions.
Suggested by "Kenneth R. Robinette" <support@securenetterm.com>
2002-03-13 13:58:33 +00:00
Dr. Stephen Henson
e38e8b29f8
Fix Kerberos warnings with VC++.
2002-03-12 19:38:16 +00:00
Dr. Stephen Henson
c03ceadfbd
Fix ASN1 additions for KRB5
2002-03-12 13:33:20 +00:00
Dr. Stephen Henson
e50baf58ab
Fix various warnings when compiling with KRB5 code.
2002-03-12 03:00:59 +00:00
Ben Laurie
91aeab0de3
ADH-DES-CBC-SHA should be LOW.
2002-03-06 16:59:12 +00:00
Bodo Möller
2be9b88135
use ERR_peek_last_error() instead of ERR_peek_error()
2002-02-28 14:10:13 +00:00
Richard Levitte
421d474332
Increase internal security when using strncpy, by making sure the resulting string is NUL-terminated
2002-02-28 12:44:05 +00:00
Bodo Möller
48781ef7f7
Add 'void *' argument to app_verify_callback.
...
Submitted by: D. K. Smetters <smetters@parc.xerox.com>
Reviewed by: Bodo Moeller
2002-02-28 10:55:52 +00:00
Lutz Jänicke
21f422ca5e
Fix the fix (Yoram Zahavi)...
...
Submitted by:
Reviewed by:
PR:
2002-02-27 11:24:39 +00:00
Lutz Jänicke
3b79d2789d
Make sure that bad sessions are removed in SSL_clear() (found by
...
Yoram Zahavi).
Submitted by:
Reviewed by:
PR:
2002-02-26 21:44:07 +00:00
Dr. Stephen Henson
cfe1c195c4
non-Monolith fixes.
...
Submitted by Andrew W. Gray <agray@iconsinc.com>
2002-02-22 21:27:47 +00:00
Lutz Jänicke
acfe628b6e
Make removal from session cache more robust.
2002-02-10 12:46:41 +00:00
Lutz Jänicke
4de920c91d
Do not store unneeded data.
2002-02-08 15:15:04 +00:00
Bodo Möller
8c74b5e56c
Bugfix: In ssl3_accept, don't use a local variable 'got_new_session'
...
to indicate that a real handshake is taking place (the value will be
lost during multiple invocations). Set s->new_session to 2 instead.
2002-01-14 23:40:26 +00:00
Bodo Möller
c59ba5b528
Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c) if
...
the SSL_R_LENGTH_MISMATCH error is detected.
2002-01-14 12:37:59 +00:00
Ben Laurie
45d87a1ffe
Prototype info function.
2002-01-12 15:56:13 +00:00
Ben Laurie
a3feb21bbe
Add client_cert_cb prototype.
2002-01-12 13:15:40 +00:00
Ulf Möller
dcbbf83dba
ssl3_read_bytes bug fix
...
Submitted by: D P Chang <dpc@qualys.com>
Reviewed by: Bodo
2001-12-28 17:14:35 +00:00
Bodo Möller
4d7072f4b5
remove redundant ERR_load_... declarations
2001-12-17 19:22:23 +00:00
Ben Laurie
ff3fa48fc7
Improve back compatibility.
2001-12-09 21:53:31 +00:00
Bodo Möller
47ff5c6279
For future portability reasons MIT is moving all macros to function
...
calls. This patch allows compilation either way.
Submitted by: Jeffrey Altman <jaltman@columbia.edu>
2001-11-23 21:50:50 +00:00
Bodo Möller
c23d16ac19
cast to unsigned int, not to int to avoid the warning -- all these
...
values really are unsigned
2001-11-14 21:18:35 +00:00
Richard Levitte
3102792161
unsigned int vs. int.
2001-11-14 10:55:29 +00:00
Bodo Möller
2b90b1f344
make code a little more similar to what it looked like before the fixes,
...
call ssl2_part_read again to parse error message
2001-11-10 10:44:15 +00:00
Bodo Möller
cf82191d77
Implement msg_callback for SSL 2.0.
...
Important SSL 2.0 bugfixes (bugs found while implementing msg_callback).
2001-11-10 01:16:28 +00:00
Richard Levitte
a7b42009c4
Change the shared library support so the shared libraries get built
...
sooner and the programs get built against the shared libraries.
This requires a bit more work. Things like -rpath and the possibility
to still link the programs statically should be included. Some
cleanup is also needed. This will be worked on.
2001-10-30 08:00:59 +00:00
Richard Levitte
7b5ffd6834
Addapt VMS scripts to the newer disk layout system ODS-5, which allows more than one period and mixed size characters in file names
2001-10-29 13:05:28 +00:00
Bodo Möller
4d635a7001
Consistency with s2_... and s23_... variants (no real functional
...
change)
2001-10-25 08:17:53 +00:00
Bodo Möller
ba1c602281
Assume TLS 1.0 when ClientHello fragment is too short.
2001-10-25 06:09:51 +00:00
Bodo Möller
979689aa5c
Fix SSL handshake functions and SSL_clear() such that SSL_clear()
...
never resets s->method to s->ctx->method when called from within
one of the SSL handshake functions.
2001-10-24 19:03:22 +00:00
Richard Levitte
a3faebd104
Deprecate the macro MAC_OS_pre_X.
2001-10-24 15:32:53 +00:00
Bodo Möller
287973746e
Fix memory leak.
2001-10-22 13:59:36 +00:00
Bodo Möller
cf3a5cebd7
Call msg_callback with correct length parameter if ssl3_write_bytes had to
...
be called multiple times
2001-10-20 18:56:01 +00:00
Bodo Möller
a661b65357
New functions SSL[_CTX]_set_msg_callback().
...
New macros SSL[_CTX]_set_msg_callback_arg().
Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).
New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.
In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.
Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).
Add/update some OpenSSL copyright notices.
2001-10-20 17:56:36 +00:00
Bodo Möller
31fe950d2b
gcc complained about "write" being shadowed even though the "write"
...
variable name occured just in a function *prototype* -- so rename it
2001-10-17 20:44:25 +00:00
Richard Levitte
db6a87d8cc
Wrong place...
2001-10-17 17:54:17 +00:00
Richard Levitte
7beb408771
The EVP_*Init_ex() functions take one extra argument. Let's default
...
it to NULL.
2001-10-17 16:03:42 +00:00
Dr. Stephen Henson
581f1c8494
Modify EVP cipher behaviour in a similar way
...
to digests to retain compatibility.
2001-10-17 00:37:12 +00:00
Bodo Möller
bf21446a2a
Add per-SSL 'msg_callback' with 'msg_callback_arg'.
...
Both have per-SSL_CTX defaults.
These new values can be set by calling SSL[_CTX]_[callback_]ctrl
with codes SSL_CTRL_SET_MSG_CALLBACK and SSL_CTRL_SET_MSG_CALLBACK_ARG.
So far, the callback is never actually called.
Also rearrange some SSL_CTX struct members (some exist just in
SSL_CTXs, others are defaults for SSLs and are either copied
during SSL_new, or used if the value in the SSL is not set;
these three classes of members were not in a logical order),
and add some missing assignments to SSL_dup.
2001-10-16 13:09:24 +00:00
Dr. Stephen Henson
20d2186c87
Retain compatibility of EVP_DigestInit() and EVP_DigestFinal()
...
with existing code.
Modify library to use digest *_ex() functions.
2001-10-16 01:24:29 +00:00
Bodo Möller
9ba3ec9176
The message header for fake SSL 3.0/TLS 1.0 client hellos created from
...
SSL 2.0 client hellos added with the previous commit was totally wrong --
it must start with the message type, not the protocol version.
(Not that this particular header is actually used anywhere ...)
2001-10-16 00:56:04 +00:00
Bodo Möller
8f71fb8d98
For consistency, set s->init_num in the 'reuse_message' case
...
(if s23_srvr.c faked the message, s->init_num is 0).
2001-10-15 20:16:36 +00:00
Bodo Möller
48948d53b6
Change ssl3_get_message and the functions using it so that complete
...
'Handshake' protocol structures are kept in memory, including
'msg_type' and 'length'.
(This is in preparation of future support for callbacks that get to
peek at handshake messages and the like.)
2001-10-15 19:49:25 +00:00
Bodo Möller
2ce15df528
Fix ssl3_get_message handle message fragmentation correctly.
2001-10-15 17:41:41 +00:00
Bodo Möller
681bfae499
the previous commit accidentily removed 'ret = 1' from the SSL_ST_OK
...
case of ssl3_accept
2001-10-15 17:40:42 +00:00
Richard Levitte
116daf4c2f
To avoid commit wars over dependencies, let's make it so things that
...
depend on the environment, like the presence of the OpenBSD crypto
device or of Kerberos, do not change the dependencies within OpenSSL.
2001-10-10 07:55:02 +00:00