Dr. Stephen Henson
c0c1ce125a
update year
2010-02-09 14:13:30 +00:00
Dr. Stephen Henson
105861186f
Only use bufferoverflowu.lib when needed
2010-02-04 01:10:24 +00:00
Dr. Stephen Henson
4a9d335bb4
tolerate broken CMS/PKCS7 implementations using signature OID instead of digest
2010-02-02 14:19:54 +00:00
Dr. Stephen Henson
162f1e08f8
make no-rsa no-dsa compile again
2010-02-02 14:03:07 +00:00
Dr. Stephen Henson
0484ff5ec1
PR: 2160
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Make session tickets work with DTLS.
2010-02-01 16:48:40 +00:00
Dr. Stephen Henson
4acc2fed6c
PR: 2159
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Typo in PR#1949 bug, oops!
2010-02-01 12:44:21 +00:00
Dr. Stephen Henson
0369804ffa
In engine_table_select() don't clear out entire error queue: just clear
...
out any we added using ERR_set_mark() and ERR_pop_to_mark() otherwise
errors from other sources (e.g. SSL library) can be wiped.
2010-01-28 17:53:11 +00:00
Dr. Stephen Henson
33d7b5ec07
reword RI description
2010-01-27 18:53:59 +00:00
Dr. Stephen Henson
4b38f35e72
update documentation to reflect new renegotiation options
2010-01-27 17:50:47 +00:00
Dr. Stephen Henson
82c2773423
Some shells print out the directory name if CDPATH is set breaking the
...
pod2man test. Use ./util instead to avoid this.
2010-01-27 16:06:36 +00:00
Dr. Stephen Henson
ded27f709c
typo
2010-01-27 14:04:51 +00:00
Dr. Stephen Henson
30dc3e112b
stop warnings in fips_test_suite application
2010-01-27 14:03:26 +00:00
Dr. Stephen Henson
371b262f96
stop missing prototype warnings
2010-01-27 13:32:31 +00:00
Dr. Stephen Henson
b3fb2492d5
eliminate some warnings in fips build
2010-01-27 13:21:34 +00:00
Dr. Stephen Henson
93b810637b
Bypass algorithm blocking with TLS MD5+SHA1 signature in FIPS mode by
...
calling underlying method directly.
2010-01-27 00:51:24 +00:00
Dr. Stephen Henson
cc62974182
PR: 1949
...
Submitted by: steve@openssl.org
More robust fix and workaround for PR#1949. Don't try to work out if there
is any write pending data as this can be unreliable: always flush.
2010-01-26 19:40:36 +00:00
Dr. Stephen Henson
9413788571
PR: 2138
...
Submitted by: Kevin Regan <k.regan@f5.com>
Clear stat structure if -DPURIFY is set to avoid problems on some
platforms which include unitialised fields.
2010-01-26 18:08:42 +00:00
Dr. Stephen Henson
e8387db0c4
Fix VC++ warning (change had already been made to other branches).
2010-01-26 13:24:08 +00:00
Dr. Stephen Henson
81f28ca567
Typo
2010-01-26 12:29:32 +00:00
Dr. Stephen Henson
1b32943215
Update OID table too.
2010-01-25 16:08:52 +00:00
Dr. Stephen Henson
a231d99d4c
PR: 2149
...
Submitted by: Douglas Stebila <douglas@stebila.ca>
Fix wap OIDs.
2010-01-25 16:08:01 +00:00
Dr. Stephen Henson
714044cc03
oops revert test code from previous commit
2010-01-24 13:52:38 +00:00
Dr. Stephen Henson
5598b99fb3
The fix for PR#1949 unfortunately broke cases where the BIO_CTRL_WPENDING
...
ctrl is incorrectly implemented (e.g. some versions of Apache). As a workaround
call both BIO_CTRL_INFO and BIO_CTRL_WPENDING if it returns zero. This should
both address the original bug and retain compatibility with the old behaviour.
2010-01-24 13:50:57 +00:00
Dr. Stephen Henson
6899d9bbf6
If legacy renegotiation is not permitted then send a fatal alert if a patched
...
server attempts to renegotiate with an unpatched client.
2010-01-22 18:49:43 +00:00
Dr. Stephen Henson
cf876a9893
change versions back to 0.9.8m-dev
2010-01-20 18:22:04 +00:00
Dr. Stephen Henson
8b8a2928af
prepare for release
2010-01-20 17:26:02 +00:00
Dr. Stephen Henson
031774468c
update TABLE
2010-01-20 17:16:52 +00:00
Dr. Stephen Henson
dd28d12add
make update
2010-01-20 16:35:30 +00:00
Dr. Stephen Henson
6c61ee8fe3
Support -L options in VC++ link.
2010-01-20 14:04:29 +00:00
Andy Polyakov
b86ebb55ff
rand_win.c: handel GetTickCount wrap-around [from HEAD].
2010-01-19 21:45:45 +00:00
Andy Polyakov
66956eaba3
x86_64-xlate.pl: refine sign extension logic when handling lea [from HEAD].
...
PR: 2094,2095
2010-01-19 21:45:16 +00:00
Dr. Stephen Henson
444ff35029
revert patch
2010-01-19 19:10:53 +00:00
Dr. Stephen Henson
ff2549be1d
PR: 2144
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Better fix for PR#2144
2010-01-19 19:10:03 +00:00
Andy Polyakov
2557c6a812
Valgrind fix to aes-x86_64.pl in 0.9.8. For reference, newer aes-x86_64.pl
...
don't suffer from the problem after Win64 SEH support was added.
PR: 2075
Submitted by: Peter Klotz
2010-01-17 19:43:49 +00:00
Dr. Stephen Henson
aae48de0f7
PR: 2144
...
Submitted by: steve@openssl.org
Fix DTLS connection so new_session is reset if we read second client hello:
new_session is used to detect renegotiation.
2010-01-16 19:45:46 +00:00
Dr. Stephen Henson
766708f24b
PR: 2133
...
Submitted by: steve@openssl.org
Add missing DTLS state strings.
2010-01-16 19:18:31 +00:00
Dr. Stephen Henson
fbeb4a9d15
Add strings for DTLS protocol versions
2010-01-16 19:02:43 +00:00
Dr. Stephen Henson
24fc4f656c
PR: 1618
...
Submitted by: steve@openssl.org
Fix bug in 0.9.8-stable time handling in ca.c . NB: this only handles cases
where times are not being checked or printed properly. Issues relating to
time_t becoming negative or wrapping around are *NOT* addressed. OpenSSL
1.0.0 and later does fix these issues by using its own time routines.
2010-01-14 17:44:46 +00:00
Dr. Stephen Henson
c3c3b28818
Fix version handling so it can cope with a major version >3.
...
Although it will be many years before TLS v2.0 or later appears old versions
of servers have a habit of hanging around for a considerable time so best
if we handle this properly now.
2010-01-13 19:08:45 +00:00
Dr. Stephen Henson
06e2670a57
Modify compression code so it avoids using ex_data free functions. This
...
stops applications that call CRYPTO_free_all_ex_data() prematurely leaking
memory.
2010-01-13 18:45:03 +00:00
Dr. Stephen Henson
3798a4d059
Simplify RI+SCSV logic:
...
1. Send SCSV is not renegotiating, never empty RI.
2. Send RI if renegotiating.
2010-01-07 19:09:32 +00:00
Andy Polyakov
5b8246d6eb
x86_64-xlate.pl: new gas requires sign extention in lea instruction
...
[from HEAD].
PR: 2094,2095
2010-01-07 11:22:25 +00:00
Andy Polyakov
2e24bc421d
util/pl/VC-32.pl: bufferoverflowu.lib only when actually needed [from HEAD].
...
PR: 2086
2010-01-07 11:04:49 +00:00
Dr. Stephen Henson
f244ed3ed2
correct error codes
2010-01-06 18:02:07 +00:00
Dr. Stephen Henson
50a095ed16
Updates to conform with draft-ietf-tls-renegotiation-03.txt:
...
1. Add provisional SCSV value.
2. Don't send SCSV and RI at same time.
3. Fatal error is SCSV received when renegotiating.
2010-01-06 17:59:41 +00:00
Dr. Stephen Henson
37aff2199e
Typo
2010-01-05 17:50:12 +00:00
Dr. Stephen Henson
309aa5fbf3
PR: 2132
...
Submitted by: steve
Fix bundled pod2man.pl to handle alternative comment formats.
2010-01-05 17:33:20 +00:00
Dr. Stephen Henson
5f40948714
Update RI to match latest spec.
...
MCSV is now called SCSV.
Don't send SCSV if renegotiating.
Also note if RI is empty in debug messages.
2009-12-27 23:03:40 +00:00
Dr. Stephen Henson
c22050be29
Traditional Yuletide commit ;-)
...
Add Triple DES CFB1 and CFB8 to algorithm list and NID translation.
2009-12-25 14:11:18 +00:00
Bodo Möller
54ca55fd81
Constify crypto/cast.
2009-12-22 11:45:57 +00:00