Dr. Stephen Henson
cb4823fdd6
Add ctrls to clear options and mode.
...
Change RI ctrl so it doesn't clash.
2009-12-09 13:15:01 +00:00
Dr. Stephen Henson
17bb051628
Send no_renegotiation alert as required by spec.
2009-12-08 19:05:49 +00:00
Dr. Stephen Henson
59f44e810b
Add ctrl and macro so we can determine if peer support secure renegotiation.
...
Fix SSL_CIPHER initialiser for mcsv
2009-12-08 13:47:28 +00:00
Dr. Stephen Henson
7a014dceb6
Add support for magic cipher suite value (MCSV). Make secure renegotiation
...
work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.
NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.
Change mismatch alerts to handshake_failure as required by spec.
Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.
2009-12-08 13:15:38 +00:00
Dr. Stephen Henson
82e448b92b
PR: 2115
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
Add Renegotiation extension to DTLS, fix DTLS ClientHello processing bug.
2009-12-01 17:40:46 +00:00
Dr. Stephen Henson
7f5448e3a8
Servers can't end up talking SSLv2 with legacy renegotiation disabled
2009-11-18 15:08:49 +00:00
Dr. Stephen Henson
5d965f0783
Don't use SSLv2 compatible client hello if we don't tolerate legacy renegotiation
2009-11-18 14:43:27 +00:00
Dr. Stephen Henson
b14713c231
Include a more meaningful error message when rejecting legacy renegotiation
2009-11-18 14:24:00 +00:00
Dr. Stephen Henson
af13c50d51
Fix wrong function codes and duplicate codes
2009-11-09 18:21:57 +00:00
Dr. Stephen Henson
16e7efe3c8
use OPENSSL_assert() and not assert()
2009-11-08 17:07:42 +00:00
Ben Laurie
c2b78c31d6
First cut of renegotiation extension.
2009-11-08 14:51:54 +00:00
Dr. Stephen Henson
a1dc0336dd
Re-revert (re-insert?) temporary change that made renegotiation work again
...
and add a proper fix: specifically if it is a new session don't send the old
TLS ticket, send a zero length ticket to request a new session.
2009-11-08 14:30:22 +00:00
Ben Laurie
d99a35f275
Revert renegotiation-breaking change.
2009-11-08 12:14:55 +00:00
Ben Laurie
949fbf073a
Disable renegotiation.
2009-11-05 11:28:37 +00:00
Dr. Stephen Henson
d7d4325655
PR: 2089
...
Submitted by: David Woodhouse <dwmw2@infradead.org>
Approved by: steve@openssl.org
Use EVP_MD_size() in OpenSSL 0.9.8.
2009-11-04 12:58:54 +00:00
Dr. Stephen Henson
9f81ffe433
PR: 2089
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
DTLS Fragment size bug fix.
2009-11-02 13:36:56 +00:00
Dr. Stephen Henson
8164930816
Generate stateless session ID just after the ticket is received instead
...
of when a session is loaded. This will mean that applications that
just hold onto SSL_SESSION structures and never call d2i_SSL_SESSION()
will still work.
2009-10-30 14:07:59 +00:00
Dr. Stephen Henson
2a8834cf89
Fix stateless session resumption so it can coexist with SNI
2009-10-30 13:28:07 +00:00
Dr. Stephen Henson
e6e11f4ec3
Don't attempt session resumption if no ticket is present and session
...
ID length is zero.
2009-10-28 19:53:10 +00:00
Dr. Stephen Henson
3a0b6de4d0
PR: 2073
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org
Don't access freed SSL_CTX in SSL_free().
2009-10-16 13:42:15 +00:00
Dr. Stephen Henson
fb5a4bbaa7
PR: 2055
...
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BIO_ctrl error handling in s2_srvr.c
2009-10-01 00:07:21 +00:00
Dr. Stephen Henson
d402f6b66f
PR: 2054
...
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BIO_ctrl error handling
2009-10-01 00:03:59 +00:00
Ben Laurie
4e92353d23
Make it build, plus make depend.
2009-09-27 14:04:33 +00:00
Dr. Stephen Henson
96e20179e4
Typo presumably...
2009-09-20 12:53:42 +00:00
Dr. Stephen Henson
3b95629db1
PR: 2039
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
DTLS listen bug fix,
2009-09-15 23:11:22 +00:00
Dr. Stephen Henson
e1246e1ad7
Submitted by: Julia Lawall <julia@diku.dk>
...
The functions ENGINE_ctrl(), OPENSSL_isservice(),
CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix
so the return code is checked correctly.
2009-09-13 11:20:38 +00:00
Dr. Stephen Henson
07cb0a82d1
PR: 2025
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org
Constify SSL_CIPHER_description
2009-09-12 23:18:43 +00:00
Dr. Stephen Henson
f2671f8ac4
PR: 1411
...
Submitted by: steve@openssl.org
Allow use of trusted certificates in SSL_CTX_use_chain_file()
2009-09-12 23:09:59 +00:00
Dr. Stephen Henson
43e9e1a160
PR: 2033
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
DTLS listen support.
2009-09-09 17:06:13 +00:00
Dr. Stephen Henson
197ab47bdd
PR: 2028
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
Fix DTLS cookie management bugs.
2009-09-04 17:53:30 +00:00
Dr. Stephen Henson
e8cce0babe
PR: 2022
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
Fix DTLS record header length bug.
2009-09-04 16:42:17 +00:00
Dr. Stephen Henson
1da61e8051
PR: 2009
...
Submitted by: "Alexei Khlebnikov" <alexei.khlebnikov@opera.com>
Approved by: steve@openssl.org
Avoid memory leak and fix error reporting in d2i_SSL_SESSION(). NB: although
the ticket mentions buffer overruns this isn't a security issue because
the SSL_SESSION structure is generated internally and it should never be
possible to supply its contents from an untrusted application (this would
among other things destroy session cache security).
2009-09-02 13:20:02 +00:00
Dr. Stephen Henson
da6ce18279
PR: 2006
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
Do not use multiple DTLS records for a single user message
2009-08-26 11:54:14 +00:00
Richard Levitte
8a04c6f894
Include proper header files for time functions.
...
Submitted by Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>
2009-08-25 07:10:40 +00:00
Dr. Stephen Henson
fbc4a24633
PR: 1997
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
DTLS timeout handling fix.
2009-08-13 15:14:32 +00:00
Dr. Stephen Henson
17620eec4c
Fix error codes.
2009-08-06 16:23:17 +00:00
Dr. Stephen Henson
19dac35e5f
Make no-comp compile again under WIN32.
2009-08-05 15:48:48 +00:00
Dr. Stephen Henson
76a268a43f
PR: 1993
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
DTLS cookie resumption and typo fix.
2009-07-24 11:50:51 +00:00
Dr. Stephen Henson
34d01a3b20
PR: 1984
...
Submitted by: Michael Tüxen <Michael.Tuexen@lurchi.franken.de>
Approved by: steve@openssl.org
PR#1984 DTLS fix for 0.9.8.
2009-07-13 22:37:45 +00:00
Dr. Stephen Henson
2c5f3606d1
Remove MD2 from digest algorithm table. This follows the recommendation in
...
several places that it is not used in new applications.
2009-07-08 08:33:27 +00:00
Dr. Stephen Henson
1649489834
Fix warnings.
2009-07-04 11:56:10 +00:00
Dr. Stephen Henson
b51291cba8
Update from HEAD.
2009-07-04 11:49:36 +00:00
Dr. Stephen Henson
b29b576957
Update from 1.0.0-stable
2009-07-01 11:32:40 +00:00
Dr. Stephen Henson
abe389fd28
Make text line up.
2009-06-30 22:29:24 +00:00
Dr. Stephen Henson
e7e7f5de4b
PR: 1960
...
Approved by: steve@openssl.org
Encode compression id in {i2d,d2i}_SSL_SESSION().
2009-06-30 22:20:46 +00:00
Dr. Stephen Henson
3dfa7416cd
Typo.
2009-06-30 20:55:19 +00:00
Dr. Stephen Henson
d733ef7a69
Update from 1.0.0-stable.
2009-06-30 11:42:50 +00:00
Dr. Stephen Henson
f67f815624
Update from 1.0.0-stable.
2009-06-30 11:22:25 +00:00
Dr. Stephen Henson
ab8fe43fa2
PR: 1942
...
Submitted by: David Woodhouse <dwmw2@infradead.org>
Approved by: steve@openssl.org
Replace ad-hoc chain builder with X509_verify_cert().
2009-06-28 16:23:05 +00:00
Dr. Stephen Henson
3f4802a14e
PR: 1949
...
Submitted by: David.Smith@cern.ch
Approved by: steve@openssl.org
When checking whether to flush the output BIO use BIO_CTRL_WPENDING instead
of BIO_CTRL_INFO. In most cases this will have no effect since the following
BIOs wont buffer. In the case of a following buffering BIO this will check
for any pending data in the whole chain and not just the single BIO.
See:
https://issues.apache.org/bugzilla/show_bug.cgi?id=46952
for a detailed analysis of this issue.
2009-06-26 15:02:01 +00:00