Dr. Stephen Henson
ccc3df8c33
New option to enable/disable connection to unpatched servers
2009-12-16 20:34:20 +00:00
Dr. Stephen Henson
593a6dbe19
add another missed case
2009-12-14 01:32:47 +00:00
Dr. Stephen Henson
efbe446f1a
simplify RI error code and catch extra error case ignored before
2009-12-14 01:28:51 +00:00
Dr. Stephen Henson
725745d105
Allow initial connection (but no renegoriation) to servers which don't support
...
RI.
2009-12-14 01:09:01 +00:00
Ben Laurie
c0e94f8292
Missing newline.
2009-12-12 11:10:25 +00:00
Dr. Stephen Henson
ef4bd0167c
Move SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION out of SSL_OP_ALL
2009-12-11 00:22:12 +00:00
Dr. Stephen Henson
7a8a3ef4f6
clarify docs
2009-12-09 18:17:21 +00:00
Dr. Stephen Henson
98c7b0367d
Document option clearning functions.
...
Initial secure renegotiation documentation.
2009-12-09 18:01:07 +00:00
Dr. Stephen Henson
9e5dea0ffd
PR: 2124
...
Submitted by: Jan Pechanec <Jan.Pechanec@Sun.COM>
Check for memory allocation failures.
2009-12-09 13:41:50 +00:00
Dr. Stephen Henson
cb4823fdd6
Add ctrls to clear options and mode.
...
Change RI ctrl so it doesn't clash.
2009-12-09 13:15:01 +00:00
Dr. Stephen Henson
17bb051628
Send no_renegotiation alert as required by spec.
2009-12-08 19:05:49 +00:00
Dr. Stephen Henson
59f44e810b
Add ctrl and macro so we can determine if peer support secure renegotiation.
...
Fix SSL_CIPHER initialiser for mcsv
2009-12-08 13:47:28 +00:00
Dr. Stephen Henson
7a014dceb6
Add support for magic cipher suite value (MCSV). Make secure renegotiation
...
work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.
NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.
Change mismatch alerts to handshake_failure as required by spec.
Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.
2009-12-08 13:15:38 +00:00
Dr. Stephen Henson
1ff44a99a4
PR: 2111
...
Submitted by: Martin Olsson <molsson@opera.com>
Check for bn_wexpand errors in bn_mul.c
2009-12-02 15:27:19 +00:00
Dr. Stephen Henson
6cf61614e4
Replace the broken SPKAC certification with the correct version.
2009-12-02 14:39:12 +00:00
Dr. Stephen Henson
82e448b92b
PR: 2115
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
Add Renegotiation extension to DTLS, fix DTLS ClientHello processing bug.
2009-12-01 17:40:46 +00:00
Dr. Stephen Henson
b172352b52
PR: 1432
...
Submitted by: "Andrzej Chmielowiec" <achmielowiec@enigma.com.pl>, steve@openssl.org
Approved by: steve@openssl.org
Truncate hash if it is too large: as required by FIPS 186-3.
2009-12-01 17:32:16 +00:00
Dr. Stephen Henson
95b14fd803
typo
2009-11-29 13:44:59 +00:00
Bodo Möller
553d2e3280
(whitespace)
2009-11-26 18:35:33 +00:00
Bodo Möller
82fb4ee89d
The version numbering may change, again; so be careful about what we
...
announce in CHANGES.
2009-11-26 17:30:07 +00:00
Bodo Möller
389fef6c9c
Remove attribution -- this wasn't my patch, I only edited and applied it.
2009-11-26 17:28:27 +00:00
Bodo Möller
b6622f9623
Remove obsolete information about a change for 0.9.7n.
...
(No further releases from the 0.9.7 branch are planned. Note that the
"deleted" change is also in 0.9.8f.)
2009-11-26 17:25:38 +00:00
Dr. Stephen Henson
7f5448e3a8
Servers can't end up talking SSLv2 with legacy renegotiation disabled
2009-11-18 15:08:49 +00:00
Dr. Stephen Henson
5d965f0783
Don't use SSLv2 compatible client hello if we don't tolerate legacy renegotiation
2009-11-18 14:43:27 +00:00
Dr. Stephen Henson
b14713c231
Include a more meaningful error message when rejecting legacy renegotiation
2009-11-18 14:24:00 +00:00
Dr. Stephen Henson
637e0ba420
PR: 2094
...
Submitted by: Arkadiusz Miskiewicz <arekm@maven.pl>
Approved by: steve@openssl.org
Fix for out range of signed 32bit displacement error on newer binutils.
2009-11-13 14:14:46 +00:00
Dr. Stephen Henson
9ac37cb018
PR: 2084
...
Submitted by: Mike Frysinger <vapier@gentoo.org>
Approved by: steve@openssl.org
Parallel build fix.
2009-11-13 14:09:45 +00:00
Dr. Stephen Henson
fb7751b44f
PR: 2101
...
Submitted by: Doug Kaufman <dkaufman@rahul.net>
Approved by: steve@openssl.org
Fixes for tests in cms-test.pl
2009-11-13 14:09:09 +00:00
Richard Levitte
e333a8d673
Updated from 1.0.0-stable.
2009-11-12 16:59:18 +00:00
Dr. Stephen Henson
89a6daac00
PR: 1686
...
Submitted by: Hanno Böck <hanno@hboeck.de>
Approved by: steve@openssl.org
Create engines dir if it doesn't already exist.
2009-11-10 01:53:02 +00:00
Dr. Stephen Henson
7e42945918
PR: 2091
...
Submitted by: Martin Kaiser <lists@kaiser.cx>, Stephen Henson
Approved by: steve@openssl.org
If an OID has no short name or long name return the numerical representation.
2009-11-10 01:00:37 +00:00
Dr. Stephen Henson
b61a87b26c
check new_der for NULL too
2009-11-10 00:46:57 +00:00
Dr. Stephen Henson
2c6b141931
PR: 2090
...
Submitted by: Martin Kaiser <lists@kaiser.cx>, Stephen Henson
Approved by: steve@openssl.org
Improve error checking in asn1_gen.c
2009-11-10 00:40:42 +00:00
Dr. Stephen Henson
af13c50d51
Fix wrong function codes and duplicate codes
2009-11-09 18:21:57 +00:00
Dr. Stephen Henson
65c2397fce
Remove BF_PTR2 from configuration: it doesn't improve performance any more and causes gcc warnings about arrays out of range
2009-11-09 14:14:26 +00:00
Dr. Stephen Henson
16e7efe3c8
use OPENSSL_assert() and not assert()
2009-11-08 17:07:42 +00:00
Ben Laurie
c2b78c31d6
First cut of renegotiation extension.
2009-11-08 14:51:54 +00:00
Dr. Stephen Henson
a1dc0336dd
Re-revert (re-insert?) temporary change that made renegotiation work again
...
and add a proper fix: specifically if it is a new session don't send the old
TLS ticket, send a zero length ticket to request a new session.
2009-11-08 14:30:22 +00:00
Ben Laurie
d99a35f275
Revert renegotiation-breaking change.
2009-11-08 12:14:55 +00:00
Ben Laurie
949fbf073a
Disable renegotiation.
2009-11-05 11:28:37 +00:00
Ben Laurie
6156be4da3
Fix compilation problem.
2009-11-05 10:18:11 +00:00
Dr. Stephen Henson
d7d4325655
PR: 2089
...
Submitted by: David Woodhouse <dwmw2@infradead.org>
Approved by: steve@openssl.org
Use EVP_MD_size() in OpenSSL 0.9.8.
2009-11-04 12:58:54 +00:00
Dr. Stephen Henson
9f81ffe433
PR: 2089
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
DTLS Fragment size bug fix.
2009-11-02 13:36:56 +00:00
Dr. Stephen Henson
8164930816
Generate stateless session ID just after the ticket is received instead
...
of when a session is loaded. This will mean that applications that
just hold onto SSL_SESSION structures and never call d2i_SSL_SESSION()
will still work.
2009-10-30 14:07:59 +00:00
Dr. Stephen Henson
2a8834cf89
Fix stateless session resumption so it can coexist with SNI
2009-10-30 13:28:07 +00:00
Dr. Stephen Henson
e6e11f4ec3
Don't attempt session resumption if no ticket is present and session
...
ID length is zero.
2009-10-28 19:53:10 +00:00
Dr. Stephen Henson
452e41562c
PR: 2085
...
Submitted by: Mike Frysinger <vapier@gentoo.org>
Approved by: steve@openssl.org
Change domd test to match 1.0.0+ version: check $MAKEDEPEND
ends in "gcc" to support cross compilers.
2009-10-28 19:29:05 +00:00
Dr. Stephen Henson
8c6dd96aed
Don't replace whole AR line
2009-10-28 15:33:06 +00:00
Dr. Stephen Henson
23a4ccd178
PR: 2081
...
Submitted by: Mike Frysinger <vapier@gentoo.org>
Approved by: steve@openssl.org
Respect AR and RANLIB environment variables if set.
2009-10-28 14:00:54 +00:00
Dr. Stephen Henson
2b4d877a27
PR: 2080
...
Submitted by: Mike Frysinger <vapier@gentoo.org>
Approved by: steve@openssl.org
Respect MAKE environment variable if set.
2009-10-28 13:56:06 +00:00