openssl

Author	SHA1	Message	Date
Dr. Stephen Henson	7fdccda37d	PR: 2778(part) Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com> Time is always encoded as 4 bytes, not sizeof(Time).	2012-03-31 18:02:35 +00:00
Dr. Stephen Henson	ffbe7cd0c5	fix error code	2012-03-12 14:32:54 +00:00
Dr. Stephen Henson	ad3d95222d	PR: 2756 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Fix DTLS timeout handling.	2012-03-09 15:52:09 +00:00
Dr. Stephen Henson	f4f512a853	PR: 2755 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reduce MTU after failed transmissions.	2012-03-06 13:46:52 +00:00
Dr. Stephen Henson	9c2bed0b65	PR: 2748 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Fix possible DTLS timer deadlock.	2012-03-06 13:22:57 +00:00
Dr. Stephen Henson	25128a11fb	Fix bug in CVE-2011-4619: check we have really received a client hello before rejecting multiple SGC restarts.	2012-02-16 15:21:46 +00:00
Dr. Stephen Henson	b996cecc32	Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. Thanks to Antonio Martin, Enterprise Secure Access Research and Development, Cisco Systems, Inc. for discovering this bug and preparing a fix. (CVE-2012-0050)	2012-01-18 13:36:04 +00:00
Bodo Möller	02d1a6b3aa	Fix for builds without DTLS support. Submitted by: Brian Carlstrom	2012-01-05 10:22:23 +00:00
Dr. Stephen Henson	84c95826de	Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de> Reviewed by: steve Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and Kenny Paterson.	2012-01-04 16:51:14 +00:00
Dr. Stephen Henson	63819e6f00	add missing part for SGC restart fix (CVE-2011-4619)	2012-01-04 16:46:10 +00:00
Dr. Stephen Henson	8206dba75c	Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) [include source patch this time!]	2012-01-04 15:38:54 +00:00
Dr. Stephen Henson	9004c53107	Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)	2012-01-04 15:27:54 +00:00
Dr. Stephen Henson	22d89c501e	Submitted by: Adam Langley <agl@chromium.org> Reviewed by: steve Fix memory leaks.	2012-01-04 14:24:48 +00:00
Dr. Stephen Henson	c06916db9f	PR: 2326 Submitted by: Tianjie Mao <tjmao@tjmao.net> Reviewed by: steve Fix incorrect comma expressions and goto f_err as alert has been set.	2011-12-26 19:38:19 +00:00
Bodo Möller	44c854ddb9	Resolve a stack set-up race condition (if the list of compression methods isn't presorted, it will be sorted on first read). Submitted by: Adam Langley	2011-12-02 12:51:05 +00:00
Dr. Stephen Henson	68b5330040	PR: 2628 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Send alert instead of assertion failure for incorrectly formatted DTLS fragments.	2011-10-27 13:06:34 +00:00
Dr. Stephen Henson	da7ae62abd	PR: 2628 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix for ECC keys and DTLS.	2011-10-27 13:01:08 +00:00
Bodo Möller	48373e55d1	In ssl3_clear, preserve s3->init_extra along with s3->rbuf. Submitted by: Bob Buckholz <bbuckholz@google.com>	2011-10-13 13:05:12 +00:00
Dr. Stephen Henson	b00fe7ce18	fix signed/unsigned warning	2011-09-26 17:04:49 +00:00
Dr. Stephen Henson	8f0968850b	PR: 2602 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS bug which prevents manual MTU setting	2011-09-23 13:35:19 +00:00
Bodo Möller	e935440ad7	(EC)DH memory handling fixes. Submitted by: Adam Langley	2011-09-05 10:25:21 +00:00
Dr. Stephen Henson	d2650c3a4a	PR: 2573 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS buffering and decryption bug.	2011-09-01 14:02:02 +00:00
Dr. Stephen Henson	e1c3d65f08	Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA using OBJ xref utilities instead of string comparison with OID name. This removes the arbitrary restriction on using SHA1 only with some ECC ciphersuites.	2011-08-14 13:48:42 +00:00
Dr. Stephen Henson	b58ea0b941	PR: 2555 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS sequence number bug	2011-07-20 15:17:33 +00:00
Dr. Stephen Henson	16067fe5fd	PR: 2550 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS HelloVerifyRequest Timer bug	2011-07-20 15:13:16 +00:00
Dr. Stephen Henson	f59f2fcbff	PR: 2543 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Correctly handle errors in DTLSv1_handle_timeout()	2011-06-22 15:29:55 +00:00
Dr. Stephen Henson	025ee1dbde	fix memory leak	2011-06-08 15:56:20 +00:00
Dr. Stephen Henson	dce7b92d0b	PR: 2533 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Setting SSL_MODE_RELEASE_BUFFERS should be ignored for DTLS, but instead causes the program to crash. This is due to missing version checks and is fixed with this patch.	2011-05-25 15:21:12 +00:00
Dr. Stephen Henson	db886c2a2b	PR: 2529 Submitted by: Marcus Meissner <meissner@suse.de> Reviewed by: steve Call ssl_new() to reallocate SSL BIO internals if we want to replace the existing internal SSL structure.	2011-05-25 15:15:52 +00:00
Dr. Stephen Henson	4e5755cd85	Oops use up to date patch for PR#2506	2011-05-25 14:29:55 +00:00
Dr. Stephen Henson	16646b0018	PR: 2506 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fully implement SSL_clear for DTLS.	2011-05-25 12:28:31 +00:00
Dr. Stephen Henson	320881c25c	PR: 2505 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS session resumption timer bug.	2011-05-25 12:24:26 +00:00
Dr. Stephen Henson	38c42c6eea	set encodedPoint to NULL after freeing it	2011-05-19 16:18:25 +00:00
Dr. Stephen Henson	3622d3743e	PR: 2462 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS Retransmission Buffer Bug	2011-04-03 17:15:08 +00:00
Dr. Stephen Henson	fbbf28e7c2	PR: 2458 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Don't change state when answering DTLS ClientHello.	2011-04-03 16:26:14 +00:00
Dr. Stephen Henson	f5dac77c06	PR: 2457 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS fragment reassembly bug.	2011-04-03 15:49:03 +00:00
Richard Levitte	067d72a082	Corrections to the VMS build system. Submitted by Steven M. Schweda <sms@antinode.info>	2011-03-25 16:21:39 +00:00
Richard Levitte	f819147028	For VMS, implement the possibility to choose 64-bit pointers with different options: "64" The build system will choose /POINTER_SIZE=64=ARGV if the compiler supports it, otherwise /POINTER_SIZE=64. "64=" The build system will force /POINTER_SIZE=64. "64=ARGV" The build system will force /POINTER_SIZE=64=ARGV.	2011-03-25 09:40:18 +00:00
Richard Levitte	2d842a90f8	Apply all the changes submitted by Steven M. Schweda <sms@antinode.info>	2011-03-19 09:44:53 +00:00
Bodo Möller	6545372c24	OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d) Submitted by: Neel Mehta, Adam Langley, Bodo Moeller	2011-02-08 17:10:53 +00:00
Bodo Möller	d48df9a91b	Assorted bugfixes: - safestack macro changes for C++ were incomplete - RLE decompression boundary case - SSL 2.0 key arg length check Submitted by: Google (Adam Langley, Neel Mehta, Bodo Moeller)	2011-02-03 12:04:40 +00:00
Dr. Stephen Henson	fb5a0fb8f1	Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed alert.	2011-01-04 19:33:22 +00:00
Richard Levitte	c3c7a0d26e	First attempt at adding the possibility to set the pointer size for the builds on VMS. PR: 2393	2010-12-14 19:18:52 +00:00
Dr. Stephen Henson	420f572d49	make update	2010-12-02 18:26:12 +00:00
Dr. Stephen Henson	6d65d44b95	fix for CVE-2010-4180	2010-12-02 18:24:55 +00:00
Dr. Stephen Henson	1684846f54	PR: 2240 Submitted by: Jack Lloyd <lloyd@randombit.net>, "Mounir IDRASSI" <mounir.idrassi@idrix.net>, steve Reviewed by: steve As required by RFC4492 an absent supported points format by a server is not an error: it should be treated as equivalent to an extension only containing uncompressed.	2010-11-25 12:28:28 +00:00
Ben Laurie	f9a772b743	J-PAKE was not correctly checking values, which could lead to attacks.	2010-11-24 13:48:12 +00:00
Dr. Stephen Henson	4385b556b4	Don't assume a decode error if session tlsext_ecpointformatlist is not NULL: it can be legitimately set elsewhere.	2010-11-16 22:41:07 +00:00
Dr. Stephen Henson	86d5f9ba4f	fix CVE-2010-3864	2010-11-16 13:26:24 +00:00
Dr. Stephen Henson	b3c17a4805	Get correct GOST private key instead of just assuming the last one is correct: this isn't always true if we have more than one certificate.	2010-11-14 13:50:29 +00:00
Dr. Stephen Henson	9c2d0cd11c	PR: 2314 Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net> Reviewed by: steve Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939	2010-10-10 12:33:10 +00:00
Ben Laurie	b54f50d277	Oops. Make depend on a standard configuration.	2010-09-05 13:47:44 +00:00
Ben Laurie	10ba241909	Make depend.	2010-09-05 13:07:40 +00:00
Dr. Stephen Henson	e97359435e	Fix warnings (From HEAD, original patch by Ben).	2010-06-15 17:25:15 +00:00
Dr. Stephen Henson	72240ab31a	PR: 2259 Submitted By: Artem Chuprina <ran@cryptocom.ru> Check return values of HMAC in tls_P_hash and tls1_generate_key_block. Although the previous version could in theory crash that would only happen if a digest call failed. The standard software methods can never fail and only one ENGINE currently uses digests and it is not compiled in by default.	2010-05-17 11:26:56 +00:00
Dr. Stephen Henson	8c1e7de6cb	PR: 2230 Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Fix bug in bitmask macros and stop warnings.	2010-05-03 13:01:50 +00:00
Dr. Stephen Henson	9f827ded1c	fix signed/unsigned comparison warnings	2010-04-14 00:41:01 +00:00
Dr. Stephen Henson	1507f3abba	PR: 2230 Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Fix various DTLS fragment reassembly bugs.	2010-04-14 00:17:29 +00:00
Dr. Stephen Henson	30e8defe52	PR: 2229 Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Don't drop DTLS connection if mac or decryption failed.	2010-04-14 00:09:55 +00:00
Dr. Stephen Henson	9f4dd3e3e3	PR: 2228 Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Fix DTLS buffer record MAC failure bug.	2010-04-14 00:03:13 +00:00
Richard Levitte	d2f098b33d	Spelling	2010-04-13 14:34:48 +00:00
Richard Levitte	0a4fe6c8db	Undo the previous change, it was incorrect in this branch.	2010-04-13 11:10:07 +00:00
Richard Levitte	7bba401d5d	Third argument to dtls1_buffer_record is by reference	2010-04-13 08:41:58 +00:00
Dr. Stephen Henson	acc9938ba5	Add SHA2 algorithms to SSL_library_init(). Although these aren't used directly by SSL/TLS SHA2 certificates are becoming more common and applications that only call SSL_library_init() and not OpenSSL_add_all_alrgorithms() will fail when verifying certificates. Update docs.	2010-04-07 13:18:30 +00:00
Dr. Stephen Henson	6dfd3cf68e	PR: 2218 Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Fixes for DTLS replay bug.	2010-04-06 12:44:55 +00:00
Dr. Stephen Henson	073775cbbb	PR: 2219 Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Fixes for DTLS buffering bug.	2010-04-06 12:40:10 +00:00
Dr. Stephen Henson	e995d5044e	PR: 2223 Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Fixes for DTLS timeout bug	2010-04-06 12:29:21 +00:00
Bodo Möller	5b5464d525	Fix for "Record of death" vulnerability CVE-2010-0740. Also, add missing CHANGES entry for CVE-2009-3245 (code changes submitted to this branch on 23 Feb 2010).	2010-03-25 11:22:42 +00:00
Dr. Stephen Henson	7b52778eff	PR: 1731 and maybe 2197 Clear error queue in a few places in SSL code where errors are expected so they don't stay in the queue.	2010-03-24 23:16:49 +00:00
Dr. Stephen Henson	47333a34d5	Submitted by: Tomas Hoger <thoger@redhat.com> Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL could be crashed if the relevant tables were not present (e.g. chrooted).	2010-03-03 15:41:00 +00:00
Dr. Stephen Henson	90278430d9	make USE_CRYPTODEV_DIGESTS work	2010-03-01 01:19:36 +00:00
Dr. Stephen Henson	79363339b7	algorithms field has changed in 1.0.0 and later: update	2010-02-28 00:24:24 +00:00
Dr. Stephen Henson	fbe2c6b33e	Add Kerberos fix which was in 0.9.8-stable but never committed to HEAD and 1.0.0. Original fix was on 2007-Mar-09 and had the log message: "Fix kerberos ciphersuite bugs introduced with PR:1336."	2010-02-27 23:04:10 +00:00
Dr. Stephen Henson	8321bab39c	OR default SSL_OP_LEGACY_SERVER_CONNECT so existing options are preserved	2010-02-17 19:43:46 +00:00
Dr. Stephen Henson	989238802a	Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as initial connection to unpatched servers. There are no additional security concerns in doing this as clients don't see renegotiation during an attack anyway.	2010-02-17 18:38:10 +00:00
Dr. Stephen Henson	45d6a15ae9	PR: 2171 Submitted by: Tomas Mraz <tmraz@redhat.com> Since SSLv2 doesn't support renegotiation at all don't reject it if legacy renegotiation isn't enabled. Also can now use SSL2 compatible client hello because RFC5746 supports it.	2010-02-16 14:20:40 +00:00
Dr. Stephen Henson	8b354e776b	PR: 2161 Submitted by: Doug Goldstein <cardoe@gentoo.org>, Steve. Make no-dsa, no-ecdsa and no-rsa compile again.	2010-02-02 13:36:05 +00:00
Dr. Stephen Henson	868f5e44ca	PR: 2160 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Make session tickets work with DTLS.	2010-02-01 16:49:42 +00:00
Dr. Stephen Henson	4e5fdd11ea	PR: 2159 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Typo in PR#1949 bug, oops!	2010-02-01 12:44:11 +00:00
Dr. Stephen Henson	57749b1b9f	PR: 1949 Submitted by: steve@openssl.org More robust fix and workaround for PR#1949. Don't try to work out if there is any write pending data as this can be unreliable: always flush.	2010-01-26 19:46:30 +00:00
Dr. Stephen Henson	f4f2b52995	oops	2010-01-26 13:56:15 +00:00
Dr. Stephen Henson	c7d5edbf5e	export OPENSSL_isservice and make update	2010-01-26 13:55:33 +00:00
Richard Levitte	c8ca769d3b	Compile t1_reneg on VMS as well. Submitted by Steven M. Schweda <sms@antinode.info>	2010-01-25 00:19:33 +00:00
Dr. Stephen Henson	a377811f15	PR: 2153, 2125 Submitted by: steve@openssl.org The original fix for PR#2125 broke compilation on some Unixware platforms: revert and make conditional on VMS.	2010-01-24 16:57:38 +00:00
Dr. Stephen Henson	ef1b6b2cf2	The fix for PR#1949 unfortunately broke cases where the BIO_CTRL_WPENDING ctrl is incorrectly implemented (e.g. some versions of Apache). As a workaround call both BIO_CTRL_INFO and BIO_CTRL_WPENDING if it returns zero. This should both address the original bug and retain compatibility with the old behaviour.	2010-01-24 13:54:07 +00:00
Dr. Stephen Henson	ad8ee3d7d1	If legacy renegotiation is not permitted then send a fatal alert if a patched server attempts to renegotiate with an unpatched client.	2010-01-22 18:49:19 +00:00
Dr. Stephen Henson	2a4d0dcb89	The use of NIDs in the password based encryption table can result in algorithms not found when an application uses PKCS#12 and only calls SSL_library_init() instead of OpenSSL_add_all_algorithms(). Simple work around is to add the missing algorithm (40 bit RC2) in SSL_library_init().	2010-01-19 19:55:47 +00:00
Dr. Stephen Henson	04aa7441ab	PR: 2144 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Better fix for PR#2144	2010-01-19 19:11:21 +00:00
Dr. Stephen Henson	ddba003d5e	PR: 2144 Submitted by: steve@openssl.org Fix DTLS connection so new_session is reset if we read second client hello: new_session is used to detect renegotiation.	2010-01-16 19:45:59 +00:00
Dr. Stephen Henson	e59d9a34c9	PR: 2133 Submitted by: steve@openssl.org Add missing DTLS state strings.	2010-01-16 19:20:38 +00:00
Dr. Stephen Henson	8043f01b13	PR: 2125 Submitted by: "Alon Bar-Lev" <alon.barlev@gmail.com> Fix gcc-aix compilation issue.	2010-01-14 17:51:52 +00:00
Dr. Stephen Henson	41c0f68630	Fix version handling so it can cope with a major version >3. Although it will be many years before TLS v2.0 or later appears old versions of servers have a habit of hanging around for a considerable time so best if we handle this properly now.	2010-01-13 19:08:29 +00:00
Dr. Stephen Henson	73ff97ad76	Simplify RI+SCSV logic: 1. Send SCSV is not renegotiating, never empty RI. 2. Send RI if renegotiating.	2010-01-07 19:05:03 +00:00
Dr. Stephen Henson	eb17330837	Updates to conform with draft-ietf-tls-renegotiation-03.txt: 1. Add provisional SCSV value. 2. Don't send SCSV and RI at same time. 3. Fatal error is SCSV received when renegotiating.	2010-01-06 17:37:38 +00:00
Dr. Stephen Henson	1f67a3a985	compress_meth should be unsigned	2010-01-05 16:46:39 +00:00
Dr. Stephen Henson	4cba294d79	Client side compression algorithm sanity checks: ensure old compression algorithm matches current and give error if compression is disabled and server requests it (shouldn't happen unless server is broken).	2010-01-01 14:39:51 +00:00
Dr. Stephen Henson	e642fd7a1c	Compression handling on session resume was badly broken: it always used compression algorithms in client hello (a legacy from when the compression algorithm wasn't serialized with SSL_SESSION).	2010-01-01 00:44:36 +00:00
Dr. Stephen Henson	986093affa	Typo	2009-12-27 23:03:25 +00:00
Dr. Stephen Henson	f88e0acb0e	Update RI to match latest spec. MCSV is now called SCSV. Don't send SCSV if renegotiating. Also note if RI is empty in debug messages.	2009-12-27 22:59:09 +00:00
Dr. Stephen Henson	54bc369ad7	Alert to use is now defined in spec: update code	2009-12-17 15:42:43 +00:00
Dr. Stephen Henson	675564835c	New option to enable/disable connection to unpatched servers	2009-12-16 20:28:30 +00:00
Dr. Stephen Henson	2456cd58c4	Allow initial connection (but no renegoriation) to servers which don't support RI. Reorganise RI checking code and handle some missing cases.	2009-12-14 13:55:39 +00:00
Ben Laurie	43a107026d	Missing error code.	2009-12-12 15:57:53 +00:00
Dr. Stephen Henson	f1784f2fd2	Move SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION out of SSL_OP_ALL	2009-12-11 00:20:58 +00:00
Dr. Stephen Henson	b41a614686	Check s3 is not NULL	2009-12-09 14:53:51 +00:00
Dr. Stephen Henson	52a08e90d1	Add ctrls to clear options and mode. Change RI ctrl so it doesn't clash.	2009-12-09 13:25:38 +00:00
Dr. Stephen Henson	6b5f0458fe	Send no_renegotiation alert as required by spec.	2009-12-08 19:06:09 +00:00
Dr. Stephen Henson	b52a2738d4	Add ctrl and macro so we can determine if peer support secure renegotiation.	2009-12-08 13:42:32 +00:00
Dr. Stephen Henson	10f99d7b77	Add support for magic cipher suite value (MCSV). Make secure renegotiation work in SSLv3: initial handshake has no extensions but includes MCSV, if server indicates RI support then renegotiation handshakes include RI. NB: current MCSV value is bogus for testing only, will be updated when we have an official value. Change mismatch alerts to handshake_failure as required by spec. Also have some debugging fprintfs so we can clearly see what is going on if OPENSSL_RI_DEBUG is set.	2009-12-08 13:15:12 +00:00
Dr. Stephen Henson	593222afe1	PR: 2121 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Add extension support to DTLS code mainly using existing implementation for TLS.	2009-12-08 11:38:18 +00:00
Dr. Stephen Henson	d5b8c46499	PR: 2115 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org Add Renegotiation extension to DTLS, fix DTLS ClientHello processing bug.	2009-12-01 17:41:42 +00:00
Dr. Stephen Henson	3e8e12a6b6	Servers can't end up talking SSLv2 with legacy renegotiation disabled	2009-11-18 15:09:35 +00:00
Dr. Stephen Henson	5ddbb8f41a	Don't use SSLv2 compatible client hello if we don't tolerate legacy renegotiation	2009-11-18 14:45:32 +00:00
Dr. Stephen Henson	3c44e92bcb	Include a more meaningful error message when rejecting legacy renegotiation	2009-11-18 14:19:52 +00:00
Dr. Stephen Henson	73582b8117	add missing parts of reneg port, fix apps patch	2009-11-11 14:51:29 +00:00
Dr. Stephen Henson	56327ebe6a	make update	2009-11-10 13:23:04 +00:00
Dr. Stephen Henson	ec4346f6f9	oops, add missing prototypes	2009-11-09 18:58:50 +00:00
Dr. Stephen Henson	bc9058d041	First cut of renegotiation extension. (port to 1.0.0-stable)	2009-11-09 18:45:42 +00:00
Dr. Stephen Henson	e3738c49b8	If it is a new session don't send the old TLS ticket: send a zero length ticket to request a new session.	2009-11-08 14:36:32 +00:00
Dr. Stephen Henson	23b97c6bb5	PR: 2089 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org DTLS Fragment size bug fix.	2009-11-02 13:37:17 +00:00
Dr. Stephen Henson	036b3f331b	Generate stateless session ID just after the ticket is received instead of when a session is loaded. This will mean that applications that just hold onto SSL_SESSION structures and never call d2i_SSL_SESSION() will still work.	2009-10-30 14:06:18 +00:00
Dr. Stephen Henson	3d0b604c14	Fix statless session resumption so it can coexist with SNI	2009-10-30 13:22:44 +00:00
Dr. Stephen Henson	257b2bfb6c	Don't attempt session resumption if no ticket is present and session ID length is zero.	2009-10-28 19:52:35 +00:00
Dr. Stephen Henson	a9bb9d0eb4	PR: 2072 Submitted by: Tomas Mraz <tmraz@redhat.com> Approved by: steve@openssl.org Avoid potential doublefree and reuse of freed handshake_buffer.	2009-10-16 15:24:19 +00:00
Dr. Stephen Henson	cc6688d796	PR: 2073 Submitted by: Tomas Mraz <tmraz@redhat.com> Approved by: steve@openssl.org Don't access freed SSL_CTX in SSL_free().	2009-10-16 13:41:52 +00:00
Dr. Stephen Henson	ad187f8905	Fix unitialized warnings	2009-10-04 16:52:35 +00:00
Dr. Stephen Henson	3d1dab4404	PR: 2055 Submitted by: Julia Lawall <julia@diku.dk> Approved by: steve@openssl.org Correct BIO_ctrl error handling in s2_srvr.c	2009-10-01 00:07:10 +00:00
Dr. Stephen Henson	29c2fd46d2	PR: 2054 Submitted by: Julia Lawall <julia@diku.dk> Approved by: steve@openssl.org Correct BIO_ctrl error handling	2009-10-01 00:03:50 +00:00
Dr. Stephen Henson	af3d4e1b02	PR: 2039 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org DTLS listen bug fix,	2009-09-15 22:48:30 +00:00
Dr. Stephen Henson	80afb40ae3	Submitted by: Julia Lawall <julia@diku.dk> The functions ENGINE_ctrl(), OPENSSL_isservice(), EVP_PKEY_sign(), CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix so the return code is checked correctly.	2009-09-13 11:27:27 +00:00
Dr. Stephen Henson	a131de9bb2	PR: 2025 Submitted by: Tomas Mraz <tmraz@redhat.com> Approved by: steve@openssl.org Constify SSL_CIPHER_description	2009-09-12 23:18:09 +00:00
Dr. Stephen Henson	0ddd002f60	PR: 1411 Submitted by: steve@openssl.org Allow use of trusted certificates in SSL_CTX_use_chain_file()	2009-09-12 23:09:26 +00:00
Dr. Stephen Henson	53f062d050	PR: 2033 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org DTLS listen support.	2009-09-09 17:05:42 +00:00
Dr. Stephen Henson	9769137a43	Typo presumably...	2009-09-06 17:55:40 +00:00
Dr. Stephen Henson	c0688f1aef	Make update, deleting bogus DTLS error code	2009-09-06 15:55:54 +00:00
Dr. Stephen Henson	2e9802b7a7	PR: 2028 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org Fix DTLS cookie management bugs.	2009-09-04 17:42:06 +00:00
Dr. Stephen Henson	54ed003ace	PR: 2009 Submitted by: "Alexei Khlebnikov" <alexei.khlebnikov@opera.com> Approved by: steve@openssl.org Avoid memory leak and fix error reporting in d2i_SSL_SESSION(). NB: although the ticket mentions buffer overruns this isn't a security issue because the SSL_SESSION structure is generated internally and it should never be possible to supply its contents from an untrusted application (this would among other things destroy session cache security).	2009-09-02 13:20:22 +00:00
Dr. Stephen Henson	f18e10253d	PR: 2022 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org Fix DTLS record header length bug.	2009-09-02 12:53:32 +00:00
Dr. Stephen Henson	17f8d8db61	PR: 2006 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org Do not use multiple DTLS records for a single user message	2009-08-26 11:51:23 +00:00
Richard Levitte	3798c36686	Include proper header files for time functions. Submitted by Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>	2009-08-25 07:10:09 +00:00
Dr. Stephen Henson	5a96822f2c	Update default dependency flags. Make error name discrepancies a fatal error. Fix error codes. make update	2009-08-12 17:08:44 +00:00
Dr. Stephen Henson	a4bade7aac	PR: 1997 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org DTLS timeout handling fix.	2009-08-12 13:21:26 +00:00
Dr. Stephen Henson	f45e8c7bdd	PR: 2000 Submitted by: Vadim Zeitlin <vz-openssl@zeitlins.org> Approved by: steve@openssl.org Make no-comp compile without warnings.	2009-08-05 15:29:14 +00:00
Dr. Stephen Henson	d7406b1528	PR: 1993 Fix from 0.9.8-stable.	2009-07-24 11:52:32 +00:00
Dr. Stephen Henson	5135d6b985	Fix error codes and indentation.	2009-07-15 11:32:58 +00:00
Dr. Stephen Henson	c8f759ec74	Stop warning of signed/unsigned compare.	2009-07-14 15:28:44 +00:00
Dr. Stephen Henson	cddd00166c	PR: 1984 Submitted by: Michael TÃÂ¼xen <Michael.Tuexen@lurchi.franken.de> Approved by: steve@openssl.org Don't concatenate reads in DTLS.	2009-07-13 11:44:04 +00:00
Dr. Stephen Henson	c155d83f5b	Delete MD2 from algorithm tables and default compilation.	2009-07-08 08:50:53 +00:00
Dr. Stephen Henson	5a03e3ac3f	Fix from HEAD.	2009-07-04 12:05:14 +00:00
Dr. Stephen Henson	08b2097967	Update from HEAD.	2009-07-04 11:44:01 +00:00

1 2 3 4 5 ...

1251 commits