Richard Levitte
ea599390c6
Make sure the opened directory is closed on exit.
...
Notified by Lorinczy Zsigmond <lzsiga@mail.ahiv.hu>
2002-04-18 16:20:32 +00:00
Bodo Möller
a6ec2d58ba
improve binary compatibility
2002-04-14 08:25:41 +00:00
Bodo Möller
82c77c1b32
Implement known-IV countermeasure.
...
Fix length checks in ssl3_get_client_hello().
Use s->s3->in_read_app_data differently to fix ssl3_read_internal().
2002-04-13 22:49:28 +00:00
Lutz Jänicke
6bcba344b5
Map new X509 verification errors to alert codes (Tom Wu <tom@arcot.com>).
2002-03-19 16:47:09 +00:00
Bodo Möller
7aacd4c458
fix ssl3_pending
2002-03-15 10:53:34 +00:00
Lutz Jänicke
e18ed57afd
Add missing strength entries.
2002-03-14 18:56:59 +00:00
Bodo Möller
ff9722c7f1
use BIO_nwrite() more properly to demonstrate the general idea of
...
BIO_nwrite0/BIO_nwrite (the previous code was OK for BIO pairs but not
in general)
2002-03-14 09:49:10 +00:00
Lutz Jänicke
ec20856622
Fix the fix (Yoram Zahavi)...
2002-02-27 11:26:20 +00:00
Lutz Jänicke
ce1e801013
Make sure to remove bad sessions in SSL_clear() (found by Yoram Zahavi).
2002-02-26 21:50:28 +00:00
Richard Levitte
03a6dcdf31
make update
2002-02-26 14:18:23 +00:00
Lutz Jänicke
76dca45720
Backport from 0.9.7:
...
Make removal from internal session cache more robust and do not store
into internal session cache when it won't be looked up anyway.
2002-02-10 12:52:57 +00:00
Bodo Möller
19fa8cfe5a
Bugfix: In ssl3_accept, don't use a local variable 'got_new_session'
...
to indicate that a real handshake is taking place (the value will be
lost during multiple invocations). Set s->new_session to 2 instead.
2002-01-14 23:42:47 +00:00
Bodo Möller
5f18fe493e
Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c) if
...
the SSL_R_LENGTH_MISMATCH error is detected.
2002-01-14 12:42:38 +00:00
Ulf Möller
c99b94be3e
ssl3_read_bytes bug fix
...
Submitted by: D P Chang <dpc@qualys.com>
Reviewed by: Bodo
2001-12-28 17:13:10 +00:00
Richard Levitte
5dfaf1c437
make update
2001-12-20 22:25:41 +00:00
Bodo Möller
3ece3605ac
remove redundant ERR_load_... declarations
2001-12-17 19:24:39 +00:00
Richard Levitte
479275ef18
make update
...
perl util/mkdef.pl crypto update rewrite
2001-11-15 12:36:30 +00:00
Bodo Möller
c37e7bf580
fix warning
2001-11-14 21:19:47 +00:00
Bodo Möller
a10b85d9e6
make code a little more similar to what it looked like before the fixes
2001-11-10 10:43:51 +00:00
Bodo Möller
a807f6460e
important SSL 2.0 bugfixes
2001-11-10 01:15:29 +00:00
Richard Levitte
d6945e10b5
Addapt VMS scripts to the newer disk layout system ODS-5, which allows more than one period and mixed size characters in file names
2001-10-29 13:06:29 +00:00
Bodo Möller
0b9925be4f
Consistency with s2_... and s23_... variants (no real functional
...
change)
2001-10-25 08:18:56 +00:00
Bodo Möller
3e9ae0c462
Oops
2001-10-25 08:18:36 +00:00
Bodo Möller
96ec4ce0d2
Assume TLS 1.0 if ClientHello fragment is too short.
2001-10-25 06:06:50 +00:00
Bodo Möller
38b3e9edde
Fix SSL handshake functions and SSL_clear() such that SSL_clear()
...
never resets s->method to s->ctx->method when called from within one
of the SSL handshake functions.
2001-10-24 19:05:26 +00:00
Bodo Möller
9ccadf1c6f
In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
...
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.
2001-10-20 17:52:40 +00:00
Bodo Möller
2dbdcd9734
Fix ssl3_get_message to handle message fragmentation correctly.
2001-10-15 17:42:43 +00:00
Bodo Möller
1147fa5a5f
the previous commit accidentily removed 'ret = 1' from the SSL_ST_OK
...
case of ssl3_accept
2001-10-15 17:40:22 +00:00
Bodo Möller
ae9010abd5
comment
2001-09-24 07:57:20 +00:00
Bodo Möller
029dfa64d4
bugfix: handle HelloRequest received during handshake correctly
2001-09-21 11:19:26 +00:00
Bodo Möller
f8845509b6
Disable session related stuff in SSL_ST_OK case of ssl3_accept if we
...
just sent a HelloRequest.
2001-09-21 07:01:04 +00:00
Bodo Möller
3f98e1dd11
Bugfix: correct cleanup after sending a HelloRequest
2001-09-21 00:03:00 +00:00
Bodo Möller
e53afa9e9b
fix ssl3_accept: don't call ssl_init_wbio_buffer() in HelloRequest case
2001-09-20 21:36:39 +00:00
Bodo Möller
e41c5bd730
Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
...
reveal whether illegal block cipher padding was found or a MAC
verification error occured.
In ssl/s2_pkt.c, verify that the purported number of padding bytes is in
the legal range.
2001-09-20 18:34:36 +00:00
Bodo Möller
10981a5c84
add comment
2001-09-14 13:48:37 +00:00
Bodo Möller
9cf8888149
Increase permissible ClientKeyExchange message length as in main
...
branch (revision 1.50, 2000-11-17)
2001-09-14 13:32:03 +00:00
Lutz Jänicke
a04baf9b5c
Allow client certificate lists > 16kB ("Douglas E. Engert" <deengert@anl.gov>.)
2001-08-25 11:48:35 +00:00
Lutz Jänicke
51db1db082
Checked in from the wrong !@#$%^&*() copy...
2001-08-21 07:27:47 +00:00
Lutz Jänicke
653cc07b51
Alert description strings for TLSv1 and documentation.
2001-08-19 16:23:57 +00:00
Bodo Möller
904de6e4f5
Bugfix: larger message size in ssl3_get_key_exchange() because
...
ServerKeyExchange message may be skipped.
Submitted by: Petr Lampa <lampa@fee.vutbr.cz>
2001-08-07 09:31:03 +00:00
Lutz Jänicke
65ce21da9a
Fix typos (shinagawa@star.zko.dec.com).
2001-08-07 07:53:53 +00:00
Lutz Jänicke
dd186f600d
Only set the verify callback if there's one to set!
2001-07-31 10:20:53 +00:00
Lutz Jänicke
03a70bad4f
Fix inconsistent behaviour with respect to verify_callback handling.
2001-07-30 11:48:20 +00:00
Richard Levitte
7ca6deef3f
SSL_get_rfc were documented but not implemented.
2001-07-16 10:50:49 +00:00
Richard Levitte
026dad0f3b
SSL_get_[rw]fd were documented but not implemented.
2001-07-15 20:12:45 +00:00
Bodo Möller
dab4c2824f
pay attention to blocksize before attempting decryption
2001-06-15 18:06:06 +00:00
Richard Levitte
e90323844f
Use memmove() instead of memcpy() on areas that may overlap.
...
Spotted by Nalin Dahyabhai <nalin@redhat.com>
2001-06-07 04:45:55 +00:00
Bodo Möller
83583e9479
Fix Bleichenbacher PKCS #1 1.5 countermeasure.
...
(The attack against SSL 3.1 and TLS 1.0 is impractical anyway,
otherwise this would be a security relevant patch.)
2001-06-01 09:43:23 +00:00
Bodo Möller
9a22ce66c9
This change should be suitable as a workaround for the Solaris x86
...
compiler bug reported in <01032110293775.22278@weba3.iname.net>
(the '++seq[i]' condition is evaluated as 256 rather than 0
when the previous value is 255).
2001-04-03 13:46:36 +00:00
Bodo Möller
1e01dbfbb2
backport the comment (here it's NO_DH, not OPENSSL_NO_DH ...)
2001-03-22 15:00:45 +00:00