wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/ssl
History
Richard Levitte 7e2bf83100 Fixes for the following claims: 
1) Certificate Message with no certs

  OpenSSL implementation sends the Certificate message during SSL
  handshake, however as per the specification, these have been omitted.

  -- RFC 2712 --
     CertificateRequest, and the ServerKeyExchange shown in Figure 1
     will be omitted since authentication and the establishment of a
     master secret will be done using the client's Kerberos credentials
     for the TLS server.  The client's certificate will be omitted for
     the same reason.
  -- RFC 2712 --

  3) Pre-master secret Protocol version

  The pre-master secret generated by OpenSSL does not have the correct
  client version.

  RFC 2712 says, if the Kerberos option is selected, the pre-master
  secret structure is the same as that used in the RSA case.

  TLS specification defines pre-master secret as:
         struct {
             ProtocolVersion client_version;
             opaque random[46];
         } PreMasterSecret;

  where client_version is the latest protocol version supported by the
  client

  The pre-master secret generated by OpenSSL does not have the correct
  client version. The implementation does not update the first 2 bytes
  of random secret for Kerberos Cipher suites. At the server-end, the
  client version from the pre-master secret is not validated.

PR: 1336
2006-09-28 12:23:15 +00:00
..
.cvsignore Add emacs cache files to .cvsignore. 2005-04-11 14:17:07 +00:00
bio_ssl.c Fix various incorrect error function codes. 2005-04-26 18:53:22 +00:00
d1_both.c fix warnings when building openssl with (gcc 3.3.1): 2005-08-28 23:20:52 +00:00
d1_clnt.c Fix from HEAD. 2005-12-05 17:32:22 +00:00
d1_enc.c backport recent changes from the cvs head 2006-02-08 19:16:33 +00:00
d1_lib.c fix typo 2005-08-08 19:26:35 +00:00
d1_meth.c Initialize SSL_METHOD structures at compile time. This removes the need 2005-08-05 23:52:08 +00:00
d1_pkt.c Update from HEAD. 2006-09-23 17:30:25 +00:00
d1_srvr.c Fix from HEAD. 2005-12-05 17:32:22 +00:00
dtls1.h pqueue and dtls uses 64-bit values. Unfortunately, OpenSSL doesn't 2005-05-30 22:34:28 +00:00
install.com Synchronise more with the Unix build 2005-05-31 20:28:55 +00:00
kssl.c Eliminate dependency on UNICODE macro. 2005-06-27 21:21:12 +00:00
kssl.h Make kerberos ciphersuite code work with newer header files 2005-04-09 23:55:55 +00:00
kssl_lcl.h To avoid commit wars over dependencies, let's make it so things that 2001-10-10 07:55:02 +00:00
Makefile Update filenames in makefiles 2006-02-04 01:49:36 +00:00
s2_clnt.c Introduce limits to prevent malicious keys being able to 2006-09-28 11:29:03 +00:00
s2_enc.c Avoid including cryptlib.h, it's not really needed. 2003-12-27 16:10:30 +00:00
s2_lib.c Disable invalid ciphersuites 2006-06-14 17:52:01 +00:00
s2_meth.c Initialize SSL_METHOD structures at compile time. This removes the need 2005-08-05 23:52:08 +00:00
s2_pkt.c Avoid including cryptlib.h, it's not really needed. 2003-12-27 16:10:30 +00:00
s2_srvr.c Fix from HEAD. 2005-12-05 17:32:22 +00:00
s3_both.c Add DTLS support. 2005-04-26 16:02:40 +00:00
s3_clnt.c Fixes for the following claims: 2006-09-28 12:23:15 +00:00
s3_enc.c As HEAD. 2005-10-01 00:41:24 +00:00
s3_lib.c Put ECCdraft ciphersuites back into default build (but disabled 2006-06-22 12:35:54 +00:00
s3_meth.c Initialize SSL_METHOD structures at compile time. This removes the need 2005-08-05 23:52:08 +00:00
s3_pkt.c Update from HEAD. 2005-09-30 23:38:20 +00:00
s3_srvr.c Fixes for the following claims: 2006-09-28 12:23:15 +00:00
s23_clnt.c Fix from HEAD. 2005-12-05 17:32:22 +00:00
s23_lib.c Initialize SSL_METHOD structures at compile time. This removes the need 2005-08-05 23:52:08 +00:00
s23_meth.c make "./configure no-ssl2" work again 2006-01-15 16:57:01 +00:00
s23_pkt.c Reorder inclusion of header files: 2002-07-10 07:01:54 +00:00
s23_srvr.c Fix from HEAD. 2005-12-05 17:32:22 +00:00
ssl-lib.com Synchronise more with the Unix build 2005-05-31 20:28:55 +00:00
ssl.h Make sure that AES ciphersuites get priority over Camellia ciphersuites 2006-06-14 13:52:49 +00:00
ssl2.h Implement msg_callback for SSL 2.0. 2001-11-10 01:16:28 +00:00
ssl3.h Update from HEAD. 2005-09-30 23:38:20 +00:00
ssl23.h Import of old SSLeay release: SSLeay 0.9.0b 1998-12-21 10:56:39 +00:00
ssl_algs.c Camellia cipher, contributed by NTT 2006-06-09 15:42:21 +00:00
ssl_asn1.c Fix from HEAD. 2005-12-05 17:32:22 +00:00
ssl_cert.c Thread-safety fixes 2006-06-14 08:51:41 +00:00
ssl_ciph.c ensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0 2006-09-11 09:48:46 +00:00
ssl_err.c Avoid contradictive error code assignments. 2006-01-08 21:52:46 +00:00
ssl_err2.c Use new-style system-id macros everywhere possible. I hope I haven't 2001-02-20 08:13:47 +00:00
ssl_lib.c Introduce limits to prevent malicious keys being able to 2006-09-28 11:29:03 +00:00
ssl_locl.h Camellia cipher, contributed by NTT 2006-06-09 15:42:21 +00:00
ssl_rsa.c add support for DER encoded private keys to SSL_CTX_use_PrivateKey_file() 2005-04-08 22:52:42 +00:00
ssl_sess.c Rewrite timeout computation in a way that is less prone to overflow. 2005-12-30 23:51:57 +00:00
ssl_stat.c Prototype info function. 2002-01-12 15:56:13 +00:00
ssl_task.c Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
ssl_txt.c Update from HEAD. 2005-09-30 23:38:20 +00:00
ssltest.c fix no-dh configure option; patch supplied by Peter Meerwald 2006-02-24 17:58:35 +00:00
t1_clnt.c Initialize SSL_METHOD structures at compile time. This removes the need 2005-08-05 23:52:08 +00:00
t1_enc.c Don't check for padding bug if compression is negotiated. 2006-05-07 12:27:48 +00:00
t1_lib.c Initialize SSL_METHOD structures at compile time. This removes the need 2005-08-05 23:52:08 +00:00
t1_meth.c Initialize SSL_METHOD structures at compile time. This removes the need 2005-08-05 23:52:08 +00:00
t1_srvr.c Initialize SSL_METHOD structures at compile time. This removes the need 2005-08-05 23:52:08 +00:00
tls1.h Disable invalid ciphersuites 2006-06-14 17:52:01 +00:00