openssl

Author	SHA1	Message	Date
Dr. Stephen Henson	2456cd58c4	Allow initial connection (but no renegoriation) to servers which don't support RI. Reorganise RI checking code and handle some missing cases.	2009-12-14 13:55:39 +00:00
Ben Laurie	43a107026d	Missing error code.	2009-12-12 15:57:53 +00:00
Dr. Stephen Henson	f1784f2fd2	Move SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION out of SSL_OP_ALL	2009-12-11 00:20:58 +00:00
Dr. Stephen Henson	b41a614686	Check s3 is not NULL	2009-12-09 14:53:51 +00:00
Dr. Stephen Henson	52a08e90d1	Add ctrls to clear options and mode. Change RI ctrl so it doesn't clash.	2009-12-09 13:25:38 +00:00
Dr. Stephen Henson	6b5f0458fe	Send no_renegotiation alert as required by spec.	2009-12-08 19:06:09 +00:00
Dr. Stephen Henson	b52a2738d4	Add ctrl and macro so we can determine if peer support secure renegotiation.	2009-12-08 13:42:32 +00:00
Dr. Stephen Henson	10f99d7b77	Add support for magic cipher suite value (MCSV). Make secure renegotiation work in SSLv3: initial handshake has no extensions but includes MCSV, if server indicates RI support then renegotiation handshakes include RI. NB: current MCSV value is bogus for testing only, will be updated when we have an official value. Change mismatch alerts to handshake_failure as required by spec. Also have some debugging fprintfs so we can clearly see what is going on if OPENSSL_RI_DEBUG is set.	2009-12-08 13:15:12 +00:00
Dr. Stephen Henson	593222afe1	PR: 2121 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Add extension support to DTLS code mainly using existing implementation for TLS.	2009-12-08 11:38:18 +00:00
Dr. Stephen Henson	d5b8c46499	PR: 2115 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org Add Renegotiation extension to DTLS, fix DTLS ClientHello processing bug.	2009-12-01 17:41:42 +00:00
Dr. Stephen Henson	3e8e12a6b6	Servers can't end up talking SSLv2 with legacy renegotiation disabled	2009-11-18 15:09:35 +00:00
Dr. Stephen Henson	5ddbb8f41a	Don't use SSLv2 compatible client hello if we don't tolerate legacy renegotiation	2009-11-18 14:45:32 +00:00
Dr. Stephen Henson	3c44e92bcb	Include a more meaningful error message when rejecting legacy renegotiation	2009-11-18 14:19:52 +00:00
Dr. Stephen Henson	73582b8117	add missing parts of reneg port, fix apps patch	2009-11-11 14:51:29 +00:00
Dr. Stephen Henson	56327ebe6a	make update	2009-11-10 13:23:04 +00:00
Dr. Stephen Henson	ec4346f6f9	oops, add missing prototypes	2009-11-09 18:58:50 +00:00
Dr. Stephen Henson	bc9058d041	First cut of renegotiation extension. (port to 1.0.0-stable)	2009-11-09 18:45:42 +00:00
Dr. Stephen Henson	e3738c49b8	If it is a new session don't send the old TLS ticket: send a zero length ticket to request a new session.	2009-11-08 14:36:32 +00:00
Dr. Stephen Henson	23b97c6bb5	PR: 2089 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org DTLS Fragment size bug fix.	2009-11-02 13:37:17 +00:00
Dr. Stephen Henson	036b3f331b	Generate stateless session ID just after the ticket is received instead of when a session is loaded. This will mean that applications that just hold onto SSL_SESSION structures and never call d2i_SSL_SESSION() will still work.	2009-10-30 14:06:18 +00:00
Dr. Stephen Henson	3d0b604c14	Fix statless session resumption so it can coexist with SNI	2009-10-30 13:22:44 +00:00
Dr. Stephen Henson	257b2bfb6c	Don't attempt session resumption if no ticket is present and session ID length is zero.	2009-10-28 19:52:35 +00:00
Dr. Stephen Henson	a9bb9d0eb4	PR: 2072 Submitted by: Tomas Mraz <tmraz@redhat.com> Approved by: steve@openssl.org Avoid potential doublefree and reuse of freed handshake_buffer.	2009-10-16 15:24:19 +00:00
Dr. Stephen Henson	cc6688d796	PR: 2073 Submitted by: Tomas Mraz <tmraz@redhat.com> Approved by: steve@openssl.org Don't access freed SSL_CTX in SSL_free().	2009-10-16 13:41:52 +00:00
Dr. Stephen Henson	ad187f8905	Fix unitialized warnings	2009-10-04 16:52:35 +00:00
Dr. Stephen Henson	3d1dab4404	PR: 2055 Submitted by: Julia Lawall <julia@diku.dk> Approved by: steve@openssl.org Correct BIO_ctrl error handling in s2_srvr.c	2009-10-01 00:07:10 +00:00
Dr. Stephen Henson	29c2fd46d2	PR: 2054 Submitted by: Julia Lawall <julia@diku.dk> Approved by: steve@openssl.org Correct BIO_ctrl error handling	2009-10-01 00:03:50 +00:00
Dr. Stephen Henson	af3d4e1b02	PR: 2039 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org DTLS listen bug fix,	2009-09-15 22:48:30 +00:00
Dr. Stephen Henson	80afb40ae3	Submitted by: Julia Lawall <julia@diku.dk> The functions ENGINE_ctrl(), OPENSSL_isservice(), EVP_PKEY_sign(), CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix so the return code is checked correctly.	2009-09-13 11:27:27 +00:00
Dr. Stephen Henson	a131de9bb2	PR: 2025 Submitted by: Tomas Mraz <tmraz@redhat.com> Approved by: steve@openssl.org Constify SSL_CIPHER_description	2009-09-12 23:18:09 +00:00
Dr. Stephen Henson	0ddd002f60	PR: 1411 Submitted by: steve@openssl.org Allow use of trusted certificates in SSL_CTX_use_chain_file()	2009-09-12 23:09:26 +00:00
Dr. Stephen Henson	53f062d050	PR: 2033 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org DTLS listen support.	2009-09-09 17:05:42 +00:00
Dr. Stephen Henson	9769137a43	Typo presumably...	2009-09-06 17:55:40 +00:00
Dr. Stephen Henson	c0688f1aef	Make update, deleting bogus DTLS error code	2009-09-06 15:55:54 +00:00
Dr. Stephen Henson	2e9802b7a7	PR: 2028 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org Fix DTLS cookie management bugs.	2009-09-04 17:42:06 +00:00
Dr. Stephen Henson	54ed003ace	PR: 2009 Submitted by: "Alexei Khlebnikov" <alexei.khlebnikov@opera.com> Approved by: steve@openssl.org Avoid memory leak and fix error reporting in d2i_SSL_SESSION(). NB: although the ticket mentions buffer overruns this isn't a security issue because the SSL_SESSION structure is generated internally and it should never be possible to supply its contents from an untrusted application (this would among other things destroy session cache security).	2009-09-02 13:20:22 +00:00
Dr. Stephen Henson	f18e10253d	PR: 2022 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org Fix DTLS record header length bug.	2009-09-02 12:53:32 +00:00
Dr. Stephen Henson	17f8d8db61	PR: 2006 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org Do not use multiple DTLS records for a single user message	2009-08-26 11:51:23 +00:00
Richard Levitte	3798c36686	Include proper header files for time functions. Submitted by Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>	2009-08-25 07:10:09 +00:00
Dr. Stephen Henson	5a96822f2c	Update default dependency flags. Make error name discrepancies a fatal error. Fix error codes. make update	2009-08-12 17:08:44 +00:00
Dr. Stephen Henson	a4bade7aac	PR: 1997 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org DTLS timeout handling fix.	2009-08-12 13:21:26 +00:00
Dr. Stephen Henson	f45e8c7bdd	PR: 2000 Submitted by: Vadim Zeitlin <vz-openssl@zeitlins.org> Approved by: steve@openssl.org Make no-comp compile without warnings.	2009-08-05 15:29:14 +00:00
Dr. Stephen Henson	d7406b1528	PR: 1993 Fix from 0.9.8-stable.	2009-07-24 11:52:32 +00:00
Dr. Stephen Henson	5135d6b985	Fix error codes and indentation.	2009-07-15 11:32:58 +00:00
Dr. Stephen Henson	c8f759ec74	Stop warning of signed/unsigned compare.	2009-07-14 15:28:44 +00:00
Dr. Stephen Henson	cddd00166c	PR: 1984 Submitted by: Michael TÃÂ¼xen <Michael.Tuexen@lurchi.franken.de> Approved by: steve@openssl.org Don't concatenate reads in DTLS.	2009-07-13 11:44:04 +00:00
Dr. Stephen Henson	c155d83f5b	Delete MD2 from algorithm tables and default compilation.	2009-07-08 08:50:53 +00:00
Dr. Stephen Henson	5a03e3ac3f	Fix from HEAD.	2009-07-04 12:05:14 +00:00
Dr. Stephen Henson	08b2097967	Update from HEAD.	2009-07-04 11:44:01 +00:00
Dr. Stephen Henson	2b3cd246e5	PR: 1962 Submitted by: Daniel Mentz <daniel.m@sent.com> Reviewed by: steve@openssl.org Fix "for dtls1_get_record() returns a bad record in one edge case" bug.	2009-07-01 11:29:01 +00:00

1 2 3 4 5 ...

1050 Commits