generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
8,152 Commits 16 Branches 258 Tags
Commit Graph

1416 Commits

Author SHA1 Message Date
Dr. Stephen Henson
50a095ed16 Updates to conform with draft-ietf-tls-renegotiation-03.txt: 
1. Add provisional SCSV value.
2. Don't send SCSV and RI at same time.
3. Fatal error is SCSV received when renegotiating.
 2010-01-06 17:59:41 +00:00
Bodo Möller
d0e79d7e2c Constify crypto/cast. 2009-12-22 10:59:03 +00:00
Dr. Stephen Henson
ccc3df8c33 New option to enable/disable connection to unpatched servers 2009-12-16 20:34:20 +00:00
Dr. Stephen Henson
cb4823fdd6 Add ctrls to clear options and mode. 
Change RI ctrl so it doesn't clash.
 2009-12-09 13:15:01 +00:00
Dr. Stephen Henson
17bb051628 Send no_renegotiation alert as required by spec. 2009-12-08 19:05:49 +00:00
Dr. Stephen Henson
59f44e810b Add ctrl and macro so we can determine if peer support secure renegotiation. 
Fix SSL_CIPHER initialiser for mcsv
 2009-12-08 13:47:28 +00:00
Dr. Stephen Henson
7a014dceb6 Add support for magic cipher suite value (MCSV). Make secure renegotiation 
work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.

NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.

Change mismatch alerts to handshake_failure as required by spec.

Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.
 2009-12-08 13:15:38 +00:00
Dr. Stephen Henson
1ff44a99a4 PR: 2111 
Submitted by: Martin Olsson <molsson@opera.com>

Check for bn_wexpand errors in bn_mul.c
 2009-12-02 15:27:19 +00:00
Bodo Möller
553d2e3280 (whitespace) 2009-11-26 18:35:33 +00:00
Bodo Möller
82fb4ee89d The version numbering may change, again; so be careful about what we 
announce in CHANGES.
 2009-11-26 17:30:07 +00:00
Bodo Möller
389fef6c9c Remove attribution -- this wasn't my patch, I only edited and applied it. 2009-11-26 17:28:27 +00:00
Bodo Möller
b6622f9623 Remove obsolete information about a change for 0.9.7n. 
(No further releases from the 0.9.7 branch are planned.  Note that the
"deleted" change is also in 0.9.8f.)
 2009-11-26 17:25:38 +00:00
Ben Laurie
c2b78c31d6 First cut of renegotiation extension. 2009-11-08 14:51:54 +00:00
Ben Laurie
949fbf073a Disable renegotiation. 2009-11-05 11:28:37 +00:00
Dr. Stephen Henson
2a8834cf89 Fix stateless session resumption so it can coexist with SNI 2009-10-30 13:28:07 +00:00
Dr. Stephen Henson
afff063a14 Add CHANGES entry. 2009-09-13 11:23:37 +00:00
Dr. Stephen Henson
d0969d24cf Add new option --strict-warnings to Configure script. This is used to add 
in devteam warnings into other configurations.
 2009-09-09 16:30:49 +00:00
Dr. Stephen Henson
985b5ee735 PR: 2003 
Make it possible to install OpenSSL in directories with name other
than "lib" for example "lib64". Based on patch from Jeremy Utley.
 2009-08-10 14:37:51 +00:00
Dr. Stephen Henson
136b5dc7c7 Add missing CHANGES entry for OID 0x80 fix. 2009-08-09 15:40:03 +00:00
Dr. Stephen Henson
856f3005de Document MD2 deprecation. 2009-07-13 11:53:53 +00:00
Dr. Stephen Henson
e7e7f5de4b PR: 1960 
Approved by: steve@openssl.org

Encode compression id in {i2d,d2i}_SSL_SESSION().
 2009-06-30 22:20:46 +00:00
Dr. Stephen Henson
ab8fe43fa2 PR: 1942 
Submitted by: David Woodhouse <dwmw2@infradead.org>
Approved by: steve@openssl.org

Replace ad-hoc chain builder with X509_verify_cert().
 2009-06-28 16:23:05 +00:00
Dr. Stephen Henson
9aecc3e5ff Update from 1.0.0-stable. 2009-06-26 11:34:22 +00:00
Dr. Stephen Henson
51ebaa9f82 Correct CHANGES entry. 2009-06-17 11:58:17 +00:00
Dr. Stephen Henson
efaa569c3b PR: 1943 
Submitted by: Guenter <lists@gknw.net>
Approved by: steve@openssl.org

Rename uni2asc and asc2uni on Netware to avoid a name clash.
 2009-06-17 11:55:51 +00:00
Dr. Stephen Henson
1e53b797f6 Don't check self-signed signature in X509_verify_cert(), the check just 
wastes processing time and doesn't add any security.
 2009-06-15 14:52:38 +00:00
Mark J. Cox
0b8eca58b9 Update changelog to show fix for PR1679 as per Tomas Hoger's testing: 
http://thread.gmane.org/gmane.comp.security.oss.general/1769/focus=1814
 2009-06-02 09:20:52 +00:00
Mark J. Cox
a176be48a2 Add the corresponding CVE names to the CHANGES entry for 0.9.8 branch 2009-05-26 08:21:56 +00:00
Dr. Stephen Henson
f47bce27e3 Add CHANGES entries for security relate issues PR#1923, PR#1930 and PR#1931. 2009-05-18 17:34:16 +00:00
Dr. Stephen Henson
0d399f97dd Submitted by: Darryl Miles <darryl-mailinglists@netbauds.net> 
Approved by: steve@openssl.org

Handle non-blocking I/O properly in SSL_shutdown() call.
 2009-04-07 16:28:30 +00:00
Dr. Stephen Henson
7a746ecf3e Typo. 2009-03-25 22:22:42 +00:00
Dr. Stephen Henson
aca8bf43ce Submitted by: Ilya O. <vrghost@gmail.com> 
Approved by: steve@openssl.org

Add 2.5.4.* OIDs.
 2009-03-25 19:01:03 +00:00
Dr. Stephen Henson
7de0df694f Prepare for next version. 2009-03-25 13:02:49 +00:00
Dr. Stephen Henson
e10051ef3f Prepare for 0.9.8k release. 2009-03-25 10:46:56 +00:00
Dr. Stephen Henson
c60dca1f95 PR: 1868 
Submitted by: Paolo Ganci <Paolo.Ganci@AdNovum.CH>
Approved by: steve@openssl.org

Don't set fields to NULL when freeing them up in ASN1 code. On some platforms
with sizeof(long) < sizeof(char *) this can cause a crash.
 2009-03-25 10:42:34 +00:00
Dr. Stephen Henson
188abf7e2a Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com> 
Approved by: steve@openssl.org

Check return code properly in CMS_SignerInfo_verify_content().
 2009-03-25 10:40:32 +00:00
Dr. Stephen Henson
f021b7cca6 Reject BMPStrings and UniversalStrings of invalid length. This prevents 
a crash in ASN1_STRING_print_ex() which assumes they are valid.
 2009-03-25 10:35:57 +00:00
Dr. Stephen Henson
37afdc953e Don't force S/MIME signing purpose: allow it to be overridden by store 
settings.

Don't set default values in X509_VERIFY_PARAM_new(): it stops parameters
being inherited properly.
 2009-03-15 13:36:01 +00:00
Dr. Stephen Henson
044855e146 Permit nested ASN1 string encoding but with a maximum depth to avoid 
stack overflow.
 2009-03-14 18:33:25 +00:00
Dr. Stephen Henson
4fcf8d8b07 Submitted by: Jeremy Shapiro <jnshapir@us.ibm.com> 
Reviewed by: steve@openssl.org

Improve efficientcy of mem_gets().
 2009-03-07 16:58:43 +00:00
Bodo Möller
59689735a6 -hex option for openssl rand 
PR: 1831
Submitted by: Damien Miller
 2009-02-02 00:27:56 +00:00
Dr. Stephen Henson
73cb37295d Update from HEAD. 2009-01-28 12:55:36 +00:00
Dr. Stephen Henson
1f35508ae6 Support NumericString for name components. 2009-01-28 12:35:10 +00:00
Ben Laurie
dc0cb7e74f Make it possible to override CC. 2009-01-17 14:36:17 +00:00
Dr. Stephen Henson
367316c723 Oops, remove duplicate entry. 2009-01-07 23:45:19 +00:00
Dr. Stephen Henson
d34353cc91 Prepare for next version. 2009-01-07 23:38:34 +00:00
Dr. Stephen Henson
6287fa5396 Prepare for 0.9.8j release. 2009-01-07 10:50:54 +00:00
Dr. Stephen Henson
a00c3c4019 Properly check EVP_VerifyFinal() and similar return values 
(CVE-2008-5077).
Submitted by: Ben Laurie, Bodo Moeller, Google Security Team
 2009-01-07 10:48:23 +00:00
Ben Laurie
c153422388 Enable TLS Extensions by default. 2008-12-26 15:27:51 +00:00
Bodo Möller
505ed2b076 Implement Configure option pattern "experimental-foo" 
(specifically, "experimental-jpake").
 2008-12-02 01:21:06 +00:00