generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
10,839 Commits 16 Branches 258 Tags
Commit Graph

185 Commits

Author SHA1 Message Date
Matt Caswell
131d3fdfe2 Remove explicit setting of read_ahead for DTLS. It never makes sense not to 
use read_ahead with DTLS because it doesn't work. Therefore read_ahead needs
to be the default.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit f4002412518703d07fee321d4c88ee0bbe1694fe)

Conflicts:
	apps/s_client.c
	apps/s_server.c
 2015-01-27 14:35:11 +00:00
Matt Caswell
10621efd32 Run util/openssl-format-source -v -c . 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:38:39 +00:00
Matt Caswell
0f6c965823 Move more comments that confuse indent 
Conflicts:
	crypto/dsa/dsa.h
	demos/engines/ibmca/hw_ibmca.c
	ssl/ssl_locl.h

Conflicts:
	crypto/bn/rsaz_exp.c
	crypto/evp/e_aes_cbc_hmac_sha1.c
	crypto/evp/e_aes_cbc_hmac_sha256.c
	ssl/ssl_locl.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:38:04 +00:00
Matt Caswell
d68aade28a Updates to s_client and s_server to remove the constant 28 (for IPv4 header 
and UDP header) when setting an mtu. This constant is not always correct (e.g.
if using IPv6). Use the new DTLS_CTRL functions instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 464ce92026bd0c79186cbefa75470f39607110be)
 2014-12-03 09:35:25 +00:00
Dr. Stephen Henson
821bee4333 New option no-ssl3-method which removes SSLv3_*method 
When no-ssl3 is set only make SSLv3 disabled by default. Retain -ssl3
options for s_client/s_server/ssltest.

When no-ssl3-method is set SSLv3_*method() is removed and all -ssl3
options.

We should document this somewhere, e.g. wiki, FAQ or manual page.
Reviewed-by: Emilia Käsper <emilia@openssl.org>

(cherry picked from commit 3881d8106df732fc433d30446625dfa2396da42d)

Conflicts:
	util/mkdef.pl
 2014-11-19 22:57:51 +00:00
Dr. Stephen Henson
cd63f94d4d Don't allow -www etc options with DTLS. 
The options which emulate a web server don't make sense when doing DTLS.
Exit with an error if an attempt is made to use them.

PR#3453
(cherry picked from commit 58a2aaeade8bdecd0f9f0df41927f7cff3012547)
 2014-07-15 12:25:39 +01:00
Dr. Stephen Henson
ea0ceb11a0 Use case insensitive compare for servername. 
PR#3445
(cherry picked from commit 1c3e9a7c67ccdc5e770829fe951e5832e600d377)
 2014-07-15 00:00:03 +01:00
Dr. Stephen Henson
a07f514fc0 Usage for -hack and -prexit -verify_return_error 
(cherry picked from commit ee724df75d9ad67fd954253ac514fddb46f1e3c6)
 2014-07-06 22:48:57 +01:00
Dr. Stephen Henson
b7c9762598 s_server usage for certificate status requests 
(cherry picked from commit a44f219c009798054d6741e919cba5b2e656dbf4)
 2014-07-06 22:45:44 +01:00
Andy Polyakov
0898147090 ssl/*: fix linking errors with no-srtp. 2013-02-09 19:52:07 +01:00
Dr. Stephen Henson
540f7c75ef fix leaks 2012-11-20 00:28:56 +00:00
Dr. Stephen Henson
f929f201fb fix memory leak 2012-09-11 13:44:38 +00:00
Dr. Stephen Henson
25da47c3c8 Fix memory leak. 
Always perform nexproto callback argument initialisation in s_server
otherwise we use uninitialised data if -nocert is specified.
 2012-07-03 16:36:10 +00:00
Ben Laurie
af454b5bb0 Reduce version skew. 2012-06-08 09:18:47 +00:00
Dr. Stephen Henson
3bf4e14cc3 Always use SSLv23_{client,server}_method in s_client.c and s_server.c, 
the old code came from SSLeay days before TLS was even supported.
 2012-03-18 18:16:05 +00:00
Dr. Stephen Henson
cdf9d6f6ed PR: 2716 
Submitted by: Adam Langley <agl@google.com>

Fix handling of exporter return value and use OpenSSL indentation in
s_client, s_server.
 2012-02-11 23:21:09 +00:00
Dr. Stephen Henson
508bd3d1aa PR: 2714 
Submitted by: Tomas Mraz <tmraz@redhat.com>

Make no-srp work.
 2012-02-10 19:44:00 +00:00
Andy Polyakov
9b2a29660b Sanitize usage of <ctype.h> functions. It's important that characters 
are passed zero-extended, not sign-extended [from HEAD].
PR: 2682
 2012-01-12 16:28:03 +00:00
Dr. Stephen Henson
bd6941cfaa PR: 2658 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Support for TLS/DTLS heartbeats.
 2011-12-31 23:00:36 +00:00
Dr. Stephen Henson
b300fb7734 PR: 1794 
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

- remove some unncessary SSL_err and permit
an srp user callback to allow a worker to obtain
a user verifier.

- cleanup and comments in s_server and demonstration
for asynchronous srp user lookup
 2011-12-27 14:23:22 +00:00
Ben Laurie
b1d7429186 Add TLS exporter. 2011-11-15 23:51:22 +00:00
Ben Laurie
060a38a2c0 Add DTLS-SRTP. 2011-11-15 23:02:16 +00:00
Ben Laurie
68b33cc5c7 Add Next Protocol Negotiation. 2011-11-13 21:55:42 +00:00
Dr. Stephen Henson
6bd173fced Don't disable TLS v1.2 by default any more. 2011-10-09 23:28:25 +00:00
Dr. Stephen Henson
7f9ef5621a Oops, add missing declaration. 2011-05-12 13:02:25 +00:00
Dr. Stephen Henson
39348038df make kerberos work with OPENSSL_NO_SSL_INTERN 2011-05-11 22:52:34 +00:00
Dr. Stephen Henson
9472baae0d Backport TLS v1.2 support from HEAD. 
This includes TLS v1.2 server and client support but at present
client certificate support is not implemented.
 2011-05-11 13:37:52 +00:00
Dr. Stephen Henson
ae17b9ecd5 Typo. 2011-05-11 13:22:54 +00:00
Dr. Stephen Henson
74096890ba Initial "opaque SSL" framework. If an application defines OPENSSL_NO_SSL_INTERN 
all ssl related structures are opaque and internals cannot be directly
accessed. Many applications will need some modification to support this and
most likely some additional functions added to OpenSSL.

The advantage of this option is that any application supporting it will still
be binary compatible if SSL structures change.

(backport from HEAD).
 2011-05-11 12:56:38 +00:00
Ben Laurie
a149b2466e Add SRP. 2011-03-16 11:26:40 +00:00
Dr. Stephen Henson
251431ff4f add TLS v1.1 options to s_server 2010-11-13 12:44:17 +00:00
Dr. Stephen Henson
1eb1cf452b Backport TLS v1.1 support from HEAD 2010-06-27 14:15:02 +00:00
Dr. Stephen Henson
e97359435e Fix warnings (From HEAD, original patch by Ben). 2010-06-15 17:25:15 +00:00
Dr. Stephen Henson
ffa304c838 oops, revert more test code arghh! 2010-01-28 17:52:18 +00:00
Dr. Stephen Henson
df21765a3e In engine_table_select() don't clear out entire error queue: just clear 
out any we added using ERR_set_mark() and ERR_pop_to_mark() otherwise
errors from other sources (e.g. SSL library) can be wiped.
 2010-01-28 17:50:23 +00:00
Dr. Stephen Henson
b52a2738d4 Add ctrl and macro so we can determine if peer support secure renegotiation. 2009-12-08 13:42:32 +00:00
Dr. Stephen Henson
5c33091cfa commit missing apps code for reneg fix 2009-11-11 14:10:09 +00:00
Dr. Stephen Henson
90528846e8 Add -no_cache option to s_server 2009-10-28 17:49:37 +00:00
Dr. Stephen Henson
0c690586e0 PR: 2064, 728 
Submitted by: steve@openssl.org

Add support for custom headers in OCSP requests.
 2009-09-30 21:41:53 +00:00
Dr. Stephen Henson
2e9802b7a7 PR: 2028 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix DTLS cookie management bugs.
 2009-09-04 17:42:06 +00:00
Dr. Stephen Henson
209abea1db Stop unused variable warning on WIN32 et al. 2009-08-18 11:14:12 +00:00
Dr. Stephen Henson
a4bade7aac PR: 1997 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS timeout handling fix.
 2009-08-12 13:21:26 +00:00
Dr. Stephen Henson
4386445c18 Change STRING to OPENSSL_STRING etc as common words such 
as "STRING" cause conflicts with other headers/libraries.
 2009-07-27 21:08:53 +00:00
Dr. Stephen Henson
e323afb0ce Update from HEAD. 2009-06-30 16:10:24 +00:00
Dr. Stephen Henson
67d8ab07e6 Stop warning if dtls disabled. 2009-06-05 14:56:48 +00:00
Dr. Stephen Henson
0454f2c490 PR: 1929 
Submitted by: Michael Tuexen <tuexen@fh-muenster.de>
Approved by: steve@openssl.org

Updated DTLS MTU bug fix.
 2009-05-17 16:04:21 +00:00
Dr. Stephen Henson
9990cb75c1 PR: 1894 
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org

Fix various typos and stuff.
 2009-04-16 17:22:51 +00:00
Dr. Stephen Henson
70531c147c Make no-engine work again. 2008-12-20 17:04:40 +00:00
Dr. Stephen Henson
2900fc8ae1 Don't stop -cipher from working. 2008-11-30 22:01:31 +00:00
Dr. Stephen Henson
79bd20fd17 Update from stable-branch. 2008-11-24 17:27:08 +00:00