generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
9,426 Commits 16 Branches 258 Tags
Commit Graph

1096 Commits

Author SHA1 Message Date
Dr. Stephen Henson
52a08e90d1 Add ctrls to clear options and mode. 
Change RI ctrl so it doesn't clash.
 2009-12-09 13:25:38 +00:00
Dr. Stephen Henson
6b5f0458fe Send no_renegotiation alert as required by spec. 2009-12-08 19:06:09 +00:00
Dr. Stephen Henson
b52a2738d4 Add ctrl and macro so we can determine if peer support secure renegotiation. 2009-12-08 13:42:32 +00:00
Dr. Stephen Henson
10f99d7b77 Add support for magic cipher suite value (MCSV). Make secure renegotiation 
work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.

NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.

Change mismatch alerts to handshake_failure as required by spec.

Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.
 2009-12-08 13:15:12 +00:00
Dr. Stephen Henson
593222afe1 PR: 2121 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Add extension support to DTLS code mainly using existing implementation for
TLS.
 2009-12-08 11:38:18 +00:00
Dr. Stephen Henson
d5b8c46499 PR: 2115 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Add Renegotiation extension to DTLS, fix DTLS ClientHello processing bug.
 2009-12-01 17:41:42 +00:00
Dr. Stephen Henson
3e8e12a6b6 Servers can't end up talking SSLv2 with legacy renegotiation disabled 2009-11-18 15:09:35 +00:00
Dr. Stephen Henson
5ddbb8f41a Don't use SSLv2 compatible client hello if we don't tolerate legacy renegotiation 2009-11-18 14:45:32 +00:00
Dr. Stephen Henson
3c44e92bcb Include a more meaningful error message when rejecting legacy renegotiation 2009-11-18 14:19:52 +00:00
Dr. Stephen Henson
73582b8117 add missing parts of reneg port, fix apps patch 2009-11-11 14:51:29 +00:00
Dr. Stephen Henson
56327ebe6a make update 2009-11-10 13:23:04 +00:00
Dr. Stephen Henson
ec4346f6f9 oops, add missing prototypes 2009-11-09 18:58:50 +00:00
Dr. Stephen Henson
bc9058d041 First cut of renegotiation extension. (port to 1.0.0-stable) 2009-11-09 18:45:42 +00:00
Dr. Stephen Henson
e3738c49b8 If it is a new session don't send the old TLS ticket: send a zero length 
ticket to request a new session.
 2009-11-08 14:36:32 +00:00
Dr. Stephen Henson
23b97c6bb5 PR: 2089 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS Fragment size bug fix.
 2009-11-02 13:37:17 +00:00
Dr. Stephen Henson
036b3f331b Generate stateless session ID just after the ticket is received instead 
of when a session is loaded. This will mean that applications that
just hold onto SSL_SESSION structures and never call d2i_SSL_SESSION()
will still work.
 2009-10-30 14:06:18 +00:00
Dr. Stephen Henson
3d0b604c14 Fix statless session resumption so it can coexist with SNI 2009-10-30 13:22:44 +00:00
Dr. Stephen Henson
257b2bfb6c Don't attempt session resumption if no ticket is present and session 
ID length is zero.
 2009-10-28 19:52:35 +00:00
Dr. Stephen Henson
a9bb9d0eb4 PR: 2072 
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org

Avoid potential doublefree and reuse of freed handshake_buffer.
 2009-10-16 15:24:19 +00:00
Dr. Stephen Henson
cc6688d796 PR: 2073 
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org

Don't access freed SSL_CTX in SSL_free().
 2009-10-16 13:41:52 +00:00
Dr. Stephen Henson
ad187f8905 Fix unitialized warnings 2009-10-04 16:52:35 +00:00
Dr. Stephen Henson
3d1dab4404 PR: 2055 
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct BIO_ctrl error handling in s2_srvr.c
 2009-10-01 00:07:10 +00:00
Dr. Stephen Henson
29c2fd46d2 PR: 2054 
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct BIO_ctrl error handling
 2009-10-01 00:03:50 +00:00
Dr. Stephen Henson
af3d4e1b02 PR: 2039 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS listen bug fix,
 2009-09-15 22:48:30 +00:00
Dr. Stephen Henson
80afb40ae3 Submitted by: Julia Lawall <julia@diku.dk> 
The functions ENGINE_ctrl(), OPENSSL_isservice(), EVP_PKEY_sign(),
CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix
so the return code is checked correctly.
 2009-09-13 11:27:27 +00:00
Dr. Stephen Henson
a131de9bb2 PR: 2025 
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org

Constify SSL_CIPHER_description
 2009-09-12 23:18:09 +00:00
Dr. Stephen Henson
0ddd002f60 PR: 1411 
Submitted by: steve@openssl.org

Allow use of trusted certificates in SSL_CTX_use_chain_file()
 2009-09-12 23:09:26 +00:00
Dr. Stephen Henson
53f062d050 PR: 2033 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS listen support.
 2009-09-09 17:05:42 +00:00
Dr. Stephen Henson
9769137a43 Typo presumably... 2009-09-06 17:55:40 +00:00
Dr. Stephen Henson
c0688f1aef Make update, deleting bogus DTLS error code 2009-09-06 15:55:54 +00:00
Dr. Stephen Henson
2e9802b7a7 PR: 2028 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix DTLS cookie management bugs.
 2009-09-04 17:42:06 +00:00
Dr. Stephen Henson
54ed003ace PR: 2009 
Submitted by: "Alexei Khlebnikov" <alexei.khlebnikov@opera.com>
Approved by: steve@openssl.org

Avoid memory leak and fix error reporting in d2i_SSL_SESSION(). NB: although
the ticket mentions buffer overruns this isn't a security issue because
the SSL_SESSION structure is generated internally and it should never be
possible to supply its contents from an untrusted application (this would
among other things destroy session cache security).
 2009-09-02 13:20:22 +00:00
Dr. Stephen Henson
f18e10253d PR: 2022 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix DTLS record header length bug.
 2009-09-02 12:53:32 +00:00
Dr. Stephen Henson
17f8d8db61 PR: 2006 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Do not use multiple DTLS records for a single user message
 2009-08-26 11:51:23 +00:00
Richard Levitte
3798c36686 Include proper header files for time functions. 
Submitted by Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>
 2009-08-25 07:10:09 +00:00
Dr. Stephen Henson
5a96822f2c Update default dependency flags. 
Make error name discrepancies a fatal error.
Fix error codes.
make update
 2009-08-12 17:08:44 +00:00
Dr. Stephen Henson
a4bade7aac PR: 1997 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS timeout handling fix.
 2009-08-12 13:21:26 +00:00
Dr. Stephen Henson
f45e8c7bdd PR: 2000 
Submitted by: 	Vadim Zeitlin <vz-openssl@zeitlins.org>
Approved by: steve@openssl.org

Make no-comp compile without warnings.
 2009-08-05 15:29:14 +00:00
Dr. Stephen Henson
d7406b1528 PR: 1993 
Fix from 0.9.8-stable.
 2009-07-24 11:52:32 +00:00
Dr. Stephen Henson
5135d6b985 Fix error codes and indentation. 2009-07-15 11:32:58 +00:00
Dr. Stephen Henson
c8f759ec74 Stop warning of signed/unsigned compare. 2009-07-14 15:28:44 +00:00
Dr. Stephen Henson
cddd00166c PR: 1984 
Submitted by: Michael Tüxen <Michael.Tuexen@lurchi.franken.de>
Approved by: steve@openssl.org

Don't concatenate reads in DTLS.
 2009-07-13 11:44:04 +00:00
Dr. Stephen Henson
c155d83f5b Delete MD2 from algorithm tables and default compilation. 2009-07-08 08:50:53 +00:00
Dr. Stephen Henson
5a03e3ac3f Fix from HEAD. 2009-07-04 12:05:14 +00:00
Dr. Stephen Henson
08b2097967 Update from HEAD. 2009-07-04 11:44:01 +00:00
Dr. Stephen Henson
2b3cd246e5 PR: 1962 
Submitted by: Daniel Mentz <daniel.m@sent.com>
Reviewed by: steve@openssl.org

Fix "for dtls1_get_record() returns a bad record in one edge case" bug.
 2009-07-01 11:29:01 +00:00
Dr. Stephen Henson
76ec9151d1 Update from 0.9.8-stable. 2009-06-30 22:26:28 +00:00
Dr. Stephen Henson
6c24dd9005 Typo. 2009-06-30 20:55:55 +00:00
Dr. Stephen Henson
29b0c4a01c Add "missing" functions for setting all verify parameters for SSL_CTX and SSL 
structures.
 2009-06-30 11:57:24 +00:00
Dr. Stephen Henson
b824f0f458 Redundant check: s->param is always non-NULL, it is set in SSL_new(). 2009-06-30 11:41:35 +00:00