generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
10,103 Commits 16 Branches 258 Tags
d16765919d78a576425272adc0c3fb0b493b1198
Commit Graph

259 Commits

Author SHA1 Message Date
Dr. Stephen Henson
7409d7ad51 Initial incomplete TLS v1.2 support. New ciphersuites added, new version 
checking added, SHA256 PRF support added.

At present only RSA key exchange ciphersuites work with TLS v1.2 as the
new signature format is not yet implemented.
 2011-04-29 22:56:51 +00:00
Dr. Stephen Henson
08557cf22c Initial "opaque SSL" framework. If an application defines 
OPENSSL_NO_SSL_INTERN all ssl related structures are opaque
and internals cannot be directly accessed. Many applications
will need some modification to support this and most likely some
additional functions added to OpenSSL.

The advantage of this option is that any application supporting
it will still be binary compatible if SSL structures change.
 2011-04-29 22:37:12 +00:00
Dr. Stephen Henson
23bc7961d2 Fix broken SRP error/function code assignment. 2011-03-16 16:17:46 +00:00
Ben Laurie
edc032b5e3 Add SRP support. 2011-03-12 17:01:19 +00:00
Ben Laurie
bf48836c7c Fixes to NPN from Adam Langley. 2010-09-05 17:14:01 +00:00
Bodo Möller
7c2d4fee25 For better forward-security support, add functions 
SSL_[CTX_]set_not_resumable_session_callback.

Submitted by: Emilia Kasper (Google)

[A part of this change affecting ssl/s3_lib.c was accidentally commited
separately, together with a compilation fix for that file;
see s3_lib.c CVS revision 1.133 (http://cvs.openssl.org/chngview?cn=19855).]
 2010-08-26 15:15:47 +00:00
Dr. Stephen Henson
44959ee456 PR: 1833 
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Support for abbreviated handshakes when renegotiating.
 2010-08-26 14:23:52 +00:00
Ben Laurie
ee2ffc2794 Add Next Protocol Negotiation. 2010-07-28 10:06:55 +00:00
Dr. Stephen Henson
f96ccf36ff PR: 1830 
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>, Steve Henson

Support for RFC5705 key extractor.
 2010-07-18 17:43:18 +00:00
Dr. Stephen Henson
b9e7793dd7 oops, revert wrong patch.. 2010-07-18 17:43:01 +00:00
Dr. Stephen Henson
d135da5192 Fix warnings (From HEAD, original patch by Ben). 2010-07-18 16:52:47 +00:00
Dr. Stephen Henson
76998a71bc Updates to conform with draft-ietf-tls-renegotiation-03.txt: 
1. Add provisional SCSV value.
2. Don't send SCSV and RI at same time.
3. Fatal error is SCSV received when renegotiating.
 2010-01-06 17:37:09 +00:00
Dr. Stephen Henson
82a107eaa8 compress_meth should be unsigned 2010-01-06 14:01:45 +00:00
Dr. Stephen Henson
2be3d6ebc8 Client side compression algorithm sanity checks: ensure old compression 
algorithm matches current and give error if compression is disabled and
server requests it (shouldn't happen unless server is broken).
 2010-01-01 14:39:37 +00:00
Dr. Stephen Henson
e6f418bcb7 Compression handling on session resume was badly broken: it always 
used compression algorithms in client hello (a legacy from when
the compression algorithm wasn't serialized with SSL_SESSION).
 2009-12-31 14:13:30 +00:00
Dr. Stephen Henson
ef51b4b9b4 New option to enable/disable connection to unpatched servers 2009-12-16 20:25:59 +00:00
Dr. Stephen Henson
22c2155595 Move SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION out of SSL_OP_ALL and move SSL_OP_NO_TLSv1_1 2009-12-11 00:23:12 +00:00
Dr. Stephen Henson
338a61b94e Add patch to crypto/evp which didn't apply from PR#2124 2009-12-09 15:01:39 +00:00
Dr. Stephen Henson
7661ccadf0 Add ctrls to clear options and mode. 
Change RI ctrl so it doesn't clash.
 2009-12-09 13:25:16 +00:00
Dr. Stephen Henson
5430200b8b Add ctrl and macro so we can determine if peer support secure renegotiation. 2009-12-08 13:42:08 +00:00
Dr. Stephen Henson
637f374ad4 Initial experimental TLSv1.1 support 2009-12-07 13:31:02 +00:00
Dr. Stephen Henson
64abf5e657 Include a more meaningful error message when rejecting legacy renegotiation 2009-11-18 14:20:21 +00:00
Dr. Stephen Henson
e0e7997212 First cut of renegotiation extension. (port to HEAD) 2009-11-09 19:03:34 +00:00
Dr. Stephen Henson
7689ed34d3 PR: 2025 
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org

Constify SSL_CIPHER_description
 2009-09-12 23:17:39 +00:00
Dr. Stephen Henson
1fc3ac806d PR: 2033 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS listen support.
 2009-09-09 17:05:18 +00:00
Dr. Stephen Henson
e0d4e97c1a Make update, deleting bogus DTLS error code 2009-09-06 15:58:19 +00:00
Dr. Stephen Henson
480b9e5d29 PR: 2006 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Do not use multiple DTLS records for a single user message
 2009-08-26 11:51:57 +00:00
Dr. Stephen Henson
3ed3603b60 Update default dependency flags. 
Make error name discrepancies a fatal error.
Fix error codes.
make update
 2009-08-12 17:30:37 +00:00
Dr. Stephen Henson
b972fbaa8f PR: 1997 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS timeout handling fix.
 2009-08-12 13:19:54 +00:00
Dr. Stephen Henson
4b06d778ad Update from 1.0.0-stable. 2009-07-15 11:33:24 +00:00
Dr. Stephen Henson
ccf117510d Update from 1.0.0-stable. 2009-06-30 11:58:10 +00:00
Dr. Stephen Henson
e7deff3cdf Typo. 2009-04-28 22:36:33 +00:00
Dr. Stephen Henson
8711efb498 Updates from 1.0.0-stable branch. 2009-04-20 11:33:12 +00:00
Dr. Stephen Henson
22c98d4aad Update from 1.0.0-stable 2009-04-08 16:16:35 +00:00
Dr. Stephen Henson
220bd84911 Updates from 1.0.0-stable 2009-04-06 15:22:01 +00:00
Dr. Stephen Henson
06ddf8eb08 Updates from 1.0.0-stable 2009-04-04 19:54:06 +00:00
Ben Laurie
9b9cb004f7 Deal with the unlikely event that EVP_MD_CTX_size() returns an error. 
(Coverity ID 140).
 2008-12-27 02:09:24 +00:00
Ben Laurie
6ba71a7173 Handle the unlikely event that BIO_get_mem_data() returns -ve. 2008-12-27 02:00:38 +00:00
Ben Laurie
f3b7bdadbc Integrate J-PAKE and TLS-PSK. Increase PSK buffer size. Fix memory leaks. 2008-11-16 12:47:12 +00:00
Dr. Stephen Henson
12bf56c017 PR: 1574 
Submitted by: Jouni Malinen <j@w1.fi>
Approved by: steve@openssl.org

Ticket override support for EAP-FAST.
 2008-11-15 17:18:12 +00:00
Geoff Thorpe
6343829a39 Revert the size_t modifications from HEAD that had led to more 
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
 2008-11-12 03:58:08 +00:00
Ben Laurie
5e4430e70d More size_tification. 2008-11-01 16:40:37 +00:00
Ben Laurie
babb379849 Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
Dr. Stephen Henson
3ad74edce8 Add SSL_FIPS flag for FIPS 140-2 approved ciphersuites and add a new 
strength "FIPS" to represent all FIPS approved ciphersuites without NULL
encryption.
 2008-09-10 16:02:09 +00:00
Bodo Möller
1cbf663a6c sanity check 
PR: 1679
 2008-08-13 19:45:06 +00:00
Bodo Möller
474b3b1cc8 Fix error codes for memory-saving patch. 
Also, get rid of compile-time switch OPENSSL_NO_RELEASE_BUFFERS
because it was rather pointless (the new behavior has to be explicitly
requested by setting SSL_MODE_RELEASE_BUFFERS anyway).
 2008-08-04 22:10:38 +00:00
Dr. Stephen Henson
59d2d48f64 Add support for client cert engine setting in s_client app. 
Add appropriate #ifdefs round client cert functions in headers.
 2008-06-03 11:26:27 +00:00
Ben Laurie
8671b89860 Memory saving patch. 2008-06-03 02:48:34 +00:00
Dr. Stephen Henson
c61915c659 Update error codes. 2008-06-01 22:34:40 +00:00
Dr. Stephen Henson
368888bcb6 Add client cert engine to SSL routines. 2008-06-01 22:33:24 +00:00