openssl

Author	SHA1	Message	Date
Bodo Möller	db45308477	(EC)DH memory handling fixes. Submitted by: Adam Langley	2011-09-05 10:25:15 +00:00
Dr. Stephen Henson	6a662a45f3	PR: 2573 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS buffering and decryption bug.	2011-09-01 14:01:36 +00:00
Dr. Stephen Henson	ac02a4b68a	PR: 2555 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS sequence number bug	2011-07-20 15:17:20 +00:00
Dr. Stephen Henson	4ba063d3c5	PR: 2550 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS HelloVerifyRequest Timer bug	2011-07-20 15:12:58 +00:00
Dr. Stephen Henson	cc0931e36b	PR: 2543 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Correctly handle errors in DTLSv1_handle_timeout()	2011-06-22 15:29:36 +00:00
Dr. Stephen Henson	c4b2eb24b3	PR: 2529 Submitted by: Marcus Meissner <meissner@suse.de> Reviewed by: steve Call ssl_new() to reallocate SSL BIO internals if we want to replace the existing internal SSL structure.	2011-05-25 15:15:43 +00:00
Dr. Stephen Henson	2c77c5c8db	Oops use up to date patch for PR#2506	2011-05-25 14:29:39 +00:00
Dr. Stephen Henson	1eb38c563f	PR: 2506 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fully implement SSL_clear for DTLS.	2011-05-25 12:28:42 +00:00
Dr. Stephen Henson	fa657871ed	PR: 2505 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS session resumption timer bug.	2011-05-25 12:24:03 +00:00
Dr. Stephen Henson	be70b3adce	set encodedPoint to NULL after freeing it	2011-05-19 16:18:39 +00:00
Dr. Stephen Henson	7116a41129	PR: 2462 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS Retransmission Buffer Bug	2011-04-03 17:15:23 +00:00
Dr. Stephen Henson	7143acab25	PR: 2458 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Don't change state when answering DTLS ClientHello.	2011-04-03 16:26:33 +00:00
Dr. Stephen Henson	11d4086d8e	PR: 2457 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS fragment reassembly bug.	2011-04-03 15:49:26 +00:00
Bodo Möller	957ebe98fb	OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d) Submitted by: Neel Mehta, Adam Langley, Bodo Moeller	2011-02-08 17:10:47 +00:00
Bodo Möller	9d09fc8485	Assorted bugfixes: - RLE decompression boundary case - SSL 2.0 key arg length check Submitted by: Google (Neel Mehta, Bodo Moeller)	2011-02-03 12:04:48 +00:00
Dr. Stephen Henson	119e912a83	Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed alert.	2011-01-04 19:33:01 +00:00
Dr. Stephen Henson	7890b562bc	fix for CVE-2010-4180	2010-12-02 18:49:28 +00:00
Dr. Stephen Henson	2ae47ddbc2	fix CVE-2010-3864	2010-11-16 14:26:18 +00:00
Dr. Stephen Henson	a073129293	PR: 2314 Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net> Reviewed by: steve Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939	2010-10-10 12:21:23 +00:00
Ben Laurie	d886975835	Fix gcc 4.6 warnings. Check TLS server hello extension length.	2010-06-12 13:18:58 +00:00
Dr. Stephen Henson	d24f1cbf35	PR: 2230 Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Fix bug in bitmask macros and stop warnings.	2010-05-03 13:01:59 +00:00
Dr. Stephen Henson	82687bb4c3	PR: 2230 Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Fixed various DTLS fragment reassembly bugs patch for 0.9.8.	2010-04-14 13:26:50 +00:00
Dr. Stephen Henson	2eb8e5e62a	fix signed/unsigned comparison warnings	2010-04-14 00:41:25 +00:00
Dr. Stephen Henson	c713a4c04d	PR: 2230 Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Fix various DTLS fragment reassembly bugs.	2010-04-14 00:17:12 +00:00
Dr. Stephen Henson	0cefa0f942	PR: 2229 Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Don't drop DTLS connection if mac or decryption failed.	2010-04-14 00:09:39 +00:00
Dr. Stephen Henson	834c85ef0c	PR: 2228 Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Fix DTLS buffer record MAC failure bug.	2010-04-14 00:02:50 +00:00
Richard Levitte	0c8c8eab58	Third argument to dtls1_buffer_record is by reference	2010-04-13 08:42:01 +00:00
Dr. Stephen Henson	bc06baca76	Add SHA2 algorithms to SSL_library_init(). Although these aren't used directly by SSL/TLS SHA2 certificates are becoming more common and applications that only call SSL_library_init() and not OpenSSL_add_all_alrgorithms() will fail when verifying certificates. Update docs.	2010-04-07 13:19:48 +00:00
Dr. Stephen Henson	5e613d5411	PR: 2218 Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Fixes for DTLS replay bug.	2010-04-06 12:44:44 +00:00
Dr. Stephen Henson	56e930eb03	PR: 2219 Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Fixes for DTLS buffering bug.	2010-04-06 12:39:57 +00:00
Dr. Stephen Henson	4a052f0bb9	PR: 2223 Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Fixes for DTLS timeout bug	2010-04-06 12:29:08 +00:00
Dr. Stephen Henson	f34e79f27b	make no-comp compile again	2010-03-30 17:31:58 +00:00
Dr. Stephen Henson	ee91323f52	PR: 1731 and maybe 2197 Clear error queue in a few places in SSL code where errors are expected so they don't stay in the queue.	2010-03-24 23:16:35 +00:00
Dr. Stephen Henson	354f92d66a	Submitted by: Bodo Moeller and Adam Langley (Google). Fix for "Record of death" vulnerability CVE-2010-0740.	2010-03-24 13:16:42 +00:00
Dr. Stephen Henson	ede1351997	Submitted by: Tomas Hoger <thoger@redhat.com> Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL could be crashed if the relevant tables were not present (e.g. chrooted).	2010-03-03 15:34:11 +00:00
Richard Levitte	00d1ecb1da	Add t1_reneg to the VMS build. Hack the symbols with long names.	2010-02-22 07:05:24 +00:00
Dr. Stephen Henson	bec7184768	OR default SSL_OP_LEGACY_SERVER_CONNECT so existing options are preserved	2010-02-17 19:43:08 +00:00
Dr. Stephen Henson	442ac8d259	Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as initial connection to unpatched servers. There are no additional security concerns in doing this as clients don't see renegotiation during an attack anyway.	2010-02-17 18:37:47 +00:00
Dr. Stephen Henson	b50ef8b216	PR: 2171 Submitted by: Tomas Mraz <tmraz@redhat.com> Since SSLv2 doesn't support renegotiation at all don't reject it if legacy renegotiation isn't enabled. Also can now use SSL2 compatible client hello because RFC5746 supports it.	2010-02-16 14:19:42 +00:00
Dr. Stephen Henson	0484ff5ec1	PR: 2160 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Make session tickets work with DTLS.	2010-02-01 16:48:40 +00:00
Dr. Stephen Henson	4acc2fed6c	PR: 2159 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Typo in PR#1949 bug, oops!	2010-02-01 12:44:21 +00:00
Dr. Stephen Henson	cc62974182	PR: 1949 Submitted by: steve@openssl.org More robust fix and workaround for PR#1949. Don't try to work out if there is any write pending data as this can be unreliable: always flush.	2010-01-26 19:40:36 +00:00
Dr. Stephen Henson	e8387db0c4	Fix VC++ warning (change had already been made to other branches).	2010-01-26 13:24:08 +00:00
Dr. Stephen Henson	714044cc03	oops revert test code from previous commit	2010-01-24 13:52:38 +00:00
Dr. Stephen Henson	5598b99fb3	The fix for PR#1949 unfortunately broke cases where the BIO_CTRL_WPENDING ctrl is incorrectly implemented (e.g. some versions of Apache). As a workaround call both BIO_CTRL_INFO and BIO_CTRL_WPENDING if it returns zero. This should both address the original bug and retain compatibility with the old behaviour.	2010-01-24 13:50:57 +00:00
Dr. Stephen Henson	6899d9bbf6	If legacy renegotiation is not permitted then send a fatal alert if a patched server attempts to renegotiate with an unpatched client.	2010-01-22 18:49:43 +00:00
Dr. Stephen Henson	dd28d12add	make update	2010-01-20 16:35:30 +00:00
Dr. Stephen Henson	ff2549be1d	PR: 2144 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Better fix for PR#2144	2010-01-19 19:10:03 +00:00
Dr. Stephen Henson	aae48de0f7	PR: 2144 Submitted by: steve@openssl.org Fix DTLS connection so new_session is reset if we read second client hello: new_session is used to detect renegotiation.	2010-01-16 19:45:46 +00:00
Dr. Stephen Henson	766708f24b	PR: 2133 Submitted by: steve@openssl.org Add missing DTLS state strings.	2010-01-16 19:18:31 +00:00

1 2 3 4 5 ...

1006 Commits