openssl/ssl at d40ec4ab8e7c0ff39bf4f9918fbb9dfdca4c5221 - openssl - Atria-soft GIT

generic-library/openssl

History

Matt Caswell d40ec4ab8e Stop DTLS servers asking for unsafe legacy renegotiation

If a DTLS client that does not support secure renegotiation connects to an
OpenSSL DTLS server then, by default, renegotiation is disabled. If a
server application attempts to initiate a renegotiation then OpenSSL is
supposed to prevent this. However due to a discrepancy between the TLS and
DTLS code, the server sends a HelloRequest anyway in DTLS.

This is not a security concern because the handshake will still fail later
in the process when the client responds with a ClientHello.

Reviewed-by: Tim Hudson <tjh@openssl.org>

2015-11-10 19:24:20 +00:00

..

bio_ssl.c

Handle SSL_ERROR_WANT_X509_LOOKUP

2015-09-20 14:21:18 +01:00

clienthellotest.c

GH354: Memory leak fixes

2015-08-28 11:59:23 -04:00

d1_both.c

Fix "make test" seg fault with SCTP enabled

2015-08-11 22:22:38 +01:00

d1_clnt.c

Only call ssl3_init_finished_mac once for DTLS

2015-11-10 18:44:56 +00:00

d1_lib.c

Fix Seg fault in DTLSv1_listen

2015-03-19 11:11:22 +00:00

d1_meth.c

Ensure the dtls1_get_*_methods work with DTLS_ANY_VERSION

2015-11-04 14:46:03 +00:00

d1_pkt.c

Lost alert in DTLS

2015-05-22 09:44:44 +01:00

d1_srtp.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

d1_srvr.c

Stop DTLS servers asking for unsafe legacy renegotiation

2015-11-10 19:24:20 +00:00

dtls1.h

Fix d2i_SSL_SESSION for DTLS1_BAD_VER

2015-02-27 20:31:28 +00:00

heartbeat_test.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

install-ssl.com

Don't forget to install srtp.h as well

2012-05-10 15:01:26 +00:00

kssl_lcl.h

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

kssl.c

Re-align some comments after running the reformat script.

2015-01-22 09:31:48 +00:00

kssl.h

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

Makefile

Add test for SSL_set_session_ticket_ext

2015-07-27 16:50:38 +01:00

s2_clnt.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

s2_enc.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

s2_lib.c

Fix reachable assert in SSLv2 servers.

2015-03-19 12:58:35 +00:00

s2_meth.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

s2_pkt.c

Add length sanity check in SSLv2 n_do_ssl_write()

2015-04-29 17:23:45 +01:00

s2_srvr.c

Harden SSLv2-supporting servers against Bleichenbacher's attack.

2015-04-08 16:28:42 +02:00

s3_both.c

Fix DTLS1.2 buffers

2015-09-02 00:37:58 +01:00

s3_cbc.c

Use CRYPTO_memcmp in s3_cbc.c

2015-06-08 15:04:28 +02:00

s3_clnt.c

Fix missing malloc return value checks

2015-11-09 22:54:19 +00:00

s3_enc.c

Cleanse buffers

2015-03-11 10:45:23 +00:00

s3_lib.c

typo: should be OPENSSL_free

2015-06-20 19:28:58 +01:00

s3_meth.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

s3_pkt.c

Fix write failure handling in DTLS1.2

2015-07-30 10:18:43 +01:00

s3_srvr.c

Fix missing malloc return value checks

2015-11-09 22:54:19 +00:00

s23_clnt.c

Fix session resumption

2015-09-02 00:29:00 +01:00

s23_lib.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

s23_meth.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

s23_pkt.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

s23_srvr.c

Re-align some comments after running the reformat script.

2015-01-22 09:31:48 +00:00

srtp.h

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

ssl2.h

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

ssl3.h

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

ssl23.h

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

ssl_algs.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

ssl_asn1.c

Make no-psk compile without warnings.

2015-09-16 18:09:00 +01:00

ssl_cert.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

ssl_ciph.c

Match SUITEB strings at start of cipher list.

2015-09-04 21:32:25 +01:00

ssl_conf.c

Add support for ServerInfo SSL_CONF option.

2015-03-18 12:31:06 +00:00

ssl_err2.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

ssl_err.c

Fix seg fault with 0 p val in SKE

2015-08-11 20:20:17 +01:00

ssl_lib.c

Fix DTLS1.2 compression

2015-09-02 00:37:58 +01:00

ssl_locl.h

Change functions to pass in a limit rather than calculate it

2015-10-05 14:14:02 +01:00

ssl_rsa.c

Fix return values when adding serverinfo fails.

2015-09-16 21:03:45 +02:00

ssl_sess.c

Fix building with OPENSSL_NO_TLSEXT.

2015-09-02 00:01:29 +01:00

ssl_stat.c

Add Error state

2015-05-05 19:50:12 +01:00

ssl_task.c

Re-align some comments after running the reformat script.

2015-01-22 09:31:48 +00:00

ssl_txt.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

ssl_utst.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

ssl-lib.com

VMS fixups for 1.0.2

2015-01-07 02:15:35 +01:00

ssl.h

Fix seg fault with 0 p val in SKE

2015-08-11 20:20:17 +01:00

ssltest.c

Fix ssltest to use 1024-bit DHE parameters

2015-05-26 12:42:40 +02:00

t1_clnt.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

t1_enc.c

Sanity check EVP_CTRL_AEAD_TLS_AAD

2015-04-30 23:21:50 +01:00

t1_ext.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

t1_lib.c

Remove redundant check from tls1_get_curvelist

2015-11-09 23:10:31 +00:00

t1_meth.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

t1_reneg.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

t1_srvr.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

t1_trce.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

tls1.h

Fix references to various RFCs

2015-10-23 20:32:58 +02:00

tls_srp.c

Code style: space after 'if'

2015-04-16 13:50:01 -04:00