Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4036)
(cherry picked from commit dbd007d7d2)
If no serverinfo extension is found in some cases, do not abort the handshake,
but simply omit/skip that extension.
Check for already-registered serverinfo callbacks during serverinfo
registration.
Update SSL_CTX_use_serverinfo() documentation to mention the need to reload the
same serverinfo per certificate, for servers with multiple server certificates.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
* Perform ALPN after the SNI callback; the SSL_CTX may change due to
that processing
* Add flags to indicate that we actually sent ALPN, to properly error
out if unexpectedly received.
* document ALPN functions
* unit tests
Backport of commit 817cd0d52f
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Modified version of the commit ffaef3f15 in the master branch by Stephen
Henson. This makes the SSL_OP_SINGLE_DH_USE option a no-op and always
generates a new DH key for every handshake regardless.
CVE-2016-0701 (fix part 2 or 2)
Issue reported by Antonio Sanso
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Clarify and update documention for extra chain certificates.
PR#3878.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 2fd7fb99db)
- Do not advise generation of DH parameters with dsaparam to save
computation time.
- Promote use of custom parameters more, and explicitly forbid use of
built-in parameters weaker than 2048 bits.
- Advise the callback to ignore <keylength> - it is currently called
with 1024 bits, but this value can and should be safely ignored by
servers.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Add support for ServerInfo SSL_CONF option and update documentation. This
was wrongly omitted from the 1.0.2 release.
Reviewed-by: Richard Levitte <levitte@openssl.org>
OpenSSL clients would tolerate temporary RSA keys in non-export
ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which
enabled this server side. Remove both options as they are a
protocol violation.
Thanks to Karthikeyan Bhargavan for reporting this issue.
(CVE-2015-0204)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
MS Server gated cryptography is obsolete and dates from the time of export
restrictions on strong encryption and is only used by ancient versions of
MSIE.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 63eab8a620)
see RT #3203
Future versions of OpenSSL use the canonical terms "ECDHE" and "DHE"
as configuration strings and compilation constants. This patch
introduces aliases so that the stable 1.0.2 branch can be
forward-compatible with code and configuration scripts that use the
normalized terms, while avoiding changing any library output for
stable users.
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
The documentation is wrong about what happens when the
session cache fills up.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit e9edfc4196)
pod2man now complains when item tags are not sequential.
Also complains about missing =back and other tags.
Silence the warnings; most were already done.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit fe7573042f)
The description of when the server creates a DH key is
confusing. This cleans it up.
(rsalz: also removed trailing whitespace.)
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Update protocols supported and note that SSLv2 is effectively disabled
by default.
PR#3184
(cherry picked from commit 1b13a4f38dfc385d5e776f6b3e06c5795874cf9b)
Document that the certificate passed to SSL_CTX_add_extra_chain_cert()
should not be freed by the application.
PR#3409
(cherry picked from commit 0535c2d67c)
Add TLS padding extension to SSL_OP_ALL so it is used with other
"bugs" options and can be turned off.
This replaces SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG which is an ancient
option referring to SSLv2 and SSLREF.
PR#3336
(cherry picked from commit 758415b2259fa45d3fe17d8e53ae1341b7b6e482)
Conflicts:
ssl/t1_lib.c
Newer pod2man considers =item [1-9] part of a numbered list, while =item
0 starts an unnumbered list. Add a zero effect formatting mark to override
this.
doc/apps/smime.pod around line 315: Expected text after =item, not a
number
...
PR#3146
Don't clear verification errors from the error queue unless
SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR is set.
If errors occur during verification and SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR
is set return 2 so applications can issue warnings.
New flags to build certificate chains. The can be used to rearrange
the chain so all an application needs to do is add all certificates
in arbitrary order and then build the chain to check and correct them.
Add verify error code when building chain.
Update docs.
(cherry picked from commit 13dc3ce9ab)
New ctrl sets current certificate based on certain criteria. Currently
two options: set the first valid certificate as current and set the
next valid certificate as current. Using these an application can
iterate over all certificates in an SSL_CTX or SSL structure.
(cherry picked from commit 0f78819c8c)
Rich Salz
Paul Yang
Matt Caswell
Markus Triska
Kurt Roeckx
TJ Saunders
Todd Short
Viktor Dukhovni
Daniel Kahn Gillmor
Dr. Stephen Henson
Vitezslav Cizek
Emilia Kasper
Rich Salz
Bodo Moeller
Scott Schaefer
David Gatwood
Jeffrey Walton
Jeff Trawick
Lubomir Rintel