root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity
10,192 Commits 32 Branches 398 Tags 545 MiB
Commit Graph

124 Commits

Author SHA1 Message Date
Dr. Stephen Henson ccffdb3fdc revert unrelated test code 2012-07-03 20:21:35 +00:00
Dr. Stephen Henson 74d89b0d93 PR: 2840 
Reported by: David McCullough <david_mccullough@mcafee.com>

Restore fips configuration module from 0.9.8.
 2012-07-03 20:20:11 +00:00
Dr. Stephen Henson a240ea8ab8 don't use pseudo digests for default values of keys 2012-06-27 14:12:01 +00:00
Ben Laurie 3c56d65a41 Fix memory leak. 2012-06-11 09:23:38 +00:00
Ben Laurie 49e9f751a4 Fix authz parsing. 2012-06-06 12:45:14 +00:00
Ben Laurie 8a02a46a5c RFC 5878 support. 2012-05-29 17:27:48 +00:00
Dr. Stephen Henson fe9ce2b7d6 Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> 
Reviewed by: steve
Improved localisation of TLS extension handling and code tidy.
 2012-04-24 12:15:17 +00:00
Dr. Stephen Henson f897fe4146 correct error code 2012-04-18 15:17:39 +00:00
Dr. Stephen Henson 1d0c47fd55 Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> 
Localize client hello extension parsing in t1_lib.c
(backport from HEAD)
 2012-04-06 20:16:09 +00:00
Dr. Stephen Henson e46c807e4f Add support for automatic ECDH temporary key parameter selection. When 
enabled instead of requiring an application to hard code a (possibly
inappropriate) parameter set and delve into EC internals we just
automatically use the preferred curve.
(backport from HEAD)
 2012-04-06 20:15:50 +00:00
Dr. Stephen Henson c132ca95c0 Tidy up EC parameter check code: instead of accessing internal structures 
add utility functions to t1_lib.c to check if EC certificates and parameters
are consistent with peer.
(backport from HEAD)
 2012-04-06 20:14:53 +00:00
Dr. Stephen Henson 6b870763ac Initial revision of ECC extension handling. 
Tidy some code up.

Don't allocate a structure to handle ECC extensions when it is used for
default values.

Make supported curves configurable.

Add ctrls to retrieve shared curves: not fully integrated with rest of
ECC code yet.
(backport from HEAD)
 2012-04-06 20:12:35 +00:00
Dr. Stephen Henson 5505818199 New ctrls to retrieve supported signature algorithms and curves and 
extensions to s_client and s_server to print out retrieved valued.

Extend CERT structure to cache supported signature algorithm data.
(backport from HEAD)
 2012-04-06 19:29:49 +00:00
Dr. Stephen Henson 78c5d2a9bb use client version when deciding whether to send supported signature algorithms extension 2012-03-21 21:32:57 +00:00
Dr. Stephen Henson a54ce007e6 PR: 2739 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix padding bugs in Heartbeat support.
 2012-02-27 16:38:10 +00:00
Dr. Stephen Henson b935714237 typo 2012-02-17 17:31:32 +00:00
Dr. Stephen Henson c489ea7d01 PR: 2704 
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>

Fix srp extension.
 2012-02-10 20:08:49 +00:00
Dr. Stephen Henson adcea5a043 return error if md is NULL 2012-01-22 13:12:50 +00:00
Dr. Stephen Henson 166dea6ac8 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> 
Reviewed by: steve

Send fatal alert if heartbeat extension has an illegal value.
 2012-01-05 00:23:31 +00:00
Dr. Stephen Henson 1cb4d65b87 Submitted by: Adam Langley <agl@chromium.org> 
Reviewed by: steve

Fix memory leaks.
 2012-01-04 14:25:28 +00:00
Dr. Stephen Henson 7b2dd292bc only send heartbeat extension from server if client sent one 2012-01-03 22:03:07 +00:00
Dr. Stephen Henson bd6941cfaa PR: 2658 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Support for TLS/DTLS heartbeats.
 2011-12-31 23:00:36 +00:00
Dr. Stephen Henson 7454cba4fa fix error discrepancy 2011-12-07 12:28:50 +00:00
Ben Laurie 8cd897a42c Don't send NPN during renegotiation. 2011-11-24 18:22:06 +00:00
Ben Laurie b1d7429186 Add TLS exporter. 2011-11-15 23:51:22 +00:00
Ben Laurie 060a38a2c0 Add DTLS-SRTP. 2011-11-15 23:02:16 +00:00
Ben Laurie 68b33cc5c7 Add Next Protocol Negotiation. 2011-11-13 21:55:42 +00:00
Bodo Möller 3c3f025923 Fix session handling. 2011-09-05 13:36:55 +00:00
Dr. Stephen Henson 9ddc574f9a typo 2011-06-01 11:10:50 +00:00
Dr. Stephen Henson 55a47cd30f Output supported curves in preference order instead of numerically. 2011-05-30 17:58:29 +00:00
Dr. Stephen Henson 9c34782478 Don't advertise or use MD5 for TLS v1.2 in FIPS mode 2011-05-25 15:33:29 +00:00
Dr. Stephen Henson 277f8a34f4 use TLS1_get_version macro to check version so TLS v1.2 changes don't interfere with DTLS 2011-05-25 11:43:17 +00:00
Dr. Stephen Henson 4dde470865 Add tls12_sigalgs which somehow didn't get added to the backport. 2011-05-21 17:40:23 +00:00
Dr. Stephen Henson b81fde02aa Add server client certificate support for TLS v1.2 . This is more complex 
than client side as we need to keep the handshake record cache frozen when
it contains all the records need to process the certificate verify message.
(backport from HEAD).
 2011-05-20 14:58:45 +00:00
Dr. Stephen Henson 376838a606 Process signature algorithms during TLS v1.2 client authentication. 
Make sure message is long enough for signature algorithms.

(backport from HEAD).
 2011-05-12 17:44:59 +00:00
Dr. Stephen Henson 9472baae0d Backport TLS v1.2 support from HEAD. 
This includes TLS v1.2 server and client support but at present
client certificate support is not implemented.
 2011-05-11 13:37:52 +00:00
Ben Laurie a149b2466e Add SRP. 2011-03-16 11:26:40 +00:00
Bodo Möller 8c93c4dd42 OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d) 
Submitted by: Neel Mehta, Adam Langley, Bodo Moeller
 2011-02-08 17:48:41 +00:00
Dr. Stephen Henson 6c36ca4628 PR: 2240 
Submitted by: Jack Lloyd <lloyd@randombit.net>, "Mounir IDRASSI" <mounir.idrassi@idrix.net>, steve
Reviewed by: steve

As required by RFC4492 an absent supported points format by a server is
not an error: it should be treated as equivalent to an extension only
containing uncompressed.
 2010-11-25 12:27:39 +00:00
Dr. Stephen Henson 9c61c57896 using_ecc doesn't just apply to TLSv1 2010-11-25 11:51:46 +00:00
Dr. Stephen Henson 6e21ce592e fix CVE-2010-3864 2010-11-17 17:36:29 +00:00
Dr. Stephen Henson 36778eb231 PR: 1833 
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix other cases not covered by original patch. (correct patch this time!)
 2010-08-27 12:12:07 +00:00
Dr. Stephen Henson c6dd154b3e oops, revert previous patch 2010-08-27 12:10:12 +00:00
Dr. Stephen Henson 35cae95032 PR: 1833 
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix other cases not covered by original patch.
 2010-08-27 11:57:42 +00:00
Dr. Stephen Henson b4b15f68c0 Backport TLS v1.1 support from HEAD, ssl/ changes 2010-06-27 14:22:11 +00:00
Dr. Stephen Henson e97359435e Fix warnings (From HEAD, original patch by Ben). 2010-06-15 17:25:15 +00:00
Dr. Stephen Henson 989238802a Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as 
initial connection to unpatched servers. There are no additional security
concerns in doing this as clients don't see renegotiation during an
attack anyway.
 2010-02-17 18:38:10 +00:00
Dr. Stephen Henson 73ff97ad76 Simplify RI+SCSV logic: 
1. Send SCSV is not renegotiating, never empty RI.
2. Send RI if renegotiating.
 2010-01-07 19:05:03 +00:00
Dr. Stephen Henson 54bc369ad7 Alert to use is now defined in spec: update code 2009-12-17 15:42:43 +00:00
Dr. Stephen Henson 675564835c New option to enable/disable connection to unpatched servers 2009-12-16 20:28:30 +00:00