提交 · 76998a71bc3ce86d1af2bddd26c8d7f2040088df · btwise / openssl

07 1月, 2010 2 次提交
- D
  Updates to conform with draft-ietf-tls-renegotiation-03.txt: · 76998a71
  由 Dr. Stephen Henson 提交于 1月 06, 2010
```
1. Add provisional SCSV value.
2. Don't send SCSV and RI at same time.
3. Fatal error is SCSV received when renegotiating.
```
  76998a71
- D
  
  Missing commit from change ofr compress_meth to unsigned · dd792d62
  由 Dr. Stephen Henson 提交于 1月 06, 2010
  
  dd792d62
06 1月, 2010 1 次提交
- D
  
  compress_meth should be unsigned · 82a107ea
  由 Dr. Stephen Henson 提交于 1月 06, 2010
  
  82a107ea
01 1月, 2010 1 次提交

Client side compression algorithm sanity checks: ensure old compression · 2be3d6eb

由 Dr. Stephen Henson 提交于 1月 01, 2010

algorithm matches current and give error if compression is disabled and
server requests it (shouldn't happen unless server is broken).

2be3d6eb

31 12月, 2009 1 次提交
- D
  Compression handling on session resume was badly broken: it always · e6f418bc
  由 Dr. Stephen Henson 提交于 12月 31, 2009
```
used compression algorithms in client hello (a legacy from when
the compression algorithm wasn't serialized with SSL_SESSION).
```
  e6f418bc
28 12月, 2009 3 次提交
- D
  
  return v1.1 methods for client/server · 76774c5e
  由 Dr. Stephen Henson 提交于 12月 28, 2009
  
  76774c5e
- D
  
  Typo · 73527122
  由 Dr. Stephen Henson 提交于 12月 27, 2009
  
  73527122
- D
  Update RI to match latest spec. · d6801576
  由 Dr. Stephen Henson 提交于 12月 27, 2009
```
MCSV is now called SCSV.

Don't send SCSV if renegotiating.

Also note if RI is empty in debug messages.
```
  d6801576
17 12月, 2009 2 次提交
- D
  
  Alert to use is now defined in spec: update code · fbed9f81
  由 Dr. Stephen Henson 提交于 12月 17, 2009
  
  fbed9f81
- D
  
  New option to enable/disable connection to unpatched servers · ef51b4b9
  由 Dr. Stephen Henson 提交于 12月 16, 2009
  
  ef51b4b9
14 12月, 2009 1 次提交
- D
  Allow initial connection (but no renegoriation) to servers which don't support · c27c9cb4
  由 Dr. Stephen Henson 提交于 12月 14, 2009
```
RI.

Reorganise RI checking code and handle some missing cases.
```
  c27c9cb4
11 12月, 2009 1 次提交
- D
  
  Move SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION out of SSL_OP_ALL and move SSL_OP_NO_TLSv1_1 · 22c21555
  由 Dr. Stephen Henson 提交于 12月 11, 2009
  
  22c21555
09 12月, 2009 4 次提交
- D
  
  Check s3 is not NULL · a8640f0a
  由 Dr. Stephen Henson 提交于 12月 09, 2009
  
  a8640f0a
- D
  
  Add patch to crypto/evp which didn't apply from PR#2124 · 338a61b9
  由 Dr. Stephen Henson 提交于 12月 09, 2009
  
  338a61b9
- D
  Add ctrls to clear options and mode. · 7661ccad
  由 Dr. Stephen Henson 提交于 12月 09, 2009
```
Change RI ctrl so it doesn't clash.
```
  7661ccad
- D
  
  Send no_renegotiation alert as required by spec. · 82e610e2
  由 Dr. Stephen Henson 提交于 12月 08, 2009
  
  82e610e2
08 12月, 2009 3 次提交

D

Add ctrl and macro so we can determine if peer support secure renegotiation. · 5430200b
由 Dr. Stephen Henson 提交于 12月 08, 2009

5430200b

Add support for magic cipher suite value (MCSV). Make secure renegotiation · 13f6d57b

由 Dr. Stephen Henson 提交于 12月 08, 2009

work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.

NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.

Change mismatch alerts to handshake_failure as required by spec.

Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.

13f6d57b

PR: 2121 · 8025e251

由 Dr. Stephen Henson 提交于 12月 08, 2009

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Add extension support to DTLS code mainly using existing implementation for
TLS.

8025e251

07 12月, 2009 1 次提交
- D
  
  Initial experimental TLSv1.1 support · 637f374a
  由 Dr. Stephen Henson 提交于 12月 07, 2009
  
  637f374a
02 12月, 2009 3 次提交
- D
  
  Ooops... · 7f354fa4
  由 Dr. Stephen Henson 提交于 12月 01, 2009
  
  7f354fa4
- D
  
  check DSA_sign() return value properly · 6732e142
  由 Dr. Stephen Henson 提交于 12月 01, 2009
  
  6732e142
- D
  PR: 2115 · 49968440
  由 Dr. Stephen Henson 提交于 12月 01, 2009
```
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Add Renegotiation extension to DTLS, fix DTLS ClientHello processing bug.
```
  49968440
18 11月, 2009 3 次提交
- D
  
  Servers can't end up talking SSLv2 with legacy renegotiation disabled · 6cef3a7f
  由 Dr. Stephen Henson 提交于 11月 18, 2009
  
  6cef3a7f
- D
  
  Don't use SSLv2 compatible client hello if we don't tolerate legacy renegotiation · 4d09323a
  由 Dr. Stephen Henson 提交于 11月 18, 2009
  
  4d09323a
- D
  
  Include a more meaningful error message when rejecting legacy renegotiation · 64abf5e6
  由 Dr. Stephen Henson 提交于 11月 18, 2009
  
  64abf5e6
13 11月, 2009 1 次提交
- R
  
  Update from 1.0.0-stable · 0a02d1db
  由 Richard Levitte 提交于 11月 12, 2009
  
  0a02d1db
11 11月, 2009 1 次提交
- D
  
  add missing parts of reneg port, fix apps patch · 860c3dd1
  由 Dr. Stephen Henson 提交于 11月 11, 2009
  
  860c3dd1
10 11月, 2009 1 次提交
- D
  
  First cut of renegotiation extension. (port to HEAD) · e0e79972
  由 Dr. Stephen Henson 提交于 11月 09, 2009
  
  e0e79972
08 11月, 2009 2 次提交
- D
  If it is a new session don't send the old TLS ticket: send a zero length · 7ba3838a
  由 Dr. Stephen Henson 提交于 11月 08, 2009
```
ticket to request a new session.
```
  7ba3838a
- D
  
  Ooops, revert committed conflict. · 43982224
  由 Dr. Stephen Henson 提交于 11月 07, 2009
  
  43982224
02 11月, 2009 1 次提交

PR: 2089 · 71af26b5

由 Dr. Stephen Henson 提交于 11月 02, 2009

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS Fragment size bug fix.

71af26b5

30 10月, 2009 2 次提交
- D
  Generate stateless session ID just after the ticket is received instead · 4b4ba6a8
  由 Dr. Stephen Henson 提交于 10月 30, 2009
```
of when a session is loaded. This will mean that applications that
just hold onto SSL_SESSION structures and never call d2i_SSL_SESSION()
will still work.
```
  4b4ba6a8
- D
  
  Fix statless session resumption so it can coexist with SNI · 661dc143
  由 Dr. Stephen Henson 提交于 10月 30, 2009
  
  661dc143
29 10月, 2009 3 次提交
- D
  Don't attempt session resumption if no ticket is present and session · 213f08a6
  由 Dr. Stephen Henson 提交于 10月 28, 2009
```
ID length is zero.
```
  213f08a6
- D
  
  oops! · 3e24d439
  由 Dr. Stephen Henson 提交于 10月 28, 2009
  
  3e24d439
- D
  PR: 2085 · b57329ba
  由 Dr. Stephen Henson 提交于 10月 28, 2009
```
Submitted by: Mike Frysinger <vapier@gentoo.org>
Approved by: steve@openssl.org

Change domd test to match 1.0.0+ version: check $MAKEDEPEND
ends in "gcc" to support cross compilers.
```
  b57329ba
16 10月, 2009 2 次提交

PR: 2072 · c6bec6ef

由 Dr. Stephen Henson 提交于 10月 16, 2009

Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org

Avoid potential doublefree and reuse of freed handshake_buffer.

c6bec6ef

PR: 2073 · 7c3908dd

由 Dr. Stephen Henson 提交于 10月 16, 2009

Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org

Don't access freed SSL_CTX in SSL_free().

7c3908dd

05 10月, 2009 1 次提交
- D
  
  Fix unitialized warnings · 04f9095d
  由 Dr. Stephen Henson 提交于 10月 04, 2009
  
  04f9095d