提交 · c1847111248cc71091e169311e0f8ba4b9acf8f3 · btwise / openssl

30 4月, 2011 2 次提交

Initial incomplete TLS v1.2 support. New ciphersuites added, new version · 7409d7ad

由 Dr. Stephen Henson 提交于 4月 29, 2011

checking added, SHA256 PRF support added.

At present only RSA key exchange ciphersuites work with TLS v1.2 as the
new signature format is not yet implemented.

7409d7ad

Initial "opaque SSL" framework. If an application defines · 08557cf2

由 Dr. Stephen Henson 提交于 4月 29, 2011

OPENSSL_NO_SSL_INTERN all ssl related structures are opaque
and internals cannot be directly accessed. Many applications
will need some modification to support this and most likely some
additional functions added to OpenSSL.

The advantage of this option is that any application supporting
it will still be binary compatible if SSL structures change.

08557cf2

13 3月, 2011 1 次提交
- B
  
  Add SRP support. · edc032b5
  由 Ben Laurie 提交于 3月 12, 2011
  
  edc032b5
17 2月, 2011 1 次提交
- D
  Include openssl/crypto.h first in several other files so FIPS renaming · a3654f05
  由 Dr. Stephen Henson 提交于 2月 16, 2011
```
is picked up.
```
  a3654f05
19 11月, 2010 1 次提交
- D
  
  remove duplicate statement · b71f815f
  由 Dr. Stephen Henson 提交于 11月 18, 2010
  
  b71f815f
18 11月, 2010 1 次提交
- D
  
  oops, reinstate TLSv1 string · ac7797a7
  由 Dr. Stephen Henson 提交于 11月 17, 2010
  
  ac7797a7
06 9月, 2010 1 次提交
- B
  
  Fixes to NPN from Adam Langley. · bf48836c
  由 Ben Laurie 提交于 9月 05, 2010
  
  bf48836c
27 8月, 2010 1 次提交

PR: 1833 · bdd53508

由 Dr. Stephen Henson 提交于 8月 27, 2010

Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix other cases not covered by original patch.

bdd53508

26 8月, 2010 2 次提交

For better forward-security support, add functions · 7c2d4fee

由 Bodo Möller 提交于 8月 26, 2010

SSL_[CTX_]set_not_resumable_session_callback.

Submitted by: Emilia Kasper (Google)

[A part of this change affecting ssl/s3_lib.c was accidentally commited
separately, together with a compilation fix for that file;
see s3_lib.c CVS revision 1.133 (http://cvs.openssl.org/chngview?cn=19855).]

7c2d4fee

PR: 1833 · 44959ee4

由 Dr. Stephen Henson 提交于 8月 26, 2010

Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Support for abbreviated handshakes when renegotiating.

44959ee4

28 7月, 2010 1 次提交
- B
  
  Add Next Protocol Negotiation. · ee2ffc27
  由 Ben Laurie 提交于 7月 28, 2010
  
  ee2ffc27
12 6月, 2010 1 次提交
- B
  
  Fix warnings. · c8bbd98a
  由 Ben Laurie 提交于 6月 12, 2010
  
  c8bbd98a
18 2月, 2010 1 次提交
- D
  
  OR default SSL_OP_LEGACY_SERVER_CONNECT so existing options are preserved · 75121411
  由 Dr. Stephen Henson 提交于 2月 17, 2010
  
  75121411
08 1月, 2010 1 次提交
- D
  Simplify RI+SCSV logic: · 423c66f1
  由 Dr. Stephen Henson 提交于 1月 07, 2010
```
1. Send SCSV is not renegotiating, never empty RI.
2. Send RI if renegotiating.
```
  423c66f1
07 1月, 2010 1 次提交
- D
  Updates to conform with draft-ietf-tls-renegotiation-03.txt: · 76998a71
  由 Dr. Stephen Henson 提交于 1月 06, 2010
```
1. Add provisional SCSV value.
2. Don't send SCSV and RI at same time.
3. Fatal error is SCSV received when renegotiating.
```
  76998a71
28 12月, 2009 2 次提交
- D
  
  Typo · 73527122
  由 Dr. Stephen Henson 提交于 12月 27, 2009
  
  73527122
- D
  Update RI to match latest spec. · d6801576
  由 Dr. Stephen Henson 提交于 12月 27, 2009
```
MCSV is now called SCSV.

Don't send SCSV if renegotiating.

Also note if RI is empty in debug messages.
```
  d6801576
17 12月, 2009 1 次提交
- D
  
  New option to enable/disable connection to unpatched servers · ef51b4b9
  由 Dr. Stephen Henson 提交于 12月 16, 2009
  
  ef51b4b9
09 12月, 2009 2 次提交
- D
  
  Check s3 is not NULL · a8640f0a
  由 Dr. Stephen Henson 提交于 12月 09, 2009
  
  a8640f0a
- D
  Add ctrls to clear options and mode. · 7661ccad
  由 Dr. Stephen Henson 提交于 12月 09, 2009
```
Change RI ctrl so it doesn't clash.
```
  7661ccad
08 12月, 2009 2 次提交

D

Add ctrl and macro so we can determine if peer support secure renegotiation. · 5430200b
由 Dr. Stephen Henson 提交于 12月 08, 2009

5430200b

Add support for magic cipher suite value (MCSV). Make secure renegotiation · 13f6d57b

由 Dr. Stephen Henson 提交于 12月 08, 2009

work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.

NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.

Change mismatch alerts to handshake_failure as required by spec.

Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.

13f6d57b

07 12月, 2009 1 次提交
- D
  
  Initial experimental TLSv1.1 support · 637f374a
  由 Dr. Stephen Henson 提交于 12月 07, 2009
  
  637f374a
02 12月, 2009 2 次提交
- D
  
  Ooops... · 7f354fa4
  由 Dr. Stephen Henson 提交于 12月 01, 2009
  
  7f354fa4
- D
  
  check DSA_sign() return value properly · 6732e142
  由 Dr. Stephen Henson 提交于 12月 01, 2009
  
  6732e142
16 10月, 2009 1 次提交

PR: 2073 · 7c3908dd

由 Dr. Stephen Henson 提交于 10月 16, 2009

Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org

Don't access freed SSL_CTX in SSL_free().

7c3908dd

30 6月, 2009 1 次提交
- D
  
  Update from 1.0.0-stable. · ccf11751
  由 Dr. Stephen Henson 提交于 6月 30, 2009
  
  ccf11751
16 5月, 2009 1 次提交
- D
  
  Update from 1.0.0-stable. · 48fd490c
  由 Dr. Stephen Henson 提交于 5月 16, 2009
  
  48fd490c
14 5月, 2009 1 次提交
- D
  
  Update from stable branch. · 6f71e5ee
  由 Dr. Stephen Henson 提交于 5月 13, 2009
  
  6f71e5ee
29 4月, 2009 1 次提交
- D
  
  Updates from 1.0.0 stable branch. · b3f6fe91
  由 Dr. Stephen Henson 提交于 4月 29, 2009
  
  b3f6fe91
24 4月, 2009 1 次提交
- D
  
  Merge from 1.0.0-stable branch. · ef236ec3
  由 Dr. Stephen Henson 提交于 4月 23, 2009
  
  ef236ec3
20 4月, 2009 1 次提交
- D
  
  Updates from 1.0.0-stable branch. · 8711efb4
  由 Dr. Stephen Henson 提交于 4月 20, 2009
  
  8711efb4
05 4月, 2009 1 次提交
- D
  
  Updates from 1.0.0-stable · 06ddf8eb
  由 Dr. Stephen Henson 提交于 4月 04, 2009
  
  06ddf8eb
24 2月, 2009 1 次提交
- B
  
  Fix memory leak. · 7587347b
  由 Ben Laurie 提交于 2月 23, 2009
  
  7587347b
12 11月, 2008 1 次提交

Revert the size_t modifications from HEAD that had led to more · 6343829a

由 Geoff Thorpe 提交于 11月 12, 2008

knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.

6343829a

02 11月, 2008 1 次提交
- D
  Fix warnings about mismatched prototypes, undefined size_t and value computed · c76fd290
  由 Dr. Stephen Henson 提交于 11月 02, 2008
```
not used.
```
  c76fd290
12 10月, 2008 1 次提交
- B
  
  Type-checked (and modern C compliant) OBJ_bsearch. · babb3798
  由 Ben Laurie 提交于 10月 12, 2008
  
  babb3798
05 8月, 2008 1 次提交

Fix error codes for memory-saving patch. · 474b3b1c

由 Bodo Möller 提交于 8月 04, 2008

Also, get rid of compile-time switch OPENSSL_NO_RELEASE_BUFFERS
because it was rather pointless (the new behavior has to be explicitly
requested by setting SSL_MODE_RELEASE_BUFFERS anyway).

474b3b1c

05 6月, 2008 2 次提交
- D
  
  Update from stable branch. · 7555c933
  由 Dr. Stephen Henson 提交于 6月 05, 2008
  
  7555c933
- D
  
  Remove test fprintf. · 0b44c26d
  由 Dr. Stephen Henson 提交于 6月 04, 2008
  
  0b44c26d