- 02 8月, 2002 1 次提交
-
-
由 Bodo Möller 提交于
-
- 30 7月, 2002 2 次提交
-
-
由 Lutz Jänicke 提交于
Submitted by: Jeffrey Altman <jaltman@columbia.edu> Reviewed by: PR: 169
-
由 Lutz Jänicke 提交于
Changes marked "(CHATS)" were sponsored by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F30602-01-2-0537.
-
- 10 7月, 2002 1 次提交
-
-
由 Lutz Jänicke 提交于
des_old.h redefines crypt: #define crypt(b,s)\ DES_crypt((b),(s)) This scheme leads to failure, if header files with the OS's true definition of crypt() are processed _after_ des_old.h was processed. This is e.g. the case on HP-UX with unistd.h. As evp.h now again includes des.h (which includes des_old.h), this problem only came up after this modification. Solution: move header files (indirectly) including e_os.h before the header files (indirectly) including evp.h. Submitted by: Reviewed by: PR:
-
- 14 4月, 2002 1 次提交
-
-
由 Bodo Möller 提交于
Fix length checks in ssl3_get_client_hello(). Use s->s3->in_read_app_data differently to fix ssl3_read_internal().
-
- 15 3月, 2002 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Initialize cipher context in KRB5 ("D. Russell" <russelld@aol.net>) Allow HMAC functions to use an alternative ENGINE.
-
- 13 3月, 2002 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Fix Kerberos warnings with VC++.
-
- 12 3月, 2002 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Fix various warnings when compiling with KRB5 code.
-
- 15 1月, 2002 1 次提交
-
-
由 Bodo Möller 提交于
to indicate that a real handshake is taking place (the value will be lost during multiple invocations). Set s->new_session to 2 instead.
-
- 12 1月, 2002 1 次提交
-
-
由 Ben Laurie 提交于
-
- 25 10月, 2001 2 次提交
-
-
由 Bodo Möller 提交于
change)
-
由 Bodo Möller 提交于
never resets s->method to s->ctx->method when called from within one of the SSL handshake functions.
-
- 21 10月, 2001 1 次提交
-
-
由 Bodo Möller 提交于
New macros SSL[_CTX]_set_msg_callback_arg(). Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet). New '-msg' option for 'openssl s_client' and 'openssl s_server' that enable a message callback that displays all protocol messages. In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if client_version is smaller than the protocol version in use. Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the client will at least see that alert. Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic pointer). Add/update some OpenSSL copyright notices.
-
- 18 10月, 2001 2 次提交
-
-
由 Richard Levitte 提交于
-
由 Richard Levitte 提交于
it to NULL.
-
- 17 10月, 2001 1 次提交
-
-
由 Dr. Stephen Henson 提交于
to digests to retain compatibility.
-
- 16 10月, 2001 3 次提交
-
-
由 Dr. Stephen Henson 提交于
Retain compatibility of EVP_DigestInit() and EVP_DigestFinal() with existing code. Modify library to use digest *_ex() functions.
-
由 Bodo Möller 提交于
'Handshake' protocol structures are kept in memory, including 'msg_type' and 'length'. (This is in preparation of future support for callbacks that get to peek at handshake messages and the like.)
-
由 Bodo Möller 提交于
case of ssl3_accept
-
- 10 10月, 2001 1 次提交
-
-
由 Richard Levitte 提交于
depend on the environment, like the presence of the OpenBSD crypto device or of Kerberos, do not change the dependencies within OpenSSL.
-
- 21 9月, 2001 4 次提交
-
-
由 Bodo Möller 提交于
just sent a HelloRequest.
-
由 Bodo Möller 提交于
-
由 Bodo Möller 提交于
New option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.
-
由 Bodo Möller 提交于
-
- 14 9月, 2001 1 次提交
-
-
由 Bodo Möller 提交于
-
- 11 9月, 2001 1 次提交
-
-
由 Lutz Jänicke 提交于
settable (proposed by "Douglas E. Engert" <deengert@anl.gov>).
-
- 03 9月, 2001 1 次提交
-
-
由 Bodo Möller 提交于
[DR]SA_up => [DR]SA_up_ref
-
- 26 8月, 2001 1 次提交
-
-
由 Geoff Thorpe 提交于
counts in DH, DSA, and RSA structures. Instead they use the new "***_up()" functions that handle this.
-
- 25 8月, 2001 1 次提交
-
-
由 Lutz Jänicke 提交于
-
- 31 7月, 2001 2 次提交
-
-
由 Richard Levitte 提交于
His comments are: First, it corrects a problem introduced in the last patch where the kssl_map_enc() would intentionally return NULL for valid ENCTYPE values. This was done to prevent verification of the kerberos 5 authenticator from being performed when Derived Key ciphers were in use. Unfortunately, the authenticator verification routine was not the only place that function was used. And it caused core dumps. Second, it attempt to add to SSL_SESSION the Kerberos 5 Client Principal Name.
-
由 Ben Laurie 提交于
-
- 25 7月, 2001 1 次提交
-
-
由 Bodo Möller 提交于
-
- 21 7月, 2001 1 次提交
-
-
由 Richard Levitte 提交于
His comments are: This patch fixes the problem of modern Kerberos using "derived keys" to encrypt the authenticator by disabling the authenticator check for all derived keys enctypes. I think I've got all the bugfixes that Jeffrey and I discussed rolled into this. There were some problems with Jeffrey's code to convert the authenticator's Kerberos timestring into struct tm (e.g. Z, -1900; it helps to have an actual decryptable authenticator to play with). So I've shamelessly pushed in my code, while stealing some bits from Jeffrey.
-
- 13 7月, 2001 1 次提交
-
-
由 Richard Levitte 提交于
Submitted by Jeffrey Altman <jaltman@columbia.edu>
-
- 12 7月, 2001 1 次提交
-
-
由 Richard Levitte 提交于
-
- 10 7月, 2001 1 次提交
-
-
由 Richard Levitte 提交于
SSL according to RFC 2712. His comment is: This is a patch to openssl-SNAP-20010702 to support Kerberized SSL authentication. I'm expecting to have the full kssl-0.5 kit up on sourceforge by the end of the week. The full kit includes patches for mod-ssl, apache, and a few text clients. The sourceforge URL is http://sourceforge.net/projects/kssl/ . Thanks to a note from Simon Wilkinson I've replaced my KRB5 AP_REQ message with a real KerberosWrapper struct. I think this is fully RFC 2712 compliant now, including support for the optional authenticator field. I also added openssl-style ASN.1 macros for a few Kerberos structs; see crypto/krb5/ if you're interested.
-
- 20 6月, 2001 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Change all calls to low level digest routines in the library and applications to use EVP. Add missing calls to HMAC_cleanup() and don't assume HMAC_CTX can be copied using memcpy(). Note: this is almost identical to the patch submitted to openssl-dev by Verdon Walker <VWalker@novell.com> except some redundant EVP_add_digest_()/EVP_cleanup() calls were removed and some changes made to avoid compiler warnings.
-
- 01 6月, 2001 1 次提交
-
-
由 Bodo Möller 提交于
(The attack against SSL 3.1 and TLS 1.0 is impractical anyway, otherwise this would be a security relevant patch.)
-
- 07 3月, 2001 1 次提交
-
-
由 Bodo Möller 提交于
-
- 20 2月, 2001 1 次提交
-
-
由 Richard Levitte 提交于
missed any. This compiles and runs on Linux, and external applications have no problems with it. The definite test will be to build this on VMS.
-