1. 28 5月, 2015 3 次提交
  2. 23 5月, 2015 1 次提交
  3. 16 5月, 2015 4 次提交
    • M
      Updates following review comments · d45ba43d
      Matt Caswell 提交于
      Miscellaneous updates following review comments on the version negotiation
      rewrite patches.
      Reviewed-by: NKurt Roeckx <kurt@openssl.org>
      d45ba43d
    • M
      Version negotiation rewrite cleanup · a3680c8f
      Matt Caswell 提交于
      Following the version negotiation rewrite all of the previous code that was
      dedicated to version negotiation can now be deleted - all six source files
      of it!!
      Reviewed-by: NKurt Roeckx <kurt@openssl.org>
      a3680c8f
    • M
      Client side version negotiation rewrite · 13c9bb3e
      Matt Caswell 提交于
      Continuing from the previous commit this changes the way we do client side
      version negotiation. Similarly all of the s23* "up front" state machine code
      has been avoided and again things now work much the same way as they already
      did for DTLS, i.e. we just do most of the work in the
      ssl3_get_server_hello() function.
      Reviewed-by: NKurt Roeckx <kurt@openssl.org>
      13c9bb3e
    • M
      Server side version negotiation rewrite · 32ec4153
      Matt Caswell 提交于
      This commit changes the way that we do server side protocol version
      negotiation. Previously we had a whole set of code that had an "up front"
      state machine dedicated to the negotiating the protocol version. This adds
      significant complexity to the state machine. Historically the justification
      for doing this was the support of SSLv2 which works quite differently to
      SSLv3+. However, we have now removed support for SSLv2 so there is little
      reason to maintain this complexity.
      
      The one slight difficulty is that, although we no longer support SSLv2, we
      do still support an SSLv3+ ClientHello in an SSLv2 backward compatible
      ClientHello format. This is generally only used by legacy clients. This
      commit adds support within the SSLv3 code for these legacy format
      ClientHellos.
      
      Server side version negotiation now works in much the same was as DTLS,
      i.e. we introduce the concept of TLS_ANY_VERSION. If s->version is set to
      that then when a ClientHello is received it will work out the most
      appropriate version to respond with. Also, SSLv23_method and
      SSLv23_server_method have been replaced with TLS_method and
      TLS_server_method respectively. The old SSLv23* names still exist as
      macros pointing at the new name, although they are deprecated.
      
      Subsequent commits will look at client side version negotiation, as well of
      removal of the old s23* code.
      Reviewed-by: NKurt Roeckx <kurt@openssl.org>
      32ec4153
  4. 13 5月, 2015 1 次提交
  5. 12 5月, 2015 1 次提交
    • R
      Make COMP_CTX and COMP_METHOD opaque · 9a555706
      Rich Salz 提交于
      Since COMP_METHOD is now defined in comp_lcl.h, it is no
      longer possible to create new TLS compression methods without
      using the OpenSSL source.  Only ZLIB is supported by default.
      Also, since the types are opaque, #ifdef guards to use "char *"
      instead of the real type aren't necessary.
      
      The changes are actually minor.  Adding missing copyright to some
      files makes the diff misleadingly big.
      Reviewed-by: NMatt Caswell <matt@openssl.org>
      9a555706
  6. 09 5月, 2015 1 次提交
  7. 06 5月, 2015 2 次提交
  8. 22 4月, 2015 2 次提交
    • D
      SSL_CIPHER lookup functions. · 98c9ce2f
      Dr. Stephen Henson 提交于
      Add tables to convert between SSL_CIPHER fields and indices for ciphers
      and MACs.
      
      Reorganise ssl_ciph.c to use tables to lookup values and load them.
      
      New functions SSL_CIPHER_get_cipher_nid and SSL_CIPHER_get_digest_nid.
      
      Add documentation.
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      98c9ce2f
    • E
      Repair EAP-FAST session resumption · 6e3d0153
      Emilia Kasper 提交于
      EAP-FAST session resumption relies on handshake message lookahead
      to determine server intentions. Commits
      980bc1ec
      and
      7b3ba508
      removed the lookahead so broke session resumption.
      
      This change partially reverts the commits and brings the lookahead back
      in reduced capacity for TLS + EAP-FAST only. Since EAP-FAST does not
      support regular session tickets, the lookahead now only checks for a
      Finished message.
      
      Regular handshakes are unaffected by this change.
      Reviewed-by: NDavid Benjamin <davidben@chromium.org>
      Reviewed-by: NMatt Caswell <matt@openssl.org>
      6e3d0153
  9. 16 4月, 2015 1 次提交
  10. 01 4月, 2015 1 次提交
  11. 26 3月, 2015 2 次提交
  12. 25 3月, 2015 2 次提交
  13. 24 3月, 2015 1 次提交
  14. 23 3月, 2015 3 次提交
  15. 11 3月, 2015 1 次提交
  16. 27 2月, 2015 1 次提交
  17. 11 2月, 2015 2 次提交
  18. 07 2月, 2015 1 次提交
  19. 06 2月, 2015 1 次提交
  20. 03 2月, 2015 1 次提交
  21. 01 2月, 2015 1 次提交
  22. 29 1月, 2015 1 次提交
  23. 28 1月, 2015 3 次提交
  24. 27 1月, 2015 1 次提交
    • R
      OPENSSL_NO_xxx cleanup: many removals · a00ae6c4
      Rich Salz 提交于
      The following compile options (#ifdef's) are removed:
          OPENSSL_NO_BIO OPENSSL_NO_BUFFER OPENSSL_NO_CHAIN_VERIFY
          OPENSSL_NO_EVP OPENSSL_NO_FIPS_ERR OPENSSL_NO_HASH_COMP
          OPENSSL_NO_LHASH OPENSSL_NO_OBJECT OPENSSL_NO_SPEED OPENSSL_NO_STACK
          OPENSSL_NO_X509 OPENSSL_NO_X509_VERIFY
      
      This diff is big because of updating the indents on preprocessor lines.
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      a00ae6c4
  25. 22 1月, 2015 2 次提交