- 13 4月, 2017 2 次提交
-
-
由 Richard Levitte 提交于
Fixes #3191 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3199)
-
由 Rob Percival 提交于
This resulted in the SCT timestamp check always failing, because the timestamp appeared to be in the future. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3138)
-
- 12 4月, 2017 1 次提交
-
-
由 Todd Short 提交于
SSLv3 does not support TLS extensions, and thus, cannot provide any curves for ECDH(E). With the removal of the default (all) list of curves being used for connections that didn't provide any curves, ECDHE is no longer possible. Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3181)
-
- 11 4月, 2017 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3124)
-
- 10 4月, 2017 2 次提交
-
-
由 Benjamin Kaduk 提交于
RFC 7301 mandates that the server SHALL respond with a fatal "no_application_protocol" alert when there is no overlap between the client's supplied list and the server's list of supported protocols. In commit 06217867 we changed from ignoring non-success returns from the supplied alpn_select_cb() to treating such non-success returns as indicative of non-overlap and sending the fatal alert. In effect, this is using the presence of an alpn_select_cb() as a proxy to attempt to determine whether the application has configured a list of supported protocols. However, there may be cases in which an application's architecture leads it to supply an alpn_select_cb() but have that callback be configured to take no action on connections that do not have ALPN configured; returning SSL_TLSEXT_ERR_NOACK from the callback would be the natural way to do so. Unfortunately, the aforementioned behavior change also treated SSL_TLSEXT_ERR_NOACK as indicative of no overlap and terminated the connection; this change supplies special handling for SSL_TLSEXT_ERR_NOACK returns from the callback. In effect, it provides a way for a callback to obtain the behavior that would have occurred if no callback was registered at all, which was not possible prior to this change. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2570)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3126)
-
- 07 4月, 2017 7 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3139)
-
由 Matt Caswell 提交于
We need it for the custom extensions API Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3139)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3139)
-
由 Matt Caswell 提交于
Style updates for the new custom extensions API Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3139)
-
由 Matt Caswell 提交于
The old custom extensions API was not TLSv1.3 aware. Extensions are used extensively in TLSv1.3 and they can appear in many different types of messages. Therefore we need a new API to be able to cope with that. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3139)
-
由 Matt Caswell 提交于
This move prepares for the later addition of the new custom extensions API. The context codes have an additional "SSL_" added to their name to ensure we don't have name clashes with other applications. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3139)
-
由 Matt Caswell 提交于
Brings all the extensions code together. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3139)
-
- 04 4月, 2017 9 次提交
-
-
由 Richard Levitte 提交于
This increases portability of SSL_SESSION files between architectures where the size of |long| may vary. Before this, SSL_SESSION files produced on a 64-bit long architecture may break on a 32-bit long architecture. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3088)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3015)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3015)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3015)
-
由 Dr. Stephen Henson 提交于
Add functions to add/retrieve the certificate_authorities. The older client_CA functions mainly just call the new versions now. Rename fields sice new extension can be generated by client and server. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3015)
-
由 Matt Caswell 提交于
The macro SSL_get_server_tmp_key() returns information about the temp key used by the server during a handshake. This was returning NULL for TLSv1.3 and causing s_client to omit this information in its connection summary. Fixes #3081 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3114)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3091)
-
由 Tatsuhiro Tsujikawa 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3091)
-
由 Matt Caswell 提交于
If we have received the EoED message but not yet had the CF then we are "in init". Despite that we still want to write application data, so suppress the "in init" check in ssl3_write_bytes() in that scenario. Fixes #3041 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3091)
-
- 03 4月, 2017 1 次提交
-
-
由 Kazuki Yamaguchi 提交于
SSL_get_max_early_data() recently added by 3fc8d856 ("Construct the ticket_early_data_info extension", 2017-02-17) is supposed to take an SSL, but it doesn't. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3113)
-
- 31 3月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
Numerous changes have been made to the supported built-in extensions and SSL_extension_supported() has not kept up. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3097)
-
- 30 3月, 2017 2 次提交
-
-
由 Matt Caswell 提交于
If the server received EoED then SSL_read_early_data() will return SSL_READ_EARLY_DATA_FINISH. However if the CF has not yet been processed then SSL_is_init_finished() will still return 0. Therefore we should still be able to write early data. Fixes #3041 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3089)
-
由 Matt Caswell 提交于
If read_ahead is set, or SSL_MODE_AUTO_RETRY is used then if SSL_read_early_data() hits an EndOfEarlyData message then it will immediately retry automatically, but this time read normal data instead of early data! Fixes #3041 Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3077)
-
- 29 3月, 2017 4 次提交
-
-
由 Qin Long 提交于
Variable 'pktype' was set but not used under OPENSSL_NO_GOST. This change will fix the build warning under [-Werror=unused-but-set-variable]. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2961)
-
由 Benjamin Kaduk 提交于
A similar change that probably should have been wrapped into commit e0926ef4. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3010)
-
由 FdaSilvaYY 提交于
Fix some comments too [skip ci] Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3069)
-
由 FdaSilvaYY 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3066)
-
- 24 3月, 2017 3 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3022)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3022)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3022)
-
- 21 3月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
Commit 6b1bb98f moved the processing of ClientHello extensions into the state machine post-processing stage. After processing s->init_num is reset to 0, so by post-processing we cannot rely on its value. Unfortunately we were using it to handle the PSK extension. This causes the handshake to fail. We were using init_num to figure out the length of ClientHello2 so we can remove it from the handshake_buffer. The handshake_buffer holds the transcript of all the messages sent so far. For PSK processing though we only want to add in a partial ClientHello2. This commit changes things so we just work out where ClientHello2 starts, working forward from the beginning of handshake_buffer. Fixes #2983 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2996)
-
- 20 3月, 2017 1 次提交
-
-
由 Joseph Birr-Pixton 提交于
This label for this derivation was incorrectly "derived" or "der" depending on the pointer size of the build(!). The correct string is "derived secret". (cherry picked from commit 936dcf272033c1bf59a5e859ec63e2557194f191) Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2989)
-
- 18 3月, 2017 4 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2918)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2918)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2918)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2918)
-
- 17 3月, 2017 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2969)
-