提交 · 8f82912460c3066fc222d8e5893187df0566fc18 · OpenHarmony / Third Party Openssl

12 5月, 2011 2 次提交
- D
  Process signature algorithms during TLS v1.2 client authentication. · 8f829124
  由 Dr. Stephen Henson 提交于 5月 12, 2011
```
Make sure message is long enough for signature algorithms.
```
  8f829124
- D
  
  Reorder signature algorithms in strongest hash first order. · fc101f88
  由 Dr. Stephen Henson 提交于 5月 11, 2011
  
  fc101f88
09 5月, 2011 1 次提交

Initial TLS v1.2 client support. Include a default supported signature · a2f9200f

由 Dr. Stephen Henson 提交于 5月 09, 2011

algorithms extension (including everything we support). Swicth to new
signature format where needed and relax ECC restrictions.

Not TLS v1.2 client certifcate support yet but client will handle case
where a certificate is requested and we don't have one.

a2f9200f

06 5月, 2011 1 次提交

Continuing TLS v1.2 support: add support for server parsing of · 6b7be581

由 Dr. Stephen Henson 提交于 5月 06, 2011

signature algorithms extension and correct signature format for
server key exchange.

All ciphersuites should now work on the server but no client support and
no client certificate support yet.

6b7be581

13 3月, 2011 1 次提交
- B
  
  Add SRP support. · edc032b5
  由 Ben Laurie 提交于 3月 12, 2011
  
  edc032b5
09 2月, 2011 1 次提交
- B
  OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d) · 9770924f
  由 Bodo Möller 提交于 2月 08, 2011
```
Submitted by: Neel Mehta, Adam Langley, Bodo Moeller
```
  9770924f
25 11月, 2010 2 次提交

PR: 2240 · d0205686

由 Dr. Stephen Henson 提交于 11月 25, 2010

Submitted by: Jack Lloyd <lloyd@randombit.net>, "Mounir IDRASSI" <mounir.idrassi@idrix.net>, steve
Reviewed by: steve

As required by RFC4492 an absent supported points format by a server is
not an error: it should be treated as equivalent to an extension only
containing uncompressed.

d0205686

D

using_ecc doesn't just apply to TLSv1 · 290be870
由 Dr. Stephen Henson 提交于 11月 25, 2010

290be870

18 11月, 2010 1 次提交
- D
  Don't assume a decode error if session tlsext_ecpointformatlist is not NULL:... · 7d5686d3
  由 Dr. Stephen Henson 提交于 11月 17, 2010
```
Don't assume a decode error if session tlsext_ecpointformatlist is not NULL: it can be legitimately set elsewhere.
```
  7d5686d3
16 11月, 2010 1 次提交
- D
  
  bring HEAD up to date, add CVE-2010-3864 fix, update NEWS files · 732d31be
  由 Dr. Stephen Henson 提交于 11月 16, 2010
  
  732d31be
06 9月, 2010 1 次提交
- B
  
  Fixes to NPN from Adam Langley. · bf48836c
  由 Ben Laurie 提交于 9月 05, 2010
  
  bf48836c
27 8月, 2010 1 次提交

PR: 1833 · bdd53508

由 Dr. Stephen Henson 提交于 8月 27, 2010

Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix other cases not covered by original patch.

bdd53508

28 7月, 2010 1 次提交
- B
  
  Add Next Protocol Negotiation. · ee2ffc27
  由 Ben Laurie 提交于 7月 28, 2010
  
  ee2ffc27
12 6月, 2010 1 次提交
- B
  
  Fix warnings. · c8bbd98a
  由 Ben Laurie 提交于 6月 12, 2010
  
  c8bbd98a
18 2月, 2010 1 次提交

Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as · c2c49969

由 Dr. Stephen Henson 提交于 2月 17, 2010

initial connection to unpatched servers. There are no additional security
concerns in doing this as clients don't see renegotiation during an
attack anyway.

c2c49969

08 1月, 2010 1 次提交
- D
  Simplify RI+SCSV logic: · 423c66f1
  由 Dr. Stephen Henson 提交于 1月 07, 2010
```
1. Send SCSV is not renegotiating, never empty RI.
2. Send RI if renegotiating.
```
  423c66f1
17 12月, 2009 2 次提交
- D
  
  Alert to use is now defined in spec: update code · fbed9f81
  由 Dr. Stephen Henson 提交于 12月 17, 2009
  
  fbed9f81
- D
  
  New option to enable/disable connection to unpatched servers · ef51b4b9
  由 Dr. Stephen Henson 提交于 12月 16, 2009
  
  ef51b4b9
14 12月, 2009 1 次提交
- D
  Allow initial connection (but no renegoriation) to servers which don't support · c27c9cb4
  由 Dr. Stephen Henson 提交于 12月 14, 2009
```
RI.

Reorganise RI checking code and handle some missing cases.
```
  c27c9cb4
08 12月, 2009 2 次提交

Add support for magic cipher suite value (MCSV). Make secure renegotiation · 13f6d57b

由 Dr. Stephen Henson 提交于 12月 08, 2009

work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.

NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.

Change mismatch alerts to handshake_failure as required by spec.

Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.

13f6d57b

PR: 2121 · 8025e251

由 Dr. Stephen Henson 提交于 12月 08, 2009

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Add extension support to DTLS code mainly using existing implementation for
TLS.

8025e251

07 12月, 2009 1 次提交
- D
  
  Initial experimental TLSv1.1 support · 637f374a
  由 Dr. Stephen Henson 提交于 12月 07, 2009
  
  637f374a
18 11月, 2009 1 次提交
- D
  
  Include a more meaningful error message when rejecting legacy renegotiation · 64abf5e6
  由 Dr. Stephen Henson 提交于 11月 18, 2009
  
  64abf5e6
11 11月, 2009 1 次提交
- D
  
  add missing parts of reneg port, fix apps patch · 860c3dd1
  由 Dr. Stephen Henson 提交于 11月 11, 2009
  
  860c3dd1
08 11月, 2009 1 次提交
- D
  If it is a new session don't send the old TLS ticket: send a zero length · 7ba3838a
  由 Dr. Stephen Henson 提交于 11月 08, 2009
```
ticket to request a new session.
```
  7ba3838a
30 10月, 2009 1 次提交
- D
  
  Fix statless session resumption so it can coexist with SNI · 661dc143
  由 Dr. Stephen Henson 提交于 10月 30, 2009
  
  661dc143
05 9月, 2009 1 次提交

PR: 2028 · 07a9d1a2

由 Dr. Stephen Henson 提交于 9月 04, 2009

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix DTLS cookie management bugs.

07a9d1a2

29 4月, 2009 1 次提交
- D
  
  Update from 1.0.0-stable. · 5f8f94a6
  由 Dr. Stephen Henson 提交于 4月 28, 2009
  
  5f8f94a6
30 12月, 2008 3 次提交
- B
  
  Apparently s->ctx could be NULL. (Coverity ID 147). · 2bd45dc9
  由 Ben Laurie 提交于 12月 29, 2008
  
  2bd45dc9
- B
  Apparently s->ctx could be NULL at this point (see earlier · 121f9e74
  由 Ben Laurie 提交于 12月 29, 2008
```
test). (Coverity ID 148).
```
  121f9e74
- B
  If we're going to return errors (no matter how stupid), then we should · 0eab41fb
  由 Ben Laurie 提交于 12月 29, 2008
```
test for them!
```
  0eab41fb
14 12月, 2008 2 次提交
- B
  
  Back out pointless change. · a9dbe71e
  由 Ben Laurie 提交于 12月 13, 2008
  
  a9dbe71e
- B
  
  *** empty log message *** · ecd3370b
  由 Ben Laurie 提交于 12月 13, 2008
  
  ecd3370b
16 11月, 2008 1 次提交

PR: 1574 · 12bf56c0

由 Dr. Stephen Henson 提交于 11月 15, 2008

Submitted by: Jouni Malinen <j@w1.fi>
Approved by: steve@openssl.org

Ticket override support for EAP-FAST.

12bf56c0

04 9月, 2008 1 次提交
- D
  
  Fix from stable branch. · e8da6a1d
  由 Dr. Stephen Henson 提交于 9月 03, 2008
  
  e8da6a1d
29 5月, 2008 1 次提交

From HEAD: · 40a70628

由 Bodo Möller 提交于 5月 28, 2008

Fix double-free in TLS server name extensions which could lead to a remote
crash found by Codenomicon TLS test suite (CVE-2008-0891)

Reviewed by: openssl-security@openssl.org

Obtained from: jorton@redhat.com

40a70628

01 5月, 2008 1 次提交
- D
  
  Update from stable branch. · 8a2062fe
  由 Dr. Stephen Henson 提交于 4月 30, 2008
  
  8a2062fe
30 4月, 2008 2 次提交
- D
  
  Oops! · c78bba23
  由 Dr. Stephen Henson 提交于 4月 29, 2008
  
  c78bba23
- D
  
  Update from stable branch. · d26c905c
  由 Dr. Stephen Henson 提交于 4月 29, 2008
  
  d26c905c
25 4月, 2008 1 次提交
- D
  
  Disable debugging fprintf. · 8e3b2dbb
  由 Dr. Stephen Henson 提交于 4月 25, 2008
  
  8e3b2dbb

OpenHarmony / Third Party Openssl 大约 1 年 前同步成功

OpenHarmony / Third Party Openssl
大约 1 年前同步成功