- 25 10月, 2001 1 次提交
-
-
由 Bodo Möller 提交于
never resets s->method to s->ctx->method when called from within one of the SSL handshake functions.
-
- 21 10月, 2001 1 次提交
-
-
由 Bodo Möller 提交于
New macros SSL[_CTX]_set_msg_callback_arg(). Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet). New '-msg' option for 'openssl s_client' and 'openssl s_server' that enable a message callback that displays all protocol messages. In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if client_version is smaller than the protocol version in use. Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the client will at least see that alert. Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic pointer). Add/update some OpenSSL copyright notices.
-
- 18 10月, 2001 1 次提交
-
-
由 Bodo Möller 提交于
variable name occured just in a function *prototype* -- so rename it
-
- 16 10月, 2001 1 次提交
-
-
由 Bodo Möller 提交于
Both have per-SSL_CTX defaults. These new values can be set by calling SSL[_CTX]_[callback_]ctrl with codes SSL_CTRL_SET_MSG_CALLBACK and SSL_CTRL_SET_MSG_CALLBACK_ARG. So far, the callback is never actually called. Also rearrange some SSL_CTX struct members (some exist just in SSL_CTXs, others are defaults for SSLs and are either copied during SSL_new, or used if the value in the SSL is not set; these three classes of members were not in a logical order), and add some missing assignments to SSL_dup.
-
- 21 9月, 2001 1 次提交
-
-
由 Bodo Möller 提交于
New option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.
-
- 11 9月, 2001 1 次提交
-
-
由 Lutz Jänicke 提交于
settable (proposed by "Douglas E. Engert" <deengert@anl.gov>).
-
- 02 9月, 2001 1 次提交
-
-
由 Geoff Thorpe 提交于
See the commit log message for that for more information. NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented (initialisation by "memset" won't/can't/doesn't work). This fixes that but requires that X509_STORE_CTX_init() be able to handle errors - so its prototype has been changed to return 'int' rather than 'void'. All uses of that function throughout the source code have been tracked down and adjusted.
-
- 13 8月, 2001 1 次提交
-
-
由 Geoff Thorpe 提交于
setting stack (actually, array) values in ex_data. So only increment the global counters if the underlying CRYPTO_get_ex_new_index() call succeeds. This change doesn't make "ex_data" right (see the comment at the head of ex_data.c to know why), but at least makes the source code marginally less frustrating.
-
- 30 7月, 2001 1 次提交
-
-
由 Lutz Jänicke 提交于
-
- 16 7月, 2001 2 次提交
-
-
由 Richard Levitte 提交于
-
由 Richard Levitte 提交于
-
- 12 7月, 2001 2 次提交
-
-
由 Richard Levitte 提交于
-
由 Richard Levitte 提交于
His comments are: . adds use of replay cache to protect against replay attacks . adds functions kssl_tgt_is_available() and kssl_keytab_is_available() which are used within s3_lib.c and ssl_lib.c to determine at runtime whether or not KRB5 ciphers can be supported during the current session.
-
- 10 5月, 2001 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Purpose and trust setting functions for X509_STORE. Tidy existing code.
-
- 08 4月, 2001 1 次提交
-
-
由 Bodo Möller 提交于
-
- 09 3月, 2001 2 次提交
-
-
由 Bodo Möller 提交于
-
由 Bodo Möller 提交于
-
- 07 3月, 2001 1 次提交
-
-
由 Bodo Möller 提交于
-
- 23 2月, 2001 1 次提交
-
-
由 Geoff Thorpe 提交于
an SSL_CTX's session cache, it is necessary to compare the ssl_version at the same time (a conflict is defined, courtesy of SSL_SESSION_cmp(), as a matching id/id_length pair and a matching ssl_version). However, the SSL_SESSION that will result from the current negotiation does not necessarily have the same ssl version as the "SSL_METHOD" in use by the SSL_CTX - part of the work in a handshake is to agree on an ssl version! This is fixed by having the check function accept an SSL pointer rather than the SSL_CTX it belongs to. [Thanks to Lutz for illuminating the full extent of my stupidity]
-
- 22 2月, 2001 2 次提交
-
-
由 Geoff Thorpe 提交于
the ID will be padded out to 16 bytes if the callback attempted to generate a shorter one. The problem is that the uniqueness checking function used in callbacks may mistakenly think a 9-byte ID is unique when in fact its padded 16-byte version is not. This makes the checking function detect SSLv2 cases, and ensures the padded form is checked rather than the shorter one passed by the callback.
-
由 Geoff Thorpe 提交于
SSL/TLS session IDs in a server. According to RFC2246, the session ID is an arbitrary value chosen by the server. It can be useful to have some control over this "arbitrary value" so as to choose it in ways that can aid in things like external session caching and balancing (eg. clustering). The default session ID generation is to fill the ID with random data. The callback used by default is built in to ssl_sess.c, but registering a callback in an SSL_CTX or in a particular SSL overrides this. BTW: SSL callbacks will override SSL_CTX callbacks, and a new SSL structure inherits any callback set in its 'parent' SSL_CTX. The header comments describe how this mechanism ticks, and source code comments describe (hopefully) why it ticks the way it does. Man pages are on the way ... [NB: Lutz was also hacking away and helping me to figure out how best to do this.]
-
- 20 2月, 2001 1 次提交
-
-
由 Richard Levitte 提交于
missed any. This compiles and runs on Linux, and external applications have no problems with it. The definite test will be to build this on VMS.
-
- 12 12月, 2000 1 次提交
-
-
由 Richard Levitte 提交于
duplicating the certificate that is in the original SSL, remove the one that SSL_new() provided, if any. Spotted by: Mike Zeoli <zeoli@roguewave.com>
-
- 09 12月, 2000 1 次提交
-
-
由 Geoff Thorpe 提交于
DECLARE/IMPLEMENT macros now exist to create type (and prototype) safe wrapper functions that avoid the use of function pointer casting yet retain type-safety for type-specific callbacks. However, most of the usage within OpenSSL itself doesn't really require the extra function because the hash and compare callbacks are internal functions declared only for use by the hash table. So this change catches all those cases and reimplements the functions using the base-level LHASH prototypes and does per-variable casting inside those functions to convert to the appropriate item type. The exception so far is in ssl_lib.c where the hash and compare callbacks are not static - they're exposed in ssl.h so their prototypes should not be changed. In this last case, the IMPLEMENT_LHASH_*** macros have been left intact.
-
- 04 12月, 2000 1 次提交
-
-
由 Geoff Thorpe 提交于
cases of function pointer casting in lh_new() calls - and leave only the lh_doall and lh_doall_arg cases to be finished.
-
- 02 12月, 2000 2 次提交
-
-
由 Ulf Möller 提交于
-
由 Geoff Thorpe 提交于
casts) used in the lhash code are about as horrible and evil as they can be. For starters, the callback prototypes contain empty parameter lists. Yuck. This first change defines clearer prototypes - including "typedef"'d function pointer types to use as "hash" and "compare" callbacks, as well as the callbacks passed to the lh_doall and lh_doall_arg iteration functions. Now at least more explicit (and clear) casting is required in all of the dependant code - and that should be included in this commit. The next step will be to hunt down and obliterate some of the function pointer casting being used when it's not necessary - a particularly evil variant exists in the implementation of lh_doall.
-
- 01 12月, 2000 1 次提交
-
-
由 Richard Levitte 提交于
First tentative impementation of Kerberos 5 cryptos and keys for SSL/TLS. Implemented by Vern Staats <staatsvr@asc.hpc.mil>, further hacked and distributed by Jeffrey Altman <jaltnab@columbia.edu>
-
- 30 11月, 2000 1 次提交
-
-
由 Richard Levitte 提交于
free that, since it's shared by all SSL_CTX's, present and future.
-
- 28 11月, 2000 1 次提交
-
-
由 Bodo Möller 提交于
-
- 12 10月, 2000 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 26 9月, 2000 2 次提交
-
-
由 Bodo Möller 提交于
-
由 Bodo Möller 提交于
accept/connect functions; those should not change the read_ahead setting of the SSL structure.
-
- 18 9月, 2000 1 次提交
-
-
由 Richard Levitte 提交于
of complaints from the compiler about data pointers and function pointers not being compatible with each other.
-
- 05 9月, 2000 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Add new option to PKCS7_sign to exclude S/MIME capabilities.
-
- 04 9月, 2000 1 次提交
-
-
由 Bodo Möller 提交于
symbols for debugging are defined.
-
- 02 6月, 2000 1 次提交
-
-
由 Richard Levitte 提交于
like Malloc, Realloc and especially Free conflict with already existing names on some operating systems or other packages. That is reason enough to change the names of the OpenSSL memory allocation macros to something that has a better chance of being unique, like prepending them with OPENSSL_. This change includes all the name changes needed throughout all C files.
-
- 01 6月, 2000 1 次提交
-
-
由 Geoff Thorpe 提交于
yet tighter, and also put some heat on the rest of the library by insisting (correctly) that compare callbacks used in stacks are prototyped with "const" parameters. This has led to a depth-first explosion of compiler warnings in the code where 1 constification has led to 3 or 4 more. Fortunately these have all been resolved to completion and the code seems cleaner as a result - in particular many of the _cmp() functions should have been prototyped with "const"s, and now are. There was one little problem however; X509_cmp() should by rights compare "const X509 *" pointers, and it is now declared as such. However, it's internal workings can involve recalculating hash values and extensions if they have not already been setup. Someone with a more intricate understanding of the flow control of X509 might be able to tighten this up, but for now - this seemed the obvious place to stop the "depth-first" constification of the code by using an evil cast (they have migrated all the way here from safestack.h). Fortunately, this is the only place in the code where this was required to complete these type-safety changes, and it's reasonably clear and commented, and seemed the least unacceptable of the options. Trying to take the constification further ends up exploding out considerably, and indeed leads directly into generalised ASN functions which are not likely to cooperate well with this.
-
- 28 3月, 2000 1 次提交
-
-
由 Bodo Möller 提交于
-
- 26 2月, 2000 1 次提交
-
-
由 Richard Levitte 提交于
restored, but not as a macro this time...
-