1. 21 10月, 2017 1 次提交
    • K
      Various clean-ups · b2555168
      KaoruToda 提交于
      Add a check for NULL return in t1_lib.c.
          Since return type of ssl_cert_lookup_by_idx is pointer and unify coding
          style, I changed from zero to NULL in ssl_cert.c.
      
      Remove unnecessary space for ++.
      
      Fix incorrect condition
          Expression is always false because 'else if' condition matches previous
          condition.  SInce the next line of 'else if' condition has substituted
          TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2, the 'else if'
          condition should compare with NID_X9_62_characteristic_two_field.
      Reviewed-by: NAndy Polyakov <appro@openssl.org>
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/4562)
      b2555168
  2. 07 10月, 2017 1 次提交
  3. 06 10月, 2017 2 次提交
  4. 26 9月, 2017 8 次提交
  5. 23 9月, 2017 2 次提交
  6. 22 9月, 2017 1 次提交
  7. 20 9月, 2017 2 次提交
  8. 30 8月, 2017 1 次提交
  9. 13 7月, 2017 4 次提交
  10. 29 6月, 2017 1 次提交
  11. 25 6月, 2017 1 次提交
    • B
      Disallow DSA/SHA1/etc. for pure TLS 1.3 ClientHellos · 6ffeb269
      Benjamin Kaduk 提交于
      In draft-ietf-tls-tls13-20 Appendix B we find that:
      
         This section describes protocol types and constants.  Values listed
         as _RESERVED were used in previous versions of TLS and are listed
         here for completeness.  TLS 1.3 implementations MUST NOT send them
         but might receive them from older TLS implementations.
      
      Similarly, in section 4.2.3 we see:
      
         Legacy algorithms  Indicates algorithms which are being deprecated
            because they use algorithms with known weaknesses, specifically
            SHA-1 which is used in this context with either with RSA using
            RSASSA-PKCS1-v1_5 or ECDSA.  These values refer solely to
            signatures which appear in certificates (see Section 4.4.2.2) and
            are not defined for use in signed TLS handshake messages.
            Endpoints SHOULD NOT negotiate these algorithms but are permitted
            to do so solely for backward compatibility.  Clients offering
            these values MUST list them as the lowest priority (listed after
            all other algorithms in SignatureSchemeList).  TLS 1.3 servers
            MUST NOT offer a SHA-1 signed certificate unless no valid
            certificate chain can be produced without it (see
            Section 4.4.2.2).
      
      However, we are currently sending the SHA2-based DSA signature schemes
      and many SHA1-based schemes, which is in contradiction with the specification.
      
      Because TLS 1.3 support will appear in OpenSSL 1.1, we are bound by
      stability requirements to continue to offer the DSA signature schemes
      and the deprecated hash algorithms.  at least until OpenSSL 1.2.
      However, for pure TLS 1.3 clients that do not offer lower TLS versions,
      we can be compliant.  Do so, and leave a note to revisit the issue when
      we are permitted to break with sacred historical tradition.
      Reviewed-by: NMatt Caswell <matt@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/3326)
      6ffeb269
  12. 21 6月, 2017 7 次提交
  13. 16 6月, 2017 1 次提交
  14. 09 6月, 2017 1 次提交
  15. 22 5月, 2017 1 次提交
  16. 19 5月, 2017 1 次提交
    • M
      Try to be more consistent about the alerts we send · fb34a0f4
      Matt Caswell 提交于
      We are quite inconsistent about which alerts get sent. Specifically, these
      alerts should be used (normally) in the following circumstances:
      
      SSL_AD_DECODE_ERROR = The peer sent a syntactically incorrect message
      SSL_AD_ILLEGAL_PARAMETER = The peer sent a message which was syntactically
      correct, but a parameter given is invalid for the context
      SSL_AD_HANDSHAKE_FAILURE = The peer's messages were syntactically and
      semantically correct, but the parameters provided were unacceptable to us
      (e.g. because we do not support the requested parameters)
      SSL_AD_INTERNAL_ERROR = We messed up (e.g. malloc failure)
      
      The standards themselves aren't always consistent but I think the above
      represents the best interpretation.
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/3480)
      fb34a0f4
  17. 26 4月, 2017 1 次提交
  18. 24 4月, 2017 1 次提交
  19. 04 4月, 2017 1 次提交
  20. 29 3月, 2017 1 次提交
  21. 11 3月, 2017 1 次提交