1. 05 9月, 2013 1 次提交
  2. 18 8月, 2013 2 次提交
  3. 14 8月, 2013 1 次提交
    • M
      DTLS message_sequence number wrong in rehandshake ServerHello · b62f4daa
      Michael Tuexen 提交于
      This fix ensures that
      * A HelloRequest is retransmitted if not responded by a ClientHello
      * The HelloRequest "consumes" the sequence number 0. The subsequent
      ServerHello uses the sequence number 1.
      * The client also expects the sequence number of the ServerHello to
      be 1 if a HelloRequest was received earlier.
      This patch fixes the RFC violation.
      b62f4daa
  4. 08 8月, 2013 1 次提交
    • M
      DTLS handshake fix. · 0c75eeac
      Michael Tuexen 提交于
      Reported by: Prashant Jaikumar <rmstar@gmail.com>
      
      Fix handling of application data received before a handshake.
      0c75eeac
  5. 31 7月, 2013 1 次提交
  6. 22 7月, 2013 2 次提交
  7. 28 6月, 2013 2 次提交
  8. 18 6月, 2013 1 次提交
    • T
      Cleanup of custom extension stuff. · 9cd50f73
      Trevor 提交于
      serverinfo rejects non-empty extensions.
      
      Omit extension if no relevant serverinfo data.
      
      Improve error-handling in serverinfo callback.
      
      Cosmetic cleanups.
      
      s_client documentation.
      
      s_server documentation.
      
      SSL_CTX_serverinfo documentation.
      
      Cleaup -1 and NULL callback handling for custom extensions, add tests.
      
      Cleanup ssl_rsa.c serverinfo code.
      
      Whitespace cleanup.
      
      Improve comments in ssl.h for serverinfo.
      
      Whitespace.
      
      Cosmetic cleanup.
      
      Reject non-zero-len serverinfo extensions.
      
      Whitespace.
      
      Make it build.
      9cd50f73
  9. 14 6月, 2013 1 次提交
  10. 13 6月, 2013 2 次提交
  11. 14 5月, 2013 1 次提交
  12. 14 4月, 2013 1 次提交
  13. 09 4月, 2013 4 次提交
    • D
      Suite B support for DTLS 1.2 · 4544f0a6
      Dr. Stephen Henson 提交于
      Check for Suite B support using method flags instead of version numbers:
      anything supporting TLS 1.2 cipher suites will also support Suite B.
      
      Return an error if an attempt to use DTLS 1.0 is made in Suite B mode.
      4544f0a6
    • D
      Always return errors in ssl3_get_client_hello · c56f5b8e
      Dr. Stephen Henson 提交于
      If we successfully match a cookie don't set return value to 2 as this
      results in other error conditions returning 2 as well.
      
      Instead set return value to -2 which can be checked later if everything
      else is OK.
      c56f5b8e
    • D
      Dual DTLS version methods. · c6913eeb
      Dr. Stephen Henson 提交于
      Add new methods DTLS_*_method() which support both DTLS 1.0 and DTLS 1.2 and
      pick the highest version the peer supports during negotiation.
      
      As with SSL/TLS options can change this behaviour specifically
      SSL_OP_NO_DTLSv1 and SSL_OP_NO_DTLSv1_2.
      c6913eeb
    • D
      Set s->d1 to NULL after freeing it. · 04638f2f
      Dr. Stephen Henson 提交于
      04638f2f
  14. 05 4月, 2013 1 次提交
    • D
      Make TLS 1.2 ciphers work again. · 1e2d4cb0
      Dr. Stephen Henson 提交于
      Since s->method does not reflect the final client version when a client
      hello is sent for SSLv23_client_method it can't be relied on to indicate
      if TLS 1.2 ciphers should be used. So use the client version instead.
      1e2d4cb0
  15. 28 3月, 2013 3 次提交
  16. 26 3月, 2013 4 次提交
    • D
      Provisional DTLS 1.2 support. · c3b344e3
      Dr. Stephen Henson 提交于
      Add correct flags for DTLS 1.2, update s_server and s_client to handle
      DTLS 1.2 methods.
      
      Currently no support for version negotiation: i.e. if client/server selects
      DTLS 1.2 it is that or nothing.
      c3b344e3
    • D
      Remove versions test from dtls1_buffer_message · 9cf0f187
      Dr. Stephen Henson 提交于
      Since this is always called from DTLS code it is safe to assume the header
      length should be the DTLS value. This avoids the need to check the version
      number and should work with any version of DTLS (not just 1.0).
      9cf0f187
    • D
      Extend DTLS method macros. · cfd298b7
      Dr. Stephen Henson 提交于
      Extend DTLS method creation macros to support version numbers and encryption
      methods. Update existing code.
      cfd298b7
    • D
      Enable various DTLS extensions. · 874a18cf
      Dr. Stephen Henson 提交于
      Some TLS extensions were disabled for DTLS. Possibly because they caused
      problems with the old duplicated code. Enable them again.
      874a18cf
  17. 19 3月, 2013 2 次提交
  18. 18 3月, 2013 4 次提交
    • D
      Use enc_flags when deciding protocol variations. · cbd64894
      Dr. Stephen Henson 提交于
      Use the enc_flags field to determine whether we should use explicit IV,
      signature algorithms or SHA256 default PRF instead of hard coding which
      versions support each requirement.
      cbd64894
    • D
      Use appropriate versions of SSL3_ENC_METHOD · 6de2649a
      Dr. Stephen Henson 提交于
      6de2649a
    • D
      DTLS revision. · 173e72e6
      Dr. Stephen Henson 提交于
      Revise DTLS code. There was a *lot* of code duplication in the
      DTLS code that generates records. This makes it harder to maintain and
      sometimes a TLS update is omitted by accident from the DTLS code.
      
      Specifically almost all of the record generation functions have code like
      this:
      
      some_pointer = buffer + HANDSHAKE_HEADER_LENGTH;
      ... Record creation stuff ...
      set_handshake_header(ssl, SSL_MT_SOMETHING, message_len);
      
      ...
      
      write_handshake_message(ssl);
      
      Where the "Record creation stuff" is identical between SSL/TLS and DTLS or
      in some cases has very minor differences.
      
      By adding a few fields to SSL3_ENC to include the header length, some flags
      and function pointers for handshake header setting and handshake writing the
      code can cope with both cases.
      
      Note: although this passes "make test" and some simple DTLS tests there may
      be some minor differences in the DTLS code that have to be accounted for.
      173e72e6
    • M
      Avoid unnecessary fragmentation. · 80ccc66d
      Michael Tuexen 提交于
      80ccc66d
  19. 11 3月, 2013 1 次提交
    • D
      DTLS trace support. · 890f2f8b
      Dr. Stephen Henson 提交于
      Add DTLS record header parsing, different client hello format and add
      HelloVerifyRequest message type.
      
      Add code to d1_pkt.c to send message headers to the message callback.
      890f2f8b
  20. 27 2月, 2013 1 次提交
  21. 22 2月, 2013 2 次提交
  22. 12 2月, 2013 2 次提交