Loading CHANGES +10 −1 Original line number Diff line number Diff line Loading @@ -4,7 +4,16 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 1999] *) Clean up 'Finished' handling. *) Clean up 'Finished' handling, and add functions SSL_get_finished and SSL_get_peer_finished to allow applications to obtain the latest Finished messages sent to the peer or expected from the peer, respectively. (SSL_get_peer_finished is usually the Finished message actually received from the peer, otherwise the protocol will be aborted.) As the Finished message are message digests of the complete handshake (with a total of 192 bits for TLS 1.0 and more for SSL 3.0), they can be used for external authentication procedures when the authentication provided by SSL/TLS is not desired or is not enough. [Bodo Moeller] *) Enhanced support for Alpha Linux is added. Now ./config checks if Loading ssl/ssl.h +7 −0 Original line number Diff line number Diff line Loading @@ -704,6 +704,13 @@ struct ssl_st #define SSL_ST_READ_BODY 0xF1 #define SSL_ST_READ_DONE 0xF2 /* Obtain latest Finished message * -- that we sent (SSL_get_finished) * -- that we expected from peer (SSL_get_peer_finished). * Returns length (0 == no Finished so far), copies up to 'count' bytes. */ size_t SSL_get_finished(SSL *s, void *buf, size_t count); size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count); /* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options * are 'ored' with SSL_VERIFY_PEER if they are desired */ #define SSL_VERIFY_NONE 0x00 Loading ssl/ssl_lib.c +32 −0 Original line number Diff line number Diff line Loading @@ -477,6 +477,38 @@ err: } #endif /* return length of latest Finished message we sent, copy to 'buf' */ size_t SSL_get_finished(SSL *s, void *buf, size_t count) { size_t ret = 0; if (s->s3 != NULL) { ret = s->s3->tmp.finish_md_len; if (count > ret) count = ret; memcpy(buf, s->s3->tmp.finish_md, count); } return ret; } /* return length of latest Finished message we expected, copy to 'buf' */ size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count) { size_t ret = 0; if (s->s3 != NULL) { ret = s->s3->tmp.peer_finish_md_len; if (count > ret) count = ret; memcpy(buf, s->s3->tmp.peer_finish_md, count); } return ret; } int SSL_get_verify_mode(SSL *s) { return(s->verify_mode); Loading ssl/ssl_stat.c +1 −0 Original line number Diff line number Diff line Loading @@ -313,6 +313,7 @@ case SSL3_ST_SW_HELLO_REQ_C: str="3WHR_C"; break; case SSL3_ST_SR_CLNT_HELLO_A: str="3RCH_A"; break; case SSL3_ST_SR_CLNT_HELLO_B: str="3RCH_B"; break; case SSL3_ST_SR_CLNT_HELLO_C: str="3RCH_C"; break; case SSL3_ST_SR_MS_SGC: str="3RMSSG"; break; case SSL3_ST_SW_SRVR_HELLO_A: str="3WSH_A"; break; case SSL3_ST_SW_SRVR_HELLO_B: str="3WSH_B"; break; case SSL3_ST_SW_CERT_A: str="3WSC_A"; break; Loading Loading
CHANGES +10 −1 Original line number Diff line number Diff line Loading @@ -4,7 +4,16 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 1999] *) Clean up 'Finished' handling. *) Clean up 'Finished' handling, and add functions SSL_get_finished and SSL_get_peer_finished to allow applications to obtain the latest Finished messages sent to the peer or expected from the peer, respectively. (SSL_get_peer_finished is usually the Finished message actually received from the peer, otherwise the protocol will be aborted.) As the Finished message are message digests of the complete handshake (with a total of 192 bits for TLS 1.0 and more for SSL 3.0), they can be used for external authentication procedures when the authentication provided by SSL/TLS is not desired or is not enough. [Bodo Moeller] *) Enhanced support for Alpha Linux is added. Now ./config checks if Loading
ssl/ssl.h +7 −0 Original line number Diff line number Diff line Loading @@ -704,6 +704,13 @@ struct ssl_st #define SSL_ST_READ_BODY 0xF1 #define SSL_ST_READ_DONE 0xF2 /* Obtain latest Finished message * -- that we sent (SSL_get_finished) * -- that we expected from peer (SSL_get_peer_finished). * Returns length (0 == no Finished so far), copies up to 'count' bytes. */ size_t SSL_get_finished(SSL *s, void *buf, size_t count); size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count); /* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options * are 'ored' with SSL_VERIFY_PEER if they are desired */ #define SSL_VERIFY_NONE 0x00 Loading
ssl/ssl_lib.c +32 −0 Original line number Diff line number Diff line Loading @@ -477,6 +477,38 @@ err: } #endif /* return length of latest Finished message we sent, copy to 'buf' */ size_t SSL_get_finished(SSL *s, void *buf, size_t count) { size_t ret = 0; if (s->s3 != NULL) { ret = s->s3->tmp.finish_md_len; if (count > ret) count = ret; memcpy(buf, s->s3->tmp.finish_md, count); } return ret; } /* return length of latest Finished message we expected, copy to 'buf' */ size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count) { size_t ret = 0; if (s->s3 != NULL) { ret = s->s3->tmp.peer_finish_md_len; if (count > ret) count = ret; memcpy(buf, s->s3->tmp.peer_finish_md, count); } return ret; } int SSL_get_verify_mode(SSL *s) { return(s->verify_mode); Loading
ssl/ssl_stat.c +1 −0 Original line number Diff line number Diff line Loading @@ -313,6 +313,7 @@ case SSL3_ST_SW_HELLO_REQ_C: str="3WHR_C"; break; case SSL3_ST_SR_CLNT_HELLO_A: str="3RCH_A"; break; case SSL3_ST_SR_CLNT_HELLO_B: str="3RCH_B"; break; case SSL3_ST_SR_CLNT_HELLO_C: str="3RCH_C"; break; case SSL3_ST_SR_MS_SGC: str="3RMSSG"; break; case SSL3_ST_SW_SRVR_HELLO_A: str="3WSH_A"; break; case SSL3_ST_SW_SRVR_HELLO_B: str="3WSH_B"; break; case SSL3_ST_SW_CERT_A: str="3WSC_A"; break; Loading
