- Jun 17, 2014
-
-
Felix Laurie von Massenbach authored
-
- Jun 16, 2014
-
-
Andy Polyakov authored
-
Andy Polyakov authored
-
- Jun 14, 2014
-
-
Viktor Dukhovni authored
-
Dr. Stephen Henson authored
Allow CCS after finished has been sent by client: at this point keys have been correctly set up so it is OK to accept CCS from server. Without this renegotiation can sometimes fail. PR#3400
-
Andy Polyakov authored
-
Andy Polyakov authored
PR: 3405
-
Andy Polyakov authored
PR: 3405
-
- Jun 13, 2014
-
-
Matt Caswell authored
Based on an original patch by Joel Sing (OpenBSD) who also originally identified the issue.
-
Matt Caswell authored
This reverts commit 2f1dffa8. Missing attribution.
-
- Jun 12, 2014
-
-
Viktor Dukhovni authored
A client reference identity of ".example.com" matches a server certificate presented identity that is any sub-domain of "example.com" (e.g. "www.sub.example.com). With the X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS flag, it matches only direct child sub-domains (e.g. "www.sub.example.com").
-
Kurt Cancemi authored
In the ssl_cipher_get_evp() function, fix off-by-one errors in index validation before accessing arrays. PR#3375
-
Andy Polyakov authored
Fix SEH and stack handling in Win64 build.
-
Matt Caswell authored
-
Dr. Stephen Henson authored
(cherry picked from commit 5f4c5a902b0508eab235adecb34b236cdc0048a5)
-
- Jun 11, 2014
-
-
Andy Polyakov authored
-
Dr. Stephen Henson authored
-
Andy Polyakov authored
-
Andy Polyakov authored
-
- Jun 10, 2014
-
-
Rob Stradling authored
-
Matt Caswell authored
-
Andy Polyakov authored
-
Hubert Kario authored
* Make a clear distinction between DH and ECDH key exchange. * Group all key exchange cipher suite identifiers, first DH then ECDH * add descriptions for all supported *DH* identifiers * add ECDSA authentication descriptions * add example showing how to disable all suites that offer no authentication or encryption
-
Mike Bland authored
Defines SETUP_TEST_FIXTURE and EXECUTE_TEST, and updates ssl/heartbeat_test.c using these macros. SETUP_TEST_FIXTURE makes use of the new TEST_CASE_NAME macro, defined to use __func__ or __FUNCTION__ on platforms that support those symbols, or to use the file name and line number otherwise. This should fix several reported build problems related to lack of C99 support.
-
Dr. Stephen Henson authored
PR#3394
-
- Jun 09, 2014
-
-
Dr. Stephen Henson authored
SRP ciphersuites do not have no authentication. They have authentication based on SRP. Add new SRP authentication flag and cipher string.
-
Dr. Stephen Henson authored
Fix strength_bits to 112 for 3DES.
-
- Jun 08, 2014
-
-
Kurt Roeckx authored
It's using an internal API that that might not be available in the shared library.
-
Jakub Wilk authored
Because of a missing include <fcntl.h> we don't have O_CREATE and don't create the file with open() using mode 0600 but fall back to using fopen() with the default umask followed by a chmod(). Problem found by Jakub Wilk <jwilk@debian.org>.
-
- Jun 07, 2014
-
-
Dr. Stephen Henson authored
If application uses tls_session_secret_cb for session resumption set the CCS_OK flag.
-
Dr. Stephen Henson authored
Encrypt then MAC now has an official extension value, see: http://www.ietf.org/id/draft-ietf-tls-encrypt-then-mac-02.txt
-
Matt Caswell authored
-
- Jun 06, 2014
-
-
Andy Polyakov authored
Pointer out and suggested by: Ard Biesheuvel.
-
Andy Polyakov authored
Submitted by: Ard Biesheuvel.
-
Andy Polyakov authored
-
Andy Polyakov authored
Result of joint effort with Ard Biesheuvel.
-
Dr. Stephen Henson authored
-
Andy Polyakov authored
- fix 32-bit build (submitted by Ard Biesheuvel); - fix performance issue in CTR;
-
- Jun 05, 2014
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. Fixed by adding consistency check for DTLS fragments. Thanks to Jüri Aedla for reporting this issue. (cherry picked from commit 1632ef74)
-