Skip to content
  1. Aug 26, 2015
    • Rich Salz's avatar
      BN_bin2bn handle leading zero's · 22dc08d0
      Rich Salz authored 
      

If a binary sequence is all zero's, call BN_zero.

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      22dc08d0
    • Matt Caswell's avatar
      Add NewSessionTicket test suite · ddcc5e5b
      Matt Caswell authored 
      

Add a set of tests for checking that NewSessionTicket messages are
behaving as expected.

Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      ddcc5e5b
    • Matt Caswell's avatar
      Fix TLSProxy end of test detection · 8af538e5
      Matt Caswell authored 
      

Previously TLSProxy would detect a successful handshake once it saw the
server Finished message. This causes problems with abbreviated handshakes,
or if the client fails to process a message from the last server flight.

This change additionally sends some application data and finishes when the
client sends a CloseNotify.

Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      8af538e5
    • Matt Caswell's avatar
      Fix DTLS session ticket renewal · ee4ffd6f
      Matt Caswell authored 
      

A DTLS client will abort a handshake if the server attempts to renew the
session ticket. This is caused by a state machine discrepancy between DTLS
and TLS discovered during the state machine rewrite work.

The bug can be demonstrated as follows:

Start a DTLS s_server instance:
openssl s_server -dtls

Start a client and obtain a session but no ticket:
openssl s_client -dtls -sess_out session.pem -no_ticket

Now start a client reusing the session, but allow a ticket:
openssl s_client -dtls -sess_in session.pem

The client will abort the handshake.

Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      ee4ffd6f
  3. Aug 25, 2015
  5. Aug 24, 2015
  7. Aug 21, 2015
  9. Aug 17, 2015
  11. Aug 16, 2015
  13. Aug 14, 2015
  15. Aug 13, 2015
  17. Aug 12, 2015