- Sep 28, 2006
-
-
Mark J. Cox authored
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team] Fix SSL client code which could crash if connecting to a malicious SSLv2 server. (CVE-2006-4343) [Tavis Ormandy and Will Drewry, Google Security Team]
-
Richard Levitte authored
1) Certificate Message with no certs OpenSSL implementation sends the Certificate message during SSL handshake, however as per the specification, these have been omitted. -- RFC 2712 -- CertificateRequest, and the ServerKeyExchange shown in Figure 1 will be omitted since authentication and the establishment of a master secret will be done using the client's Kerberos credentials for the TLS server. The client's certificate will be omitted for the same reason. -- RFC 2712 -- 3) Pre-master secret Protocol version The pre-master secret generated by OpenSSL does not have the correct client version. RFC 2712 says, if the Kerberos option is selected, the pre-master secret structure is the same as that used in the RSA case. TLS specification defines pre-master secret as: struct { ProtocolVersion client_version; opaque random[46]; } PreMasterSecret; where client_version is the latest protocol version supported by the client The pre-master secret generated by OpenSSL does not have the correct client version. The implementation does not update the first 2 bytes of random secret for Kerberos Cipher suites. At the server-end, the client version from the pre-master secret is not validated. PR: 1336
-
- Sep 26, 2006
-
-
Dr. Stephen Henson authored
-
- Sep 25, 2006
-
-
Richard Levitte authored
-
- Sep 23, 2006
-
-
Dr. Stephen Henson authored
Reviewed by: steve
-
- Sep 22, 2006
-
-
Dr. Stephen Henson authored
PR:1374
-
Dr. Stephen Henson authored
PR:1348
-
Dr. Stephen Henson authored
-
- Sep 21, 2006
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
PR: 1383
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
loaded. Add new function X509_CRL_get0_by_serial() to lookup a revoked entry to avoid the need to access the structure directly. Add new X509_CRL_METHOD to allow common CRL operations (verify, lookup) to be redirected.
-
- Sep 18, 2006
-
-
Andy Polyakov authored
PR: 1390
-
Andy Polyakov authored
PR: 1382
-
Andy Polyakov authored
-
Andy Polyakov authored
-
Andy Polyakov authored
-
Bodo Möller authored
[Problem pointed out by Adam Young <adamy (at) acm.org>]
-
- Sep 17, 2006
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
Very early version, doesn't do much yet, not even added to the build system.
-
- Sep 14, 2006
-
-
Dr. Stephen Henson authored
handling to support this.
-
- Sep 13, 2006
-
-
Dr. Stephen Henson authored
-
- Sep 12, 2006
-
-
Bodo Möller authored
-
- Sep 11, 2006
-
-
Dr. Stephen Henson authored
callbacks.
-
Bodo Möller authored
ciphersuite as well
-
- Sep 10, 2006
-
-
Dr. Stephen Henson authored
based on subject name. New thread safe functions to retrieve matching STACK from X509_STORE. Cache some IDP components.
-
- Sep 08, 2006
-
-
Bodo Möller authored
(m_len currently is 'unsigned int', not 'size_t') Submitted by: Gisle Vanem
-
- Sep 06, 2006
-
-
Dr. Stephen Henson authored
-
Bodo Möller authored
-
Dr. Stephen Henson authored
-
Bodo Möller authored
Colin Percival (this would have caused more problems than solved, and isn't really necessary anyway)
-
Bodo Möller authored
-
Bodo Möller authored
-
- Sep 05, 2006
-
-
Mark J. Cox authored
(CVE-2006-4339) Submitted by: Ben Laurie, Google Security Team Reviewed by: bmoeller, mjc, shenson
-
- Aug 31, 2006
-
-
Andy Polyakov authored
-
Andy Polyakov authored
-
Andy Polyakov authored
PR: 1380
-