Skip to content
  1. Oct 20, 2013
    • Nick Mathewson's avatar
      453ca706
    • Dr. Stephen Henson's avatar
      Don't use RSA+MD5 with TLS 1.2 · 5e1ff664
      Dr. Stephen Henson authored
      Since the TLS 1.2 supported signature algorithms extension is less
      sophisticaed in OpenSSL 1.0.1 this has to be done in two stages.
      
      RSA+MD5 is removed from supported signature algorithms extension:
      any compliant implementation should never use RSA+MD5 as a result.
      
      To cover the case of a broken implementation using RSA+MD5 anyway
      disable lookup of MD5 algorithm in TLS 1.2.
      5e1ff664
  2. Oct 19, 2013
  3. Oct 13, 2013
  4. Oct 12, 2013
  5. Oct 09, 2013
  6. Oct 03, 2013
  7. Oct 01, 2013
  8. Sep 30, 2013
  9. Sep 22, 2013
  10. Sep 16, 2013
  11. Sep 15, 2013
  12. Aug 20, 2013
  13. Aug 13, 2013
    • Michael Tuexen's avatar
      DTLS message_sequence number wrong in rehandshake ServerHello · 83a3af9f
      Michael Tuexen authored
      This fix ensures that
      * A HelloRequest is retransmitted if not responded by a ClientHello
      * The HelloRequest "consumes" the sequence number 0. The subsequent
      ServerHello uses the sequence number 1.
      * The client also expects the sequence number of the ServerHello to
      be 1 if a HelloRequest was received earlier.
      This patch fixes the RFC violation.
      (cherry picked from commit b62f4daa)
      83a3af9f
  14. Aug 08, 2013
    • Michael Tuexen's avatar
      DTLS handshake fix. · 76bf0cf2
      Michael Tuexen authored
      Reported by: Prashant Jaikumar <rmstar@gmail.com>
      
      Fix handling of application data received before a handshake.
      (cherry picked from commit 0c75eeac)
      76bf0cf2
  15. Aug 06, 2013
    • Dr. Stephen Henson's avatar
      Fix verify loop with CRL checking. · 7cf0529b
      Dr. Stephen Henson authored
      PR #3090
      Reported by: Franck Youssef <fry@open.ch>
      
      If no new reason codes are obtained after checking a CRL exit with an
      error to avoid repeatedly checking the same CRL.
      
      This will only happen if verify errors such as invalid CRL scope are
      overridden in a callback.
      (cherry picked from commit 4b26645c)
      7cf0529b
    • Kaspar Brand's avatar
      Fix for PEM_X509_INFO_read_bio. · 6c03af13
      Kaspar Brand authored
      PR: 3028
      Fix bug introduced in PEM_X509_INFO_bio which wouldn't process RSA keys
      correctly if they appeared first.
      (cherry picked from commit 5ae8d6bc)
      6c03af13
  16. Aug 03, 2013
  17. Jul 31, 2013
  18. Jun 30, 2013
  19. Jun 12, 2013
  20. May 30, 2013
  21. May 05, 2013
    • Dr. Stephen Henson's avatar
      Fix PSS signature printing. · 04b727b4
      Dr. Stephen Henson authored
      Fix PSS signature printing: consistently use 0x prefix for hex values for
      padding length and trailer fields.
      (cherry picked from commit deb24ad53147f5a8dd63416224a5edd7bbc0e74a)
      04b727b4