Commits · 5814d829e612b4daab2a2d1a9f1e6979f9c56d32 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

25 Feb, 2010 2 commits
- add -trusted_first option and verify flag · db28aa86
  Dr. Stephen Henson authored Feb 25, 2010
  
  db28aa86
- Experimental support for partial chain verification: if an intermediate · fbd21640
  Dr. Stephen Henson authored Feb 25, 2010
```
certificate is explicitly trusted (using -addtrust option to x509 utility
for example) the verification is sucessful even if the chain is not complete.
```
  fbd21640
19 Feb, 2010 1 commit
- Fix X509_STORE locking · a8397553
  Bodo Möller authored Feb 19, 2010
  
  a8397553
17 Feb, 2010 2 commits

Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as · c2c49969

Dr. Stephen Henson authored Feb 17, 2010

initial connection to unpatched servers. There are no additional security
concerns in doing this as clients don't see renegotiation during an
attack anyway.

c2c49969

PR: 2100 · 47e0a1c3

Dr. Stephen Henson authored Feb 17, 2010

Submitted by: James Baker <jbaker@tableausoftware.com> et al.

Workaround for slow Heap32Next on some versions of Windows.

47e0a1c3

12 Feb, 2010 1 commit
- update references to new RI RFC · f9595988
  Dr. Stephen Henson authored Feb 12, 2010
  
  f9595988
08 Feb, 2010 1 commit
- Make CMAC API similar to HMAC API. Add methods for CMAC. · c8ef656d
  Dr. Stephen Henson authored Feb 08, 2010
  
  c8ef656d
07 Feb, 2010 2 commits
- Initial experimental CMAC implementation. · 8c968e03
  Dr. Stephen Henson authored Feb 07, 2010
  
  8c968e03
- Add missing function EVP_CIPHER_CTX_copy(). Current code uses memcpy() to copy · c2bf7208
  Dr. Stephen Henson authored Feb 07, 2010
```
an EVP_CIPHER_CTX structure which may have problems with external ENGINEs
who need to duplicate internal handles etc.
```
  c2bf7208
29 Jan, 2010 1 commit
- typo · da454e4c
  Dr. Stephen Henson authored Jan 29, 2010
  
  da454e4c
28 Jan, 2010 1 commit
- Experimental renegotiation support in s_server test -www server. · 08c23970
  Dr. Stephen Henson authored Jan 28, 2010
  
  08c23970
27 Jan, 2010 1 commit
- typo · 4ba1aa39
  Dr. Stephen Henson authored Jan 27, 2010
  
  4ba1aa39
26 Jan, 2010 2 commits

PR: 1949 · d5e7f2f2

Dr. Stephen Henson authored Jan 26, 2010

Submitted by: steve@openssl.org

More robust fix and workaround for PR#1949. Don't try to work out if there
is any write pending data as this can be unreliable: always flush.

d5e7f2f2

Typo · 58c0da84
Dr. Stephen Henson authored Jan 26, 2010

58c0da84

22 Jan, 2010 1 commit
- Tolerate PKCS#8 DSA format with negative private key. · ba64ae6c
  Dr. Stephen Henson authored Jan 22, 2010
  
  ba64ae6c
13 Jan, 2010 2 commits

Fix version handling so it can cope with a major version >3. · bd5f21a4

Dr. Stephen Henson authored Jan 13, 2010

Although it will be many years before TLS v2.0 or later appears old versions
of servers have a habit of hanging around for a considerable time so best
if we handle this properly now.

bd5f21a4

Modify compression code so it avoids using ex_data free functions. This · 1b31b5ad
Dr. Stephen Henson authored Jan 13, 2010
```
stops applications that call CRYPTO_free_all_ex_data() prematurely leaking
memory.
```
1b31b5ad

12 Jan, 2010 1 commit

PR: 2136 · 0e0c6821

Dr. Stephen Henson authored Jan 12, 2010

Submitted by: Willy Weisz <weisz@vcpc.univie.ac.at>

Add options to output hash using older algorithm compatible with OpenSSL
versions before 1.0.0

0e0c6821

06 Jan, 2010 1 commit

Updates to conform with draft-ietf-tls-renegotiation-03.txt: · 76998a71

Dr. Stephen Henson authored Jan 06, 2010

1. Add provisional SCSV value.
2. Don't send SCSV and RI at same time.
3. Fatal error is SCSV received when renegotiating.

76998a71

31 Dec, 2009 2 commits
- Compression handling on session resume was badly broken: it always · e6f418bc
  Dr. Stephen Henson authored Dec 31, 2009
```
used compression algorithms in client hello (a legacy from when
the compression algorithm wasn't serialized with SSL_SESSION).
```
  e6f418bc
- Include CHANGES entry for external cache · 5e631217
  Dr. Stephen Henson authored Dec 31, 2009
  
  5e631217
22 Dec, 2009 1 commit
- Constify crypto/cast. · 7427379e
  Bodo Möller authored Dec 22, 2009
  
  7427379e
16 Dec, 2009 1 commit
- New option to enable/disable connection to unpatched servers · ef51b4b9
  Dr. Stephen Henson authored Dec 16, 2009
  
  ef51b4b9
09 Dec, 2009 1 commit
- Add ctrls to clear options and mode. · 7661ccad
  Dr. Stephen Henson authored Dec 09, 2009
```
Change RI ctrl so it doesn't clash.
```
  7661ccad
08 Dec, 2009 3 commits

Send no_renegotiation alert as required by spec. · 82e610e2
Dr. Stephen Henson authored Dec 08, 2009

82e610e2
Add ctrl and macro so we can determine if peer support secure renegotiation. · 5430200b
Dr. Stephen Henson authored Dec 08, 2009

5430200b

Add support for magic cipher suite value (MCSV). Make secure renegotiation · 13f6d57b

Dr. Stephen Henson authored Dec 08, 2009

work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.

NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.

Change mismatch alerts to handshake_failure as required by spec.

Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.

13f6d57b

07 Dec, 2009 1 commit
- Initial experimental TLSv1.1 support · 637f374a
  Dr. Stephen Henson authored Dec 07, 2009
  
  637f374a
02 Dec, 2009 1 commit
- Update CHANGES. · 9d953025
  Dr. Stephen Henson authored Dec 02, 2009
  
  9d953025
26 Nov, 2009 2 commits
- Experimental CMS password based recipient Info support. · d2a53c22
  Dr. Stephen Henson authored Nov 26, 2009
  
  d2a53c22
- Make CHANGES in CVS head consistent with the CHANGES files in the · 480af99e
  Bodo Möller authored Nov 26, 2009
```
branches.

This means that http://www.openssl.org/news/changelog.html will
finally describe 0.9.8l.
```
  480af99e
25 Nov, 2009 1 commit
- Split PBES2 into cipher and PBKDF2 versions. This tidies the code somewhat · 3d63b396
  Dr. Stephen Henson authored Nov 25, 2009
```
and is a pre-requisite to adding password based CMS support.
```
  3d63b396
09 Nov, 2009 2 commits
- First cut of renegotiation extension. (port to HEAD) · e0e79972
  Dr. Stephen Henson authored Nov 09, 2009
  
  e0e79972
- update CHANGES · befbd061
  Dr. Stephen Henson authored Nov 09, 2009
  
  befbd061
31 Oct, 2009 1 commit
- Add option to allow in-band CRL loading in verify utility. Add function · 245d2ee3
  Dr. Stephen Henson authored Oct 31, 2009
```
load_crls and tidy up load_certs. Remove useless purpose variable from
verify utility: now done with args_verify.
```
  245d2ee3
30 Oct, 2009 2 commits
- Move CHANGES entry to 0.9.8l section · bb4060c5
  Dr. Stephen Henson authored Oct 30, 2009
  
  bb4060c5
- Fix statless session resumption so it can coexist with SNI · 661dc143
  Dr. Stephen Henson authored Oct 30, 2009
  
  661dc143
30 Sep, 2009 1 commit

PR: 2064, 728 · 18e503f3

Dr. Stephen Henson authored Sep 30, 2009

Submitted by: steve@openssl.org

Add support for custom headers in OCSP requests.

18e503f3

23 Sep, 2009 2 commits
- Audit libcrypto for unchecked return values: fix all cases enountered · b6dcdbfc
  Dr. Stephen Henson authored Sep 23, 2009
  
  b6dcdbfc
- Add attribute to check if return value of certain functions is incorrectly · acf20c7d
  Dr. Stephen Henson authored Sep 23, 2009
```
ignored.
```
  acf20c7d