Skip to content
GitLab
  1. 19 Dec, 2006 2 commits
  3. 13 Dec, 2006 1 commit
  5. 07 Dec, 2006 1 commit
  7. 06 Dec, 2006 2 commits
  9. 05 Dec, 2006 2 commits
  11. 04 Dec, 2006 2 commits
  13. 02 Dec, 2006 2 commits
  15. 30 Nov, 2006 3 commits
    • Dr. Stephen Henson's avatar
      Update dependencies. · 45c027f3
      Dr. Stephen Henson authored
      45c027f3
    • Dr. Stephen Henson's avatar
      Fix default depflags. · 3b62e9eb
      Dr. Stephen Henson authored
      3b62e9eb
    • Dr. Stephen Henson's avatar
      Win32 fixes. · 34a8c7ec
      Dr. Stephen Henson authored 
      Use OPENSSL_NO_RFC3779 instead of OPENSSL_RFC3779: this makes the Win32 scripts
work and is consistent with other options.

Fix Win32 scripts and Configure to process OPENSSL_NO_RFC3779 properly.

Update ordinals.

Change some prototypes for LSB because VC++ 6 doesn't like the */ sequence and thinks it is an invalid end of comment.
      34a8c7ec
  17. 29 Nov, 2006 2 commits
  19. 27 Nov, 2006 1 commit
  21. 24 Nov, 2006 1 commit
  23. 21 Nov, 2006 3 commits
  25. 13 Nov, 2006 1 commit
  27. 27 Oct, 2006 1 commit
  29. 19 Oct, 2006 1 commit
  31. 05 Oct, 2006 1 commit
  33. 04 Oct, 2006 1 commit
  35. 29 Sep, 2006 2 commits
  37. 28 Sep, 2006 6 commits
    • Bodo Möller's avatar
      fix typo · 0c66d3ae
      Bodo Möller authored
      0c66d3ae
    • Bodo Möller's avatar
      for completeness, include 0.9.7l information · bd869183
      Bodo Möller authored
      bd869183
    • Richard Levitte's avatar
      Fixes for the following claims: · 7e2bf831
      Richard Levitte authored 
        1) Certificate Message with no certs

  OpenSSL implementation sends the Certificate message during SSL
  handshake, however as per the specification, these have been omitted.

  -- RFC 2712 --
     CertificateRequest, and the ServerKeyExchange shown in Figure 1
     will be omitted since authentication and the establishment of a
     master secret will be done using the client's Kerberos credentials
     for the TLS server.  The client's certificate will be omitted for
     the same reason.
  -- RFC 2712 --

  3) Pre-master secret Protocol version

  The pre-master secret generated by OpenSSL does not have the correct
  client version.

  RFC 2712 says, if the Kerberos option is selected, the pre-master
  secret structure is the same as that used in the RSA case.

  TLS specification defines pre-master secret as:
         struct {
             ProtocolVersion client_version;
             opaque random[46];
         } PreMasterSecret;

  where client_version is the latest protocol version supported by the
  client

  The pre-master secret generated by OpenSSL does not have the correct
  client version. The implementation does not update the first 2 bytes
  of random secret for Kerberos Cipher suites. At the server-end, the
  client version from the pre-master secret is not validated.

PR: 1336
      7e2bf831
    • Mark J. Cox's avatar
      After tagging, bump ready for 0.9.8e development · 25e52a78
      Mark J. Cox authored
      25e52a78
    • Mark J. Cox's avatar
      Prepare for 0.9.8d release · 47c4bb2d
      Mark J. Cox authored
      OpenSSL_0_9_8d
      47c4bb2d
    • Mark J. Cox's avatar
      Introduce limits to prevent malicious keys being able to · 951dfbb1
      Mark J. Cox authored 
      cause a denial of service.  (CVE-2006-2940)
[Steve Henson, Bodo Moeller]

Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service.  (CVE-2006-2937)  [Steve Henson]

Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

Fix SSL client code which could crash if connecting to a
malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
      951dfbb1
  39. 23 Sep, 2006 1 commit
  41. 22 Sep, 2006 3 commits
  43. 18 Sep, 2006 1 commit