Skip to content
  1. Oct 28, 2014
    • Emilia Kasper's avatar
      Tighten session ticket handling · 9bdedec0
      Emilia Kasper authored
      
      
      Tighten client-side session ticket handling during renegotiation:
      ensure that the client only accepts a session ticket if the server sends
      the extension anew in the ServerHello. Previously, a TLS client would
      reuse the old extension state and thus accept a session ticket if one was
      announced in the initial ServerHello.
      
      Reviewed-by: default avatarBodo Moeller <bodo@openssl.org>
      (cherry picked from commit d663df23)
      
      Conflicts:
      	CHANGES
      9bdedec0
  2. Oct 27, 2014
  3. Oct 21, 2014
  4. Oct 20, 2014
  5. Oct 17, 2014
  6. Oct 15, 2014
  7. Oct 10, 2014
    • Dr. Stephen Henson's avatar
      Preserve digests for SNI. · 4e05aedb
      Dr. Stephen Henson authored
      
      
      SSL_set_SSL_CTX is normally called for SNI after ClientHello has
      received and the digest to use for each certificate has been decided.
      The original ssl->cert contains the negotiated digests and is now
      copied to the new ssl->cert.
      
      PR: 3560
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      4e05aedb
  8. Oct 06, 2014
  9. Sep 29, 2014
    • Dr. Stephen Henson's avatar
      Add additional DigestInfo checks. · 55614f89
      Dr. Stephen Henson authored
      
      
      Reencode DigestInto in DER and check against the original: this
      will reject any improperly encoded DigestInfo structures.
      
      Note: this is a precautionary measure, there is no known attack
      which can exploit this.
      
      Thanks to Brian Smith for reporting this issue.
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      55614f89
  10. Sep 25, 2014
  11. Sep 24, 2014
  12. Sep 21, 2014
  13. Sep 10, 2014