- Jun 29, 2014
-
-
Dr. Stephen Henson authored
(cherry picked from commit 7ae6a4b6)
-
- Jun 28, 2014
-
-
Dr. Stephen Henson authored
Update protocols supported and note that SSLv2 is effectively disabled by default. PR#3184 (cherry picked from commit 1b13a4f38dfc385d5e776f6b3e06c5795874cf9b)
-
Dr. Stephen Henson authored
PR#3107 (cherry picked from commit 7c206db9)
-
- Jun 27, 2014
-
-
Dr. Stephen Henson authored
Some state strings were erronously not compiled when no-ssl2 was set. PR#3295 (cherry picked from commit 0518a3e1)
-
yogesh nagarkar authored
PR#3141 (cherry picked from commit d183545d)
-
Andreas Westfeld authored
(cherry picked from commit d1d4382d)
-
Ken Ballou authored
PR#3174 (cherry picked from commit fd331c0bb9b557903dd2ce88398570a3327b5ef0)
-
Dr. Stephen Henson authored
In EVP_PBE_alg_add don't use the underlying NID for the cipher as it may have a non-standard key size. PR#3206 (cherry picked from commit efb7caef637a1de8468ca109efd355a9d0e73a45)
-
Dr. Stephen Henson authored
PR#3014 (cherry picked from commit 11da66f8)
-
Tom Greenslade authored
PR#2783 (cherry picked from commit b36f35cd)
-
Tomas Mraz authored
PR#3374 (cherry picked from commit 0436369f)
-
Jeffrey Walton authored
Document that the certificate passed to SSL_CTX_add_extra_chain_cert() should not be freed by the application. PR#3409 (cherry picked from commit 0535c2d6) Add restrictions section present in other branches. Conflicts: doc/ssl/SSL_CTX_add_extra_chain_cert.pod
-
Dr. Stephen Henson authored
(cherry picked from commit 7be6b27a)
-
Dr. Stephen Henson authored
PR#3403
-
Dr. Stephen Henson authored
OIDs with one component don't have an encoding. PR#2556 (Bug#1)
-
- Jun 26, 2014
-
-
Huzaifa Sidhpurwala authored
PR#3410 (cherry picked from commit e14e764c0d5d469da63d0819c6ffc0e1e9e7f0bb)
-
Jenny Yung authored
PR#3399.
-
- Jun 22, 2014
-
-
Miod Vallat authored
In the ssl_cipher_get_evp() function, fix off-by-one errors in index validation before accessing arrays. Bug discovered and fixed by Miod Vallat from the OpenBSD team. PR#3375
-
Matt Caswell authored
This reverts commit 29411a0c. Incorrect attribution.
-
- Jun 14, 2014
-
-
Dr. Stephen Henson authored
Allow CCS after finished has been sent by client: at this point keys have been correctly set up so it is OK to accept CCS from server. Without this renegotiation can sometimes fail. PR#3400 (cherry picked from commit 99cd6a91fcb0931feaebbb4832681d40a66fad41)
-
- Jun 13, 2014
-
-
Matt Caswell authored
Based on an original patch by Joel Sing (OpenBSD) who also originally identified the issue.
-
Matt Caswell authored
This reverts commit 9ab788aa. Missing attribution
-
- Jun 12, 2014
-
-
Kurt Cancemi authored
In the ssl_cipher_get_evp() function, fix off-by-one errors in index validation before accessing arrays. PR#3375
-
- Jun 11, 2014
-
-
Dr. Stephen Henson authored
(cherry picked from commit 7239a09c7b5757ed8d0e9869f3e9b03c0e11f4d1)
-
- Jun 10, 2014
-
-
Matt Caswell authored
-
Hubert Kario authored
Backport of the patch: add ECC strings to ciphers(1), point out difference between DH and ECDH and few other changes applicable to the 1.0.1 code base. * Make a clear distinction between DH and ECDH key exchange. * Group all key exchange cipher suite identifiers, first DH then ECDH * add descriptions for all supported *DH* identifiers * add ECDSA authentication descriptions * add example showing how to disable all suites that offer no authentication or encryption * backport listing of elliptic curve cipher suites. * backport listing of TLS 1.2 cipher suites, add note that DH_RSA and DH_DSS is not implemented in this version * backport of description of PSK and listing of PSK cipher suites * backport description of AES128, AES256 and AESGCM options * backport description of CAMELLIA128, CAMELLIA256 options
-
Mike Bland authored
Defines SETUP_TEST_FIXTURE and EXECUTE_TEST, and updates ssl/heartbeat_test.c using these macros. SETUP_TEST_FIXTURE makes use of the new TEST_CASE_NAME macro, defined to use __func__ or __FUNCTION__ on platforms that support those symbols, or to use the file name and line number otherwise. This should fix several reported build problems related to lack of C99 support.
-
Dr. Stephen Henson authored
PR#3394 (cherry picked from commit 7a9d59c1)
-
- Jun 09, 2014
-
-
Dr. Stephen Henson authored
SRP ciphersuites do not have no authentication. They have authentication based on SRP. Add new SRP authentication flag and cipher string. (cherry picked from commit a86b88acc373ac1fb0ca709a5fb8a8fa74683f67)
-
Dr. Stephen Henson authored
Fix strength_bits to 112 for 3DES. (cherry picked from commit 837c203719205ab19b5609b2df7151be8df05687)
-
- Jun 08, 2014
-
-
Kurt Roeckx authored
It's using an internal API that that might not be available in the shared library.
-
Jakub Wilk authored
Because of a missing include <fcntl.h> we don't have O_CREATE and don't create the file with open() using mode 0600 but fall back to using fopen() with the default umask followed by a chmod(). Problem found by Jakub Wilk <jwilk@debian.org>.
-
- Jun 07, 2014
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
If application uses tls_session_secret_cb for session resumption set the CCS_OK flag. (cherry picked from commit 953c592572e8811b7956cc09fbd8e98037068b58)
-
Matt Caswell authored
-
- Jun 05, 2014
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
Check session_cert is not NULL before dereferencing it.
-
Dr. Stephen Henson authored
Unnecessary recursion when receiving a DTLS hello request can be used to crash a DTLS client. Fixed by handling DTLS hello request without recursion. Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
-