Skip to content
  1. Dec 20, 2013
    • Dr. Stephen Henson's avatar
      Fix DTLS retransmission from previous session. · 20b82b51
      Dr. Stephen Henson authored
      For DTLS we might need to retransmit messages from the previous session
      so keep a copy of write context in DTLS retransmission buffers instead
      of replacing it after sending CCS. CVE-2013-6450.
      (cherry picked from commit 34628967f1e65dc8f34e000f0f5518e21afbfc7b)
      20b82b51
  2. Dec 13, 2013
  3. Nov 06, 2013
    • Dr. Stephen Henson's avatar
      Experimental workaround TLS filler (WTF) extension. · 0467ea68
      Dr. Stephen Henson authored
      Based on a suggested workaround for the "TLS hang bug" (see FAQ and PR#2771):
      if the TLS Client Hello record length value would otherwise be > 255 and less
      that 512 pad with a dummy extension containing zeroes so it is at least 512.
      
      To enable it use an unused extension number (for example 0x4242) using
      e.g. -DTLSEXT_TYPE_wtf=0x4242
      
      WARNING: EXPERIMENTAL, SUBJECT TO CHANGE.
      0467ea68
  4. Oct 22, 2013
  5. Sep 18, 2013
  6. Sep 17, 2013
  7. Sep 16, 2013
  8. Sep 13, 2013
  9. Sep 08, 2013
  10. Sep 06, 2013
    • Scott Deboy's avatar
      Add callbacks supporting generation and retrieval of supplemental data... · 36086186
      Scott Deboy authored
      Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions)
      Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API
      Tests exercising the new supplemental data registration and callback api can be found in ssltest.c.
      Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
      36086186
  11. Sep 05, 2013
  12. Jul 17, 2013
    • Dr. Stephen Henson's avatar
      EVP support for wrapping algorithms. · 97cf1f6c
      Dr. Stephen Henson authored
      Add support for key wrap algorithms via EVP interface.
      
      Generalise AES wrap algorithm and add to modes, making existing
      AES wrap algorithm a special case.
      
      Move test code to evptests.txt
      97cf1f6c
  13. Jul 04, 2013
  14. Jun 21, 2013
  15. Jun 12, 2013
  16. Apr 09, 2013
    • Dr. Stephen Henson's avatar
      Dual DTLS version methods. · c6913eeb
      Dr. Stephen Henson authored
      Add new methods DTLS_*_method() which support both DTLS 1.0 and DTLS 1.2 and
      pick the highest version the peer supports during negotiation.
      
      As with SSL/TLS options can change this behaviour specifically
      SSL_OP_NO_DTLSv1 and SSL_OP_NO_DTLSv1_2.
      c6913eeb
  17. Dec 19, 2012
  18. Dec 11, 2012
  19. Dec 07, 2012
  20. Dec 06, 2012
  21. Dec 05, 2012
  22. Dec 04, 2012
  23. Dec 02, 2012
  24. Nov 28, 2012
  25. Nov 27, 2012
  26. Nov 22, 2012
  27. Nov 19, 2012
  28. Nov 18, 2012
    • Dr. Stephen Henson's avatar
      PR: 2909 · d88926f1
      Dr. Stephen Henson authored
      Contributed by: Florian Weimer <fweimer@redhat.com>
      
      Fixes to X509 hostname and email address checking. Wildcard matching support.
      New test program and manual page.
      d88926f1
  29. Nov 16, 2012
  30. Oct 08, 2012
  31. Sep 19, 2012
  32. Sep 14, 2012
  33. Sep 12, 2012
  34. Sep 11, 2012
  35. Aug 29, 2012