Commit Graph

4282 Commits

Author SHA1 Message Date
Simon Butcher
d69f14bed8 Updated Changelog for new version 2015-09-11 20:00:20 +01:00
Simon Butcher
8a52a7468d Added PR to Changelog for NWilson 2015-09-11 19:44:34 +01:00
Simon Butcher
835faec899 Merge branch 'NWilson-const_profile' 2015-09-11 19:27:08 +01:00
Simon Butcher
d0bf6a3891 Update ssl_tls.c
Clarification in comments
2015-09-11 17:34:49 +01:00
Simon Butcher
74ca8d07ad Update ssl_tls.c
Clarification in comments to ssl_handle_possible_reconnect()
2015-09-11 17:22:40 +01:00
Simon Butcher
0789aed39d Update ssl_tls.c
Typo
2015-09-11 17:15:17 +01:00
Simon Butcher
1a57af1607 Update ssl.h
Typo
2015-09-11 17:14:16 +01:00
Simon Butcher
4f6882a8a3 Update config.h
Typo in RFC x-ref comment.
2015-09-11 17:12:46 +01:00
Embedthis Software
a25cab8bea FIX: compiler warning with recvfrom on 64-bit 2015-09-09 08:49:48 -07:00
Manuel Pégourié-Gonnard
a6b95f01cc Print I/O buffer size in memory.sh 2015-09-09 13:51:05 +02:00
Manuel Pégourié-Gonnard
ddfe5d20d1 Tune dependencies
Don't depend on srv.c in config.h, but add explicit checks. This is more
in line with other options that only make sense server-side, and also it
allows to test full config minus srv.c more easily.
2015-09-09 12:46:16 +02:00
Manuel Pégourié-Gonnard
c2ed8029ff Fix ChangeLog - misplaced entries 2015-09-09 12:15:13 +02:00
Manuel Pégourié-Gonnard
2ed05a049a Fix typos 2015-09-09 11:52:28 +02:00
Manuel Pégourié-Gonnard
ab05d23b29 Update generated file 2015-09-09 11:50:00 +02:00
Manuel Pégourié-Gonnard
259db91023 Add test without cookies
Tune existing tests while at it
2015-09-09 11:48:45 +02:00
Manuel Pégourié-Gonnard
22311ae62e Improve help message of ssl_*2.c 2015-09-09 11:22:58 +02:00
Manuel Pégourié-Gonnard
62c74bb78a Stop wasting resources
Use a custom function that minimally parses the message an creates a reply
without the overhead of a full SSL context.

Also fix dependencies: needs DTLS_HELLO_VERIFY for the cookie types, and let's
also depend on SRV_C as is doesn't make sense on client.
2015-09-09 11:22:52 +02:00
Nicholas Wilson
2088e2ebd9 fix const-ness of argument to mbedtls_ssl_conf_cert_profile
Otherwise, it's impossible to pass in a pointer to
mbedtls_x509_crt_profile_next!
2015-09-08 16:53:18 +01:00
Manuel Pégourié-Gonnard
222cb8db22 Tune related documentation while at it 2015-09-08 15:43:59 +02:00
Manuel Pégourié-Gonnard
3a2a4485d4 Update documentation 2015-09-08 15:36:09 +02:00
Manuel Pégourié-Gonnard
14c2574a9d Update Changelog 2015-09-08 15:12:45 +02:00
Simon Butcher
e5a21b4493 Merge pull request #282 from ARMmbed/iotssl-469-rsa-crt-restricted
Add counter-measure against RSA-CRT attack
2015-09-08 13:05:51 +01:00
Manuel Pégourié-Gonnard
5f50104c52 Add counter-measure against RSA-CRT attack
https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/
2015-09-08 13:39:29 +02:00
Manuel Pégourié-Gonnard
d745a1a9b7 Add tests for hard reconnect 2015-09-08 12:40:43 +02:00
Manuel Pégourié-Gonnard
3f09b6d4c2 Fix API 2015-09-08 11:58:14 +02:00
Manuel Pégourié-Gonnard
be619c1264 Clean up error codes 2015-09-08 11:21:21 +02:00
Manuel Pégourié-Gonnard
11331fc25b First working dirty version
- uses too much resources
- wrong API
2015-09-08 10:39:06 +02:00
Manuel Pégourié-Gonnard
9650205df7 Start detecting epoch 0 ClientHellos 2015-09-08 10:39:06 +02:00
Manuel Pégourié-Gonnard
26d227ddfc Add config flag for support of client port reuse 2015-09-08 10:39:06 +02:00
Manuel Pégourié-Gonnard
dbd23079d0 Add option reconnect_hard to ssl_client2
- interrupt the connection abruptly (no close_notify)
- reconnect from the same port while server sill has an active connection from
  this port.

Some real-world clients do that, see section 4.2.8 of RFC 6347.
2015-09-08 10:39:06 +02:00
Manuel Pégourié-Gonnard
7f2f062a5d Fix possible client crash on API misuse 2015-09-07 12:27:24 +02:00
Manuel Pégourié-Gonnard
14d800507a Remove "private" setting from module.json 2015-09-04 15:35:47 +02:00
Manuel Pégourié-Gonnard
0a0c22e0ef Add ChangeLog entry about license change 2015-09-04 14:38:26 +02:00
Manuel Pégourié-Gonnard
aac5502553 Bump version to 2.1.0 2015-09-04 14:33:31 +02:00
Manuel Pégourié-Gonnard
67e4652bfc Fix bug in bump_version.sh
Missing quotes around "version" in module.json
2015-09-04 14:31:16 +02:00
Manuel Pégourié-Gonnard
37ff14062e Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
Manuel Pégourié-Gonnard
f9c599cd8a Bump yotta patch version 2015-09-03 16:45:26 +02:00
Simon Butcher
2d43479ac5 Merge branch 'development' of ssh://github.com/ARMmbed/mbedtls into development 2015-09-03 13:08:55 +01:00
Simon Butcher
1a66081d7f Merge branch 'iotssl-457-badtail' into development 2015-09-03 13:08:09 +01:00
Simon Butcher
52754594b6 Merging iotssl-457-badtail with development branch 2015-09-03 13:06:01 +01:00
Manuel Pégourié-Gonnard
f851f14214 Moe top-level Readme to markdown
For consistency
2015-09-03 13:29:45 +02:00
Simon Butcher
ed51594337 Merge pull request #265 from ARMmbed/iotssl-460-bugfixes
Iotssl 460 bugfixes
2015-09-02 23:36:36 +01:00
Simon Butcher
1662c4a338 Merge pull request #264 from ARMmbed/misc
Misc improvements
2015-09-02 17:51:23 +01:00
Manuel Pégourié-Gonnard
f459a0f5f2 Bump yotta patch version 2015-09-02 10:24:46 +02:00
Manuel Pégourié-Gonnard
b2beb84be6 Changelog entry fro the previous commit 2015-09-01 19:37:32 +02:00
Manuel Pégourié-Gonnard
f81ee2eba8 Add NULL checks to top-level SSL functions
On normal use these should never be useful, but if the application has issues,
it's best for us to return an error than to crash.
2015-09-01 17:43:40 +02:00
Manuel Pégourié-Gonnard
fdbdd72b8b Skip to trusted certs early in the chain
This helps in the case where an intermediate certificate is directly trusted.
In that case we want to ignore what comes after it in the chain, not only for
performance but also to avoid false negatives (eg an old root being no longer
trusted while the newer intermediate is directly trusted).

closes #220
2015-09-01 17:24:42 +02:00
Manuel Pégourié-Gonnard
560fea3767 Add tests for verify callback
As we're about to change the chain construction logic, we want to make sure
the callback will still be called exactly when it should, and not on the
(upcoming) ignored certs in the chain.
2015-09-01 17:24:42 +02:00
Manuel Pégourié-Gonnard
4f202badec Document the three libraries in Readme
see #266
2015-09-01 10:27:16 +02:00
Manuel Pégourié-Gonnard
c881ca8502 Document how to build shared libs with CMake
Also updated
https://tls.mbed.org/kb/compiling-and-building/how-do-i-build-compile-mbedtls

closes #267
2015-09-01 10:08:28 +02:00