Manuel Pégourié-Gonnard
|
b3c6a97b31
|
Update Changelog for session-hash
|
2014-11-05 16:00:50 +01:00 |
|
Manuel Pégourié-Gonnard
|
c122ae7612
|
Update Changelog for EtM
|
2014-11-05 16:00:50 +01:00 |
|
Manuel Pégourié-Gonnard
|
769c6b6351
|
Make session-hash depend on TLS versions
|
2014-11-05 16:00:50 +01:00 |
|
Manuel Pégourié-Gonnard
|
1a03473576
|
Keep EtM state across renegotiations
|
2014-11-05 16:00:50 +01:00 |
|
Manuel Pégourié-Gonnard
|
b575b54cb9
|
Forbid extended master secret with SSLv3
|
2014-11-05 16:00:50 +01:00 |
|
Manuel Pégourié-Gonnard
|
169dd6a514
|
Adjust minimum length for EtM
|
2014-11-05 16:00:50 +01:00 |
|
Manuel Pégourié-Gonnard
|
dd4592774b
|
compat.sh: allow git version of gnutls
|
2014-11-05 16:00:50 +01:00 |
|
Manuel Pégourié-Gonnard
|
78e745fc0a
|
Don't send back EtM extension if not using CBC
|
2014-11-05 16:00:50 +01:00 |
|
Manuel Pégourié-Gonnard
|
08558e5b46
|
Fix for the RFC erratum
|
2014-11-05 16:00:50 +01:00 |
|
Manuel Pégourié-Gonnard
|
313d796e80
|
Implement EtM
|
2014-11-05 16:00:50 +01:00 |
|
Manuel Pégourié-Gonnard
|
0098e7dc70
|
Preparation for EtM
|
2014-11-05 16:00:50 +01:00 |
|
Manuel Pégourié-Gonnard
|
699cafaea2
|
Implement initial negotiation of EtM
Not implemented yet:
- actually using EtM
- conditions on renegotiation
|
2014-11-05 16:00:50 +01:00 |
|
Manuel Pégourié-Gonnard
|
178f9d6e19
|
Update Changelog for FALLBACK_SCSV
|
2014-11-05 16:00:49 +01:00 |
|
Manuel Pégourié-Gonnard
|
85a4178f82
|
compat.sh: make options a bit more robust
|
2014-11-05 16:00:49 +01:00 |
|
Manuel Pégourié-Gonnard
|
01b2699198
|
Implement FALLBACK_SCSV server-side
|
2014-11-05 16:00:49 +01:00 |
|
Manuel Pégourié-Gonnard
|
ada3030485
|
Implement extended master secret
|
2014-11-05 16:00:49 +01:00 |
|
Manuel Pégourié-Gonnard
|
1cbd39dbeb
|
Implement FALLBACK_SCSV client-side
|
2014-11-05 16:00:49 +01:00 |
|
Manuel Pégourié-Gonnard
|
367381fddd
|
Add negotiation of Extended Master Secret
(But not the actual thing yet.)
|
2014-11-05 16:00:49 +01:00 |
|
Paul Bakker
|
a6c5ea2c43
|
Include 1.2.12 release information in ChangeLog
|
2014-10-24 16:26:29 +02:00 |
|
Paul Bakker
|
92c1f41e38
|
Add VS projects
|
2014-10-22 16:08:46 +02:00 |
|
Paul Bakker
|
f2a459df05
|
Preparation for PolarSSL 1.4.0
|
2014-10-21 16:40:54 +02:00 |
|
Paul Bakker
|
1de7ddc333
|
Remove duplicate ChangeLog lines
|
2014-10-21 16:33:30 +02:00 |
|
Manuel Pégourié-Gonnard
|
6b875fc7e5
|
Fix potential memory leak (from clang-analyzer)
|
2014-10-21 16:33:00 +02:00 |
|
Manuel Pégourié-Gonnard
|
7498f0da0a
|
Disable warning about deprecation attribute
|
2014-10-21 16:32:59 +02:00 |
|
Manuel Pégourié-Gonnard
|
4d7fbbf8fd
|
Update Changelog
|
2014-10-21 16:32:59 +02:00 |
|
Manuel Pégourié-Gonnard
|
ef88e68188
|
Deprecate ssl_set_bio()
|
2014-10-21 16:32:58 +02:00 |
|
Manuel Pégourié-Gonnard
|
df3acd82e2
|
Limit HelloRequest retransmission if not enforced
|
2014-10-21 16:32:58 +02:00 |
|
Manuel Pégourié-Gonnard
|
26a4cf63ec
|
Add retransmission of HelloRequest
|
2014-10-21 16:32:57 +02:00 |
|
Manuel Pégourié-Gonnard
|
a6ace04c5c
|
Test for lost HelloRequest
|
2014-10-21 16:32:57 +02:00 |
|
Manuel Pégourié-Gonnard
|
f1384470bf
|
Avoid spurious timeout in ssl-opt.sh
|
2014-10-21 16:32:57 +02:00 |
|
Manuel Pégourié-Gonnard
|
74a1378175
|
Avoid false positive in ssl-opt.sh with memcheck
|
2014-10-21 16:32:56 +02:00 |
|
Manuel Pégourié-Gonnard
|
8e704f0f74
|
DTLS depends on TIMING_C for now
|
2014-10-21 16:32:56 +02:00 |
|
Manuel Pégourié-Gonnard
|
e698f59a25
|
Add tests for ssl_set_dtls_badmac_limit()
|
2014-10-21 16:32:56 +02:00 |
|
Manuel Pégourié-Gonnard
|
b0643d152d
|
Add ssl_set_dtls_badmac_limit()
|
2014-10-21 16:32:55 +02:00 |
|
Manuel Pégourié-Gonnard
|
9b35f18f66
|
Add ssl_get_record_expansion()
|
2014-10-21 16:32:55 +02:00 |
|
Manuel Pégourié-Gonnard
|
e63582a166
|
Add dlts_client.c and dtls_server.c
|
2014-10-21 16:32:54 +02:00 |
|
Manuel Pégourié-Gonnard
|
dc6a75a952
|
ERR_NET_CONN_RESET can't happen with UDP
|
2014-10-21 16:32:54 +02:00 |
|
Manuel Pégourié-Gonnard
|
caecdaed25
|
Cosmetics in ssl_server2 & complete tests for HVR
|
2014-10-21 16:32:54 +02:00 |
|
Manuel Pégourié-Gonnard
|
2d87e419e0
|
Adapt ssl_{client,server}2.c to datagram write
|
2014-10-21 16:32:53 +02:00 |
|
Manuel Pégourié-Gonnard
|
a6fcffe516
|
Add warnings about disabling replay detection
|
2014-10-21 16:32:53 +02:00 |
|
Manuel Pégourié-Gonnard
|
37e08e1689
|
Fix max_fragment_length with DTLS
|
2014-10-21 16:32:53 +02:00 |
|
Manuel Pégourié-Gonnard
|
23cad339c4
|
Fail cleanly on unhandled case
|
2014-10-21 16:32:52 +02:00 |
|
Manuel Pégourié-Gonnard
|
994f8b554f
|
Ok for close_notify to fail
|
2014-10-21 16:32:52 +02:00 |
|
Manuel Pégourié-Gonnard
|
127ab88dba
|
Give more time to lossy tests with normal timers
|
2014-10-21 16:32:51 +02:00 |
|
Manuel Pégourié-Gonnard
|
fc572dd4f6
|
Retransmit only on last message from prev flight
Be a good network citizen, try to avoid causing congestion by causing a
retransmission explosion.
|
2014-10-21 16:32:51 +02:00 |
|
Manuel Pégourié-Gonnard
|
8a7cf2543a
|
Add a few #ifdefs
|
2014-10-21 16:32:51 +02:00 |
|
Manuel Pégourié-Gonnard
|
ba958b8bdc
|
Add test for server-initiated renego
Just assuming the HelloRequest isn't lost for now
|
2014-10-21 16:32:50 +02:00 |
|
Manuel Pégourié-Gonnard
|
a9d7d03e30
|
SIGTERM also interrupts server2 during net_read()
|
2014-10-21 16:32:50 +02:00 |
|
Manuel Pégourié-Gonnard
|
6a2bc23f63
|
Allow exchanges=0 in ssl_server2
Useful for testing with defensics with no data exchange
|
2014-10-21 16:32:50 +02:00 |
|
Manuel Pégourié-Gonnard
|
cce220d6aa
|
Adapt ssl_server2 to datagram-style read
|
2014-10-21 16:32:49 +02:00 |
|