Commit Graph

3374 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
c7647079fa Merge branch 'development' into dtls
* development:
  Include 1.2.12 release information in ChangeLog
2014-11-05 16:02:57 +01:00
Manuel Pégourié-Gonnard
b3c6a97b31 Update Changelog for session-hash 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
c122ae7612 Update Changelog for EtM 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
769c6b6351 Make session-hash depend on TLS versions 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
1a03473576 Keep EtM state across renegotiations 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
b575b54cb9 Forbid extended master secret with SSLv3 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
169dd6a514 Adjust minimum length for EtM 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
dd4592774b compat.sh: allow git version of gnutls 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
78e745fc0a Don't send back EtM extension if not using CBC 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
08558e5b46 Fix for the RFC erratum 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
313d796e80 Implement EtM 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
0098e7dc70 Preparation for EtM 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
699cafaea2 Implement initial negotiation of EtM
Not implemented yet:
- actually using EtM
- conditions on renegotiation
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
178f9d6e19 Update Changelog for FALLBACK_SCSV 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
85a4178f82 compat.sh: make options a bit more robust 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
01b2699198 Implement FALLBACK_SCSV server-side 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
ada3030485 Implement extended master secret 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
1cbd39dbeb Implement FALLBACK_SCSV client-side 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
367381fddd Add negotiation of Extended Master Secret
(But not the actual thing yet.)
2014-11-05 16:00:49 +01:00
Paul Bakker
a6c5ea2c43 Include 1.2.12 release information in ChangeLog 2014-10-24 16:26:29 +02:00
Paul Bakker
92c1f41e38 Add VS projects 2014-10-22 16:08:46 +02:00
Paul Bakker
f2a459df05 Preparation for PolarSSL 1.4.0 2014-10-21 16:40:54 +02:00
Paul Bakker
1de7ddc333 Remove duplicate ChangeLog lines 2014-10-21 16:33:30 +02:00
Manuel Pégourié-Gonnard
6b875fc7e5 Fix potential memory leak (from clang-analyzer) 2014-10-21 16:33:00 +02:00
Manuel Pégourié-Gonnard
7498f0da0a Disable warning about deprecation attribute 2014-10-21 16:32:59 +02:00
Manuel Pégourié-Gonnard
4d7fbbf8fd Update Changelog 2014-10-21 16:32:59 +02:00
Manuel Pégourié-Gonnard
ef88e68188 Deprecate ssl_set_bio() 2014-10-21 16:32:58 +02:00
Manuel Pégourié-Gonnard
df3acd82e2 Limit HelloRequest retransmission if not enforced 2014-10-21 16:32:58 +02:00
Manuel Pégourié-Gonnard
26a4cf63ec Add retransmission of HelloRequest 2014-10-21 16:32:57 +02:00
Manuel Pégourié-Gonnard
a6ace04c5c Test for lost HelloRequest 2014-10-21 16:32:57 +02:00
Manuel Pégourié-Gonnard
f1384470bf Avoid spurious timeout in ssl-opt.sh 2014-10-21 16:32:57 +02:00
Manuel Pégourié-Gonnard
74a1378175 Avoid false positive in ssl-opt.sh with memcheck 2014-10-21 16:32:56 +02:00
Manuel Pégourié-Gonnard
8e704f0f74 DTLS depends on TIMING_C for now 2014-10-21 16:32:56 +02:00
Manuel Pégourié-Gonnard
e698f59a25 Add tests for ssl_set_dtls_badmac_limit() 2014-10-21 16:32:56 +02:00
Manuel Pégourié-Gonnard
b0643d152d Add ssl_set_dtls_badmac_limit() 2014-10-21 16:32:55 +02:00
Manuel Pégourié-Gonnard
9b35f18f66 Add ssl_get_record_expansion() 2014-10-21 16:32:55 +02:00
Manuel Pégourié-Gonnard
e63582a166 Add dlts_client.c and dtls_server.c 2014-10-21 16:32:54 +02:00
Manuel Pégourié-Gonnard
dc6a75a952 ERR_NET_CONN_RESET can't happen with UDP 2014-10-21 16:32:54 +02:00
Manuel Pégourié-Gonnard
caecdaed25 Cosmetics in ssl_server2 & complete tests for HVR 2014-10-21 16:32:54 +02:00
Manuel Pégourié-Gonnard
2d87e419e0 Adapt ssl_{client,server}2.c to datagram write 2014-10-21 16:32:53 +02:00
Manuel Pégourié-Gonnard
a6fcffe516 Add warnings about disabling replay detection 2014-10-21 16:32:53 +02:00
Manuel Pégourié-Gonnard
37e08e1689 Fix max_fragment_length with DTLS 2014-10-21 16:32:53 +02:00
Manuel Pégourié-Gonnard
23cad339c4 Fail cleanly on unhandled case 2014-10-21 16:32:52 +02:00
Manuel Pégourié-Gonnard
994f8b554f Ok for close_notify to fail 2014-10-21 16:32:52 +02:00
Manuel Pégourié-Gonnard
127ab88dba Give more time to lossy tests with normal timers 2014-10-21 16:32:51 +02:00
Manuel Pégourié-Gonnard
fc572dd4f6 Retransmit only on last message from prev flight
Be a good network citizen, try to avoid causing congestion by causing a
retransmission explosion.
2014-10-21 16:32:51 +02:00
Manuel Pégourié-Gonnard
8a7cf2543a Add a few #ifdefs 2014-10-21 16:32:51 +02:00
Manuel Pégourié-Gonnard
ba958b8bdc Add test for server-initiated renego
Just assuming the HelloRequest isn't lost for now
2014-10-21 16:32:50 +02:00
Manuel Pégourié-Gonnard
a9d7d03e30 SIGTERM also interrupts server2 during net_read() 2014-10-21 16:32:50 +02:00
Manuel Pégourié-Gonnard
6a2bc23f63 Allow exchanges=0 in ssl_server2
Useful for testing with defensics with no data exchange
2014-10-21 16:32:50 +02:00