Simon Butcher
5793e7ef01
Merge 'development' into iotssl-411-port-reuse
...
Conflicts:
ChangeLog
2015-09-16 15:25:53 +01:00
Manuel Pégourié-Gonnard
ea5370d4a2
Don't allow reconnect during handshake
...
Especially for resumed handshake, it's entirely possible for an epoch=0
ClientHello to be retransmitted or arrive so late that the server is already
at epoch=1. There is no good way to detect whether it's that or a reconnect.
However:
- a late ClientHello seems more likely that client going down and then up
again in the middle of a handshake
- even if that's the case, we'll time out on that handshake soon enough
- we don't want to break handshake flows that used to work
So the safest option is to not treat that as a reconnect.
2015-09-15 15:17:54 +02:00
Manuel Pégourié-Gonnard
6ad23b9855
Make failing test more robust
...
Let the client retry longer, to make sure the server will time out before the
client gives up. Make it really longer to get a deterministic client exit
status (make sure it has time to reconnect after the server timeout).
2015-09-15 12:57:46 +02:00
Simon Butcher
a1a1128f7d
Updated ChangeLog for fix #275
2015-09-14 21:30:40 +01:00
Simon Butcher
520d3b81ad
Merge pull request #289 from quartzjer/development
...
Corrections to typos in README.md
2015-09-14 20:03:19 +01:00
Simon Butcher
49641ad799
Merge pull request #275 from embedthis/fix-1
...
FIX: compiler warning with recvfrom on 64-bit
2015-09-14 19:59:28 +01:00
Jeremie Miller
c57556e52a
tiny spelling fixes
2015-09-12 09:57:23 -06:00
Simon Butcher
d69f14bed8
Updated Changelog for new version
2015-09-11 20:00:20 +01:00
Simon Butcher
8a52a7468d
Added PR to Changelog for NWilson
2015-09-11 19:44:34 +01:00
Simon Butcher
835faec899
Merge branch 'NWilson-const_profile'
2015-09-11 19:27:08 +01:00
Simon Butcher
d0bf6a3891
Update ssl_tls.c
...
Clarification in comments
2015-09-11 17:34:49 +01:00
Simon Butcher
74ca8d07ad
Update ssl_tls.c
...
Clarification in comments to ssl_handle_possible_reconnect()
2015-09-11 17:22:40 +01:00
Simon Butcher
0789aed39d
Update ssl_tls.c
...
Typo
2015-09-11 17:15:17 +01:00
Simon Butcher
1a57af1607
Update ssl.h
...
Typo
2015-09-11 17:14:16 +01:00
Simon Butcher
4f6882a8a3
Update config.h
...
Typo in RFC x-ref comment.
2015-09-11 17:12:46 +01:00
Embedthis Software
a25cab8bea
FIX: compiler warning with recvfrom on 64-bit
2015-09-09 08:49:48 -07:00
Manuel Pégourié-Gonnard
a6b95f01cc
Print I/O buffer size in memory.sh
2015-09-09 13:51:05 +02:00
Manuel Pégourié-Gonnard
ddfe5d20d1
Tune dependencies
...
Don't depend on srv.c in config.h, but add explicit checks. This is more
in line with other options that only make sense server-side, and also it
allows to test full config minus srv.c more easily.
2015-09-09 12:46:16 +02:00
Manuel Pégourié-Gonnard
2ed05a049a
Fix typos
2015-09-09 11:52:28 +02:00
Manuel Pégourié-Gonnard
ab05d23b29
Update generated file
2015-09-09 11:50:00 +02:00
Manuel Pégourié-Gonnard
259db91023
Add test without cookies
...
Tune existing tests while at it
2015-09-09 11:48:45 +02:00
Manuel Pégourié-Gonnard
22311ae62e
Improve help message of ssl_*2.c
2015-09-09 11:22:58 +02:00
Manuel Pégourié-Gonnard
62c74bb78a
Stop wasting resources
...
Use a custom function that minimally parses the message an creates a reply
without the overhead of a full SSL context.
Also fix dependencies: needs DTLS_HELLO_VERIFY for the cookie types, and let's
also depend on SRV_C as is doesn't make sense on client.
2015-09-09 11:22:52 +02:00
Nicholas Wilson
2088e2ebd9
fix const-ness of argument to mbedtls_ssl_conf_cert_profile
...
Otherwise, it's impossible to pass in a pointer to
mbedtls_x509_crt_profile_next!
2015-09-08 16:53:18 +01:00
Manuel Pégourié-Gonnard
222cb8db22
Tune related documentation while at it
2015-09-08 15:43:59 +02:00
Manuel Pégourié-Gonnard
3a2a4485d4
Update documentation
2015-09-08 15:36:09 +02:00
Manuel Pégourié-Gonnard
14c2574a9d
Update Changelog
2015-09-08 15:12:45 +02:00
Manuel Pégourié-Gonnard
d745a1a9b7
Add tests for hard reconnect
2015-09-08 12:40:43 +02:00
Manuel Pégourié-Gonnard
3f09b6d4c2
Fix API
2015-09-08 11:58:14 +02:00
Manuel Pégourié-Gonnard
be619c1264
Clean up error codes
2015-09-08 11:21:21 +02:00
Manuel Pégourié-Gonnard
11331fc25b
First working dirty version
...
- uses too much resources
- wrong API
2015-09-08 10:39:06 +02:00
Manuel Pégourié-Gonnard
9650205df7
Start detecting epoch 0 ClientHellos
2015-09-08 10:39:06 +02:00
Manuel Pégourié-Gonnard
26d227ddfc
Add config flag for support of client port reuse
2015-09-08 10:39:06 +02:00
Manuel Pégourié-Gonnard
dbd23079d0
Add option reconnect_hard to ssl_client2
...
- interrupt the connection abruptly (no close_notify)
- reconnect from the same port while server sill has an active connection from
this port.
Some real-world clients do that, see section 4.2.8 of RFC 6347.
2015-09-08 10:39:06 +02:00
Manuel Pégourié-Gonnard
14d800507a
Remove "private" setting from module.json
2015-09-04 15:35:47 +02:00
Manuel Pégourié-Gonnard
0a0c22e0ef
Add ChangeLog entry about license change
2015-09-04 14:38:26 +02:00
Manuel Pégourié-Gonnard
aac5502553
Bump version to 2.1.0
2015-09-04 14:33:31 +02:00
Manuel Pégourié-Gonnard
67e4652bfc
Fix bug in bump_version.sh
...
Missing quotes around "version" in module.json
2015-09-04 14:31:16 +02:00
Manuel Pégourié-Gonnard
37ff14062e
Change main license to Apache 2.0
2015-09-04 14:21:07 +02:00
Manuel Pégourié-Gonnard
f9c599cd8a
Bump yotta patch version
2015-09-03 16:45:26 +02:00
Simon Butcher
2d43479ac5
Merge branch 'development' of ssh://github.com/ARMmbed/mbedtls into development
2015-09-03 13:08:55 +01:00
Simon Butcher
1a66081d7f
Merge branch 'iotssl-457-badtail' into development
2015-09-03 13:08:09 +01:00
Simon Butcher
52754594b6
Merging iotssl-457-badtail with development branch
2015-09-03 13:06:01 +01:00
Manuel Pégourié-Gonnard
f851f14214
Moe top-level Readme to markdown
...
For consistency
2015-09-03 13:29:45 +02:00
Simon Butcher
ed51594337
Merge pull request #265 from ARMmbed/iotssl-460-bugfixes
...
Iotssl 460 bugfixes
2015-09-02 23:36:36 +01:00
Simon Butcher
1662c4a338
Merge pull request #264 from ARMmbed/misc
...
Misc improvements
2015-09-02 17:51:23 +01:00
Manuel Pégourié-Gonnard
f459a0f5f2
Bump yotta patch version
2015-09-02 10:24:46 +02:00
Manuel Pégourié-Gonnard
b2beb84be6
Changelog entry fro the previous commit
2015-09-01 19:37:32 +02:00
Manuel Pégourié-Gonnard
f81ee2eba8
Add NULL checks to top-level SSL functions
...
On normal use these should never be useful, but if the application has issues,
it's best for us to return an error than to crash.
2015-09-01 17:43:40 +02:00
Manuel Pégourié-Gonnard
fdbdd72b8b
Skip to trusted certs early in the chain
...
This helps in the case where an intermediate certificate is directly trusted.
In that case we want to ignore what comes after it in the chain, not only for
performance but also to avoid false negatives (eg an old root being no longer
trusted while the newer intermediate is directly trusted).
closes #220
2015-09-01 17:24:42 +02:00