Manuel Pégourié-Gonnard
|
5d53cbef3a
|
Fix length check in ssl_write_ticket()
|
2014-10-21 16:30:13 +02:00 |
|
Manuel Pégourié-Gonnard
|
b2f3be8757
|
Support multiple records in one datagram
|
2014-10-21 16:30:10 +02:00 |
|
Manuel Pégourié-Gonnard
|
d6b721c7ee
|
More ssl_parse_client_hello() adjustments
|
2014-10-21 16:30:08 +02:00 |
|
Manuel Pégourié-Gonnard
|
4128aa71ee
|
Add the 'cookie' field of DTLS ClientHello
|
2014-10-21 16:30:08 +02:00 |
|
Manuel Pégourié-Gonnard
|
8933a65d5c
|
Rework ssl_parse_client_hello() a bit
- make it more linear
- check lengths better
- prepare for optional "cookie" field
|
2014-10-21 16:30:08 +02:00 |
|
Manuel Pégourié-Gonnard
|
e89bcf05da
|
Write new DTLS handshake fields correctly
|
2014-10-21 16:30:07 +02:00 |
|
Manuel Pégourié-Gonnard
|
ce441b3442
|
Add space for new DTLS fields in handshake
|
2014-10-21 16:30:07 +02:00 |
|
Manuel Pégourié-Gonnard
|
0619348288
|
Add explicit counter in DTLS record header
|
2014-10-21 16:30:06 +02:00 |
|
Manuel Pégourié-Gonnard
|
507e1e410a
|
Prep: allow {in,out}_len != {in,out}_hdr + 3
|
2014-10-21 16:30:06 +02:00 |
|
Manuel Pégourié-Gonnard
|
abc7e3b4ba
|
Handle DTLS version encoding and fix some checks
|
2014-10-21 16:30:05 +02:00 |
|
Manuel Pégourié-Gonnard
|
d66645130c
|
Add a ciphersuite NODTLS flag
|
2014-10-21 16:30:03 +02:00 |
|
Manuel Pégourié-Gonnard
|
43c3b28ca6
|
Fix memory leak with crafted ClientHello
|
2014-10-17 12:42:11 +02:00 |
|
Manuel Pégourié-Gonnard
|
480905d563
|
Fix selection of hash from sig_alg ClientHello ext.
|
2014-08-30 14:19:59 +02:00 |
|
Paul Bakker
|
84bbeb58df
|
Adapt cipher and MD layer with _init() and _free()
|
2014-07-09 10:19:24 +02:00 |
|
Paul Bakker
|
accaffe2c3
|
Restructure ssl_handshake_init() and small fixes
|
2014-07-09 10:19:24 +02:00 |
|
Paul Bakker
|
5b4af39a36
|
Add _init() and _free() for hash modules
|
2014-07-09 10:19:23 +02:00 |
|
Manuel Pégourié-Gonnard
|
d27680bd5e
|
Clarify code using PSK callback
|
2014-07-08 14:20:26 +02:00 |
|
Manuel Pégourié-Gonnard
|
14beb08542
|
Fix missing const
|
2014-07-08 14:20:26 +02:00 |
|
Manuel Pégourié-Gonnard
|
08e81e0c8f
|
Change selection of hash algorithm for TLS 1.2
|
2014-07-08 14:20:26 +02:00 |
|
Manuel Pégourié-Gonnard
|
dd0c0f33c0
|
Better usage of dhm_calc_secret in SSL
|
2014-06-25 11:26:14 +02:00 |
|
Manuel Pégourié-Gonnard
|
4d2a8eb6ff
|
SSL modules now using x509_crt_parse_der()
Avoid uselessly trying to decode PEM.
|
2014-06-23 11:54:57 +02:00 |
|
Paul Bakker
|
66d5d076f7
|
Fix formatting in various code to match spacing from coding style
|
2014-06-17 17:06:47 +02:00 |
|
Paul Bakker
|
db20c10423
|
Add #endif comments for #endif more than 10 lines from #if / #else
|
2014-06-17 14:34:44 +02:00 |
|
Paul Bakker
|
3461772559
|
Introduce polarssl_zeroize() instead of memset() for zeroization
|
2014-06-14 16:46:03 +02:00 |
|
Paul Bakker
|
14877e6250
|
Remove unused 'ret' variable
|
2014-06-12 23:01:18 +02:00 |
|
Paul Bakker
|
14b16c62e9
|
Minor optimizations (original by Peter Vaskovic, modified by Paul Bakker)
Move strlen out of for loop.
Remove redundant null checks before free.
|
2014-05-28 11:34:33 +02:00 |
|
Paul Bakker
|
0f651c7422
|
Stricter check on SSL ClientHello internal sizes compared to actual packet size
|
2014-05-22 15:12:19 +02:00 |
|
Manuel Pégourié-Gonnard
|
61edffef28
|
Normalize "should never happen" messages/errors
|
2014-05-22 13:52:47 +02:00 |
|
Paul Bakker
|
b9e4e2c97a
|
Fix formatting: fix some 'easy' > 80 length lines
|
2014-05-01 14:18:25 +02:00 |
|
Paul Bakker
|
9af723cee7
|
Fix formatting: remove trailing spaces, #endif with comments (> 10 lines)
|
2014-05-01 13:03:14 +02:00 |
|
Manuel Pégourié-Gonnard
|
cef4ad2509
|
Adapt sources to configurable config.h name
|
2014-04-30 16:40:20 +02:00 |
|
Paul Bakker
|
a70366317d
|
Improve interop by not writing ext_len in ClientHello / ServerHello when 0
The RFC also indicates that without any extensions, we should write a
struct {} (empty) not an array of length zero.
|
2014-04-30 10:16:16 +02:00 |
|
Paul Bakker
|
c70e425a73
|
Only iterate over actual certificates in ssl_write_certificate_request()
|
2014-04-18 13:50:19 +02:00 |
|
Paul Bakker
|
4f42c11846
|
Remove arbitrary maximum length for cipher_list and content length
|
2014-04-17 15:37:39 +02:00 |
|
Paul Bakker
|
d893aef867
|
Force default value to curve parameter
|
2014-04-17 14:45:34 +02:00 |
|
Manuel Pégourié-Gonnard
|
7f2a07d7b2
|
Check keyUsage in SSL client and server
|
2014-04-09 15:50:57 +02:00 |
|
Manuel Pégourié-Gonnard
|
f6521de17b
|
Add ALPN tests to ssl-opt.sh
Only self-op for now, required peer versions are a bit high:
- OpenSSL 1.0.2-beta
- GnuTLS 3.2.0 (released 2013-05-10) (gnutls-cli only)
|
2014-04-07 12:42:04 +02:00 |
|
Manuel Pégourié-Gonnard
|
89e35798ae
|
Implement ALPN server-side
|
2014-04-07 12:26:35 +02:00 |
|
Manuel Pégourié-Gonnard
|
969ccc6289
|
Fix length checking of various ClientKeyExchange's
|
2014-03-27 21:10:56 +01:00 |
|
Manuel Pégourié-Gonnard
|
b2bf5a1bbb
|
Fix possible buffer overflow with PSK
|
2014-03-26 12:58:50 +01:00 |
|
Manuel Pégourié-Gonnard
|
d701c9aec9
|
Fix memory leak in server with expired tickets
|
2014-03-14 08:41:01 +01:00 |
|
Manuel Pégourié-Gonnard
|
145dfcbfc2
|
Fix bug with NewSessionTicket and non-blocking I/O
|
2014-03-14 08:41:01 +01:00 |
|
Manuel Pégourié-Gonnard
|
96ea2f2557
|
Add tests for SNI
|
2014-03-14 08:41:01 +01:00 |
|
Manuel Pégourié-Gonnard
|
8520dac292
|
Add tests for auth_mode
|
2014-03-14 08:41:00 +01:00 |
|
Manuel Pégourié-Gonnard
|
f7c52014ec
|
Add basic tests for session resumption
|
2014-03-14 08:41:00 +01:00 |
|
Manuel Pégourié-Gonnard
|
6b1e207081
|
Fix verion-major intolerance
|
2014-02-12 10:14:54 +01:00 |
|
Paul Bakker
|
7dc4c44267
|
Library files moved to use platform layer
|
2014-02-06 13:20:16 +01:00 |
|
Manuel Pégourié-Gonnard
|
f6dc5e1d16
|
Remove temporary debug code
|
2014-02-06 10:28:38 +01:00 |
|
Manuel Pégourié-Gonnard
|
c3f6b62ccc
|
Print curve name instead of size in debugging
Also refactor server-side curve selection
|
2014-02-06 10:28:38 +01:00 |
|
Manuel Pégourié-Gonnard
|
de05390c85
|
Rename ecdh_curve_list to curve_list
|
2014-02-06 10:28:38 +01:00 |
|