Manuel Pégourié-Gonnard
085ab040aa
Fix website url to use https.
2015-01-23 11:06:27 +00:00
Manuel Pégourié-Gonnard
9698f5852c
Remove maintainer line.
2015-01-23 10:59:00 +00:00
Manuel Pégourié-Gonnard
19f6b5dfaa
Remove redundant "all rights reserved"
2015-01-23 10:54:00 +00:00
Manuel Pégourié-Gonnard
eab72e2ced
Merge branch 'development' into dtls
...
* development:
Update copyright
Fix issue in compat.sh
Rename doxyfile
Rename to mbed TLS in tests/
Rename to mbed TLS in examples
Remove old test certificates.
Rename to mbed TLS in the documentation/comments
Change name to mbed TLS in the copyright notice
Conflicts:
doxygen/input/doc_mainpage.h
doxygen/mbedtls.doxyfile
include/polarssl/version.h
tests/compat.sh
2015-01-23 10:23:17 +00:00
Manuel Pégourié-Gonnard
a658a4051b
Update copyright
2015-01-23 09:55:24 +00:00
Manuel Pégourié-Gonnard
967a2a5f8c
Change name to mbed TLS in the copyright notice
2015-01-22 14:28:16 +00:00
Manuel Pégourié-Gonnard
3a173f497b
Merge branch 'development' into dtls
...
* development:
Fix error code description.
generate_errors.pl now errors on duplicate codes
Avoid nested if's without braces.
Move renego SCSV after actual ciphersuites
Fix send_close_notify usage.
Rename variable for clarity
Improve script portability
Conflicts:
library/ssl_srv.c
programs/ssl/ssl_client2.c
programs/ssl/ssl_server2.c
tests/ssl-opt.sh
2015-01-22 13:30:33 +00:00
Manuel Pégourié-Gonnard
59c6f2ef21
Avoid nested if's without braces.
...
Creates a potential for confusing code if we later want to add an else clause.
2015-01-22 11:06:40 +00:00
Manuel Pégourié-Gonnard
5d9cde25da
Move renego SCSV after actual ciphersuites
2015-01-22 10:49:41 +00:00
Manuel Pégourié-Gonnard
67505bf9e8
Merge branch 'development' into dtls
...
* development:
Adapt tests to new defaults/errors.
Fix typos/cosmetics in Changelog
Disable RC4 by default in example programs.
Add ssl_set_arc4_support()
Set min version to TLS 1.0 in programs
Conflicts:
include/polarssl/ssl.h
library/ssl_cli.c
library/ssl_srv.c
tests/compat.sh
2015-01-21 13:57:33 +00:00
Manuel Pégourié-Gonnard
0af1ba3521
Merge commit 'f6080b8' into dtls
...
* commit 'f6080b8':
Fix warning in reduced configs
Adapt to "negative" switch for renego
Add tests for periodic renegotiation
Make renego period configurable
Auto-renegotiate before sequence number wrapping
Update Changelog for compile-option renegotiation
Switch from an enable to a disable flag
Save 48 bytes if SSLv3 is not defined
Make renegotiation a compile-time option
Add tests for renego security enforcement
Conflicts:
include/polarssl/ssl.h
library/ssl_cli.c
library/ssl_srv.c
library/ssl_tls.c
programs/ssl/ssl_server2.c
tests/ssl-opt.sh
2015-01-21 11:54:33 +00:00
Manuel Pégourié-Gonnard
edb7ed3a43
Merge commit 'd7e2483' into dtls
...
* commit 'd7e2483': (57 commits)
Skip signature_algorithms ext if PSK only
Fix bug in ssl_client2 reconnect option
Cosmetics in ssl_server2
Improve debugging message.
Fix net_usleep for durations greater than 1 second
Use pk_load_file() in X509
Create ticket keys only if enabled
Fix typo in #ifdef
Clarify documentation a bit
Fix comment on resumption
Update comment from draft to RFC
Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c
Add recursion.pl to all.sh
Allow x509_crt_verify_child() in recursion.pl
Set a compile-time limit to X.509 chain length
Fix 3DES -> DES in all.sh (+ time estimates)
Add curves.pl to all.sh
Rework all.sh to use MSan instead of valgrind
Fix depends on individual curves in tests
Add script to test depends on individual curves
...
Conflicts:
CMakeLists.txt
programs/ssl/ssl_client2.c
2015-01-20 16:52:28 +00:00
Paul Bakker
5b8f7eaa3e
Merge new security defaults for programs (RC4 disabled, SSL3 disabled)
2015-01-14 16:26:54 +01:00
Paul Bakker
f6080b8557
Merge support for enabling / disabling renegotiation support at compile-time
2015-01-13 16:18:23 +01:00
Paul Bakker
d7e2483bfc
Merge miscellaneous fixes into development
2015-01-13 16:04:38 +01:00
Manuel Pégourié-Gonnard
bd47a58221
Add ssl_set_arc4_support()
...
Rationale: if people want to disable RC4 but otherwise keep the default suite
list, it was cumbersome. Also, since it uses a global array,
ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like
the best place, even if it means temporarily adding one SSL setting.
2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard
d94232389e
Skip signature_algorithms ext if PSK only
2014-12-02 11:57:29 +01:00
Manuel Pégourié-Gonnard
eaecbd3ba8
Fix warning in reduced configs
2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard
615e677c0b
Make renegotiation a compile-time option
2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard
f9d778d635
Merge branch 'etm' into dtls
...
* etm:
Fix warning in reduced config
Update Changelog for EtM
Keep EtM state across renegotiations
Adjust minimum length for EtM
Don't send back EtM extension if not using CBC
Fix for the RFC erratum
Implement EtM
Preparation for EtM
Implement initial negotiation of EtM
Conflicts:
include/polarssl/check_config.h
2014-11-06 01:36:32 +01:00
Manuel Pégourié-Gonnard
56d985d0a6
Merge branch 'session-hash' into dtls
...
* session-hash:
Update Changelog for session-hash
Make session-hash depend on TLS versions
Forbid extended master secret with SSLv3
compat.sh: allow git version of gnutls
compat.sh: make options a bit more robust
Implement extended master secret
Add negotiation of Extended Master Secret
Conflicts:
include/polarssl/check_config.h
programs/ssl/ssl_server2.c
2014-11-06 01:25:09 +01:00
Manuel Pégourié-Gonnard
fedba98ede
Merge branch 'fb-scsv' into dtls
...
* fb-scsv:
Update Changelog for FALLBACK_SCSV
Implement FALLBACK_SCSV server-side
Implement FALLBACK_SCSV client-side
2014-11-05 16:12:09 +01:00
Manuel Pégourié-Gonnard
b575b54cb9
Forbid extended master secret with SSLv3
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
699cafaea2
Implement initial negotiation of EtM
...
Not implemented yet:
- actually using EtM
- conditions on renegotiation
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
ada3030485
Implement extended master secret
2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
1cbd39dbeb
Implement FALLBACK_SCSV client-side
2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
367381fddd
Add negotiation of Extended Master Secret
...
(But not the actual thing yet.)
2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
7de3c9eecb
Count timeout per flight, not per message
2014-10-21 16:32:41 +02:00
Manuel Pégourié-Gonnard
cd32a50d67
Fix NewSesssionTicket vs ChangeCipherSpec bug
...
Since we were cheating on state, ssl_read_record() wasn't able to drop
out-of-sequence ChangeCipherSpec messages. Cheat a bit less.
2014-10-21 16:32:31 +02:00
Manuel Pégourié-Gonnard
5d8ba53ace
Expand and fix resend infrastructure
2014-10-21 16:32:28 +02:00
Manuel Pégourié-Gonnard
d92d6a1b5b
ssl_parse_server_key_exchange() cleanups
2014-10-21 16:30:32 +02:00
Manuel Pégourié-Gonnard
000d5aec13
No memmove: parse_new_session_ticket()
2014-10-21 16:30:31 +02:00
Manuel Pégourié-Gonnard
0b3400dafa
No memmove: ssl_parse_server_hello()
2014-10-21 16:30:31 +02:00
Manuel Pégourié-Gonnard
069eb79043
No memmove: ssl_parse_hello_verify_request()
2014-10-21 16:30:30 +02:00
Manuel Pégourié-Gonnard
04c1b4ece1
No memmove: certificate_request + server_hello_done
2014-10-21 16:30:30 +02:00
Manuel Pégourié-Gonnard
f4830b5092
No memmove: ssl_parse_server_key_exchange()
2014-10-21 16:30:30 +02:00
Manuel Pégourié-Gonnard
f899583f94
Prepare moving away from memmove() on incoming HS
2014-10-21 16:30:29 +02:00
Manuel Pégourié-Gonnard
b35fe5638a
Fix HelloVerifyRequest version handling
2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard
fb2d22371f
Reuse random when responding to a verify request
2014-10-21 16:30:14 +02:00
Manuel Pégourié-Gonnard
b760f001d7
Extract generate client random to a function
2014-10-21 16:30:14 +02:00
Manuel Pégourié-Gonnard
a0e1632b79
Do not use compression with DTLS
2014-10-21 16:30:13 +02:00
Manuel Pégourié-Gonnard
67427c07b2
Fix checksum computation with HelloVerifyRequest
2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard
74848811b4
Implement HelloVerifyRequest on client
2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard
4128aa71ee
Add the 'cookie' field of DTLS ClientHello
2014-10-21 16:30:08 +02:00
Manuel Pégourié-Gonnard
abc7e3b4ba
Handle DTLS version encoding and fix some checks
2014-10-21 16:30:05 +02:00
Manuel Pégourié-Gonnard
d66645130c
Add a ciphersuite NODTLS flag
2014-10-21 16:30:03 +02:00
Manuel Pégourié-Gonnard
f7cdbc0e87
Fix potential bad read of length
2014-10-17 17:02:10 +02:00
Manuel Pégourié-Gonnard
44ade654c5
Implement (partial) renego delay on client
2014-08-19 13:58:40 +02:00
Manuel Pégourié-Gonnard
6591962f06
Allow delay on renego on client
...
Currently unbounded: will be fixed later
2014-08-19 12:50:30 +02:00
Paul Bakker
84bbeb58df
Adapt cipher and MD layer with _init() and _free()
2014-07-09 10:19:24 +02:00
Paul Bakker
5b4af39a36
Add _init() and _free() for hash modules
2014-07-09 10:19:23 +02:00
Paul Bakker
2a45d1c8bb
Merge changes to config examples and configuration issues
2014-06-25 11:27:00 +02:00
Manuel Pégourié-Gonnard
dd0c0f33c0
Better usage of dhm_calc_secret in SSL
2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard
5c1f032653
Abort handshake if no point format in common
2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard
fd35af1579
Fix off-by-one error in point format parsing
2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard
5bfd968e01
Fix warning with TLS 1.2 without RSA or ECDSA
2014-06-24 15:18:11 +02:00
Paul Bakker
66d5d076f7
Fix formatting in various code to match spacing from coding style
2014-06-17 17:06:47 +02:00
Paul Bakker
3461772559
Introduce polarssl_zeroize() instead of memset() for zeroization
2014-06-14 16:46:03 +02:00
Manuel Pégourié-Gonnard
61edffef28
Normalize "should never happen" messages/errors
2014-05-22 13:52:47 +02:00
Paul Bakker
b9e4e2c97a
Fix formatting: fix some 'easy' > 80 length lines
2014-05-01 14:18:25 +02:00
Paul Bakker
9af723cee7
Fix formatting: remove trailing spaces, #endif with comments (> 10 lines)
2014-05-01 13:03:14 +02:00
Manuel Pégourié-Gonnard
cef4ad2509
Adapt sources to configurable config.h name
2014-04-30 16:40:20 +02:00
Paul Bakker
a70366317d
Improve interop by not writing ext_len in ClientHello / ServerHello when 0
...
The RFC also indicates that without any extensions, we should write a
struct {} (empty) not an array of length zero.
2014-04-30 10:16:16 +02:00
Manuel Pégourié-Gonnard
f6521de17b
Add ALPN tests to ssl-opt.sh
...
Only self-op for now, required peer versions are a bit high:
- OpenSSL 1.0.2-beta
- GnuTLS 3.2.0 (released 2013-05-10) (gnutls-cli only)
2014-04-07 12:42:04 +02:00
Manuel Pégourié-Gonnard
0b874dc580
Implement ALPN client-side
2014-04-07 10:57:45 +02:00
Manuel Pégourié-Gonnard
3c599f11b0
Avoid possible segfault on bad server ciphersuite
2014-03-13 19:25:06 +01:00
Paul Bakker
6a28e722c9
Merged platform compatibility layer
2014-02-06 13:44:19 +01:00
Paul Bakker
0910f32ee3
Fixed compile warning (in test-ref-configs)
2014-02-06 13:41:18 +01:00
Paul Bakker
7dc4c44267
Library files moved to use platform layer
2014-02-06 13:20:16 +01:00
Manuel Pégourié-Gonnard
c3f6b62ccc
Print curve name instead of size in debugging
...
Also refactor server-side curve selection
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
ab24010b54
Enforce our choice of allowed curves.
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
cd49f76898
Make ssl_set_curves() work client-side too.
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
8e205fc0bc
Fix potential buffer overflow in suported_curves_ext
2014-01-23 17:27:10 +01:00
Manuel Pégourié-Gonnard
d18cc57962
Add client-side support for ECDH key exchanges
2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard
da1ff38715
Don't accept CertificateRequest with PSK suites
2013-11-26 15:19:57 +01:00
Manuel Pégourié-Gonnard
dc953e8c41
Add missing defines/cases for RSA_PSK key exchange
2013-11-26 15:19:57 +01:00
Paul Bakker
a9a028ebd0
SSL now gracefully handles missing RNG
2013-11-21 17:31:06 +01:00
Manuel Pégourié-Gonnard
31ff1d2e4f
Safer buffer comparisons in the SSL modules
2013-10-31 14:23:12 +01:00
Paul Bakker
fa6a620b75
Defines for UEFI environment under MSVC added
2013-10-29 14:05:38 +01:00
Paul Bakker
6888167e73
Forced cast to prevent MSVC compiler warning
2013-10-15 13:24:01 +02:00
Paul Bakker
f34673e37b
Merged RSA-PSK key-exchange and ciphersuites
2013-10-15 12:46:41 +02:00
Paul Bakker
376e8153a0
Merged ECDHE-PSK ciphersuites
2013-10-15 12:45:36 +02:00
Manuel Pégourié-Gonnard
59b9fe28f0
Fix bug in psk_identity_hint parsing
2013-10-15 11:55:33 +02:00
Manuel Pégourié-Gonnard
bac0e3b7d2
Dependency fixes
2013-10-15 11:54:47 +02:00
Manuel Pégourié-Gonnard
09258b9537
Refactor parse_server_key_exchange a bit
2013-10-15 11:19:54 +02:00
Manuel Pégourié-Gonnard
8a3c64d73f
Fix and simplify *-PSK ifdef's
2013-10-14 19:54:10 +02:00
Manuel Pégourié-Gonnard
0fae60bb71
Implement RSA-PSK key exchange
2013-10-14 19:34:48 +02:00
Paul Bakker
b9cfaa0c7f
Explicit conversions and minor changes to prevent MSVC compiler warnings
2013-10-14 15:50:40 +02:00
Manuel Pégourié-Gonnard
1b62c7f93d
Fix dependencies and related issues
2013-10-14 14:02:19 +02:00
Manuel Pégourié-Gonnard
72fb62daa2
More *-PSK refactoring
2013-10-14 14:01:58 +02:00
Manuel Pégourié-Gonnard
bd1ae24449
Factor PSK pms computation to ssl_tls.c
2013-10-14 13:17:36 +02:00
Manuel Pégourié-Gonnard
b59d699a65
Fix bugs in ECDHE_PSK key exchange
2013-10-14 12:00:45 +02:00
Manuel Pégourié-Gonnard
3ce3bbdc00
Add support for ECDHE_PSK key exchange
2013-10-11 18:16:35 +02:00
Manuel Pégourié-Gonnard
cb99bdb27e
Client: if no cert, send empty cert list
2013-09-25 13:30:56 +02:00
Manuel Pégourié-Gonnard
834ea8587f
Change internal structs for multi-cert support
2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard
a7496f00ff
Fix a few more warnings in small configurations
2013-09-20 11:29:59 +02:00
Manuel Pégourié-Gonnard
1032c1d3ec
Fix some dependencies and warnings in small config
2013-09-19 10:49:00 +02:00
Manuel Pégourié-Gonnard
da179e4870
Add ecp_curve_list(), hide ecp_supported_curves
2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
a310459f5c
Fix a few things that broke with RSA compiled out
2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
56cd319f0e
Add human-friendly name in ecp_curve_info
2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
a79d123a55
Make ecp_supported_curves constant
2013-09-18 14:35:57 +02:00
Manuel Pégourié-Gonnard
15d5de1969
Simplify usage of DHM blinding
2013-09-18 14:35:55 +02:00
Manuel Pégourié-Gonnard
568c9cf878
Add ecp_supported_curves and simplify some code
2013-09-18 14:34:34 +02:00
Manuel Pégourié-Gonnard
7038039f2e
Dissociate TLS and internal EC curve identifiers
...
Allows to add new curves before they get a TLS number
2013-09-18 14:34:34 +02:00
Manuel Pégourié-Gonnard
a97c015f89
Rm useless/wrong DHM lenght test
2013-09-18 14:34:33 +02:00
Manuel Pégourié-Gonnard
032c34e206
Don't use DH blinding for ephemeral DH
2013-09-07 13:06:27 +02:00
Manuel Pégourié-Gonnard
2d627649bf
Change dhm_calc_secret() prototype
2013-09-04 14:22:07 +02:00
Manuel Pégourié-Gonnard
e09d2f8261
Change ecp_mul() prototype to allow randomization
...
(Also improve an error code while at it.)
2013-09-02 14:29:09 +02:00
Paul Bakker
9659dae046
Some extra code defined out
2013-08-28 16:21:34 +02:00
Paul Bakker
577e006c2f
Merged ECDSA-based key-exchange and ciphersuites into development
...
Conflicts:
include/polarssl/config.h
library/ssl_cli.c
library/ssl_srv.c
library/ssl_tls.c
2013-08-28 11:58:40 +02:00
Manuel Pégourié-Gonnard
9cc6f5c61b
Fix some hash debugging
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
4bd1284f59
Fix ECDSA hash selection bug with TLS 1.0 and 1.1
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
9c9812a299
Fix bug introduced in dbf69cf
...
(Was writing outside array bounds.)
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
e511ffca50
Allow compiling without RSA or DH
...
Only library and programs now, need to check test suites later.
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
f484282e96
Rm a few unneeded tests
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
d11eb7c789
Fix sig_alg extension on client.
...
Temporary solution on server.
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
bfe32efb9b
pk_{sign,verify}() now accept hash_len = 0
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
a20c58c6f1
Use convert functions for SSL_SIG_* and SSL_HASH_*
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
0d42049440
Merge code for RSA and ECDSA in SSL
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
070cc7fd21
Use the new PK RSA-alt interface
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
a2d3f22007
Add and use pk_encrypt(), pk_decrypt()
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
8df2769178
Introduce pk_sign() and use it in ssl
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
583b608401
Fix some return values
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
76c18a1a77
Add client support for ECDSA client auth
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
09edda888e
Check key type against selected key exchange
2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard
20846b1a50
Add client support for ECDHE_ECDSA key exchange
2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard
efebb0a394
Refactor ssl_parse_server_key_exchange() a bit
2013-08-27 22:21:19 +02:00
Paul Bakker
0be444a8b1
Ability to disable server_name extension (RFC 6066)
2013-08-27 21:55:01 +02:00
Paul Bakker
d2f068e071
Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2 individually
2013-08-27 21:19:20 +02:00
Manuel Pégourié-Gonnard
b3d9187cea
PK: add nice interface functions
...
Also fix a const-corectness issue.
2013-08-20 20:46:04 +02:00
Paul Bakker
04376b1419
Fixed memory leak in ssl_parse_server_key_exchange from missing
...
md_free_ctx()
2013-08-16 14:45:26 +02:00
Manuel Pégourié-Gonnard
0b2726732e
Fix ifdef conditions for EC-related extensions.
...
Was alternatively ECP_C and ECDH_C.
2013-08-16 13:56:17 +02:00
Manuel Pégourié-Gonnard
5734b2d358
Actually use the point format selected for ECDH
2013-08-16 13:56:16 +02:00
Manuel Pégourié-Gonnard
7b19c16b74
Handle suported_point_formats in ServerHello
2013-08-16 13:56:16 +02:00
Manuel Pégourié-Gonnard
6b8846d929
Stop advertising support for compressed points
...
(We can only write them, not read them.)
2013-08-16 13:56:16 +02:00
Paul Bakker
1f2bc6238b
Made support for the truncated_hmac extension configurable
2013-08-15 13:45:55 +02:00
Paul Bakker
05decb24c3
Made support for the max_fragment_length extension configurable
2013-08-15 13:33:48 +02:00
Paul Bakker
a503a63b85
Made session tickets support configurable from config.h
2013-08-14 14:26:03 +02:00
Manuel Pégourié-Gonnard
aa0d4d1aff
Add ssl_set_session_tickets()
2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
7cd5924cec
Rework NewSessionTicket handling in state machine
...
Fixes bug: NewSessionTicket was ommited in resumed sessions.
2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
6377e41ef5
Complete client support for session tickets
2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
a5cc6025e7
Parse NewSessionTicket message
2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
60182ef989
ssl_cli: write & parse session ticket extension
2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
57c2852807
Added truncated hmac negociation (without effect)
2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard
e048b67d0a
Misc minor fixes
...
- avoid "multi-line comment" warning in ssl_client2.c
- rm useless initialisation of mfl_code in ssl_init()
- const-correctness of ssl_parse_*_ext()
- a code formating issue
2013-07-19 12:56:08 +02:00
Manuel Pégourié-Gonnard
de600e571a
Read max_fragment_length extension (client)
2013-07-18 11:18:14 +02:00
Manuel Pégourié-Gonnard
a052849640
Send max_fragment_length extension (client)
2013-07-18 11:18:14 +02:00
Manuel Pégourié-Gonnard
ff56da3a26
Fix direct uses of x509_cert.rsa, now use pk_rsa()
2013-07-17 15:59:42 +02:00
Paul Bakker
61d113bb7b
Init and free new contexts in the right place for SSL to prevent
...
memory leaks
2013-07-16 17:48:58 +02:00
Paul Bakker
fa9b10050b
Also compiles / runs without time-based functions in OS
...
Can now run without need of time() / localtime() and gettimeofday()
2013-07-03 17:22:32 +02:00