Commit Graph

281 Commits

Author SHA1 Message Date
Paul Bakker
677377f472 Server does not send out extensions not advertised by client 2013-10-28 12:54:26 +01:00
Paul Bakker
5c17ccdf2a Bumped version to 1.3.1 2013-10-15 13:12:41 +02:00
Paul Bakker
f34673e37b Merged RSA-PSK key-exchange and ciphersuites 2013-10-15 12:46:41 +02:00
Paul Bakker
376e8153a0 Merged ECDHE-PSK ciphersuites 2013-10-15 12:45:36 +02:00
Paul Bakker
a7ea6a5a18 config.h is more script-friendly 2013-10-15 11:55:10 +02:00
Paul Bakker
be089b0483 Introduced POLARSSL_HAVE_READDIR_R for systems without it 2013-10-14 15:51:50 +02:00
Paul Bakker
5191e92ecc Added missing x509write_crt_set_version() 2013-10-11 10:54:28 +02:00
Paul Bakker
b7c13123de threading_set_own() renamed to threading_set_alt() 2013-10-11 10:51:32 +02:00
Paul Bakker
4aa40d4f51 Better support for MSVC 2013-10-11 10:49:24 +02:00
Paul Bakker
b799dec4c0 Merged support for Brainpool curves and ciphersuites 2013-10-11 10:05:43 +02:00
Paul Bakker
1677033bc8 TLS compression only allocates working buffer once 2013-10-11 09:59:44 +02:00
Paul Bakker
d61cc3b246 Possible naming collision in dhm_context 2013-10-11 09:38:49 +02:00
Paul Bakker
fcc172138c Fixed const-correctness issues 2013-10-11 09:38:06 +02:00
Paul Bakker
ddba8822d0 Added bugfixes to ChangeLog 2013-10-11 09:22:12 +02:00
Paul Bakker
3a2c0563c9 Added 1.2.10 to ChangeLog 2013-10-07 16:22:05 +02:00
Paul Bakker
d93d28e370 Fixed release date for 1.3.0 2013-10-01 10:15:23 +02:00
Paul Bakker
2466d93546 Threading abstraction layer added 2013-09-28 15:00:02 +02:00
Paul Bakker
c13aab18dc Added 1.1.8 and 1.2.9 release 2013-09-26 10:12:19 +02:00
Paul Bakker
f18084a201 Ready for 1.3.0 release 2013-09-26 10:07:09 +02:00
Paul Bakker
8b817dc47e Merged support for multiple certificate/key pairs in SSL into
development
2013-09-25 18:05:16 +02:00
Paul Bakker
c27c4e2efb Support faulty X509 v1 certificates with extensions
(POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3)
2013-09-23 15:01:36 +02:00
Paul Bakker
5ad403f5b5 Prepared for 1.3.0 RC0 2013-09-18 21:21:30 +02:00
Paul Bakker
45f21c7ad1 PK layer and X509 core refactoring in ChangeLog 2013-09-18 15:34:45 +02:00
Paul Bakker
7fb4a79f50 Added merged functionality to ChangeLog 2013-09-14 08:15:55 +02:00
Paul Bakker
6ec34fb53d Added ChangeLog for blinding 2013-09-10 14:53:46 +02:00
Paul Bakker
003dbad250 Fixed file descriptor leak in x509parse_crtpath() 2013-09-09 17:26:14 +02:00
Paul Bakker
a5943858d8 x509_verify() now case insensitive for cn (RFC 6125 6.4) 2013-09-09 17:21:45 +02:00
Paul Bakker
aab30c130c RSA blinding added for CRT operations 2013-08-30 11:03:09 +02:00
Paul Bakker
548957dd49 Refactored RSA to have random generator in every RSA operation
Primarily so that rsa_private() receives an RNG for blinding purposes.
2013-08-30 10:30:02 +02:00
Paul Bakker
ca174fef80 Merged refactored x509write module into development 2013-08-28 16:32:51 +02:00
Paul Bakker
c8676784ff Amended ChangeLog for ECDSA-ciphersuites 2013-08-28 12:15:11 +02:00
Paul Bakker
0be444a8b1 Ability to disable server_name extension (RFC 6066) 2013-08-27 21:55:01 +02:00
Paul Bakker
d2f068e071 Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2 individually 2013-08-27 21:19:20 +02:00
Paul Bakker
936539ad4b Updated Changelog to reflect addition of session tickets 2013-08-14 14:26:03 +02:00
Paul Bakker
da4d1c35d1 Updated Changelog to reflect feature addition 2013-08-14 14:02:48 +02:00
Paul Bakker
1e6a175362 Support for AIX header locations in net.c module 2013-07-26 14:10:22 +02:00
Paul Bakker
f85778efb0 Updated Changelog for EC Key / Cert and RFC 6066 extensions 2013-07-19 14:55:25 +02:00
Paul Bakker
fa9b10050b Also compiles / runs without time-based functions in OS
Can now run without need of time() / localtime() and gettimeofday()
2013-07-03 17:22:32 +02:00
Paul Bakker
6e339b52e8 Memory-allocation abstraction layer and buffer-based allocator added 2013-07-03 17:22:31 +02:00
Paul Bakker
abf2f8fcf9 zlib compression/decompression skipped on empty blocks 2013-06-30 14:57:46 +02:00
Paul Bakker
9e36f0475f SHA2 renamed to SHA256, SHA4 renamed to SHA512 and functions accordingly
The SHA4 name was not clear with regards to the new SHA-3 standard. So
SHA2 and SHA4 have been renamed to better represent what they are:
SHA256 and SHA512 modules.
2013-06-30 14:34:05 +02:00
Paul Bakker
63899feca8 Removed redundant bugfix from ChangeLog (Already done in 1.2.8) 2013-06-30 12:20:03 +02:00
Paul Bakker
e2ab84f4a1 Renamed error_strerror() to the less conflicting polarssl_strerror()
Ability to keep old function error_strerror() as well with
POLARSSL_ERROR_STRERROR_BC. Also works with
POLARSSL_ERROR_STRERROR_DUMMY.
2013-06-29 18:35:41 +02:00
Paul Bakker
2fbefde1d8 Client and server now filter sent and accepted ciphersuites on minimum
and maximum protocol version
2013-06-29 18:35:40 +02:00
Paul Bakker
b9d3cfa114 Split up GCM into a start/update/finish cycle 2013-06-26 15:08:29 +02:00
Paul Bakker
de65623f3e PolarSSL 1.2.6 and PolarSSL 1.2.7 changes added to ChangeLog 2013-06-24 19:09:24 +02:00
Paul Bakker
248fff5369 PolarSSL 1.1.6 and PolarSSL 1.1.7 changed added to ChangeLog 2013-06-24 19:09:24 +02:00
Paul Bakker
73d4431ccd Fixed parse error in ssl_parse_certificate_request() 2013-05-22 13:56:26 +02:00
Paul Bakker
b91c2b5782 PSK and DHE-PSK addition to ChangeLog 2013-04-19 20:47:26 +02:00
Paul Bakker
8f4ddaeea9 Ability to specify allowed ciphersuites based on the protocol version.
The ciphersuites parameter in the ssl_session structure changed from
'int *' to 'int *[4]'.

The new function ssl_set_ciphersuite_for_version() sets specific entries
inside this array. ssl_set_ciphersuite() sets all entries to the same
value.
(cherry picked from commit a62729888b)

Conflicts:
	ChangeLog
	library/ssl_srv.c
	library/ssl_tls.c
2013-04-16 18:09:45 +02:00