Paul Bakker
|
d893aef867
|
Force default value to curve parameter
|
2014-04-17 14:45:34 +02:00 |
|
Paul Bakker
|
93389cc620
|
Remove const indicator
|
2014-04-17 14:44:38 +02:00 |
|
Paul Bakker
|
874bd64b28
|
Check setsockopt() return value in net_bind()
|
2014-04-17 12:43:05 +02:00 |
|
Paul Bakker
|
3d8fb63e11
|
Added missing MPI_CHK around mpi functions
|
2014-04-17 12:42:41 +02:00 |
|
Paul Bakker
|
a9c16d2825
|
Removed unused cur variable in x509_string_to_names()
|
2014-04-17 12:42:18 +02:00 |
|
Paul Bakker
|
0e4f9115dc
|
Fix iteration counter
|
2014-04-17 12:39:05 +02:00 |
|
Paul Bakker
|
784b04ff9a
|
Prepared for version 1.3.6
|
2014-04-11 15:33:59 +02:00 |
|
Paul Bakker
|
d8b0c5ef01
|
Fixed typo
|
2014-04-11 15:31:33 +02:00 |
|
Paul Bakker
|
d2c2c1c46b
|
Doxygen typo in ripemd160.h
|
2014-04-11 15:28:52 +02:00 |
|
Manuel Pégourié-Gonnard
|
9655e4597a
|
Reject certificates with times not in UTC
|
2014-04-11 13:59:36 +02:00 |
|
Manuel Pégourié-Gonnard
|
0776a43788
|
Use UTC to heck certificate validity
|
2014-04-11 13:59:31 +02:00 |
|
Paul Bakker
|
52c5af7d2d
|
Merge support for verifying the extendedKeyUsage extension in X.509
|
2014-04-11 13:58:57 +02:00 |
|
Manuel Pégourié-Gonnard
|
78848375c0
|
Declare EC constants as 'const'
|
2014-04-11 13:58:41 +02:00 |
|
Paul Bakker
|
1630058dde
|
Potential buffer overwrite in pem_write_buffer() fixed
Length indication when given a too small buffer was off.
Added regression test in test_suite_pem to detect this.
|
2014-04-11 13:58:05 +02:00 |
|
Manuel Pégourié-Gonnard
|
b7fff0f9c6
|
Update Changelog for extendedKeyUsage
|
2014-04-11 11:32:39 +02:00 |
|
Manuel Pégourié-Gonnard
|
add05d7125
|
Fix some dependency declarations in X.509 tests
|
2014-04-11 11:12:40 +02:00 |
|
Manuel Pégourié-Gonnard
|
0408fd1fbb
|
Add extendedKeyUsage checking in SSL modules
|
2014-04-11 11:09:09 +02:00 |
|
Manuel Pégourié-Gonnard
|
7afb8a0dca
|
Add x509_crt_check_extended_key_usage()
|
2014-04-11 11:09:00 +02:00 |
|
Paul Bakker
|
d6ad8e949b
|
Make ssl_check_cert_usage() dependent on POLARSSL_X509_CRT_PARSE_C
|
2014-04-09 17:24:14 +02:00 |
|
Paul Bakker
|
5c986f5244
|
Make test suite checks dependent on POLARSSL_X509_CHECK_KEY_USAGE
|
2014-04-09 16:58:51 +02:00 |
|
Paul Bakker
|
a77de8c841
|
Prevent warnings in ssl_check_cert_usage() if keyUsage checks are off
|
2014-04-09 16:39:35 +02:00 |
|
Paul Bakker
|
59366213cb
|
Updated ChangeLog for keyUsage merge
|
2014-04-09 15:55:20 +02:00 |
|
Paul Bakker
|
043a2e26d0
|
Merge verification of the keyUsage extension in X.509 certificates
|
2014-04-09 15:55:08 +02:00 |
|
Paul Bakker
|
02ff5ce594
|
Fixed typo
|
2014-04-09 15:53:09 +02:00 |
|
Manuel Pégourié-Gonnard
|
a9db85df73
|
Add tests for keyUsage with client auth
|
2014-04-09 15:50:58 +02:00 |
|
Manuel Pégourié-Gonnard
|
490047cc44
|
Code cosmetics
|
2014-04-09 15:50:58 +02:00 |
|
Manuel Pégourié-Gonnard
|
312010e6e9
|
Factor common parent checking code
|
2014-04-09 15:50:58 +02:00 |
|
Manuel Pégourié-Gonnard
|
f93a3c4335
|
Check the CA bit on trusted CAs too
|
2014-04-09 15:50:58 +02:00 |
|
Manuel Pégourié-Gonnard
|
99d4f19111
|
Add keyUsage checking for CAs
|
2014-04-09 15:50:58 +02:00 |
|
Manuel Pégourié-Gonnard
|
3fed0b3264
|
Factor some common code in x509_verify{,_child}
|
2014-04-09 15:50:57 +02:00 |
|
Manuel Pégourié-Gonnard
|
7f2a07d7b2
|
Check keyUsage in SSL client and server
|
2014-04-09 15:50:57 +02:00 |
|
Manuel Pégourié-Gonnard
|
603116c570
|
Add x509_crt_check_key_usage()
|
2014-04-09 15:50:57 +02:00 |
|
Manuel Pégourié-Gonnard
|
2abed84225
|
Specific return code for PK sig length mismatch
|
2014-04-09 15:50:00 +02:00 |
|
Manuel Pégourié-Gonnard
|
35e95ddca4
|
Add special return code for ecdsa length mismatch
|
2014-04-09 15:49:59 +02:00 |
|
Paul Bakker
|
1cfc45835f
|
Add option 'use_dev_random' to gen_key application
|
2014-04-09 15:49:58 +02:00 |
|
Paul Bakker
|
ddd427a8fc
|
Fixed spacing in entropy_gather()
|
2014-04-09 15:49:57 +02:00 |
|
Paul Bakker
|
75342a65e4
|
Fixed typos in code
|
2014-04-09 15:49:57 +02:00 |
|
Manuel Pégourié-Gonnard
|
0f79babd4b
|
Disable timing_selftest() for now
|
2014-04-09 15:49:51 +02:00 |
|
Paul Bakker
|
17b85cbd69
|
Merged additional tests and improved code coverage
Conflicts:
ChangeLog
|
2014-04-08 14:38:48 +02:00 |
|
Paul Bakker
|
0763a401a7
|
Merged support for the ALPN extension
|
2014-04-08 14:37:12 +02:00 |
|
Paul Bakker
|
4224bc0a4f
|
Prevent potential NULL pointer dereference in ssl_read_record()
|
2014-04-08 14:36:50 +02:00 |
|
Paul Bakker
|
27e36d342c
|
Support for the ALPN SSL extension (re-enabled in config.h)
|
2014-04-08 12:33:37 +02:00 |
|
Manuel Pégourié-Gonnard
|
563ad02663
|
Fix final report in compat.sh
Only affect what's printed, the exit code was already correct.
|
2014-04-08 11:56:35 +02:00 |
|
Manuel Pégourié-Gonnard
|
8c045ef8e4
|
Fix embarrassing X.509 bug introduced in 9533765
|
2014-04-08 11:55:03 +02:00 |
|
Shuo Chen
|
95a0d118a9
|
Fix compile error when POLARSSL_ERROR_STRERROR_BC is undefined.
|
2014-04-08 10:53:51 +02:00 |
|
Manuel Pégourié-Gonnard
|
83d8c73c91
|
Disable ALPN by default
|
2014-04-07 13:24:21 +02:00 |
|
Manuel Pégourié-Gonnard
|
f6521de17b
|
Add ALPN tests to ssl-opt.sh
Only self-op for now, required peer versions are a bit high:
- OpenSSL 1.0.2-beta
- GnuTLS 3.2.0 (released 2013-05-10) (gnutls-cli only)
|
2014-04-07 12:42:04 +02:00 |
|
Manuel Pégourié-Gonnard
|
89e35798ae
|
Implement ALPN server-side
|
2014-04-07 12:26:35 +02:00 |
|
Manuel Pégourié-Gonnard
|
0b874dc580
|
Implement ALPN client-side
|
2014-04-07 10:57:45 +02:00 |
|
Manuel Pégourié-Gonnard
|
1bd2281260
|
Add an alpn option to ssl_client2 and ssl_server2
|
2014-04-05 14:51:42 +02:00 |
|