Manuel Pégourié-Gonnard
|
699cafaea2
|
Implement initial negotiation of EtM
Not implemented yet:
- actually using EtM
- conditions on renegotiation
|
2014-11-05 16:00:50 +01:00 |
|
Manuel Pégourié-Gonnard
|
b575b54cb9
|
Forbid extended master secret with SSLv3
|
2014-11-05 16:00:50 +01:00 |
|
Manuel Pégourié-Gonnard
|
ada3030485
|
Implement extended master secret
|
2014-11-05 16:00:49 +01:00 |
|
Manuel Pégourié-Gonnard
|
367381fddd
|
Add negotiation of Extended Master Secret
(But not the actual thing yet.)
|
2014-11-05 16:00:49 +01:00 |
|
Manuel Pégourié-Gonnard
|
1cbd39dbeb
|
Implement FALLBACK_SCSV client-side
|
2014-11-05 16:00:49 +01:00 |
|
Manuel Pégourié-Gonnard
|
f7cdbc0e87
|
Fix potential bad read of length
|
2014-10-17 17:02:10 +02:00 |
|
Manuel Pégourié-Gonnard
|
44ade654c5
|
Implement (partial) renego delay on client
|
2014-08-19 13:58:40 +02:00 |
|
Manuel Pégourié-Gonnard
|
6591962f06
|
Allow delay on renego on client
Currently unbounded: will be fixed later
|
2014-08-19 12:50:30 +02:00 |
|
Paul Bakker
|
84bbeb58df
|
Adapt cipher and MD layer with _init() and _free()
|
2014-07-09 10:19:24 +02:00 |
|
Paul Bakker
|
5b4af39a36
|
Add _init() and _free() for hash modules
|
2014-07-09 10:19:23 +02:00 |
|
Paul Bakker
|
2a45d1c8bb
|
Merge changes to config examples and configuration issues
|
2014-06-25 11:27:00 +02:00 |
|
Manuel Pégourié-Gonnard
|
dd0c0f33c0
|
Better usage of dhm_calc_secret in SSL
|
2014-06-25 11:26:14 +02:00 |
|
Manuel Pégourié-Gonnard
|
5c1f032653
|
Abort handshake if no point format in common
|
2014-06-25 11:26:14 +02:00 |
|
Manuel Pégourié-Gonnard
|
fd35af1579
|
Fix off-by-one error in point format parsing
|
2014-06-25 11:26:14 +02:00 |
|
Manuel Pégourié-Gonnard
|
5bfd968e01
|
Fix warning with TLS 1.2 without RSA or ECDSA
|
2014-06-24 15:18:11 +02:00 |
|
Paul Bakker
|
66d5d076f7
|
Fix formatting in various code to match spacing from coding style
|
2014-06-17 17:06:47 +02:00 |
|
Paul Bakker
|
3461772559
|
Introduce polarssl_zeroize() instead of memset() for zeroization
|
2014-06-14 16:46:03 +02:00 |
|
Manuel Pégourié-Gonnard
|
61edffef28
|
Normalize "should never happen" messages/errors
|
2014-05-22 13:52:47 +02:00 |
|
Paul Bakker
|
b9e4e2c97a
|
Fix formatting: fix some 'easy' > 80 length lines
|
2014-05-01 14:18:25 +02:00 |
|
Paul Bakker
|
9af723cee7
|
Fix formatting: remove trailing spaces, #endif with comments (> 10 lines)
|
2014-05-01 13:03:14 +02:00 |
|
Manuel Pégourié-Gonnard
|
cef4ad2509
|
Adapt sources to configurable config.h name
|
2014-04-30 16:40:20 +02:00 |
|
Paul Bakker
|
a70366317d
|
Improve interop by not writing ext_len in ClientHello / ServerHello when 0
The RFC also indicates that without any extensions, we should write a
struct {} (empty) not an array of length zero.
|
2014-04-30 10:16:16 +02:00 |
|
Manuel Pégourié-Gonnard
|
f6521de17b
|
Add ALPN tests to ssl-opt.sh
Only self-op for now, required peer versions are a bit high:
- OpenSSL 1.0.2-beta
- GnuTLS 3.2.0 (released 2013-05-10) (gnutls-cli only)
|
2014-04-07 12:42:04 +02:00 |
|
Manuel Pégourié-Gonnard
|
0b874dc580
|
Implement ALPN client-side
|
2014-04-07 10:57:45 +02:00 |
|
Manuel Pégourié-Gonnard
|
3c599f11b0
|
Avoid possible segfault on bad server ciphersuite
|
2014-03-13 19:25:06 +01:00 |
|
Paul Bakker
|
6a28e722c9
|
Merged platform compatibility layer
|
2014-02-06 13:44:19 +01:00 |
|
Paul Bakker
|
0910f32ee3
|
Fixed compile warning (in test-ref-configs)
|
2014-02-06 13:41:18 +01:00 |
|
Paul Bakker
|
7dc4c44267
|
Library files moved to use platform layer
|
2014-02-06 13:20:16 +01:00 |
|
Manuel Pégourié-Gonnard
|
c3f6b62ccc
|
Print curve name instead of size in debugging
Also refactor server-side curve selection
|
2014-02-06 10:28:38 +01:00 |
|
Manuel Pégourié-Gonnard
|
ab24010b54
|
Enforce our choice of allowed curves.
|
2014-02-06 10:28:38 +01:00 |
|
Manuel Pégourié-Gonnard
|
cd49f76898
|
Make ssl_set_curves() work client-side too.
|
2014-02-06 10:28:38 +01:00 |
|
Manuel Pégourié-Gonnard
|
8e205fc0bc
|
Fix potential buffer overflow in suported_curves_ext
|
2014-01-23 17:27:10 +01:00 |
|
Manuel Pégourié-Gonnard
|
d18cc57962
|
Add client-side support for ECDH key exchanges
|
2013-12-17 11:32:31 +01:00 |
|
Manuel Pégourié-Gonnard
|
da1ff38715
|
Don't accept CertificateRequest with PSK suites
|
2013-11-26 15:19:57 +01:00 |
|
Manuel Pégourié-Gonnard
|
dc953e8c41
|
Add missing defines/cases for RSA_PSK key exchange
|
2013-11-26 15:19:57 +01:00 |
|
Paul Bakker
|
a9a028ebd0
|
SSL now gracefully handles missing RNG
|
2013-11-21 17:31:06 +01:00 |
|
Manuel Pégourié-Gonnard
|
31ff1d2e4f
|
Safer buffer comparisons in the SSL modules
|
2013-10-31 14:23:12 +01:00 |
|
Paul Bakker
|
fa6a620b75
|
Defines for UEFI environment under MSVC added
|
2013-10-29 14:05:38 +01:00 |
|
Paul Bakker
|
6888167e73
|
Forced cast to prevent MSVC compiler warning
|
2013-10-15 13:24:01 +02:00 |
|
Paul Bakker
|
f34673e37b
|
Merged RSA-PSK key-exchange and ciphersuites
|
2013-10-15 12:46:41 +02:00 |
|
Paul Bakker
|
376e8153a0
|
Merged ECDHE-PSK ciphersuites
|
2013-10-15 12:45:36 +02:00 |
|
Manuel Pégourié-Gonnard
|
59b9fe28f0
|
Fix bug in psk_identity_hint parsing
|
2013-10-15 11:55:33 +02:00 |
|
Manuel Pégourié-Gonnard
|
bac0e3b7d2
|
Dependency fixes
|
2013-10-15 11:54:47 +02:00 |
|
Manuel Pégourié-Gonnard
|
09258b9537
|
Refactor parse_server_key_exchange a bit
|
2013-10-15 11:19:54 +02:00 |
|
Manuel Pégourié-Gonnard
|
8a3c64d73f
|
Fix and simplify *-PSK ifdef's
|
2013-10-14 19:54:10 +02:00 |
|
Manuel Pégourié-Gonnard
|
0fae60bb71
|
Implement RSA-PSK key exchange
|
2013-10-14 19:34:48 +02:00 |
|
Paul Bakker
|
b9cfaa0c7f
|
Explicit conversions and minor changes to prevent MSVC compiler warnings
|
2013-10-14 15:50:40 +02:00 |
|
Manuel Pégourié-Gonnard
|
1b62c7f93d
|
Fix dependencies and related issues
|
2013-10-14 14:02:19 +02:00 |
|
Manuel Pégourié-Gonnard
|
72fb62daa2
|
More *-PSK refactoring
|
2013-10-14 14:01:58 +02:00 |
|
Manuel Pégourié-Gonnard
|
bd1ae24449
|
Factor PSK pms computation to ssl_tls.c
|
2013-10-14 13:17:36 +02:00 |
|