Manuel Pégourié-Gonnard
e117a8fc0d
Make truncated hmac a runtime option server-side
...
Reading the documentation of ssl_set_truncated_hmac() may give the impression
I changed the default for clients but I didn't, the old documentation was
wrong.
2015-01-09 12:52:20 +01:00
Manuel Pégourié-Gonnard
c82ee3555f
Fix tests that were failing with record splitting
2015-01-07 16:39:10 +01:00
Manuel Pégourié-Gonnard
590f416142
Add tests for periodic renegotiation
2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard
615e677c0b
Make renegotiation a compile-time option
2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard
85d915b81d
Add tests for renego security enforcement
2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard
d3b90f797d
Fix bug in ssl_client2 reconnect option
2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard
f29e5de09d
Cosmetics in ssl_server2
2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard
be6ce835a2
Fix typo causing MSVC errors
2014-11-17 14:29:36 +01:00
Manuel Pégourié-Gonnard
3a3066c3ee
ssl_server2 now exits on signal during a read too
2014-11-17 12:50:34 +01:00
Manuel Pégourié-Gonnard
403a86f73d
ssl_server2: exit cleanly on SIGINT too
2014-11-17 12:46:49 +01:00
Manuel Pégourié-Gonnard
699cafaea2
Implement initial negotiation of EtM
...
Not implemented yet:
- actually using EtM
- conditions on renegotiation
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
367381fddd
Add negotiation of Extended Master Secret
...
(But not the actual thing yet.)
2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
1cbd39dbeb
Implement FALLBACK_SCSV client-side
2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
f138874811
Properly send close_notify in ssl_client2
2014-08-19 16:14:36 +02:00
Manuel Pégourié-Gonnard
a8c0a0dbd0
Add "exchanges" option to test server and client
...
Goal is to test renegotiation better: we need more than one exchange for
server-initiated renego to work reliably (the previous hack for this wouldn't
work with non-blocking I/O and probably not with DTLS either).
Also check message termination in a semi-realistic way.
2014-08-19 13:26:05 +02:00
Manuel Pégourié-Gonnard
296e3b1174
Request renego before write in ssl_server2
...
Will be useful for:
- detecting termination of messages by other means than connection close
- DTLS (can be seen as a special case of the above: datagram-oriented)
2014-08-19 12:59:03 +02:00
Manuel Pégourié-Gonnard
e08660e612
Fix ssl_read() and close_notify error handling in programs
2014-08-19 10:34:37 +02:00
Manuel Pégourié-Gonnard
67686c42e6
Fix undocumented option in ssl_server2
2014-08-19 10:34:37 +02:00
Manuel Pégourié-Gonnard
250b1ca6f3
Fix ssl_server2 exiting on recoverable errors
2014-08-19 10:34:37 +02:00
Paul Bakker
bc3e54c70d
Fix overly rigorous defines in ssl_server2.c
2014-08-18 14:36:17 +02:00
Paul Bakker
09c9dd80ef
Revert 42cc641
. Issue already fixed in 333fdec
.
2014-08-18 11:06:56 +02:00
Paul Bakker
c1283d3f4c
Only use signal() in ssl_server2 on non-Windows platforms
2014-08-18 11:05:51 +02:00
Manuel Pégourié-Gonnard
dcab293bd4
Get rid of SERVERQUIT code in ssl_{client,server}2
2014-08-14 18:33:00 +02:00
Manuel Pégourié-Gonnard
db49330e08
ssl_server2 aborts cleanly on SIGTERM
...
(while waiting for a new connection)
2014-08-14 18:33:00 +02:00
Alfred Klomp
7c03424d1c
ssl_mail_client.c: silence warning, check base64_encode() status
...
Found with Clang's `scan-build` tool.
ssl_mail_client.c does a dead store by assigning the return value of
base64_encode() to `len` and not using the value. This causes
scan-build to issue a warning.
Instead of storing the return value into `len`, store it to `ret`, since
base64_encode() returns a status code, not a length. Also check if the
return value is nonzero and print an error; this silences scan-build.
2014-08-14 11:34:35 +02:00
Manuel Pégourié-Gonnard
42cc641159
Don't print uninitialized buffer in ssl_mail_client
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
9dbe7c5f17
Remove unreachable code from ssl_pthread_server
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
955028f858
Fix compile error in ssl_pthread_server
2014-08-14 11:34:33 +02:00
Paul Bakker
333fdeca3a
Properly initialize buf
2014-08-04 12:12:09 +02:00
Paul Bakker
a317a98221
Adapt programs / test suites
2014-07-09 10:19:24 +02:00
Manuel Pégourié-Gonnard
c5fd391e04
Check return value of ssl_set_xxx() in programs
2014-07-08 14:20:26 +02:00
Paul Bakker
8fb99abaac
Merge changes for leaner memory footprint
2014-07-04 15:02:19 +02:00
Manuel Pégourié-Gonnard
481fcfde93
Make PSK_LEN configurable and adjust PMS size
2014-07-04 14:59:08 +02:00
Manuel Pégourié-Gonnard
fae355e8ee
Add tests for ssl_set_renegotiation_enforced()
2014-07-04 14:32:27 +02:00
Paul Bakker
2a45d1c8bb
Merge changes to config examples and configuration issues
2014-06-25 11:27:00 +02:00
Manuel Pégourié-Gonnard
dea29c51fd
Extend request_size to small sizes in ssl_client2
2014-06-25 11:26:11 +02:00
Manuel Pégourié-Gonnard
0669f272e9
Fix printing large packets in ssl_server2
2014-06-25 11:26:11 +02:00
Manuel Pégourié-Gonnard
8a4d571af8
Fix warnings in no-SSL configs
2014-06-24 14:19:59 +02:00
Manuel Pégourié-Gonnard
4505ed3c90
Fix missing free() with recent ssl_server2 options
2014-06-20 18:35:16 +02:00
Paul Bakker
9b7fb6f68e
Prevent warning for possibly uninitialized variable in ssl_server2
2014-06-12 23:01:43 +02:00
Manuel Pégourié-Gonnard
8de259b953
Minor code simplification in ssl programs
2014-06-11 18:35:33 +02:00
Manuel Pégourié-Gonnard
95c0a63023
Add tests for ssl_get_bytes_avail()
2014-06-11 18:34:47 +02:00
Manuel Pégourié-Gonnard
e7a3b10dcc
Use ssl_get_bytes_avail() in ssl_server2.
2014-06-11 18:34:47 +02:00
Manuel Pégourié-Gonnard
6dc0781aba
Add version_suites option to ssl_server2
2014-06-11 14:07:14 +02:00
Manuel Pégourié-Gonnard
dc019b9559
Use ssl_set_psk() only when a psk is given
2014-06-10 15:32:02 +02:00
Manuel Pégourié-Gonnard
fdee74b8d6
Simplify some option parsing code
2014-06-10 15:32:02 +02:00
Manuel Pégourié-Gonnard
80c8553a1a
Add psk_list option to ssl_server2: PSK callback
2014-06-10 15:32:02 +02:00
Manuel Pégourié-Gonnard
9e27163acd
Refactor PSK parsing in ssl_server2
2014-06-10 15:32:01 +02:00
Manuel Pégourié-Gonnard
736699c08c
Add a dhm_file option to ssl_server2
2014-06-10 15:32:01 +02:00
Paul Bakker
1ebc0c592c
Fix typos
2014-05-22 15:47:58 +02:00
Paul Bakker
525f87559f
Cast alpn_list to void * to prevent MSVC compiler warnings
2014-05-01 10:59:27 +02:00
Manuel Pégourié-Gonnard
cef4ad2509
Adapt sources to configurable config.h name
2014-04-30 16:40:20 +02:00
Paul Bakker
c73079a78c
Add debug_set_threshold() and thresholding of messages
2014-04-25 16:58:16 +02:00
Paul Bakker
93c32b21b3
Allow ssl_client to pad request to SSL_MAX_CONTENT_LEN
2014-04-25 16:58:12 +02:00
Paul Bakker
df71dd1618
Cleaner initialization (values did not matter, but were uninitialized)
2014-04-17 16:03:48 +02:00
Paul Bakker
030decdb4e
Actually increment the loop counter to quit in ssl_fork_server
2014-04-17 16:03:23 +02:00
Paul Bakker
0c22610693
Cleaned up location of init and free for some programs to prevent memory
...
leaks on incorrect arguments
2014-04-17 16:02:36 +02:00
Manuel Pégourié-Gonnard
1bd2281260
Add an alpn option to ssl_client2 and ssl_server2
2014-04-05 14:51:42 +02:00
Manuel Pégourié-Gonnard
6b0d268bc9
Add ssl_close_notify() to servers that missed it
2014-03-31 11:28:11 +02:00
Manuel Pégourié-Gonnard
00d538f8f9
Disable renegotiation by default in example cli/srv
2014-03-31 11:03:06 +02:00
Paul Bakker
a4b0343edf
Merged massive SSL Testing improvements
2014-03-14 16:30:36 +01:00
Manuel Pégourié-Gonnard
84fd6877c6
Use ssl_client2 to terminate ssl_server2
2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard
5b2d776d2a
GnuTLS in compat.sh: server-side
2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard
3e1b178ba2
Add options for no certificates in test srv/cli
2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard
5575316385
Add options for non-blocking I/O in test cli & srv
2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
0d8780b2cd
Add a server_adrr option to ssl_client2
2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
5d917ff6a8
Add a 'sni' option to ssl_server2
2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
dbe1ee1988
Add tests for session ticket lifetime
2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
c55a5b7d6f
Add tests for cache timeout
2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
4c88345f19
Add test for ssl_cache max_entries
2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
780d671f9d
Add tests for renegotiation
2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
2fc243d06a
Rearrange help messages of example cli/srv
2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
fcf2fc2960
Make auth_mode=required the default in ssl_client2
2014-03-13 19:25:07 +01:00
Manuel Pégourié-Gonnard
c580a00e3c
Print protocol version in example cli/srv
2014-02-12 10:15:30 +01:00
Paul Bakker
d75ba40cc3
SMTP lines are officially terminated with CRLF, ssl_mail_client fixed
2014-01-24 16:12:18 +01:00
Paul Bakker
f0fc2a27b0
Properly put the pragma comment for the MSVC linker in defines
2013-12-30 15:42:43 +01:00
Paul Bakker
3e72f6effd
Only search for Pthread on Windows platforms
2013-12-30 15:28:46 +01:00
Paul Bakker
f9c4953e39
Added version of the SSL pthread server example
2013-12-30 14:55:54 +01:00
Manuel Pégourié-Gonnard
18d31f8e59
Make listening address configurable in ssl_server2
2013-12-17 12:00:57 +01:00
Paul Bakker
fdda785248
Removed dependency on unistd.h for MSVC in apps
2013-11-30 15:15:31 +01:00
Paul Bakker
a8239a4490
Removed Windows auto-spawn client code
2013-11-29 11:16:37 +01:00
Manuel Pégourié-Gonnard
6d8404d6ba
Server: enforce renegotiation
2013-10-30 16:48:10 +01:00
Manuel Pégourié-Gonnard
9c1e1898b6
Move some code around, improve documentation
2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard
f3dc2f6a1d
Add code for testing server-initiated renegotiation
2013-10-30 16:46:46 +01:00
Manuel Pégourié-Gonnard
53b3e0603b
Add code for testing client-initiated renegotiation
2013-10-30 16:46:46 +01:00
Manuel Pégourié-Gonnard
8a3c64d73f
Fix and simplify *-PSK ifdef's
2013-10-14 19:54:10 +02:00
Manuel Pégourié-Gonnard
1b62c7f93d
Fix dependencies and related issues
2013-10-14 14:02:19 +02:00
Paul Bakker
1337affc91
Buffer allocator threading support
2013-09-29 15:02:11 +02:00
Paul Bakker
1ffefaca1e
Introduced entropy_free()
2013-09-29 15:01:42 +02:00
Manuel Pégourié-Gonnard
a0fdf8b0a0
Simplify the way default certs are used
2013-09-25 14:05:49 +02:00
Manuel Pégourié-Gonnard
641de714b6
Use both RSA and ECDSA CA if available
2013-09-25 13:23:33 +02:00
Manuel Pégourié-Gonnard
ac8474fb1c
Changed default cert loading in ssl_server2
2013-09-25 11:35:15 +02:00
Manuel Pégourié-Gonnard
b095a7bf29
Offer both RSA and ECDSA by default in ssl_server2
2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard
3ebb2cdb52
Add support for multiple server certificates
2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard
abd6e02b7b
Rm _CRT_SECURE_NO_DEPRECATE for programs
...
(Already in config.h.)
2013-09-20 16:51:13 +02:00
Manuel Pégourié-Gonnard
3bd2aae5a5
Add forgotten initializations
2013-09-20 16:51:13 +02:00
Manuel Pégourié-Gonnard
68821da01e
Fix clang warnings in applications
...
Some fd would be used uninitialized if we goto exit early.
2013-09-18 14:34:33 +02:00
Paul Bakker
c559c7a680
Renamed x509_cert structure to x509_crt for consistency
2013-09-18 14:32:52 +02:00
Paul Bakker
ddf26b4e38
Renamed x509parse_* functions to new form
...
e.g. x509parse_crtfile -> x509_crt_parse_file
2013-09-18 13:46:23 +02:00
Paul Bakker
369d2eb2a2
Introduced x509_crt_init(), x509_crl_init() and x509_csr_init()
2013-09-18 12:01:43 +02:00