Commit Graph

1616 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
e89163c0a8 Fix bug in ssl_get_verify_result() 2015-01-28 15:28:30 +01:00
Manuel Pégourié-Gonnard
e94e6e5b9c Fix stdio (non-)inclusion issues. 2015-01-28 15:28:28 +01:00
Manuel Pégourié-Gonnard
9014b6f227 Rename project in CMake
TODO: to create symlinks to the old names!
2015-01-27 15:44:46 +00:00
Manuel Pégourié-Gonnard
145422f74d Make now creates libmbedtls.so with polarssl link 2015-01-27 11:36:50 +01:00
Manuel Pégourié-Gonnard
04a81d5c65 Fix issue in previous commit
Even with shared we need to build the static library since programs are using
it.
2015-01-27 11:36:41 +01:00
Manuel Pégourié-Gonnard
acdb9b9525 Fix unchecked error code on Windows 2015-01-23 17:50:34 +00:00
Manuel Pégourié-Gonnard
cfa9a45dd6 Rename in cmake help strings 2015-01-23 13:33:31 +00:00
Manuel Pégourié-Gonnard
c26a092b50 Rename static lib name with make 2015-01-23 12:57:33 +00:00
Manuel Pégourié-Gonnard
c5d68e5b70 Fix dependency declaration 2015-01-23 12:37:21 +00:00
Manuel Pégourié-Gonnard
085ab040aa Fix website url to use https. 2015-01-23 11:06:27 +00:00
Manuel Pégourié-Gonnard
9698f5852c Remove maintainer line. 2015-01-23 10:59:00 +00:00
Manuel Pégourié-Gonnard
19f6b5dfaa Remove redundant "all rights reserved" 2015-01-23 10:54:00 +00:00
Manuel Pégourié-Gonnard
a34aa70b23 Update version_features 2015-01-23 10:27:36 +00:00
Manuel Pégourié-Gonnard
a658a4051b Update copyright 2015-01-23 09:55:24 +00:00
Manuel Pégourié-Gonnard
b4fe3cb1fa Rename to mbed TLS in the documentation/comments 2015-01-22 16:11:05 +00:00
Manuel Pégourié-Gonnard
967a2a5f8c Change name to mbed TLS in the copyright notice 2015-01-22 14:28:16 +00:00
Manuel Pégourié-Gonnard
11c919208d Fix error code description. 2015-01-22 13:22:12 +00:00
Manuel Pégourié-Gonnard
59c6f2ef21 Avoid nested if's without braces.
Creates a potential for confusing code if we later want to add an else clause.
2015-01-22 11:06:40 +00:00
Manuel Pégourié-Gonnard
5d9cde25da Move renego SCSV after actual ciphersuites 2015-01-22 10:49:41 +00:00
Paul Bakker
5b8f7eaa3e Merge new security defaults for programs (RC4 disabled, SSL3 disabled) 2015-01-14 16:26:54 +01:00
Paul Bakker
36adc3631c Merge support for getrandom() call 2015-01-14 16:19:59 +01:00
Paul Bakker
c82b7e2003 Merge option to disable truncated hmac on the server-side 2015-01-14 16:16:55 +01:00
Paul Bakker
e522d0fa57 Merge smarter certificate selection for pre-TLS-1.2 clients 2015-01-14 16:12:48 +01:00
Manuel Pégourié-Gonnard
a852cf4833 Fix issue with non-blocking I/O & record splitting 2015-01-13 20:56:15 +01:00
Manuel Pégourié-Gonnard
d5746b36f9 Fix warning 2015-01-13 20:33:24 +01:00
Paul Bakker
f3561154ff Merge support for 1/n-1 record splitting 2015-01-13 16:31:34 +01:00
Paul Bakker
f6080b8557 Merge support for enabling / disabling renegotiation support at compile-time 2015-01-13 16:18:23 +01:00
Paul Bakker
d7e2483bfc Merge miscellaneous fixes into development 2015-01-13 16:04:38 +01:00
Manuel Pégourié-Gonnard
5dd28ea432 Fix len miscalculation in buffer-based allocator 2015-01-13 14:58:01 +01:00
Manuel Pégourié-Gonnard
547ff6618f Fix NULL dereference in buffer-based allocator 2015-01-13 14:58:01 +01:00
Manuel Pégourié-Gonnard
5ba1d52f96 Add memory_buffer_alloc_self_test() 2015-01-13 14:58:00 +01:00
Manuel Pégourié-Gonnard
5cb4b31057 Fix missing bound check 2015-01-13 14:58:00 +01:00
Manuel Pégourié-Gonnard
bd47a58221 Add ssl_set_arc4_support()
Rationale: if people want to disable RC4 but otherwise keep the default suite
list, it was cumbersome. Also, since it uses a global array,
ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like
the best place, even if it means temporarily adding one SSL setting.
2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard
352143fa1e Refactor for clearer correctness/security 2015-01-13 12:02:55 +01:00
Manuel Pégourié-Gonnard
18292456c5 Add support for getrandom() 2015-01-09 14:34:13 +01:00
Manuel Pégourié-Gonnard
e117a8fc0d Make truncated hmac a runtime option server-side
Reading the documentation of ssl_set_truncated_hmac() may give the impression
I changed the default for clients but I didn't, the old documentation was
wrong.
2015-01-09 12:52:20 +01:00
Manuel Pégourié-Gonnard
f01768c55e Specific error for suites in common but none good 2015-01-08 17:06:16 +01:00
Manuel Pégourié-Gonnard
df331a55d2 Prefer SHA-1 certificates for pre-1.2 clients 2015-01-08 16:43:07 +01:00
Manuel Pégourié-Gonnard
6458e3b743 Some more refactoring/tuning. 2015-01-08 14:16:56 +01:00
Manuel Pégourié-Gonnard
846ba473af Minor refactoring 2015-01-08 13:54:38 +01:00
Manuel Pégourié-Gonnard
cfa477ef2f Allow disabling record splitting at runtime 2015-01-07 14:56:54 +01:00
Manuel Pégourié-Gonnard
d76314c44c Add 1/n-1 record splitting 2015-01-07 14:56:54 +01:00
Manuel Pégourié-Gonnard
d94232389e Skip signature_algorithms ext if PSK only 2014-12-02 11:57:29 +01:00
Manuel Pégourié-Gonnard
eaecbd3ba8 Fix warning in reduced configs 2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard
837f0fe831 Make renego period configurable 2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard
b445805283 Auto-renegotiate before sequence number wrapping 2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard
6186019d5d Save 48 bytes if SSLv3 is not defined 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard
615e677c0b Make renegotiation a compile-time option 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard
60346be2a3 Improve debugging message.
This actually prints only the payload, not the potential IV and/or MAC,
so (to me at least) it's much less confusing
2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard
e423246e7f Fix net_usleep for durations greater than 1 second 2014-11-27 17:44:46 +01:00