Paul Bakker
f2b4d86452
Fixed X.509 hostname comparison (with non-regular characters)
...
In situations with 'weird' certificate names or hostnames (containing
non-western allowed names) the check would falsely report a name or
wildcard match.
2013-11-21 17:30:23 +01:00
Paul Bakker
f4dc186818
Prep for PolarSSL 1.3.2
2013-11-04 17:29:42 +01:00
Paul Bakker
e1121b6217
Update ChangeLog for renegotiation changes
2013-10-31 15:57:22 +01:00
Paul Bakker
7b0be68977
Support for serialNumber, postalAddress and postalCode in X509 names
2013-10-29 14:24:37 +01:00
Paul Bakker
fa6a620b75
Defines for UEFI environment under MSVC added
2013-10-29 14:05:38 +01:00
Manuel Pégourié-Gonnard
178d9bac3c
Fix ECDSA corner case: missing reduction mod N
...
No security issue, can cause valid signatures to be rejected.
Reported by DualTachyon on github.
2013-10-29 13:40:17 +01:00
Paul Bakker
60b1d10131
Fixed spelling / typos (from PowerDNS:codespell)
2013-10-29 10:02:51 +01:00
Paul Bakker
93c6aa4014
Fixed that selfsign copies issuer_name to subject_name
2013-10-28 22:29:11 +01:00
Paul Bakker
50dc850c52
Const correctness
2013-10-28 21:19:10 +01:00
Paul Bakker
7bc745b6a1
Merged constant-time padding checks
2013-10-28 14:40:26 +01:00
Paul Bakker
1642122f8b
Merged support for Camellia-GCM + ciphersuite and fixes to cipher layer
2013-10-28 14:38:35 +01:00
Paul Bakker
3f917e230d
Merged optimizations for MODP NIST curves
2013-10-28 14:18:26 +01:00
Paul Bakker
08bb187bb6
Merged Public Key framwork tests
2013-10-28 14:11:09 +01:00
Paul Bakker
68037da3cd
Update Changelog for minor fixes
2013-10-28 14:02:40 +01:00
Paul Bakker
45a2c8d99a
Prevent possible alignment warnings on casting from char * to 'aligned *'
2013-10-28 12:57:08 +01:00
Paul Bakker
677377f472
Server does not send out extensions not advertised by client
2013-10-28 12:54:26 +01:00
Paul Bakker
5c17ccdf2a
Bumped version to 1.3.1
2013-10-15 13:12:41 +02:00
Paul Bakker
f34673e37b
Merged RSA-PSK key-exchange and ciphersuites
2013-10-15 12:46:41 +02:00
Paul Bakker
376e8153a0
Merged ECDHE-PSK ciphersuites
2013-10-15 12:45:36 +02:00
Paul Bakker
a7ea6a5a18
config.h is more script-friendly
2013-10-15 11:55:10 +02:00
Paul Bakker
be089b0483
Introduced POLARSSL_HAVE_READDIR_R for systems without it
2013-10-14 15:51:50 +02:00
Paul Bakker
5191e92ecc
Added missing x509write_crt_set_version()
2013-10-11 10:54:28 +02:00
Paul Bakker
b7c13123de
threading_set_own() renamed to threading_set_alt()
2013-10-11 10:51:32 +02:00
Paul Bakker
4aa40d4f51
Better support for MSVC
2013-10-11 10:49:24 +02:00
Paul Bakker
b799dec4c0
Merged support for Brainpool curves and ciphersuites
2013-10-11 10:05:43 +02:00
Paul Bakker
1677033bc8
TLS compression only allocates working buffer once
2013-10-11 09:59:44 +02:00
Paul Bakker
d61cc3b246
Possible naming collision in dhm_context
2013-10-11 09:38:49 +02:00
Paul Bakker
fcc172138c
Fixed const-correctness issues
2013-10-11 09:38:06 +02:00
Paul Bakker
ddba8822d0
Added bugfixes to ChangeLog
2013-10-11 09:22:12 +02:00
Paul Bakker
3a2c0563c9
Added 1.2.10 to ChangeLog
2013-10-07 16:22:05 +02:00
Paul Bakker
d93d28e370
Fixed release date for 1.3.0
2013-10-01 10:15:23 +02:00
Paul Bakker
2466d93546
Threading abstraction layer added
2013-09-28 15:00:02 +02:00
Paul Bakker
c13aab18dc
Added 1.1.8 and 1.2.9 release
2013-09-26 10:12:19 +02:00
Paul Bakker
f18084a201
Ready for 1.3.0 release
2013-09-26 10:07:09 +02:00
Paul Bakker
8b817dc47e
Merged support for multiple certificate/key pairs in SSL into
...
development
2013-09-25 18:05:16 +02:00
Paul Bakker
c27c4e2efb
Support faulty X509 v1 certificates with extensions
...
(POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3)
2013-09-23 15:01:36 +02:00
Paul Bakker
5ad403f5b5
Prepared for 1.3.0 RC0
2013-09-18 21:21:30 +02:00
Paul Bakker
45f21c7ad1
PK layer and X509 core refactoring in ChangeLog
2013-09-18 15:34:45 +02:00
Paul Bakker
7fb4a79f50
Added merged functionality to ChangeLog
2013-09-14 08:15:55 +02:00
Paul Bakker
6ec34fb53d
Added ChangeLog for blinding
2013-09-10 14:53:46 +02:00
Paul Bakker
003dbad250
Fixed file descriptor leak in x509parse_crtpath()
2013-09-09 17:26:14 +02:00
Paul Bakker
a5943858d8
x509_verify() now case insensitive for cn (RFC 6125 6.4)
2013-09-09 17:21:45 +02:00
Paul Bakker
aab30c130c
RSA blinding added for CRT operations
2013-08-30 11:03:09 +02:00
Paul Bakker
548957dd49
Refactored RSA to have random generator in every RSA operation
...
Primarily so that rsa_private() receives an RNG for blinding purposes.
2013-08-30 10:30:02 +02:00
Paul Bakker
ca174fef80
Merged refactored x509write module into development
2013-08-28 16:32:51 +02:00
Paul Bakker
c8676784ff
Amended ChangeLog for ECDSA-ciphersuites
2013-08-28 12:15:11 +02:00
Paul Bakker
0be444a8b1
Ability to disable server_name extension (RFC 6066)
2013-08-27 21:55:01 +02:00
Paul Bakker
d2f068e071
Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2 individually
2013-08-27 21:19:20 +02:00
Paul Bakker
936539ad4b
Updated Changelog to reflect addition of session tickets
2013-08-14 14:26:03 +02:00
Paul Bakker
da4d1c35d1
Updated Changelog to reflect feature addition
2013-08-14 14:02:48 +02:00