| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2011-05-19 | add FIPS support to ssl: doesn't do anything on this branch yet as there is ↵ | Dr. Stephen Henson | |
| no FIPS compilation support | |||
| 2011-05-11 | Backport TLS v1.2 support from HEAD. | Dr. Stephen Henson | |
| This includes TLS v1.2 server and client support but at present client certificate support is not implemented. | |||
| 2011-03-12 | Remove redundant check to stop compiler warning. | Dr. Stephen Henson | |
| 2011-03-12 | Fix warning. | Ben Laurie | |
| 2010-06-27 | Backport TLS v1.1 support from HEAD, ssl/ changes | Dr. Stephen Henson | |
| 2010-02-16 | PR: 2171 | Dr. Stephen Henson | |
| Submitted by: Tomas Mraz <tmraz@redhat.com> Since SSLv2 doesn't support renegotiation at all don't reject it if legacy renegotiation isn't enabled. Also can now use SSL2 compatible client hello because RFC5746 supports it. | |||
| 2009-11-18 | Don't use SSLv2 compatible client hello if we don't tolerate legacy ↵ | Dr. Stephen Henson | |
| renegotiation | |||
| 2009-08-05 | PR: 2000 | Dr. Stephen Henson | |
| Submitted by: Vadim Zeitlin <vz-openssl@zeitlins.org> Approved by: steve@openssl.org Make no-comp compile without warnings. | |||
| 2009-04-07 | Disable SSLv2 cipher suites by default and avoid SSLv2 compatible client | Dr. Stephen Henson | |
| hello if no SSLv2 cipher suites are included. This effectively disables the broken SSLv2 use by default. | |||
| 2008-12-30 | Document dead code. | Ben Laurie | |
| 2008-09-03 | Make no-tlsext compile. | Dr. Stephen Henson | |
| 2008-06-03 | Memory saving patch. | Ben Laurie | |
| 2007-09-26 | Support for certificate status TLS extension. | Dr. Stephen Henson | |
| 2007-09-21 | Implement the Opaque PRF Input TLS extension | Bodo Möller | |
| (draft-rescorla-tls-opaque-prf-input-00.txt), and do some cleanups and bugfixes on the way. In particular, this fixes the buffer bounds checks in ssl_add_clienthello_tlsext() and in ssl_add_serverhello_tlsext(). Note that the opaque PRF Input TLS extension is not compiled by default; see CHANGES. | |||
| 2006-11-29 | fix support for receiving fragmented handshake messages | Bodo Möller | |
| 2006-01-11 | improvements for alert handling | Bodo Möller | |
| 2006-01-11 | More TLS extension related changes. | Bodo Möller | |
| Submitted by: Peter Sylvester | |||
| 2006-01-08 | Some error code cleanups (SSL lib. used SSL_R_... codes reserved for alerts) | Bodo Möller | |
| 2006-01-03 | Various changes in the new TLS extension code, including the following: | Bodo Möller | |
| - fix indentation - rename some functions and macros - fix up confusion between SSL_ERROR_... and SSL_AD_... values | |||
| 2006-01-02 | Support TLS extensions (specifically, HostName) | Bodo Möller | |
| Submitted by: Peter Sylvester | |||
| 2005-12-05 | Avoid warnings on VC++ 2005. | Dr. Stephen Henson | |
| 2005-10-08 | New option SSL_OP_NO_COMP to disable compression. New ctrls to set | Dr. Stephen Henson | |
| maximum send fragment size. Allocate I/O buffers accordingly. | |||
| 2005-08-14 | Let the TLSv1_method() etc. functions return a const SSL_METHOD | Nils Larsch | |
| pointer and make the SSL_METHOD parameter in SSL_CTX_new, SSL_CTX_set_ssl_version and SSL_set_ssl_method const. | |||
| 2005-08-05 | Initialize SSL_METHOD structures at compile time. This removes the need | Dr. Stephen Henson | |
| for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used. | |||
| 2005-05-12 | fix msg_callback() arguments for SSL 2.0 compatible client hello | Bodo Möller | |
| (previous revision got this wrong) | |||
| 2005-05-11 | Don't use the SSL 2.0 Client Hello format if SSL 2.0 is disabled | Bodo Möller | |
| with the SSL_OP_NO_SSLv2 option. | |||
| 2005-04-29 | check return value of RAND_pseudo_bytes; backport from the stable branch | Nils Larsch | |
| 2002-12-21 | Stop a possible memory leak. | Richard Levitte | |
| (I wonder why s2_connect() handles the initial buffer allocation slightly differently...) PR: 416 | |||
| 2002-11-13 | Security fixes brought forward from 0.9.7. | Ben Laurie | |
| 2002-09-25 | really fix race conditions | Bodo Möller | |
| Submitted by: "Patrick McCormick" <patrick@tellme.com> PR: 262 PR: 291 | |||
| 2002-09-23 | really fix race condition | Bodo Möller | |
| PR: 262 | |||
| 2002-07-10 | Reorder inclusion of header files: | Lutz Jänicke | |
| des_old.h redefines crypt: #define crypt(b,s)\ DES_crypt((b),(s)) This scheme leads to failure, if header files with the OS's true definition of crypt() are processed _after_ des_old.h was processed. This is e.g. the case on HP-UX with unistd.h. As evp.h now again includes des.h (which includes des_old.h), this problem only came up after this modification. Solution: move header files (indirectly) including e_os.h before the header files (indirectly) including evp.h. Submitted by: Reviewed by: PR: | |||
| 2002-01-12 | Prototype info function. | Ben Laurie | |
| 2001-11-10 | Implement msg_callback for SSL 2.0. | Bodo Möller | |
| Important SSL 2.0 bugfixes (bugs found while implementing msg_callback). | |||
| 2001-10-24 | Fix SSL handshake functions and SSL_clear() such that SSL_clear() | Bodo Möller | |
| never resets s->method to s->ctx->method when called from within one of the SSL handshake functions. | |||
| 2001-02-20 | Use new-style system-id macros everywhere possible. I hope I haven't | Richard Levitte | |
| missed any. This compiles and runs on Linux, and external applications have no problems with it. The definite test will be to build this on VMS. | |||
| 2000-07-29 | Document rollback issues. | Bodo Möller | |
| 2000-07-29 | Fix SSL 2.0 rollback checking: The previous implementation of the | Bodo Möller | |
| test was never triggered due to an off-by-one error. In s23_clnt.c, don't use special rollback-attack detection padding (RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the client; similarly, in s23_srvr.c, don't do the rollback check if SSL 2.0 is the only protocol enabled in the server. | |||
| 2000-01-21 | Check RAND_bytes() return value or use RAND_pseudo_bytes(). | Ulf Möller | |
| 2000-01-16 | Add missing #ifndefs that caused missing symbols when building libssl | Ulf Möller | |
| as a shared library without RSA. Use #ifndef NO_SSL2 instead of NO_RSA in ssl/s2*.c. Submitted by: Kris Kennaway <kris@hub.freebsd.org> Modified by Ulf Möller | |||
| 2000-01-13 | Precautions against using the PRNG uninitialized: RAND_bytes() now | Ulf Möller | |
| returns int (1 = ok, 0 = not seeded). New function RAND_add() is the same as RAND_seed() but takes an estimate of the entropy as an additional argument. | |||
| 1999-06-10 | Avoid warnings. | Bodo Möller | |
| 1999-04-27 | Undo. | Ulf Möller | |
| 1999-04-27 | New Configure option no-<cipher> (rsa, idea, rc5, ...). | Ulf Möller | |
| 1999-04-26 | Remove NOPROTO definitions and error code comments. | Ulf Möller | |
| 1999-04-23 | Change #include filenames from <foo.h> to <openssl.h>. | Bodo Möller | |
| Submitted by: Reviewed by: PR: | |||
| 1999-04-22 | Fixed some race conditions. | Bodo Möller | |
| Submitted by: Reviewed by: PR: | |||
| 1999-04-19 | Change functions to ANSI C. | Ulf Möller | |
| 1999-02-16 | Updates to the new SSL compression code | Mark J. Cox | |
| [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] Fix so that the version number in the master secret, when passed via RSA, checks that if TLS was proposed, but we roll back to SSLv3 (because the server will not accept higher), that the version number is 0x03,0x01, not 0x03,0x00 [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] Submitted by: Reviewed by: PR: | |||
| 1999-02-09 | More exactitude with function arguments. | Ben Laurie | |
 |
index : openssl | |
| Mirror of https://github.com/openssl/openssl | matthias |
| summaryrefslogtreecommitdiffstats |