summaryrefslogtreecommitdiffstats
path: root/ssl/s2_srvr.c
AgeCommit message (Collapse)Author
2011-02-03Assorted bugfixes:Bodo Möller
- RLE decompression boundary case - SSL 2.0 key arg length check Submitted by: Google (Neel Mehta, Bodo Moeller)
2010-06-12Fix gcc 4.6 warnings. Check TLS server hello extension length.Ben Laurie
2009-10-01PR: 2055Dr. Stephen Henson
Submitted by: Julia Lawall <julia@diku.dk> Approved by: steve@openssl.org Correct BIO_ctrl error handling in s2_srvr.c
2009-01-07Properly check EVP_VerifyFinal() and similar return valuesDr. Stephen Henson
(CVE-2008-5077). Submitted by: Ben Laurie, Bodo Moeller, Google Security Team
2007-09-06gcc 4.2 fixes to avoid use or function pointer casts in OpenSSL.Dr. Stephen Henson
Fix various "computed value not used" warnings too.
2007-08-12Backport of TLS extension code to OpenSSL 0.9.8.Dr. Stephen Henson
Include server name and RFC4507bis support. This is not compiled in by default and must be explicitly enabled with the Configure option enable-tlsext
2005-12-05Fix from HEAD.Dr. Stephen Henson
2005-08-05Initialize SSL_METHOD structures at compile time. This removes the needDr. Stephen Henson
for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.
2005-05-11Don't use the SSL 2.0 Client Hello format if SSL 2.0 is disabledBodo Möller
with the SSL_OP_NO_SSLv2 option.
2005-04-29check return value of RAND_pseudo_bytes; backport from the stable branchNils Larsch
2004-03-15Constify d2i, s2i, c2i and r2i functions and other associatedRichard Levitte
functions and macros. This change has associated tags: LEVITTE_before_const and LEVITTE_after_const. Those will be removed when this change has been properly reviewed.
2003-12-27Avoid including cryptlib.h, it's not really needed.Richard Levitte
Check if IDEA is being built or not. This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2002-11-13Security fixes brought forward from 0.9.7.Ben Laurie
2002-09-25really fix race conditionsBodo Möller
Submitted by: "Patrick McCormick" <patrick@tellme.com> PR: 262 PR: 291
2002-09-23really fix race conditionBodo Möller
PR: 262
2002-08-15use correct function code in error messageBodo Möller
2002-08-02get rid of OpenSSLDieBodo Möller
2002-07-30OpenSSL Security Advisory [30 July 2002]Lutz Jänicke
Changes marked "(CHATS)" were sponsored by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F30602-01-2-0537.
2002-01-12Prototype info function.Ben Laurie
2001-11-14cast to unsigned int, not to int to avoid the warning -- all theseBodo Möller
values really are unsigned
2001-11-14unsigned int vs. int.Richard Levitte
2001-11-10make code a little more similar to what it looked like before the fixes,Bodo Möller
call ssl2_part_read again to parse error message
2001-11-10Implement msg_callback for SSL 2.0.Bodo Möller
Important SSL 2.0 bugfixes (bugs found while implementing msg_callback).
2001-10-24Fix SSL handshake functions and SSL_clear() such that SSL_clear()Bodo Möller
never resets s->method to s->ctx->method when called from within one of the SSL handshake functions.
2001-10-16Retain compatibility of EVP_DigestInit() and EVP_DigestFinal()Dr. Stephen Henson
with existing code. Modify library to use digest *_ex() functions.
2001-07-30Really add the EVP and all of the DES changes.Ben Laurie
2001-06-01Fix Bleichenbacher PKCS #1 1.5 countermeasure.Bodo Möller
(The attack against SSL 3.1 and TLS 1.0 is impractical anyway, otherwise this would be a security relevant patch.)
2001-02-20Use new-style system-id macros everywhere possible. I hope I haven'tRichard Levitte
missed any. This compiles and runs on Linux, and external applications have no problems with it. The definite test will be to build this on VMS.
2001-02-09New Option SSL_OP_CIPHER_SERVER_PREFERENCE allows TLS/SSLv3 server to overrideLutz Jänicke
the clients choice; in SSLv2 the client uses the server's preferences.
2000-06-01There have been a number of complaints from a number of sources that namesRichard Levitte
like Malloc, Realloc and especially Free conflict with already existing names on some operating systems or other packages. That is reason enough to change the names of the OpenSSL memory allocation macros to something that has a better chance of being unique, like prepending them with OPENSSL_. This change includes all the name changes needed throughout all C files.
2000-02-20Tolerate fragmentation and interleaving in the SSL 3/TLS record layer.Bodo Möller
2000-02-03ispell (and minor modifications)Ulf Möller
2000-01-21Check RAND_bytes() return value or use RAND_pseudo_bytes().Ulf Möller
2000-01-16Add missing #ifndefs that caused missing symbols when building libsslUlf Möller
as a shared library without RSA. Use #ifndef NO_SSL2 instead of NO_RSA in ssl/s2*.c. Submitted by: Kris Kennaway <kris@hub.freebsd.org> Modified by Ulf Möller
2000-01-13Precautions against using the PRNG uninitialized: RAND_bytes() nowUlf Möller
returns int (1 = ok, 0 = not seeded). New function RAND_add() is the same as RAND_seed() but takes an estimate of the entropy as an additional argument.
2000-01-08Make NO_RSA compile with pedantic.Ben Laurie
1999-11-16Store verify_result with sessions to avoid potential security hole.Bodo Möller
1999-06-09"extern" is a C++ reserved word.Ulf Möller
Pointed out by: Janez Jere <jj@void.si>
1999-05-13New structure type SESS_CERT used instead of CERT inside SSL_SESSION.Bodo Möller
While modifying the sources, I found some inconsistencies on the use of s->cert vs. s->session->sess_cert; I don't know if those could really have caused problems, but possibly this is a proper bug-fix and not just a clean-up.
1999-05-09No actual change, but the cert_st member of struct ssl_session_st is nowBodo Möller
called sess_cert instead of just cert. This is in preparation of further changes: Probably often when s->session->sess_cert is used, we should use s->cert instead; s->session->sess_cert should be a new structure containing only the stuff that is for just one connection (e.g. the peer's certificate, which the SSL client implementations currently store in s->session->[sess_]cert, which is a very confusing thing to do). Submitted by: Reviewed by: PR:
1999-04-27New Configure option no-<cipher> (rsa, idea, rc5, ...).Ulf Möller
1999-04-26Remove NOPROTO definitions and error code comments.Ulf Möller
1999-04-23Change #include filenames from <foo.h> to <openssl.h>.Bodo Möller
Submitted by: Reviewed by: PR:
1999-04-22Fixed some race conditions.Bodo Möller
Submitted by: Reviewed by: PR:
1999-04-19Change functions to ANSI C.Ulf Möller
1999-04-17Massive constification.Ben Laurie
1999-04-12Add type-safe STACKs and SETs.Ben Laurie
1999-02-21Add support for new TLS export ciphersuites.Ben Laurie
1999-02-16Updates to the new SSL compression codeMark J. Cox
[Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] Fix so that the version number in the master secret, when passed via RSA, checks that if TLS was proposed, but we roll back to SSLv3 (because the server will not accept higher), that the version number is 0x03,0x01, not 0x03,0x00 [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] Submitted by: Reviewed by: PR:
1999-02-15Fix various memory leaks in SSL, apps and DSADr. Stephen Henson