summaryrefslogtreecommitdiffstats
path: root/ssl/ssl_locl.h
AgeCommit message (Collapse)Author
2007-10-05Prohibit RC4 in DTLS.Andy Polyakov
2007-09-26Support for certificate status TLS extension.Dr. Stephen Henson
2007-09-21Implement the Opaque PRF Input TLS extensionBodo Möller
(draft-rescorla-tls-opaque-prf-input-00.txt), and do some cleanups and bugfixes on the way. In particular, this fixes the buffer bounds checks in ssl_add_clienthello_tlsext() and in ssl_add_serverhello_tlsext(). Note that the opaque PRF Input TLS extension is not compiled by default; see CHANGES.
2007-08-31Update ssl code to support digests other than MD5+SHA1 in handshake.Dr. Stephen Henson
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>
2007-08-20Use SHA256 for ticket HMAC if possible.Dr. Stephen Henson
2007-08-12Fix warning and make no-tlsext work.Dr. Stephen Henson
2007-08-11RFC4507 (including RFC4507bis) TLS stateless session resumption supportDr. Stephen Henson
for OpenSSL.
2007-06-04Update ssl library to support EVP_PKEY MAC API. Include generic MAC support.Dr. Stephen Henson
2007-04-23Add SEED encryption algorithm.Bodo Möller
PR: 1503 Submitted by: KISA Reviewed by: Bodo Moeller
2007-03-23Stage 1 GOST ciphersuite support.Dr. Stephen Henson
Submitted by: ran@cryptocom.ru Reviewed by: steve@openssl.org
2007-02-17Reorganize the data used for SSL ciphersuite pattern matching.Bodo Möller
This change resolves a number of problems and obviates multiple kludges. A new feature is that you can now say "AES256" or "AES128" (not just "AES", which enables both). In some cases the ciphersuite list generated from a given string is affected by this change. I hope this is just in those cases where the previous behaviour did not make sense.
2006-06-15Error messages for client ECC cert verification.Bodo Möller
Also, change the default ciphersuite to give some prefererence to ciphersuites with forwared secrecy (rather than using a random order).
2006-06-14Ciphersuite string bugfixes, and ECC-related (re-)definitions.Bodo Möller
2006-06-09Camellia cipher, contributed by NTTBodo Möller
Submitted by: Masashi Fujita Reviewed by: Bodo Moeller
2006-03-30Implement Supported Elliptic Curves Extension.Bodo Möller
Submitted by: Douglas Stebila
2006-03-11Implement the Supported Point Formats Extension for ECC ciphersuitesBodo Möller
Submitted by: Douglas Stebila
2006-03-10add initial support for RFC 4279 PSK SSL ciphersuitesNils Larsch
PR: 1191 Submitted by: Mika Kousa and Pasi Eronen of Nokia Corporation Reviewed by: Nils Larsch
2006-01-13Further TLS extension improvementsBodo Möller
Submitted by: Peter Sylvester
2006-01-03Various changes in the new TLS extension code, including the following:Bodo Möller
- fix indentation - rename some functions and macros - fix up confusion between SSL_ERROR_... and SSL_AD_... values
2006-01-02Support TLS extensions (specifically, HostName)Bodo Möller
Submitted by: Peter Sylvester
2005-08-21initialize cipher/digest methods table in SSL_library_init() and hence ↵Nils Larsch
remove the need for a lock
2005-08-14Let the TLSv1_method() etc. functions return a const SSL_METHODNils Larsch
pointer and make the SSL_METHOD parameter in SSL_CTX_new, SSL_CTX_set_ssl_version and SSL_set_ssl_method const.
2005-08-08remove unused internal foo_base_method functionsNils Larsch
2005-08-05Initialize SSL_METHOD structures at compile time. This removes the needDr. Stephen Henson
for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.
2005-07-16makeNils Larsch
./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa] make depend all test work again PR: 1159
2005-05-11Don't use the SSL 2.0 Client Hello format if SSL 2.0 is disabledBodo Möller
with the SSL_OP_NO_SSLv2 option.
2005-04-27Lots of Win32 fixes for DTLS.Dr. Stephen Henson
1. "unsigned long long" isn't portable changed: to BN_ULLONG. 2. The LL prefix isn't allowed in VC++ but it isn't needed where it is used. 2. Avoid lots of compiler warnings about signed/unsigned mismatches. 3. Include new library directory pqueue in mk1mf build system. 4. Update symbols.
2005-04-26remove some functions from exported headersBodo Möller
2005-04-26fix SSLerr stuff for DTLS1 code;Bodo Möller
move some functions from exported header <openssl/dtl1.h> into "ssl_locl.h"; fix silly indentation (a TAB is *not* always 4 spaces)
2005-04-26Add DTLS support.Ben Laurie
2005-04-13More cover-ups, removing OPENSSL_GLOBAL/EXTERNS. We can remove more...Andy Polyakov
2005-03-31Give everything prototypes (well, everything that's actually used).Ben Laurie
2005-03-30Constification.Ben Laurie
2004-05-17Deprecate quite a few recursive includes from the ssl.h API header andGeoff Thorpe
remove some unnecessary includes from the internal header ssl_locl.h. This then requires adding includes for bn.h in four C files.
2004-04-19(oops) Apologies all, that last header-cleanup commit was from the wrongGeoff Thorpe
tree. This further reduces header interdependencies, and makes some associated cleanups.
2004-03-25SSL_COMP_get_compression_method is a typo (a missing 's' at the end ofRichard Levitte
the symbol name).
2004-03-15Constify d2i, s2i, c2i and r2i functions and other associatedRichard Levitte
functions and macros. This change has associated tags: LEVITTE_before_const and LEVITTE_after_const. Those will be removed when this change has been properly reviewed.
2002-08-09fix warningsBodo Möller
2002-08-09ECC ciphersuite supportBodo Möller
Submitted by: Douglas Stebila <douglas.stebila@sun.com> (Authors: Vipul Gupta and Sumit Gupta, Sun Microsystems Laboratories)
2002-08-02get rid of OpenSSLDieBodo Möller
2002-07-10Ciphers with NULL encryption were not properly handled because they wereLutz Jänicke
not covered by the strength bit mask. Submitted by: Reviewed by: PR: 130
2001-10-20New functions SSL[_CTX]_set_msg_callback().Bodo Möller
New macros SSL[_CTX]_set_msg_callback_arg(). Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet). New '-msg' option for 'openssl s_client' and 'openssl s_server' that enable a message callback that displays all protocol messages. In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if client_version is smaller than the protocol version in use. Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the client will at least see that alert. Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic pointer). Add/update some OpenSSL copyright notices.
2001-03-09Consistently use 'void *' for SSL read, peek and write functions.Bodo Möller
2001-02-22e_os.h does not belong with the exported headers. Do not put it thereRichard Levitte
and make all files the depend on it include it without prefixing it with openssl/. This means that all Makefiles will have $(TOP) as one of the include directories.
2001-02-20Use new-style system-id macros everywhere possible. I hope I haven'tRichard Levitte
missed any. This compiles and runs on Linux, and external applications have no problems with it. The definite test will be to build this on VMS.
2001-02-09New Option SSL_OP_CIPHER_SERVER_PREFERENCE allows TLS/SSLv3 server to overrideLutz Jänicke
the clients choice; in SSLv2 the client uses the server's preferences.
2001-02-07Fix AES code.Dr. Stephen Henson
Update Rijndael source to v3.0 Add AES OIDs. Change most references of Rijndael to AES. Add new draft AES ciphersuites.
2001-02-06Rijdael CBC mode and partial undebugged SSL support.Ben Laurie
2000-12-31If OPENSSL_BUILD_SHLIBCRYPTO (for files that end up as libcryptoRichard Levitte
objects) or OPENSSL_BUILD_SHLIBSSL (for files that end up as libssl objects) is defined, redefine OPENSSL_EXTERN to be OPENSSL_EXPORT. This is actually only important on Win32, and can safely be ignored in all other cases, at least for now.
2000-12-14First step towards SSL_peek fix.Bodo Möller
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-15 22:00:06 +0000