summaryrefslogtreecommitdiffstats
path: root/ssl
AgeCommit message (Collapse)Author
2012-01-04Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen ↵Dr. Stephen Henson
<tuexen@fh-muenster.de> Reviewed by: steve Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and Kenny Paterson.
2012-01-04Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576)Dr. Stephen Henson
2012-01-04Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)Dr. Stephen Henson
2012-01-04Submitted by: Adam Langley <agl@chromium.org>Dr. Stephen Henson
Reviewed by: steve Fix memory leaks.
2011-12-26PR: 2326Dr. Stephen Henson
Submitted by: Tianjie Mao <tjmao@tjmao.net> Reviewed by: steve Fix incorrect comma expressions and goto f_err as alert has been set.
2011-12-02Resolve a stack set-up race condition (if the list of compressionBodo Möller
methods isn't presorted, it will be sorted on first read). Submitted by: Adam Langley
2011-10-27PR: 2628Dr. Stephen Henson
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Send alert instead of assertion failure for incorrectly formatted DTLS fragments.
2011-10-19Oops: this change (http://cvs.openssl.org/chngview?cn=21503)Bodo Möller
wasn't right for 0.9.8-stable (it's actually a fix for http://cvs.openssl.org/chngview?cn=14494, which introduced SSL_CTRL_SET_MAX_SEND_FRAGMENT).
2011-10-13In ssl3_clear, preserve s3->init_extra along with s3->rbuf.Bodo Möller
Submitted by: Bob Buckholz <bbuckholz@google.com>
2011-09-26fix signed/unsigned warningDr. Stephen Henson
2011-09-23PR: 2602Dr. Stephen Henson
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS bug which prevents manual MTU setting
2011-09-05(EC)DH memory handling fixes.Bodo Möller
Submitted by: Adam Langley
2011-09-01PR: 2573Dr. Stephen Henson
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS buffering and decryption bug.
2011-07-20PR: 2555Dr. Stephen Henson
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS sequence number bug
2011-07-20PR: 2550Dr. Stephen Henson
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS HelloVerifyRequest Timer bug
2011-06-22PR: 2543Dr. Stephen Henson
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Correctly handle errors in DTLSv1_handle_timeout()
2011-05-25PR: 2529Dr. Stephen Henson
Submitted by: Marcus Meissner <meissner@suse.de> Reviewed by: steve Call ssl_new() to reallocate SSL BIO internals if we want to replace the existing internal SSL structure.
2011-05-25Oops use up to date patch for PR#2506Dr. Stephen Henson
2011-05-25PR: 2506Dr. Stephen Henson
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fully implement SSL_clear for DTLS.
2011-05-25PR: 2505Dr. Stephen Henson
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS session resumption timer bug.
2011-05-19set encodedPoint to NULL after freeing itDr. Stephen Henson
2011-04-03PR: 2462Dr. Stephen Henson
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS Retransmission Buffer Bug
2011-04-03PR: 2458Dr. Stephen Henson
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Don't change state when answering DTLS ClientHello.
2011-04-03PR: 2457Dr. Stephen Henson
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS fragment reassembly bug.
2011-02-08OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d)OpenSSL_0_9_8rBodo Möller
Submitted by: Neel Mehta, Adam Langley, Bodo Moeller
2011-02-03Assorted bugfixes:Bodo Möller
- RLE decompression boundary case - SSL 2.0 key arg length check Submitted by: Google (Neel Mehta, Bodo Moeller)
2011-01-04Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failedDr. Stephen Henson
alert.
2010-12-02fix for CVE-2010-4180Dr. Stephen Henson
2010-11-16fix CVE-2010-3864Dr. Stephen Henson
2010-10-10PR: 2314Dr. Stephen Henson
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net> Reviewed by: steve Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
2010-06-12Fix gcc 4.6 warnings. Check TLS server hello extension length.Ben Laurie
2010-05-03PR: 2230Dr. Stephen Henson
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Fix bug in bitmask macros and stop warnings.
2010-04-14PR: 2230Dr. Stephen Henson
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Fixed various DTLS fragment reassembly bugs patch for 0.9.8.
2010-04-14fix signed/unsigned comparison warningsDr. Stephen Henson
2010-04-14PR: 2230Dr. Stephen Henson
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Fix various DTLS fragment reassembly bugs.
2010-04-14PR: 2229Dr. Stephen Henson
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Don't drop DTLS connection if mac or decryption failed.
2010-04-14PR: 2228Dr. Stephen Henson
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Fix DTLS buffer record MAC failure bug.
2010-04-13Third argument to dtls1_buffer_record is by referenceRichard Levitte
2010-04-07Add SHA2 algorithms to SSL_library_init(). Although these aren't usedDr. Stephen Henson
directly by SSL/TLS SHA2 certificates are becoming more common and applications that only call SSL_library_init() and not OpenSSL_add_all_alrgorithms() will fail when verifying certificates. Update docs.
2010-04-06PR: 2218Dr. Stephen Henson
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Fixes for DTLS replay bug.
2010-04-06PR: 2219Dr. Stephen Henson
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Fixes for DTLS buffering bug.
2010-04-06PR: 2223Dr. Stephen Henson
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Fixes for DTLS timeout bug
2010-03-30make no-comp compile againDr. Stephen Henson
2010-03-24PR: 1731 and maybe 2197Dr. Stephen Henson
Clear error queue in a few places in SSL code where errors are expected so they don't stay in the queue.
2010-03-24Submitted by: Bodo Moeller and Adam Langley (Google).Dr. Stephen Henson
Fix for "Record of death" vulnerability CVE-2010-0740.
2010-03-03Submitted by: Tomas Hoger <thoger@redhat.com>Dr. Stephen Henson
Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL could be crashed if the relevant tables were not present (e.g. chrooted).
2010-02-22Add t1_reneg to the VMS build.Richard Levitte
Hack the symbols with long names.
2010-02-17OR default SSL_OP_LEGACY_SERVER_CONNECT so existing options are preservedDr. Stephen Henson
2010-02-17Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well asDr. Stephen Henson
initial connection to unpatched servers. There are no additional security concerns in doing this as clients don't see renegotiation during an attack anyway.
2010-02-16PR: 2171Dr. Stephen Henson
Submitted by: Tomas Mraz <tmraz@redhat.com> Since SSLv2 doesn't support renegotiation at all don't reject it if legacy renegotiation isn't enabled. Also can now use SSL2 compatible client hello because RFC5746 supports it.
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-20 21:15:34 +0000