summaryrefslogtreecommitdiffstats
path: root/ssl
AgeCommit message (Expand)Author
2016-11-07Partial revert of "Fix client verify mode to check SSL_VERIFY_PEER"Matt Caswell
2016-11-07Always ensure that init_msg is initialised for a CCSMatt Caswell
2016-11-02Fail if an unrecognised record type is receivedMatt Caswell
2016-11-02Fix read_aheadMatt Caswell
2016-10-28Implement length checks as a macroMatt Caswell
2016-10-28Ensure we have length checks for all extensionsMatt Caswell
2016-10-28Fix length check writing status request extensionMatt Caswell
2016-10-28A zero return from BIO_read()/BIO_write() could be retryableMatt Caswell
2016-10-20Disable encrypt_then_mac negotiation for DTLS.David Woodhouse
2016-09-29Fix missing NULL checks in NewSessionTicket constructionMatt Caswell
2016-09-29Fix an Uninit read in DTLSMatt Caswell
2016-09-26Fix Use After Free for large message sizesMatt Caswell
2016-09-22Avoid KCI attack for GOSTDmitry Belyavsky
2016-09-22Fix a hang with SSL_peek()Matt Caswell
2016-09-22Fix a mem leak in NPN handlingMatt Caswell
2016-09-22Fix OCSP Status Request extension unbounded memory growthMatt Caswell
2016-09-22Fix error message typo, wrong function codeRichard Levitte
2016-09-21Excessive allocation of memory in dtls1_preprocess_fragment()Matt Caswell
2016-09-21Excessive allocation of memory in tls_get_message_header()Matt Caswell
2016-09-21Don't allow too many consecutive warning alertsMatt Caswell
2016-09-21Use switch instead of multiple ifsAlessandro Ghedini
2016-09-15Revert "Abort on unrecognised warning alerts"Matt Caswell
2016-09-13Abort on unrecognised warning alertsMatt Caswell
2016-09-08Ensure trace recognises X25519Matt Caswell
2016-09-07Add missing debug strings.Rich Salz
2016-08-30Ensure the CertStatus message adds a DTLS message header where neededMatt Caswell
2016-08-26Remove trailing zerosRich Salz
2016-08-24Put DES into "not default" category.Rich Salz
2016-08-24To avoid SWEET32 attack, move 3DES to weakRich Salz
2016-08-24Fix comment about return value of ct_extract_tls_extension_sctsRob Percival
2016-08-24Remove some dead code from rec_layer_s3.cMatt Caswell
2016-08-23Sanity check ticket length.Dr. Stephen Henson
2016-08-23Fix leak on error in tls_construct_cke_gostMatt Caswell
2016-08-22Prevent DTLS Finished message injectionMatt Caswell
2016-08-22Fix DTLS buffered message DoS attackMatt Caswell
2016-08-19Fix DTLS replay protectionMatt Caswell
2016-08-19Fix DTLS unprocessed records bugMatt Caswell
2016-08-18Indent ssl/Emilia Kasper
2016-08-17Constify ssl_cert_type()Dr. Stephen Henson
2016-08-17Convert X509* functions to use const gettersDr. Stephen Henson
2016-08-17Add missing session id and tlsext_status accessorsRemi Gacogne
2016-08-16Convert SSL_SESSION* functions to use const gettersMatt Caswell
2016-08-16Ensure we unpad in constant time for read pipeliningMatt Caswell
2016-08-16Fix satsub64be() to unconditionally use 64-bit integersDavid Woodhouse
2016-08-15Address feedback on SSLv2 ClientHello processingMatt Caswell
2016-08-15Send an alert if we get a non-initial record with the wrong versionMatt Caswell
2016-08-15Address feedback on SSLv2 ClientHello processingMatt Caswell
2016-08-15Improves CTLOG_STORE settersRob Percival
2016-08-15Fix no-ecDr. Stephen Henson
2016-08-13Modify TLS support for new X25519 API.Dr. Stephen Henson