summaryrefslogtreecommitdiffstats
path: root/ssl
AgeCommit message (Collapse)Author
2008-11-02Fix warnings about mismatched prototypes, undefined size_t and value computedDr. Stephen Henson
not used.
2008-11-01More size_tification.Ben Laurie
2008-10-29Fix warning.Ben Laurie
2008-10-27Win32 fixes... add new directory to build system. Fix warnings.Dr. Stephen Henson
2008-10-22Create function of the form OBJ_bsearch_xxx() in bsearch typesafe macrosDr. Stephen Henson
with the appropriate parameters which calls OBJ_bsearch(). A compiler will typically inline this. This avoids the need for cmp_xxx variables and fixes unchecked const issues with CHECKED_PTR_OF()
2008-10-20Fix a shed load or warnings:Dr. Stephen Henson
Duplicate const. Use of ; outside function.
2008-10-13Remove the DTLS1_BAD_VER thing from 0.9.9-dev. It is present in 0.9.8Lutz Jänicke
but has been omitted from HEAD (0.9.9), see commit http://cvs.openssl.org/chngview?cn=16627 by appro.
2008-10-13Half of the commit for 0.9.8 as the bitmap handling has changed.Lutz Jänicke
(Firstly... ommitted) Secondly, it wasn't even _dropping_ the offending packets, in the non-blocking case. It was just returning garbage instead. PR: #1752 Submitted by: David Woodhouse <dwmw2@infradead.org>
2008-10-12Type-checked (and modern C compliant) OBJ_bsearch.Ben Laurie
2008-10-12Add missing DTLS1_BAD_VER (hope I got the value right).Ben Laurie
2008-10-10When the underlying BIO_write() fails to send a datagram, we leave theLutz Jänicke
offending record queued as 'pending'. The DTLS code doesn't expect this, and we end up hitting an OPENSSL_assert() in do_dtls1_write(). The simple fix is just _not_ to leave it queued. In DTLS, dropping packets is perfectly acceptable -- and even preferable. If we wanted a service with retries and guaranteed delivery, we'd be using TCP. PR: #1703 Submitted by: David Woodhouse <dwmw2@infradead.org>
2008-09-22Make sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can'tBodo Möller
enable disabled ciphersuites.
2008-09-14update commentBodo Möller
2008-09-14oopsBodo Möller
2008-09-14dtls1_write_bytes consumers expect amount of bytes written per call, notAndy Polyakov
overall. PR: 1604
2008-09-14Fix SSL state transitions.Bodo Möller
Submitted by: Nagendra Modadugu
2008-09-14Some precautions to avoid potential security-relevant problems.Bodo Möller
2008-09-13DTLS didn't handle alerts correctly.Andy Polyakov
PR: 1632
2008-09-10Add SSL_FIPS flag for FIPS 140-2 approved ciphersuites and add a newDr. Stephen Henson
strength "FIPS" to represent all FIPS approved ciphersuites without NULL encryption.
2008-09-03Fix from stable branch.Dr. Stephen Henson
2008-09-03Do not discard cached handshake records during resumed sessions:Dr. Stephen Henson
they are used for mac computation.
2008-09-03Make no-tlsext compile.Dr. Stephen Henson
2008-08-13sanity checkBodo Möller
PR: 1679
2008-08-06Remove the dual-callback scheme for numeric and pointer thread IDs,Geoff Thorpe
deprecate the original (numeric-only) scheme, and replace with the CRYPTO_THREADID object. This hides the platform-specifics and should reduce the possibility for programming errors (where failing to explicitly check both thread ID forms could create subtle, platform-specific bugs). Thanks to Bodo, for invaluable review and feedback.
2008-08-05Fix signed/unsigned warning.Geoff Thorpe
2008-08-04Fix error codes for memory-saving patch.Bodo Möller
Also, get rid of compile-time switch OPENSSL_NO_RELEASE_BUFFERS because it was rather pointless (the new behavior has to be explicitly requested by setting SSL_MODE_RELEASE_BUFFERS anyway).
2008-07-04Avoid warnings with -pedantic, specifically:Dr. Stephen Henson
Conversion between void * and function pointer. Value computed not used. Signed/unsigned argument.
2008-07-03Revert my earlier CRYPTO_THREADID commit, I will commit a reworkedGeoff Thorpe
version some time soon.
2008-06-05Update from stable branch.Dr. Stephen Henson
2008-06-04Remove test fprintf.Dr. Stephen Henson
2008-06-04Compilation option to use a specific ssl client auth engine automatically.Dr. Stephen Henson
2008-06-04More type-checking.Ben Laurie
2008-06-03Add support for client cert engine setting in s_client app.Dr. Stephen Henson
Add appropriate #ifdefs round client cert functions in headers.
2008-06-03Prevent signed/unsigned warning on VC++Dr. Stephen Henson
2008-06-03Memory saving patch.Ben Laurie
2008-06-01Release engine reference when calling SSL_CTX_free().Dr. Stephen Henson
2008-06-01Allow ENGINE client cert callback to specify a set of other certs, forDr. Stephen Henson
the rest of the certificate chain. Currently unused.
2008-06-01Update error codes.Dr. Stephen Henson
2008-06-01Add client cert engine to SSL routines.Dr. Stephen Henson
2008-06-01Update error codes, move typedef of SSL, SSL_CTX to ossl_typ.hDr. Stephen Henson
2008-05-28From HEAD:Bodo Möller
Fix flaw if 'Server Key exchange message' is omitted from a TLS handshake which could lead to a cilent crash as found using the Codenomicon TLS test suite (CVE-2008-1672) Reviewed by: openssl-security@openssl.org Obtained from: mark@awe.com
2008-05-28From HEAD:Bodo Möller
Fix double-free in TLS server name extensions which could lead to a remote crash found by Codenomicon TLS test suite (CVE-2008-0891) Reviewed by: openssl-security@openssl.org Obtained from: jorton@redhat.com
2008-05-26LHASH revamp. make depend.Ben Laurie
2008-05-26Reword comment to be much shorter to stop other people from complainingLutz Jänicke
about "overcommenting".
2008-05-23Clear error queue when starting SSL_CTX_use_certificate_chain_fileLutz Jänicke
PR: 1417, 1513 Submitted by: Erik de Castro Lopo <mle+openssl@mega-nerd.com>
2008-04-30Update from stable branch.Dr. Stephen Henson
2008-04-29Update from stable branch.Dr. Stephen Henson
2008-04-29Oops!Dr. Stephen Henson
2008-04-29Update from stable branch.Dr. Stephen Henson
2008-04-29Update from stable branch.Dr. Stephen Henson
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-13 02:19:45 +0000