summaryrefslogtreecommitdiffstats
path: root/ssl
AgeCommit message (Expand)Author
2017-01-26Better check of DH parameters in TLS dataRichard Levitte
2017-01-24Replace div-spoiler hack with simpler code, GH#1027,2253.Andy Polyakov
2017-01-24Cleanup EVP_CIPH/EP_CTRL duplicate definesTodd Short
2017-01-24Do not overallocate for tmp.ciphers_rawBenjamin Kaduk
2017-01-24Fix SSL_get0_raw_cipherlist()Matt Caswell
2017-01-24Fix a ssl session leak due to OOM in lh_SSL_SESSION_insertBernd Edlinger
2017-01-23Stop server from expecting Certificate message when not requestedMatt Caswell
2017-01-23Stop client from sending Certificate message when not requestedMatt Caswell
2017-01-23Fix SSL_VERIFY_CLIENT_ONCEMatt Caswell
2017-01-23fix a memory leak in ssl3_generate_key_block fix the error handling in ssl3_c...Bernd Edlinger
2017-01-18If client doesn't send curves list, don't assume all.Rich Salz
2017-01-10Mark a HelloRequest record as read if we ignore itMatt Caswell
2016-12-12Fix a leak in SSL_clear()Matt Caswell
2016-12-08Only call memcpy when the length is larger than 0.Kurt Roeckx
2016-11-29Ensure we are in accept state in DTLSv1_listenMatt Caswell
2016-11-23Fix missing NULL checks in CKE processingMatt Caswell
2016-11-21Make SSL_read and SSL_write return the old behaviour and document it.Kurt Roeckx
2016-11-16Remove a hack from ssl_test_oldMatt Caswell
2016-11-15Check that SCT timestamps are not in the futureRob Percival
2016-11-09When no SRP identity is found, no error was reported server sideEasySec
2016-11-07Partial revert of "Fix client verify mode to check SSL_VERIFY_PEER"Matt Caswell
2016-11-07Always ensure that init_msg is initialised for a CCSMatt Caswell
2016-11-02Fail if an unrecognised record type is receivedMatt Caswell
2016-11-02Fix read_aheadMatt Caswell
2016-10-28Implement length checks as a macroMatt Caswell
2016-10-28Ensure we have length checks for all extensionsMatt Caswell
2016-10-28Fix length check writing status request extensionMatt Caswell
2016-10-28A zero return from BIO_read()/BIO_write() could be retryableMatt Caswell
2016-10-20Disable encrypt_then_mac negotiation for DTLS.David Woodhouse
2016-09-29Fix missing NULL checks in NewSessionTicket constructionMatt Caswell
2016-09-29Fix an Uninit read in DTLSMatt Caswell
2016-09-26Fix Use After Free for large message sizesMatt Caswell
2016-09-22Avoid KCI attack for GOSTDmitry Belyavsky
2016-09-22Fix a hang with SSL_peek()Matt Caswell
2016-09-22Fix a mem leak in NPN handlingMatt Caswell
2016-09-22Fix OCSP Status Request extension unbounded memory growthMatt Caswell
2016-09-22Fix error message typo, wrong function codeRichard Levitte
2016-09-21Excessive allocation of memory in dtls1_preprocess_fragment()Matt Caswell
2016-09-21Excessive allocation of memory in tls_get_message_header()Matt Caswell
2016-09-21Don't allow too many consecutive warning alertsMatt Caswell
2016-09-21Use switch instead of multiple ifsAlessandro Ghedini
2016-09-15Revert "Abort on unrecognised warning alerts"Matt Caswell
2016-09-13Abort on unrecognised warning alertsMatt Caswell
2016-09-08Ensure trace recognises X25519Matt Caswell
2016-09-07Add missing debug strings.Rich Salz
2016-08-30Ensure the CertStatus message adds a DTLS message header where neededMatt Caswell
2016-08-26Remove trailing zerosRich Salz
2016-08-24Put DES into "not default" category.Rich Salz
2016-08-24To avoid SWEET32 attack, move 3DES to weakRich Salz
2016-08-24Fix comment about return value of ct_extract_tls_extension_sctsRob Percival
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-18 04:29:13 +0000