Alert to use is now defined in spec: update code

New option to enable/disable connection to unpatched servers

Allow initial connection (but no renegoriation) to servers which don't support
RI.

Reorganise RI checking code and handle some missing cases.

Add support for magic cipher suite value (MCSV). Make secure renegotiation
work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiat

Add support for magic cipher suite value (MCSV). Make secure renegotiation
work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.

NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.

Change mismatch alerts to handshake_failure as required by spec.

Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.

show more ...

PR: 2121
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Add extension support to DTLS code mainly using existing implementation for
TLS.

Initial experimental TLSv1.1 support

Include a more meaningful error message when rejecting legacy renegotiation

add missing parts of reneg port, fix apps patch

If it is a new session don't send the old TLS ticket: send a zero length
ticket to request a new session.

Fix statless session resumption so it can coexist with SNI

PR: 2028
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix DTLS cookie management bugs.

Update from 1.0.0-stable.

Apparently s->ctx could be NULL. (Coverity ID 147).

Apparently s->ctx could be NULL at this point (see earlier
test). (Coverity ID 148).

If we're going to return errors (no matter how stupid), then we should
test for them!

Back out pointless change.

*** empty log message ***

PR: 1574
Submitted by: Jouni Malinen <j@w1.fi>
Approved by: steve@openssl.org

Ticket override support for EAP-FAST.

Fix from stable branch.

From HEAD:

Fix double-free in TLS server name extensions which could lead to a remote
crash found by Codenomicon TLS test suite (CVE-2008-0891)

Reviewed by: openssl-security@ope

From HEAD:

Fix double-free in TLS server name extensions which could lead to a remote
crash found by Codenomicon TLS test suite (CVE-2008-0891)

Reviewed by: openssl-security@openssl.org

Obtained from: jorton@redhat.com

show more ...

Update from stable branch.

Oops!

Update from stable branch.

Disable debugging fprintf.

Fix a variety of warnings generated by some elevated compiler-fascism,
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...