#
a5816a5a |
| 07-Nov-2017 |
Matt Caswell |
Implement session id TLSv1.3 middlebox compatibility mode Clients will send a "fake" session id and servers must echo it back. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged fro
Implement session id TLSv1.3 middlebox compatibility mode Clients will send a "fake" session id and servers must echo it back. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
show more ...
|
#
88050dd1 |
| 03-Nov-2017 |
Matt Caswell |
Update ServerHello to new draft-22 format The new ServerHello format is essentially now the same as the old TLSv1.2 one, but it must additionally include supported_versions. The version
Update ServerHello to new draft-22 format The new ServerHello format is essentially now the same as the old TLSv1.2 one, but it must additionally include supported_versions. The version field is fixed at TLSv1.2, and the version negotiation happens solely via supported_versions. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
show more ...
|
#
921d84a0 |
| 04-Dec-2017 |
Matt Caswell |
Convert the remaining functions in the record layer to use SSLfatal() Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4841)
|
#
29bfd5b7 |
| 23-Nov-2017 |
Matt Caswell |
Add some more cleanups Follow up from the conversion to use SSLfatal() in the state machine to clean things up a bit more. [extended tests] Reviewed-by: Richard Levitte
Add some more cleanups Follow up from the conversion to use SSLfatal() in the state machine to clean things up a bit more. [extended tests] Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4778)
show more ...
|
#
47e2ee07 |
| 23-Nov-2017 |
Matt Caswell |
Add some sanity checks for the fatal error condition Sometimes at the top level of the state machine code we know we are supposed to be in a fatal error condition. This commit adds some
Add some sanity checks for the fatal error condition Sometimes at the top level of the state machine code we know we are supposed to be in a fatal error condition. This commit adds some sanity checks to ensure that SSLfatal() has been called. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4778)
show more ...
|
#
635c8f77 |
| 23-Nov-2017 |
Matt Caswell |
Fix up a few places in the state machine that got missed with SSLfatal() Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4778)
|
#
d4d2f3a4 |
| 23-Nov-2017 |
Matt Caswell |
Convert more functions in ssl/statem/statem.c to use SSLfatal() Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4778)
|
#
3ec8d113 |
| 22-Nov-2017 |
Matt Caswell |
Convert remaining functions in statem_srvr.c to use SSLfatal() Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4778)
|
#
a2c2e000 |
| 22-Nov-2017 |
Matt Caswell |
Convert remaining functions in statem_clnt.c to use SSLfatal() Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4778)
|
#
f63a17d6 |
| 21-Nov-2017 |
Matt Caswell |
Convert the state machine code to use SSLfatal() Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4778)
|
#
cf72c757 |
| 05-Nov-2017 |
FdaSilvaYY |
Implement Maximum Fragment Length TLS extension. Based on patch from Tomasz Moń: https://groups.google.com/forum/#!topic/mailing.openssl.dev/fQxXvCg1uQY Reviewed-by: Matt Caswel
Implement Maximum Fragment Length TLS extension. Based on patch from Tomasz Moń: https://groups.google.com/forum/#!topic/mailing.openssl.dev/fQxXvCg1uQY Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/1008)
show more ...
|
#
a84e5c9a |
| 01-Sep-2016 |
Todd Short |
Session resume broken switching contexts When an SSL's context is swtiched from a ticket-enabled context to a ticket-disabled context in the servername callback, no session-id is gen
Session resume broken switching contexts When an SSL's context is swtiched from a ticket-enabled context to a ticket-disabled context in the servername callback, no session-id is generated, so the session can't be resumed. If a servername callback changes the SSL_OP_NO_TICKET option, check to see if it's changed to disable, and whether a session ticket is expected (i.e. the client indicated ticket support and the SSL had tickets enabled at the time), and whether we already have a previous session (i.e. s->hit is set). In this case, clear the ticket-expected flag, remove any ticket data and generate a session-id in the session. If the SSL hit (resumed) and switched to a ticket-disabled context, assume that the resumption was via session-id, and don't bother to update the session. Before this fix, the updated unit-tests in 06-sni-ticket.conf would fail test #4 (server1 = SNI, server2 = no SNI). Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/1529)
show more ...
|
#
ffc5bbaa |
| 21-Jul-2017 |
Matt Caswell |
Complain if we are writing early data but SNI or ALPN is incorrect SNI and ALPN must be set to be consistent with the PSK. Otherwise this is an error. Reviewed-by: Ben Kaduk <ka
Complain if we are writing early data but SNI or ALPN is incorrect SNI and ALPN must be set to be consistent with the PSK. Otherwise this is an error. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
show more ...
|
#
ebefced9 |
| 08-Jul-2017 |
Dr. Stephen Henson |
make errors Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3858)
|
#
9368f865 |
| 12-Jun-2017 |
Matt Caswell |
Add TLSv1.3 client side external PSK support Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)
|
#
a055a881 |
| 26-May-2017 |
Matt Caswell |
Allow the server to change the ciphersuite on resume Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3623)
|
#
52df25cf |
| 07-Jun-2017 |
Rich Salz |
make error tables const and separate header file Run perltidy on util/mkerr Change some mkerr flags, write some doc comments Make generated tables "const" when genearting lib-interna
make error tables const and separate header file Run perltidy on util/mkerr Change some mkerr flags, write some doc comments Make generated tables "const" when genearting lib-internal ones. Add "state" file for mkerr Renerate error tables and headers Rationalize declaration of ERR_load_XXX_strings Fix out-of-tree build Add -static; sort flags/vars for options. Also tweak code output Moved engines/afalg to engines (from master) Use -static flag Standard engine #include's of errors Don't linewrap err string tables unless necessary Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3392)
show more ...
|