| Age | Commit message (Collapse) | Author |
|---|
|
|
|
ok miod@ jsing@
|
|
ok miod@ jsing@
|
|
ok miod@ jsing@
|
|
If len == 0, it already set try_session_cache so there's no need to
check len again. Fixes Coverity issue 21687.
ok bcook@
|
|
OpenSSL stopped building it last year and removed it this year.
Based on OpenSSL commit c436e05bdc7f49985a750df64122c960240b3ae1.
Also cranked major version in libcrypto, libssl and libtls.
"fine with me" bcook@ miod@
|
|
This mimics free()'s behavior which makes error handling simpler.
ok bcook@ miod@
|
|
ok miod@
|
|
Pointed out by guenther.
ok guenther@
|
|
Use these instead of SSLv23_*method when you want to make sure TLS is
used.
By default, we disable SSLv3 but it's still possible for the user to
re-enable it. TLS_*method does not allow SSLv3.
Both BoringSSL and (next version of) OpenSSL have these methods.
However, they have changed the implementation significantly. We will
as well, but not right now.
Riding the libssl major bump.
ok miod@ bcook@
|
|
Libtls is riding this crank.
ok miod@ bcook@
|
|
The p initialization was hiding this bug but Coverity 126279 saw it.
ok miod@ bcook@ beck@
|
|
Changed return value from void to int. It should never return an error
given that the input length is not checked yet.
ok miod@
|
|
ok miod@, input + ok jsing@
|
|
The "if" is a bit ugly, but this does remove a lot of repetitive code.
This will be converted to CBS later as well.
ok miod@
jsing@ roughly ok with it after seeing the CBS version
|
|
This was a hack to work around problems on IE 6 with SSLv3.
ok miod@ bcook@
|
|
This is a 17 year old workaround from SSLeay 0.9.0b. It was for
clients that send RSA client key exchange in TLS using SSLv3 format
(no length prefix).
ok jsing@
|
|
ok miod@ jsing@
|
|
For a few old releases, ECDHE-ECDSA was broken on OS X. This option
cannot differentiate between working and broken OS X so it disabled
ECDHE-ECDSA support on all OS X >= 10.6. 10.8-10.8.3 were the faulty
releases but these are no longer relevant. Tested on OS X 10.10 by jsing.
ok jsing@
|
|
OpenSSL doesn't remember which clients were impacted and the
functionality has been broken in their stable releases for 2 years.
Based on OpenSSL commit a8e4ac6a2fe67c19672ecf0c6aeafa15801ce3a5.
ok jsing@
|
|
ok bcook@ miod@
|
|
reluctant ok miod@
|
|
coverity ID's 21691 21698
ok miod@, "Fry it" jsing@
|
|
Unlike the other conversions, this only partially converts the function
for now. This is the second to last function which still uses the n2l3
macro. That macro is deprecated since we're using CBS.
ok miod@ jsing@
|
|
ok miod@ jsing@
|
|
ok miod@ jsing@
|
|
ok miod@ jsing@
|
|
ok miod@ jsing@
|
|
ok miod@ jsing@
|
|
ok miod@ jsing@
|
|
ok miod@
|
|
Link in the new 'unit' regress and expand the invalid tests to include
some that would fail before the CBS conversion.
input + ok miod@ jsing@
|
|
spelt malloc+memcpy, which is what is used in all except two places.
ok deraadt@ doug@
|
|
Previously, CBS_dup() had its own offset. However, it is more consistent
to copy everything.
ok miod@ jsing@
|
|
From BoringSSL commit 3fa65f0f05f67615d9daf48940e07f84d094ac6e.
|
|
tweak + ok miod@ jsing@
|
|
tweak + ok miod@ jsing@
|
|
ok miod@ jsing@
|
|
ok deraadt@ doug@ millert@ miod@ sthen@
|
|
ok miod@, tweak + ok jsing@
|
|
Suggested by jsing@.
ok jsing@ miod@
|
|
ok miod@ jsing@
|
|
tweak + ok miod@ jsing@
|
|
This is useful for when you need to check the data ahead and then continue
on from the same spot.
input + ok jsing@ miod@
|
|
While the previous types were correct, they can silently accept bad data
via truncation or signed conversion. We now take size_t as input for
CBB_add_u*() and do a range check.
discussed with deraadt@
input + ok jsing@ miod@
|
|
Another relic due to the old US crypto policy.
From OpenSSL commit 63eab8a620944a990ab3985620966ccd9f48d681 and
95275599399e277e71d064790a1f828a99fc661a.
ok jsing@ miod@
|
|
DTLS currently doesn't check whether a client cert is expected. This
change makes the logic in dtls1_accept() match that from ssl3_accept().
From OpenSSL commit c8d710dc5f83d69d802f941a4cc5895eb5fe3d65
input + ok jsing@ miod@
|
|
|
|
|
|
|
