aboutsummaryrefslogtreecommitdiffstats
path: root/demos
Commit message (Collapse)AuthorAgeFilesLines
* Fix buggy if-condition (thomas poindessous <poinde_t@epita.fr>).Lutz Jänicke2002-03-211-1/+1
|
* '#if OPENSSL_VERSION_NUMBER >= ...' to document the recent changeBodo Möller2002-03-051-2/+7
|
* Add 'void *' argument to app_verify_callback.Bodo Möller2002-02-281-3/+3
| | | | | Submitted by: D. K. Smetters <smetters@parc.xerox.com> Reviewed by: Bodo Moeller
* A rough little self-test for tunala. This runs through all cipher-suite /Geoff Thorpe2002-02-201-0/+107
| | | | SSL/TLS version combinations looking for mishaps.
* Make the "ungunk" logic a little more robust.Geoff Thorpe2002-02-201-5/+5
|
* - Add support for cipher suites that require a temporary RSA key forGeoff Thorpe2002-02-203-7/+32
| | | | | key-agreement. - Tolerate signal interruptions of select().
* Correct for the recent prototype changes.Geoff Thorpe2002-01-172-2/+2
|
* Produce less confusing statistics when "-out_totals" is used.Geoff Thorpe2002-01-161-12/+6
|
* The sample certs had expired, so these are newer ones that should lastGeoff Thorpe2002-01-163-123/+121
| | | | quite a bit longer.
* - Network errors could pollute the buffers because -1 isn't noticed in anGeoff Thorpe2002-01-103-11/+11
| | | | | | | "unsigned int". - Remove redundant processing with machine->ssl is NULL. - Remove compiler warnings about uninitialised 'ctx' (it's not used uninitialised, but gcc can't see that).
* - libtool finally annoyed me too much, so I'm nuking it,Geoff Thorpe2002-01-084-35/+28
| | | | | | - tidy up some output, - print a warning when running an SSL server with no cert, - only log each connect/disconnect if the new "-out_conns" switch is used.
* Constify.Geoff Thorpe2002-01-041-1/+1
|
* Build dynamic rsaref engine on VMS. Tested on VAX so far.Richard Levitte2001-11-161-0/+85
|
* make updateRichard Levitte2001-11-152-0/+6
|
* Add MD digests.Richard Levitte2001-11-151-7/+138
| | | | | And this finishes this engine, it now offers all ciphers and digests that RSAref 2.0 has.
* Add DES functions.Richard Levitte2001-11-151-6/+224
| | | | | Restructure the code and comment it a bit. Prepare for the presence of digests.
* Use the generated error code files.Richard Levitte2001-11-151-91/+5
|
* 'make update' + some touches.Richard Levitte2001-11-152-0/+264
|
* Add targets to update the error code files.Richard Levitte2001-11-151-1/+30
|
* Add a local error code configuration file for the rsaref dynamicRichard Levitte2001-11-151-0/+8
| | | | engine.
* Make use of RSAref's header files instead of EAY's crafted rsaref.h.Richard Levitte2001-11-142-206/+24
|
* In a Debian Linux environment, it's not a good idea, apparently, toRichard Levitte2001-11-141-1/+1
| | | | | | | manually declare the include directory /usr/include at the same time as the macro PROTOTYPES is defined with the value 1. Besides, /usr/include is the standard include directory anyway, so there's no need to specify it explicitely.
* Add a demo that reimplements the RSAref glue in form of a dynamicallyRichard Levitte2001-11-145-0/+725
| | | | loadable engine.
* Modify EVP cipher behaviour in a similar wayDr. Stephen Henson2001-10-172-5/+5
| | | | to digests to retain compatibility.
* Modernise and fix (ancient) "maurice" demos.Dr. Stephen Henson2001-09-282-8/+3
|
* Make (ancient) sign.c demo compile again.Dr. Stephen Henson2001-09-281-2/+2
|
* ignore binaryBodo Möller2001-09-241-0/+1
|
* avoid everything resembling a magic trigraphBodo Möller2001-09-242-4/+4
|
* Change Makefile so that it works without any additional changesBodo Möller2001-09-182-5/+6
| | | | at least on Solaris
* Another demo.Bodo Möller2001-09-178-0/+1783
|
* Add certificate and request demos.Dr. Stephen Henson2001-09-123-0/+328
| | | | Fix X509V3 macro so they compile.
* - New INSTALL document describing different ways to build "tunala" andGeoff Thorpe2001-07-2311-44/+354
| | | | | | | | | | | | | | | possible problems. - New file breakage.c handles (so far) missing functions. - Get rid of some signed/unsigned/const warnings thanks to solaris-cc - Add autoconf/automake input files, and helper scripts to populate missing (but auto-generated) files. This change adds a configure.in and Makefile.am to build everything using autoconf, automake, and libtool - and adds "gunk" scripts to generate the various files those things need (and clean then up again after). This means that "autogunk.sh" needs to be run first on a system with the autotools, but the resulting directory should be "configure"able and compilable on systems without those tools.
* Make all configuration macros available for application by makingRichard Levitte2001-02-191-3/+3
| | | | | | | | | | | | sure they are available in opensslconf.h, by giving them names starting with "OPENSSL_" to avoid conflicts with other packages and by making sure e_os2.h will cover all platform-specific cases together with opensslconf.h. I've checked fairly well that nothing breaks with this (apart from external software that will adapt if they have used something like NO_KRB5), but I can't guarantee it completely, so a review of this change would be a good thing.
* Re-order a couple of static functions and "#if 0" out unused ones - thisGeoff Thorpe2001-02-121-14/+16
| | | | gets rid of gcc warnings.
* This change was a quick experiment that I'd wanted to try that works quiteGeoff Thorpe2001-02-121-7/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | well (and is a good demonstration of how encapsulating the SSL in a memory-based state machine can make it easier to apply to different situations). The change implements a new command-line switch "-flipped <0|1>" which, if set to 1, reverses the usual interpretation of a client and server for SSL tunneling. Normally, an ssl client (ie. "-server 0") accepts "cleartext" connections and conducts SSL/TLS over a proxied connection acting as an SSL client. Likewise, an ssl server (ie. "-server 1") accepts connections and conducts SSL/TLS (as an SSL server) over them and passes "cleartext" over the proxied connection. With "-flipped 1", an SSL client (specified with "-server 0") in fact accepts SSL connections and proxies clear, whereas an SSL server ("-server 1") accepts clear and proxies SSL. NB: most of this diff is command-line handling, the actual meat of the change is simply the line or two that plugs "clean" and "dirty" file descriptors into the item that holds the state-machine - reverse them and you get the desired behaviour. This allows a network server to be an SSL client, and a network client to be an SSL server. Apart from curiosity value, there's a couple of possibly interesting applications - SSL/TLS is inherently vulnerable to trivial DoS attacks, because the SSL server usually has to perform a private key operation first, even if the client is authenticated. With this scenario, the network client is the SSL server and performs the first private key operation, whereas the network server serves as the SSL client. Another possible application is when client-only authentication is required (ie. the underlying protocol handles (or doesn't care about) authenticating the server). Eg. an SSL/TLS version of 'ssh' could be concocted where the client's signed certificate is used to validate login to a server system - whether or not the client needs to validate who the server is can be configured at the client end rather than at the server end (ie. a complete inversion of what happens in normal SSL/TLS). NB: This is just an experiment/play-thing, using "-flipped 1" probably creates something that is interoperable with exactly nothing. :-)
* Improve the state machine.Ben Laurie2001-02-061-13/+34
|
* format stringsUlf Möller2001-02-061-4/+3
|
* Re-order the options in tunala and add command switches like s_server forGeoff Thorpe2000-12-211-23/+42
| | | | disabling different SSL/TLS protocol versions.
* This adds support to 'tunala' for supplying DH parameters (without which itGeoff Thorpe2000-12-201-9/+136
| | | | | | | will not support EDH cipher suites). The parameters can either be loaded from a file (via "-dh_file"), generated by the application on start-up ("-dh_special generate"), or be standard DH parameters (as used in s_server, etc).
* Some minor changes to the "tunala" demo.Geoff Thorpe2000-12-204-19/+88
| | | | | | | | | | | | | | | | | | | | | | * Seal off some buffer functions so that only the higher-level IO functions are exposed. * Using the above change to buffer, add support to tunala for displaying traffic totals when a tunnel closes. Useful in debugging and analysis - you get to see the total encrypted traffic versus the total tunneled traffic. This shows not only how much expansion your data suffers from SSL (a lot if you send/receive a few bytes at a time), but also the overhead of SSL handshaking relative to the payload sent through the tunnel. This is controlled by the "-out_totals" switch to tunala. * Fix and tweak some bits in the README. Eg. sample output of "-out_totals" from a tunnel client when tunneling a brief "telnet" session. Tunnel closing, traffic stats follow SSL (network) traffic to/from server; 7305 bytes in, 3475 bytes out tunnelled data to/from server; 4295 bytes in, 186 bytes out
* Merge from the ASN1 branch of new ASN1 codeDr. Stephen Henson2000-12-082-0/+373
| | | | | | to main trunk. Lets see if the makes it to openssl-cvs :-)
* * Fix a slight bug in the state-machine. This caused the client end of aGeoff Thorpe2000-11-303-35/+86
| | | | | | | | | | | tunnel to not pro-actively close down when failing an SSL handshake. * Change the cert-chain callback - originally this was the same one used in s_client and s_server but the output's as ugly as sin, so I've prettied tunala's copy output up a bit (and made the output level configurable). * Remove the superfluous "errors" from the SSL state callback - these are just non-blocking side-effects.
* More little changes to the tunala demo;Geoff Thorpe2000-11-293-90/+166
| | | | | | | * A little bit of code-cleanup * Reformat the usage string (not so wide) * Allow adding an alternative (usually DSA) cert/key pair (a la s_server) * Allow control over cert-chain verify depth
* Make s_client/s_server-style cert verification output configurable byGeoff Thorpe2000-11-293-9/+100
| | | | command line, and make the peer-authentication similarly configurable.
* Minor tweaks and improvements to the tunala demo.Geoff Thorpe2000-11-286-23/+144
| | | | | | | | | - Add "-cipher" and "-out_state" command line arguments to control SSL cipher-suites and handshake debug output respectively. - Implemented error handling for SSL handshakes that break down. This uses a cheat - storing a non-NULL pointer as "app_data" in the SSL structure when the SSL should be killed.
* A typo and a couple of logic errors fixed. I think there may still be oneGeoff Thorpe2000-11-283-4/+7
| | | | | or two kinks lurking around, but it now appears to deal with the basic test cases ok.
* Oops! Read a full buffer instead of some spurious number from elswhere.Ben Laurie2000-11-211-1/+1
|
* oops, remove comments that are no longer true.Geoff Thorpe2000-11-011-9/+0
|
* Explanation, tips, etc.Geoff Thorpe2000-11-011-0/+233
|
* This is a demo that performs SSL tunneling (client and/or server) and isGeoff Thorpe2000-11-019-0/+1555
| | | | | built using an abstracted state machine with a non-blocking IP wrapper around it. README will follow in the next commit.
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-15 07:40:20 +0000