Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | New cipher selection options COMPLEMENTOFALL and COMPLEMENTOFDEFAULT. | Lutz Jänicke | 2002-07-19 | 2 | -0/+19 |
| | | | | | | Submitted by: Reviewed by: PR: 127 | ||||
* | Replace 'ecdsaparam' commandline utility by 'ecparam' | Bodo Möller | 2002-07-14 | 1 | -349/+635 |
| | | | | | | | | | | | | | | (the same keys can be used for ECC schemes other than ECDSA) and add some new options. Similarly, use string "EC PARAMETERS" instead of "ECDSA PARAMETERS" in 'PEM' format. Fix ec_asn1.c (take into account the desired conversion form). 'make update'. Submitted by: Nils Larsch | ||||
* | Reorder inclusion of header files: | Lutz Jänicke | 2002-07-10 | 14 | -17/+17 |
| | | | | | | | | | | | | | | | | | des_old.h redefines crypt: #define crypt(b,s)\ DES_crypt((b),(s)) This scheme leads to failure, if header files with the OS's true definition of crypt() are processed _after_ des_old.h was processed. This is e.g. the case on HP-UX with unistd.h. As evp.h now again includes des.h (which includes des_old.h), this problem only came up after this modification. Solution: move header files (indirectly) including e_os.h before the header files (indirectly) including evp.h. Submitted by: Reviewed by: PR: | ||||
* | Ciphers with NULL encryption were not properly handled because they were | Lutz Jänicke | 2002-07-10 | 3 | -12/+15 |
| | | | | | | | not covered by the strength bit mask. Submitted by: Reviewed by: PR: 130 | ||||
* | emtpy fragments are not necessary for SSL_eNULL | Bodo Möller | 2002-07-09 | 2 | -5/+17 |
| | | | | | | (but noone uses it anyway) fix t1_enc.c: use OPENSSL_NO_RC4, not NO_RC4 | ||||
* | AES cipher suites are now official (RFC3268) | Bodo Möller | 2002-07-04 | 3 | -23/+23 |
| | |||||
* | Pass CFLAG to dependency makers, so non-standard system include paths are | Richard Levitte | 2002-06-27 | 1 | -1/+1 |
| | | | | | handled properly. Part of PR 75 | ||||
* | New option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS for disabling CBC | Bodo Möller | 2002-06-14 | 3 | -16/+39 |
| | | | | | | vulnerability workaround (included in SSL_OP_ALL). PR: #90 | ||||
* | Merge from 0.9.7-stable. | Richard Levitte | 2002-06-06 | 1 | -1/+1 |
| | |||||
* | Recover from errors | Richard Levitte | 2002-05-23 | 1 | -0/+2 |
| | |||||
* | Allow the use of the TCP/IP stack keyword TCPIP and NONE | Richard Levitte | 2002-05-22 | 1 | -5/+34 |
| | |||||
* | Fix ciphersuite list to enforce low priority for RC4. | Bodo Möller | 2002-05-07 | 1 | -1/+1 |
| | |||||
* | ensure that, for each strength, RC4 ciphers have least preference | Bodo Möller | 2002-05-07 | 1 | -1/+1 |
| | | | | in the default ciphersuite list | ||||
* | refer to latest draft for AES ciphersuites | Bodo Möller | 2002-05-07 | 1 | -1/+1 |
| | |||||
* | fix warning | Bodo Möller | 2002-05-06 | 1 | -1/+1 |
| | |||||
* | disable AES ciphersuites unless explicitly requested | Bodo Möller | 2002-05-05 | 3 | -23/+25 |
| | |||||
* | fix casts | Bodo Möller | 2002-05-05 | 1 | -9/+8 |
| | |||||
* | undo nonsense patch (r *is* signed or we have signedness mismatches elsewhere) | Bodo Möller | 2002-04-29 | 1 | -1/+1 |
| | |||||
* | Fix unsigned vs. signed clash | Richard Levitte | 2002-04-29 | 1 | -1/+1 |
| | |||||
* | Synchronise with 0.9.7-stable. | Richard Levitte | 2002-04-29 | 1 | -2/+2 |
| | |||||
* | Synchronise with 0.9.7-stable. | Richard Levitte | 2002-04-29 | 1 | -1/+1 |
| | |||||
* | Signedness mismatch. | Richard Levitte | 2002-04-20 | 2 | -3/+3 |
| | | | | Notified by Bernd Matthes <bernd.matthes@gemplus.com> | ||||
* | Make sure the opened directory is closed on exit. | Richard Levitte | 2002-04-18 | 1 | -3/+5 |
| | | | | Notified by Lorinczy Zsigmond <lzsiga@mail.ahiv.hu> | ||||
* | fix length field we create when converting SSL 2.0 format into SSL 3.0/TLS ↵ | Bodo Möller | 2002-04-14 | 1 | -1/+1 |
| | | | | | | 1.0 format (the bug was introduced with message callback support) | ||||
* | Implement known-IV countermeasure. | Bodo Möller | 2002-04-13 | 7 | -44/+289 |
| | | | | | | Fix length checks in ssl3_get_client_hello(). Use s->s3->in_read_app_data differently to fix ssl3_read_internal(). | ||||
* | Map new X509 verification errors to alert codes (Tom Wu <tom@arcot.com>). | Lutz Jänicke | 2002-03-19 | 1 | -0/+7 |
| | |||||
* | Initialize ciph_ctx in kssl.c | Dr. Stephen Henson | 2002-03-19 | 1 | -0/+1 |
| | |||||
* | fix ssl3_pending | Bodo Möller | 2002-03-15 | 1 | -1/+4 |
| | |||||
* | Add missing strength entries. | Lutz Jänicke | 2002-03-14 | 1 | -5/+5 |
| | |||||
* | Initialize cipher context in KRB5 | Dr. Stephen Henson | 2002-03-14 | 3 | -5/+9 |
| | | | | | | ("D. Russell" <russelld@aol.net>) Allow HMAC functions to use an alternative ENGINE. | ||||
* | use BIO_nwrite() more properly to demonstrate the general idea of | Bodo Möller | 2002-03-14 | 1 | -3/+10 |
| | | | | | BIO_nwrite0/BIO_nwrite (the previous code was OK for BIO pairs but not in general) | ||||
* | Undo previous patch: avoid warnings by #undef'ing | Dr. Stephen Henson | 2002-03-13 | 1 | -6/+9 |
| | | | | | | duplicate definitions. Suggested by "Kenneth R. Robinette" <support@securenetterm.com> | ||||
* | Fix Kerberos warnings with VC++. | Dr. Stephen Henson | 2002-03-12 | 2 | -5/+14 |
| | |||||
* | Fix ASN1 additions for KRB5 | Dr. Stephen Henson | 2002-03-12 | 3 | -18/+32 |
| | |||||
* | Fix various warnings when compiling with KRB5 code. | Dr. Stephen Henson | 2002-03-12 | 2 | -16/+15 |
| | |||||
* | use ERR_peek_last_error() instead of ERR_peek_error() | Bodo Möller | 2002-02-28 | 1 | -2/+2 |
| | |||||
* | Increase internal security when using strncpy, by making sure the resulting ↵ | Richard Levitte | 2002-02-28 | 1 | -0/+2 |
| | | | | string is NUL-terminated | ||||
* | Add 'void *' argument to app_verify_callback. | Bodo Möller | 2002-02-28 | 4 | -10/+47 |
| | | | | | Submitted by: D. K. Smetters <smetters@parc.xerox.com> Reviewed by: Bodo Moeller | ||||
* | Fix the fix (Yoram Zahavi)... | Lutz Jänicke | 2002-02-27 | 1 | -6/+6 |
| | |||||
* | Make sure to remove bad sessions in SSL_clear() (found by Yoram Zahavi). | Lutz Jänicke | 2002-02-26 | 1 | -8/+6 |
| | |||||
* | Fix for AIX. | Dr. Stephen Henson | 2002-02-22 | 1 | -1/+1 |
| | | | | Submitted by Dawn Whiteside <dwhitesi@tiercel.uwaterloo.ca> | ||||
* | ECDSA support | Bodo Möller | 2002-02-13 | 1 | -629/+684 |
| | | | | Submitted by: Nils Larsch <nla@trustcenter.de> | ||||
* | Make removal from session cache more robust. | Lutz Jänicke | 2002-02-10 | 1 | -2/+2 |
| | |||||
* | Do not store unneeded data. | Lutz Jänicke | 2002-02-08 | 1 | -4/+4 |
| | |||||
* | Bugfix: In ssl3_accept, don't use a local variable 'got_new_session' | Bodo Möller | 2002-01-14 | 4 | -5/+115 |
| | | | | | to indicate that a real handshake is taking place (the value will be lost during multiple invocations). Set s->new_session to 2 instead. | ||||
* | Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c) if | Bodo Möller | 2002-01-14 | 1 | -0/+1 |
| | | | | the SSL_R_LENGTH_MISMATCH error is detected. | ||||
* | Prototype info function. | Ben Laurie | 2002-01-12 | 11 | -26/+30 |
| | |||||
* | Add client_cert_cb prototype. | Ben Laurie | 2002-01-12 | 1 | -1/+1 |
| | |||||
* | ssl3_read_bytes bug fix | Ulf Möller | 2001-12-28 | 1 | -0/+1 |
| | | | | | Submitted by: D P Chang <dpc@qualys.com> Reviewed by: Bodo | ||||
* | remove redundant ERR_load_... declarations | Bodo Möller | 2001-12-17 | 1 | -1/+0 |
| |