| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some time prior to SSLeay 0.8.1b, SSL_PKEY_RSA_SIGN got added with the
intention of handling RSA sign only certificates... this incomplete code
had the following comment:
/* check to see if this is a signing only certificate */
/* EAY EAY EAY EAY */
And while the comment was removed in 2005, the incomplete RSA sign-only
handling has remained ever since.
Remove SSL_PKEY_RSA_SIGN and rename SSL_PKEY_RSA_ENC to SSL_PKEY_RSA. While
here also remove the unused SSL_PKEY_DH_RSA.
ok tb@
|
| | |
|
| | |
|
| |
|
|
|
|
| |
noticed by dlg@ on www.openbsd.org with curl.
ok dlg@
|
| |
|
|
|
|
| |
messages with oscp staples.
ok jsing@ tb@
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
sending back illegal parameter if our phh key share request type
is not 0 or 1.
ok jsing@ tb@
|
| |
|
|
| |
ok tb@ jsing@
|
| |
|
|
| |
conflict against a potential define min() from some other scope.
|
| |
|
|
|
|
|
| |
According to RFC 8446 section 4.4.2.4, a client receiving an empty
certificate list must abort the handshake with a decode error alert.
ok beck@ inoguchi@ tb@ ('it rarely is the alert you'd expect it to be...')
|
| |
|
|
| |
Enabled by -g option, and default to disabled (RSA certificate is used)
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
After post-handshake handshake messages have been processed, we need to
return TLS13_IO_WANT_POLLIN rather than TLS13_IO_WANT_RETRY. The latter
will cause us to try to read another TLS record, when there may not be
any data available - this will then block in the case of a blocking read.
This reverts part of r1.25.
Issue noticed by inoguchi@
ok beck@ tb@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The RFC requires that a server always provide a certificate for
authentication. Ensure that this is the case, rather than proceeding and
attempting validation. In the case where validation was disabled and the
server returned an empty certificate list, this would have previously
resulted in a NULL pointer deference.
Issue reported by otto@
ok inoguchi@ tb@
|
| |
|
|
|
|
| |
This was missed in previous tls13_server.c commit.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
| |
A TLSv1.3 server must always send a certificate - return an error and abort
the handshake if none is available.
ok inoguchi@ tb@
|
| |
|
|
| |
OK beck@, who was amused by the "darkly comic value of reading" it
|
| | |
|
| | |
|
| |
|
|
| |
Enabled by -e option, and default to disabled (RSA certificate is used)
|
| | |
|
| |
|
|
| |
packages to appear
|
| | |
|
| |
|
|
|
| |
- OpenSSL1.1.1 with TLSv1.3 does not call SSL_SESSION_print() until NewSessionTicket arrival
- Shorten function name
|
| |
|
|
| |
OTHER_OPENSSL default to eopenssl11
|
| |
|
|
|
| |
This ensures that a TLSv1.0, TLSv1.1, TLSv1.2 or TLSv1.3 client can talk
with an appropriately configured server and vice versa.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
This allows a server configured to only support TLSv1.2 and earlier, to
correctly handle connections from a TLSv1.3 capable client.
Issue reported by pvk@
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Switch the legacy version when processing the server hello, rather than
when the client hello has been sent. This ensures that we accept a
response from the server that has a record version other than
TLS1_2_VERSION, as is the case where the server is negotiating TLSv1.0
or TLSv1.1.
Issue spotted by inoguchi@
ok inoguchi@ tb@
|
| |
|
|
| |
ok jsing@ tb@
|
| |
|
|
|
|
|
| |
- Add -tls1_3 and -no_tls1_3 to openssl(1) s_server
- Stop using version pinned methods, instead setting the min and max protocol versions
ok jsing@ tb@
|
| | |
|
| | |
|
| |
|
|
| |
ok beck@ tb@
|
| | |
|
| | |
|
| |
|
|
| |
ok beck@ tb@
|
| |
|
|
|
|
|
|
| |
When legacy version is below TLSv1.2 ensure that the record version is
SSL3/TLS, however when the legacy version is set to TLSv1.2 require this
specifically.
ok beck@ tb@
|
| |
|
|
|
|
| |
This will be used to handle record version checks.
ok tb@
|
| |
|
|
|
|
|
|
| |
Use this to push an error on to the SSL error stack so that we report the
details of the alert that we sent, rather than failing with an unknown
error.
ok tb@
|
| |
|
|
|
|
|
|
| |
This makes the code more readable, requires less code churn when adding
a new callback and is likely to avoid bugs due to function argument
ordering.
ok beck@ inoguchi@ tb@
|
| |
|
|
|
|
|
|
| |
This correctly handles session being non-NULL and sets up a few more
things, including ssl_version. Also stop setting the ssl_version to the
server_version, as this is only used on the client side.
ok tb@
|
| |
|
|
|
|
| |
While we are in here also make it notice if time values in a certificate
are bogus, and say so in the output.
ok bcook@ jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the client has requested middle box compatibility mode by sending
a non-empty legacy_session_id, the server must send a dummy CCS right
after its first handshake message. This means right after ServerHello
or HelloRetryRequest.
Two important improvements over the backed-out diffr: make sure that
First: client and server can send their dummy CCS at the correct moment
(right before the next flight or right after the current flight).
Second: as jsing noted, we also need to deal with the corner case that
tls13_send_dummy_ccs() can return TLS13_IO_WANT_POLLOUT.
with/ok jsing
|
| |
|
|
| |
ok beck@
|
| |
|
|
|
|
|
|
| |
Rather than using a mess of SSL_AL_*, SSL_AD_*, SSL3_AD_* and TLS1_AD_*
defines, provide our own TLS13_ALERT_* defines and use those. This also
provides the alerts that are new to TLSv1.3.
ok beck@
|
| |
|
|
|
|
|
| |
debug is on. otherwise, just retry. Fixes problems this creates in
testing.
ok jsing@ tb@
|
