| Commit message (Collapse) | Author | Files | Lines |
|---|
|
there is already a close(2), so do not do it in readwrite().
OK beck@
|
|
loop. Use an additional poll(2) during the handshake and also
respect the -w timeout option there.
From Shuo Chen; OK beck@
|
|
provided error code matches the error that is currently on the top of the
error stack.
|
|
|
|
1989, VMS, or MS/DOS and we all run Brobdingnagian C compilers that have
can now be counted on to achieve this level of sophistication nearly
everywhere.
ok jsing@
|
|
Make a table of "function codes" which maps the internal state of the SSL *
to something like a useful name so in a typical error in the connection you
know in what sort of place in the handshake things happened. (instead of
by arcane function name).
Add SSLerrorx() for when we don't have an SSL *
ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
|
SSL_{,CTX_}ctrl() functions. As crazy as it is, some software appears to
call the control functions directly rather than using the macros (or
functions) provided by the library.
Discussed with beck@ and sthen@
|
|
ok jsing@
|
|
ok beck@
|
|
before other includes per style(9) while we're here.
ok florian@ bcook@ jsing@ beck@
|
|
|
|
don't have EAI_NODATA, so make this easier for people
from bernard spill
|
|
half a page and a page. ok jmatthew@ tb@
|
|
|
|
added associated to a keypair used for SNI, and are usable for more than
just the "main" certificate. Modify httpd to use this.
Bump libtls minor.
ok jsing@
|
|
ok beck@ reyk@
|
|
client-initiated renegotiation. The current default behaviour remains
unchanged.
ok beck@ reyk@
|
|
This regress bntest.c patch is originally from master branch of OpenSSL.
- dca2e0e test/bntest.c: regression test for CVE-2016-7055.
- 3e7a496 test/bntest.c: regression test for carry bug in bn_sqr8x_internal.
These tests were added for these commit.
- 2fac86d bn/asm/x86_64-mont.pl: fix for CVE-2016-7055 (Low severity).
- 3f4bcf5 bn/asm/x86_64-mont5.pl: fix carry bug in bn_sqr8x_internal.
ok beck@
|
|
This patch is originally from master branch of OpenSSL.
- 2198b3a crypto/evp: harden AEAD ciphers.
- 8e20499 crypto/evp: harden RC4_MD5 cipher.
ok tom@
|
|
jsing@ confirmed that these are public and worth documenting.
|
|
|
|
jsing@ confirmed that these macros are public and worth documenting.
|
|
and BN_RECP_CTX_init(3). They are not only deprecated but so
dangerous that they are almost unusable. I found these scary
traps while reading the code in order to document BN_set_flags(3).
While here, delete ERR_get_error(3) from SEE ALSO.
|
|
|
|
so that it does not send back bogus staples when SNI is in use.
(Further change is required to be able to use staples on all keypairs
and not just the main one)
ok jsing@
|
|
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@
|
|
|
|
In many cases we got away with this, however if a server sends multiple
handshake messages in the same record only the first message would be added
to the MAC.
Should fix breakage reported by various people.
|
|
|
|
|
|
ok jmc@
|
|
from holger mikolon, plus one more in nc;
|
|
|
|
issue where by calling tls_close() on a TLS context that has not attempted
a handshake, results in an unexpected failure.
Reported by Vinay Sajip.
ok beck@
|
|
|
|
|
|
|
|
ok beck@
|
|
line wraps that resulted
|
|
using it anymore
ok jsing@
|
|
We leave a single funciton code (0xFFF) to say "SSL_internal" so the public
API will not break, and we replace all internal use of the two argument
SSL_err() with the internal only SSL_error() that only takes a reason code.
ok jsing@
|
|
ok beck@
|
|
|
|
before yielding, and fail if we exceed a maximum. loosely based
on what boring and openssl are doing
ok jsing@
|
|
using it more and more to avoid spins.
ok jsing@
|
|
and defines since they are the same everywhere.
ok beck@
|
|
ssl_versions.c file.
ok beck@
|
|
longer SSLv3 code.
ok beck@
|
|
fixed version) client/server code.
ok beck@
|
|
jsing@ confirmed that this function is public and worth documenting.
This page needs much more work, it is outrageously incomplete and
unclear. For example, it remains unexplained what error strings
are, what "registering" means and what the benefit for the application
is, what happens if it is not done, or what happens if an error
occurs after calling ERR_free_strings(3). I tried to read the code,
but it is so contorted that i postponed that work. For example,
it looks like there are hooks for applications to replace the
functions used for registering strings by other, application-supplied
functions, and, of course, there are many levels of macro and
function wrappers.
For now, i only documented the most obvious BUGS.
|
