| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
ok beck@
|
| |
|
|
|
|
|
| |
the ssl_ctx from internal - these are used directly by python
and openvpn and a few other things - we have the set accessors
but the get accessors were added in 1.1 and these roll their
own caveat OPENSSL_VERSION chickenpluckery
|
| |
|
|
| |
set and cleared via existing functions.
|
| |
|
|
| |
Discussed with beck@
|
| |
|
|
|
|
|
| |
from SSL_METHOD, replacing usage with direct calls to the appropriate
functions.
ok beck@
|
| |
|
|
|
| |
so these should not be diddled with directly
ok jsing@
|
| |
|
|
| |
other perversions touches them sickly and unnaturally.
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok beck@
|
| |
|
|
|
|
| |
known to be in use.
ok beck@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
| |
internal.
ok beck@
|
| |
|
|
| |
ok beck@
|
| |
|
|
| |
(thankfully).
|
| |
|
|
| |
ok beck@
|
| |
|
|
| |
ok beck@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
opaque structs.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds an internal opaque struct for each of the significant
publically visible structs. The opaque struct is then allocated and
attached to the publically visible struct when the appropriate *_new()
function is called, then cleared and freed as necessary.
This will allow for changes to be made to the internals of libssl, without
requiring a major bump each time the publically visible structs are
modified.
ok beck@
|
| |
|
|
| |
ok doug@
|
| |
|
|
|
|
| |
for future work.
Discussed with beck@
|
| |
|
|
| |
ok jsing@
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
For backward compatibility, the flags are redefined as 0.
ok jsing@
|
| |
|
|
|
|
|
| |
incomplete implementations just so that we can interoperate with products
from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
| |
|
|
|
|
|
|
|
|
| |
This is the first wave of SSLv3 removal which removes the main SSLv3
functions. Future commits will remove the rest of the SSLv3 support.
Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@,
sthen@, naddy@, and deraadt@.
ok jsing@, beck@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use these instead of SSLv23_*method when you want to make sure TLS is
used.
By default, we disable SSLv3 but it's still possible for the user to
re-enable it. TLS_*method does not allow SSLv3.
Both BoringSSL and (next version of) OpenSSL have these methods.
However, they have changed the implementation significantly. We will
as well, but not right now.
Riding the libssl major bump.
ok miod@ bcook@
|
| |
|
|
|
|
| |
This was a hack to work around problems on IE 6 with SSLv3.
ok miod@ bcook@
|
| |
|
|
|
|
|
|
| |
This is a 17 year old workaround from SSLeay 0.9.0b. It was for
clients that send RSA client key exchange in TLS using SSLv3 format
(no length prefix).
ok jsing@
|
| |
|
|
|
|
|
|
|
| |
For a few old releases, ECDHE-ECDSA was broken on OS X. This option
cannot differentiate between working and broken OS X so it disabled
ECDHE-ECDSA support on all OS X >= 10.6. 10.8-10.8.3 were the faulty
releases but these are no longer relevant. Tested on OS X 10.10 by jsing.
ok jsing@
|
| |
|
|
|
|
|
|
|
| |
OpenSSL doesn't remember which clients were impacted and the
functionality has been broken in their stable releases for 2 years.
Based on OpenSSL commit a8e4ac6a2fe67c19672ecf0c6aeafa15801ce3a5.
ok jsing@
|
| |
|
|
| |
ok deraadt@ doug@ millert@ miod@ sthen@
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These were recently removed and are now set to 0:
SSL_OP_NETSCAPE_CA_DN_BUG
SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
SSL_OP_SSLEAY_080_CLIENT_DH_BUG
The code associated with these was deleted in the past at some point
and these are also now 0:
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
SSL_OP_EPHEMERAL_RSA
SSL_OP_MICROSOFT_SESS_ID_BUG
SSL_OP_NETSCAPE_CHALLENGE_BUG
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
The SSL_OP_ALL macro has been updated to reflect the removals.
ok miod@ jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows for clients that willingly choose to perform a downgrade and
attempt to establish a second connection at a lower protocol after the
previous attempt unexpectedly failed, to be notified and have the second
connection aborted, if the server does in fact support a higher protocol.
TLS has perfectly good version negotiation and client-side fallback is
dangerous. Despite this, in order to maintain maximum compatability with
broken web servers, most mainstream browsers implement this. Furthermore,
TLS_FALLBACK_SCSV only works if both the client and server support it and
there is effectively no way to tell if this is the case, unless you control
both ends.
Unfortunately, various auditors and vulnerability scanners (including
certain online assessment websites) consider the presence of a not yet
standardised feature to be important for security, even if the clients do
not perform client-side downgrade or the server only supports current TLS
protocols.
Diff is loosely based on OpenSSL with some inspiration from BoringSSL.
Discussed with beck@ and miod@.
ok bcook@
|
| |
|
|
|
|
| |
however it is not likely to be removed any time soon.
ok beck@ miod@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
retrieved via its cipher suite value. A corresponding SSL_CIPHER_by_value()
function returns the cipher suite value for a given SSL_CIPHER. These
functions should mean that software does not need to resort to
put_cipher_by_char()/get_cipher_by_char() in order to locate a cipher.
Begrudgingly also provide a SSL_CIPHER_get_by_id() function that locates a
cipher via the internal cipher identifier. Unfortunately these have already
been leaked outside the library via SSL_CIPHER_by_id() and the various
SSL3_CK_* and TLS1_CK_* defines in the ssl3.h/tls1.h headers.
ok beck@ miod@
|
| |
|
|
|
|
|
|
| |
This API was intended to be an internal only, however like many things in
OpenSSL, it is exposed externally and parts of the software ecosystem are
now using it since there is no real alternative within the public API.
ok doug@, tedu@ and reluctantly miod@
|
| |
|
|
|
| |
As discussed with beck@ jsing@ and others
OK beck@
|
| |
|
|
|
|
|
|
| |
that use AEAD instead of a MAC. This allows for TLSv1.2 AEAD ciphers
(effectively the only ciphers that are still considered to be secure) to be
selected using TLSv1.2+AEAD as a cipher string.
ok bcook@ doug@ miod@
|
| |
|
|
|
|
|
|
|
|
| |
access to the certificates. SSL_CTX_load_verify_mem() is a frontend
to the new X509_STORE_load_mem() function that allows to load the CA
chain from a memory buffer that is holding the PEM-encoded files.
This function allows to handle the verification in privsep'ed code.
Adopted for LibreSSL based on older code from relayd (by pyr@ and myself)
With feedback and OK bluhm@
|
| | |
|
| |
|
|
|
|
| |
Based on OpenSSL and BoringSSL.
ok bcook@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
|
| |
storing and processing in wire encoded form.
Inspired by boringssl.
ok miod@
|
| |
|
|
|
| |
This causes a libssl major version bump as this affects the layout of some
internal-but-unfortunately-made-visible structs.
|
