summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_err.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Provide SSL_R_UNKNOWN.jsing2020-01-211-2/+3
| | | | | | | This allows us to indicate that the cause of the failure is unknown, rather than implying that it was an internal error when it was not. ok beck@
* Provide SSL_SESSION_set1_id()tb2018-03-201-1/+2
| | | | ok jsing
* Completely remove NPN remnants.jsing2017-08-281-13/+1
| | | | Based on a diff from doug@, similar diff from inoguchi@
* Move state from ssl->internal to the handshake structure.beck2017-05-071-1/+10
| | | | | | | while we are at it, convert SSLerror to use a function internally, so that we may later allocate the handshake structure and check for it ok jsing@
* Change SSLerror() back to taking two args, with the first one being an SSL *.beck2017-02-071-2/+267
| | | | | | | | | Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
* Send the error function codes to rot in the depths of hell where they belongbeck2017-01-261-222/+2
| | | | | | | We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
* Merge the single two line function from ssl_err2.c into ssl_err.c.jsing2017-01-261-2/+10
| | | | ok beck@
* Limit the number of sequential empty records that we will processbeck2017-01-261-1/+2
| | | | | | before yielding, and fail if we exceed a maximum. loosely based on what boring and openssl are doing ok jsing@
* Reluctantly add server-side support for TLS_FALLBACK_SCSV.jsing2015-02-221-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | This allows for clients that willingly choose to perform a downgrade and attempt to establish a second connection at a lower protocol after the previous attempt unexpectedly failed, to be notified and have the second connection aborted, if the server does in fact support a higher protocol. TLS has perfectly good version negotiation and client-side fallback is dangerous. Despite this, in order to maintain maximum compatability with broken web servers, most mainstream browsers implement this. Furthermore, TLS_FALLBACK_SCSV only works if both the client and server support it and there is effectively no way to tell if this is the case, unless you control both ends. Unfortunately, various auditors and vulnerability scanners (including certain online assessment websites) consider the presence of a not yet standardised feature to be important for security, even if the clients do not perform client-side downgrade or the server only supports current TLS protocols. Diff is loosely based on OpenSSL with some inspiration from BoringSSL. Discussed with beck@ and miod@. ok bcook@
* Remove trailing whitespace.jsing2014-12-141-2/+2
|
* Sort and group includes.jsing2014-11-161-1/+2
|
* Check that the specified curve is one of the client preferences.jsing2014-09-271-1/+2
| | | | | | Based on OpenSSL. ok miod@
* Add support for handling SSL_CIPHER_ALGORITHM2_AEAD ciphers, which arejsing2014-06-131-3/+5
| | | | | | | | | | | | | those that use EVP_AEAD instead ov EVP_CIPHER. This means being able to change cipher state with an EVP_AEAD and being able to encrypt/decrypt TLS using the EVP_AEAD. This has no change on existing non-SSL_CIPHER_ALGORITHM2_AEAD ciphers. Based on Adam Langley's chromium patches. Rides the recent libssl bump. Tested by sthen@
* Remove support for the `opaque PRF input' extension, which draft has expiredmiod2014-06-131-2/+1
| | | | | | | | 7 years ago and never made it into an RFC. That code wasn't compiled in anyway unless one would define the actual on-the-wire extension id bytes; crank libssl major. With help and enlightenment from Brendan MacDonell.
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* Factor out the part of tls1_change_cipher_state() that is specific tojsing2014-06-081-0/+1
| | | | | | | switching cipher states using an EVP_CIPHER. This will facilitate the addition of cipher state changes for EVP_AEAD. No functional change. Based on Adam Langley's chromium patches.
* heartbearts->heartbeats fixlogan2014-05-251-1/+1
| | | | | | From Marcos Marado: OK from tedu@
* The ssl_ciper_get_evp() function is currently overloaded to also return thejsing2014-05-251-0/+1
| | | | | | | | | | | compression associated with the SSL session. Based on one of Adam Langley's chromium diffs, factor out the compression handling code into a separate ssl_cipher_get_comp() function. Rewrite the compression handling code to avoid pointless duplication and so that failures are actually returned to and detectable by the caller. ok miod@
* First pass at applying KNF to the OpenSSL code, which almost makes itjsing2014-04-141-533/+531
| | | | | readable. This pass is whitespace only and can readily be verified using tr and md5.
* Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.miod2014-04-131-0/+1
|
* resolve conflictsdjm2012-10-131-0/+36
|
* OpenSSL 1.0.0f: mergedjm2012-01-051-1/+3
|
* resolve conflicts, fix local changesdjm2010-10-011-2/+55
|
* update to openssl-0.9.8i; tested by several, especially krw@djm2009-01-051-1/+4
|
* resolve conflictsdjm2008-09-061-7/+60
|
* resolve conflictsdjm2006-06-271-373/+372
|
* resolve conflictsdjm2005-04-291-1/+3
|
* merge 0.9.7b with local changes; crank majors for libssl/libcryptomarkus2003-05-121-0/+1
|
* merge with openssl-0.9.7-stable-SNAP-20020911,markus2002-09-141-0/+6
| | | | | new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
* apply patches from OpenSSL Security Advisory [30 July 2002],markus2002-07-301-1/+3
| | | | http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
* OpenSSL 0.9.7 stable 2002 05 08 mergebeck2002-05-151-3/+20
|
* openssl-engine-0.9.6a mergebeck2001-06-221-0/+4
|
* openssl-engine-0.9.6 mergebeck2000-12-151-0/+1
|
* OpenSSL 0.9.5a mergebeck2000-04-151-1/+3
|
* OpenSSL 0.9.5 mergebeck2000-03-191-3/+15
| | | | | | *warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
* OpenSSL 0.9.4 mergebeck1999-09-291-58/+100
|
* Import of SSLeay-0.9.0b with RSA and IDEA stubbed + OpenBSD buildryker1998-10-051-0/+374
functionality for shared libs. Note that routines such as sslv2_init and friends that use RSA will not work due to lack of RSA in this library. Needs documentation and help from ports for easy upgrade to full functionality where legally possible.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 08:24:36 +0000