| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
| |
This avoids every receive handler from having to get the handshake message
content itself. Additionally, pull the trailing data check up so that each
receive handler does not have to implement it. This makes the code more
readable and reduces duplication.
ok beck@ tb@
|
| | |
|
| |
|
|
| |
ok tb@
|
| | |
|
| | |
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This also makes it available to clients that use libtls, including ftp(1)
and nc(1).
Note that this does not expose additional defines via public headers, which
means that any code conditioning on defines like TLS1_3_VERSION or
SSL_OP_NO_TLSv1_3 will not enable or use TLSv1.3. This approach is
necessary since too many pieces of software assume that if TLS1_3_VERSION
is available, other OpenSSL 1.1 API will also be available, which is not
necessarily the case.
ok beck@ tb@
|
| |
|
|
|
|
| |
been installed prior to building.
Requested by and ok tb@
|
| |
|
|
|
|
| |
reverts previous attempt which would have broken ports
ok jsing@
|
| |
|
|
| |
ok beck@ tb@
|
| |
|
|
|
|
|
|
| |
Finished message has been received, a change cipher spec may be received
and must be ignored. Add a flag to the record layer struct and set it at
the appropriate moments during the handshake so that we will ignore it.
ok jsing
|
| |
|
|
|
|
|
| |
The legacy version field is capped at TLSv1.2, however it may be lower than
this if we are only choosing to use TLSv1.0 or TLSv1.1.
ok beck@ tb@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
|
|
| |
in the ClientHello where it may be set to TLS1_VERSION. Use
the minimal supported version to decide whether we choose to do
so or not. Use a sent hook to set it back TLS1_2_VERSION right
after the ClientHello message is on the wire.
ok beck jsing
|
| |
|
|
| |
Missed in an earlier commit.
|
| |
|
|
|
|
| |
We currently don't support sending a modified clienthello
ok jsing@ tb@
|
| |
|
|
| |
ok beck@ tb@
|
| |
|
|
| |
ok beck@ inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
| |
When falling back to the legacy TLS client, in the case where a server has
sent a TLS record that contains more than one handshake message, we also
need to stash the unprocessed record data for later processing. Otherwise
we end up with missing handshake data.
ok beck@ tb@
|
| |
|
|
|
|
|
| |
This allows us to indicate that the cause of the failure is unknown, rather
than implying that it was an internal error when it was not.
ok beck@
|
| |
|
|
|
|
|
|
|
| |
SSL_{clear,free}(3). Make sure the handshake context is
cleaned up completely: the hs_tls13 reacharound is taken
care of by ssl3_{clear,free}(3). Add a missing
tls13_handshake_msg_free() call to tls13_ctx_free().
ok beck jsing
|
| |
|
|
|
|
|
| |
tls13 context, and emiting the alert at the upper layers when
the lower level code fails
ok jsing@, tb@
|
| |
|
|
| |
ok jsing@, inoguchi@, tb@
|
| |
|
|
|
|
|
| |
This is based on the libtls error handling code, but adds machine readable
codes and subcodes. We then map these codes back to libssl error codes.
ok beck@ inoguchi@
|
| |
|
|
|
|
|
|
| |
the new function SSL_CTX_get_extra_chain_certs_only(3) and changed
the semantics of the existing SSL_CTX_get_extra_chain_certs(3) API
from the former OpenSSL 1.0.1 behaviour to the new, incompatible
OpenSSL 1.0.2 behaviour. Adjust the documentation.
OK jsing@ beck@ inoguchi@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
In OpenSSL, SSL_CTX_get_extra_chain_certs() really means return extra
certs, unless there are none, in which case return the chain associated
with the certificate. If you really just want the extra certs, including
knowing if there are no extra certs, then you need to call
SSL_CTX_get_extra_chain_certs_only()! And to make this even more
entertaining, these functions are not documented in any OpenSSL release.
Reported by sephiroth-j on github, since the difference in behaviour
apparently breaks OCSP stapling with nginx.
ok beck@ inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
|
|
| |
OpenSSL decided to use their own names for two of the TLS 1.3 extensions,
rather than using the names given in the RFC. Provide aliases for these so
that code written to work with OpenSSL also works with LibreSSL (otherwise
everyone gets to provide their own workarounds).
Issue noted by d3x0r on github.
ok inoguchi@ tb@
|
| | |
|
| |
|
|
| |
From Michael Forney, thanks!
|
| |
|
|
|
|
| |
tested against openssl 1.1's server.
ok jsing@ tb@
|
| |
|
|
|
|
| |
Needed for doing TLS 1.3 Post Handshake Handshake messages.
ok jsing@
|
| |
|
|
| |
so that the regress tests will work for them
|
| |
|
|
| |
ok beck@
|
| |
|
|
|
|
| |
issues and makes call sites cleaner.
ok beck@
|
| |
|
|
|
|
| |
rather than the hash of an empty context
ok jsing@
|
| |
|
|
|
|
|
| |
For now ssl3_shutdown() is called in all cases, however TLSv1.3 will soon
get its own version.
ok beck@
|
| |
|
|
| |
ok beck, jsing
|
| |
|
|
|
|
| |
is complete, which should never occur.
ok beck@
|
| |
|
|
|
|
| |
Discussed at length with beck@
ok beck@ tb@
|
| | |
|
| | |
|
| |
|
|
| |
ok beck@
|
| | |
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
| |
from a tls 1.3 connection, for now.
ok jsing@
|
| |
|
|
|
|
| |
from the record layer
ok jsing@
|
| |
|
|
|
| |
I'll figure it out a bit later.
Found and diagnosed by inoguchi@
|
| |
|
|
| |
ok tb@ inoguchi@
|
| |
|
|
| |
OK kn@ tb@
|
| |
|
|
| |
poison the context. ok and help jsing@ tb@
|
