Commit Graph

1060 Commits

Author SHA1 Message Date
Dr. Stephen Henson
3a88efd48c If legacy renegotiation is not permitted then send a fatal alert if a patched
server attempts to renegotiate with an unpatched client.
2010-01-22 18:49:34 +00:00
Dr. Stephen Henson
49371e3acb oops 2010-01-20 17:59:53 +00:00
Dr. Stephen Henson
eb125795d2 update NEWS file 2010-01-20 17:56:34 +00:00
Dr. Stephen Henson
071ef65cfa The use of NIDs in the password based encryption table can result in
algorithms not found when an application uses PKCS#12 and only calls
SSL_library_init() instead of OpenSSL_add_all_algorithms(). Simple
work around is to add the missing algorithm (40 bit RC2) in
SSL_library_init().
2010-01-19 19:56:06 +00:00
Dr. Stephen Henson
0debb681e1 PR: 2144
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Better fix for PR#2144
2010-01-19 19:11:35 +00:00
Dr. Stephen Henson
8d39d2800a PR: 2144
Submitted by: steve@openssl.org

Fix DTLS connection so new_session is reset if we read second client hello:
new_session is used to detect renegotiation.
2010-01-16 19:46:10 +00:00
Dr. Stephen Henson
598b562a7f PR: 2133
Submitted by: steve@openssl.org

Add missing DTLS state strings.
2010-01-16 19:20:52 +00:00
Dr. Stephen Henson
031c78901b make update 2010-01-15 15:24:19 +00:00
Dr. Stephen Henson
ce1ec9c35e PR: 2125
Submitted by: "Alon Bar-Lev" <alon.barlev@gmail.com>

Fix gcc-aix compilation issue.
2010-01-14 17:51:29 +00:00
Dr. Stephen Henson
bd5f21a4ae Fix version handling so it can cope with a major version >3.
Although it will be many years before TLS v2.0 or later appears old versions
of servers have a habit of hanging around for a considerable time so best
if we handle this properly now.
2010-01-13 19:08:02 +00:00
Dr. Stephen Henson
423c66f10e Simplify RI+SCSV logic:
1. Send SCSV is not renegotiating, never empty RI.
2. Send RI if renegotiating.
2010-01-07 19:04:52 +00:00
Dr. Stephen Henson
76998a71bc Updates to conform with draft-ietf-tls-renegotiation-03.txt:
1. Add provisional SCSV value.
2. Don't send SCSV and RI at same time.
3. Fatal error is SCSV received when renegotiating.
2010-01-06 17:37:09 +00:00
Dr. Stephen Henson
dd792d6222 Missing commit from change ofr compress_meth to unsigned 2010-01-06 17:35:27 +00:00
Dr. Stephen Henson
82a107eaa8 compress_meth should be unsigned 2010-01-06 14:01:45 +00:00
Dr. Stephen Henson
2be3d6ebc8 Client side compression algorithm sanity checks: ensure old compression
algorithm matches current and give error if compression is disabled and
server requests it (shouldn't happen unless server is broken).
2010-01-01 14:39:37 +00:00
Dr. Stephen Henson
e6f418bcb7 Compression handling on session resume was badly broken: it always
used compression algorithms in client hello (a legacy from when
the compression algorithm wasn't serialized with SSL_SESSION).
2009-12-31 14:13:30 +00:00
Dr. Stephen Henson
76774c5ea1 return v1.1 methods for client/server 2009-12-28 00:31:16 +00:00
Dr. Stephen Henson
73527122c9 Typo 2009-12-27 23:02:50 +00:00
Dr. Stephen Henson
d68015764e Update RI to match latest spec.
MCSV is now called SCSV.

Don't send SCSV if renegotiating.

Also note if RI is empty in debug messages.
2009-12-27 22:58:55 +00:00
Dr. Stephen Henson
fbed9f8158 Alert to use is now defined in spec: update code 2009-12-17 15:42:52 +00:00
Dr. Stephen Henson
ef51b4b9b4 New option to enable/disable connection to unpatched servers 2009-12-16 20:25:59 +00:00
Dr. Stephen Henson
c27c9cb4f7 Allow initial connection (but no renegoriation) to servers which don't support
RI.

Reorganise RI checking code and handle some missing cases.
2009-12-14 13:56:04 +00:00
Dr. Stephen Henson
22c2155595 Move SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION out of SSL_OP_ALL and move SSL_OP_NO_TLSv1_1 2009-12-11 00:23:12 +00:00
Dr. Stephen Henson
a8640f0a7d Check s3 is not NULL 2009-12-09 15:03:44 +00:00
Dr. Stephen Henson
338a61b94e Add patch to crypto/evp which didn't apply from PR#2124 2009-12-09 15:01:39 +00:00
Dr. Stephen Henson
7661ccadf0 Add ctrls to clear options and mode.
Change RI ctrl so it doesn't clash.
2009-12-09 13:25:16 +00:00
Dr. Stephen Henson
82e610e2cf Send no_renegotiation alert as required by spec. 2009-12-08 19:06:26 +00:00
Dr. Stephen Henson
5430200b8b Add ctrl and macro so we can determine if peer support secure renegotiation. 2009-12-08 13:42:08 +00:00
Dr. Stephen Henson
13f6d57b1e Add support for magic cipher suite value (MCSV). Make secure renegotiation
work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.

NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.

Change mismatch alerts to handshake_failure as required by spec.

Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.
2009-12-08 13:14:03 +00:00
Dr. Stephen Henson
8025e25113 PR: 2121
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Add extension support to DTLS code mainly using existing implementation for
TLS.
2009-12-08 11:37:40 +00:00
Dr. Stephen Henson
637f374ad4 Initial experimental TLSv1.1 support 2009-12-07 13:31:02 +00:00
Dr. Stephen Henson
7f354fa42d Ooops... 2009-12-01 18:40:50 +00:00
Dr. Stephen Henson
6732e14278 check DSA_sign() return value properly 2009-12-01 18:39:33 +00:00
Dr. Stephen Henson
499684404c PR: 2115
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Add Renegotiation extension to DTLS, fix DTLS ClientHello processing bug.
2009-12-01 17:42:15 +00:00
Dr. Stephen Henson
6cef3a7f9c Servers can't end up talking SSLv2 with legacy renegotiation disabled 2009-11-18 15:09:44 +00:00
Dr. Stephen Henson
4d09323a63 Don't use SSLv2 compatible client hello if we don't tolerate legacy renegotiation 2009-11-18 14:45:48 +00:00
Dr. Stephen Henson
64abf5e657 Include a more meaningful error message when rejecting legacy renegotiation 2009-11-18 14:20:21 +00:00
Richard Levitte
0a02d1db34 Update from 1.0.0-stable 2009-11-12 17:03:10 +00:00
Dr. Stephen Henson
860c3dd1b6 add missing parts of reneg port, fix apps patch 2009-11-11 14:51:19 +00:00
Dr. Stephen Henson
e0e7997212 First cut of renegotiation extension. (port to HEAD) 2009-11-09 19:03:34 +00:00
Dr. Stephen Henson
7ba3838a4b If it is a new session don't send the old TLS ticket: send a zero length
ticket to request a new session.
2009-11-08 14:36:12 +00:00
Dr. Stephen Henson
4398222457 Ooops, revert committed conflict. 2009-11-07 22:22:40 +00:00
Dr. Stephen Henson
71af26b57b PR: 2089
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS Fragment size bug fix.
2009-11-02 13:38:22 +00:00
Dr. Stephen Henson
4b4ba6a887 Generate stateless session ID just after the ticket is received instead
of when a session is loaded. This will mean that applications that
just hold onto SSL_SESSION structures and never call d2i_SSL_SESSION()
will still work.
2009-10-30 14:06:03 +00:00
Dr. Stephen Henson
661dc1431f Fix statless session resumption so it can coexist with SNI 2009-10-30 13:22:24 +00:00
Dr. Stephen Henson
213f08a65a Don't attempt session resumption if no ticket is present and session
ID length is zero.
2009-10-28 19:52:18 +00:00
Dr. Stephen Henson
3e24d43931 oops! 2009-10-28 19:50:59 +00:00
Dr. Stephen Henson
b57329ba90 PR: 2085
Submitted by: Mike Frysinger <vapier@gentoo.org>
Approved by: steve@openssl.org

Change domd test to match 1.0.0+ version: check $MAKEDEPEND
ends in "gcc" to support cross compilers.
2009-10-28 19:48:09 +00:00
Dr. Stephen Henson
c6bec6ef0d PR: 2072
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org

Avoid potential doublefree and reuse of freed handshake_buffer.
2009-10-16 15:24:07 +00:00
Dr. Stephen Henson
7c3908dd19 PR: 2073
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org

Don't access freed SSL_CTX in SSL_free().
2009-10-16 13:41:39 +00:00