Commit Graph

114 Commits

Author SHA1 Message Date
Bodo Möller
c21506ba02 New option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS for disabling CBC
vulnerability workaround (included in SSL_OP_ALL).

PR: #90
2002-06-14 12:21:11 +00:00
Lutz Jänicke
8586df1efb Correct wrong usage information.
PR: 95
2002-06-12 20:15:18 +00:00
Lutz Jänicke
a5200a1b8f Typo.
PR: 72
2002-06-04 20:43:10 +00:00
Bodo Möller
023ec151df Add 'void *' argument to app_verify_callback.
Submitted by: D. K. Smetters <smetters@parc.xerox.com>
Reviewed by: Bodo Moeller
2002-02-28 10:52:56 +00:00
Lutz Jänicke
ce4b274aa1 SSL_clear != SSL_free/SSL_new 2002-02-27 08:08:57 +00:00
Lutz Jänicke
f0d6ee6be8 Even though it is not really practical people should know about it. 2002-02-15 07:41:42 +00:00
Lutz Jänicke
a7ce69dbd7 Clarify reference count handling/removal of session
(shinagawa@star.zko.dec.com).
2001-11-19 11:11:23 +00:00
Bodo Möller
65123f8064 remove incorrect 'callback' prototype 2001-11-10 02:12:56 +00:00
Bodo Möller
1d8634b110 msg_callback documentation 2001-11-10 02:12:09 +00:00
Bodo Möller
a661b65357 New functions SSL[_CTX]_set_msg_callback().
New macros SSL[_CTX]_set_msg_callback_arg().

Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).

New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.


In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.

Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).

Add/update some OpenSSL copyright notices.
2001-10-20 17:56:36 +00:00
Bodo Möller
51008ffce1 document SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 2001-10-17 11:56:26 +00:00
Lutz Jänicke
56fa8e69cf Update information as a partial response to the post
From: "Chris D. Peterson" <cpeterson@aventail.com>
  Subject: Implementation Issues with OpenSSL
  To: openssl-users@openssl.org
  Date: Wed, 22 Aug 2001 16:13:17 -0700
The patch included in the original post may improve the internal session
list handling (and is therefore worth a seperate investigation).
No change to the list handling will however solve the problems of incorrect
SSL_SESSION_free() calls. The session list is only one possible point of
failure, dangling pointers would also occur for SSL object currently
using the session. The correct solution is to only use SSL_SESSION_free()
when applicable!
2001-10-12 12:29:16 +00:00
Lutz Jänicke
d300bcca7f Typo. 2001-09-13 15:18:51 +00:00
Lutz Jänicke
d59c3e5046 One more manual page. 2001-09-13 15:05:42 +00:00
Lutz Jänicke
6d8566f2eb Rework section about return values another time (based on hints from
Bodo Moeller).
2001-09-13 13:21:38 +00:00
Lutz Jänicke
c0f5dd070b Make maximum certifcate chain size accepted from the peer application
settable (proposed by "Douglas E. Engert" <deengert@anl.gov>).
2001-09-11 13:08:51 +00:00
Ulf Möller
3b80e3aa9e ispell 2001-09-07 06:13:40 +00:00
Lutz Jänicke
f1b2807478 More docs. 2001-08-24 14:29:48 +00:00
Lutz Jänicke
bfd7bb3eb6 Typo. 2001-08-23 17:41:20 +00:00
Lutz Jänicke
11c8f0b79d More manual pages. Constify. 2001-08-23 17:22:43 +00:00
Lutz Jänicke
c4068186ac As discussed recently on openssl-users. 2001-08-23 15:00:11 +00:00
Lutz Jänicke
0a93a68020 Make clear, that using the compression layer is currently not recommended. 2001-08-23 09:42:12 +00:00
Ulf Möller
f2ab7d1392 typo. 2001-08-22 18:35:17 +00:00
Lutz Jänicke
141e584998 One more manual page... 2001-08-21 14:54:54 +00:00
Lutz Jänicke
336736ef35 Documentation on how to handle compression methods.
Hopefully it is clear enough, that it is currently not recommended.
2001-08-21 13:02:58 +00:00
Lutz Jänicke
d93eb21c7c More interdependencies with respect to shutdown behaviour. 2001-08-20 14:34:16 +00:00
Lutz Jänicke
a403188f92 Alert description strings for TLSv1 and documentation. 2001-08-19 16:20:42 +00:00
Lutz Jänicke
52129c0b0b More details about session timeout settings. 2001-08-17 16:36:51 +00:00
Lutz Jänicke
a52877a2f1 One more function documented. 2001-08-17 15:54:50 +00:00
Lutz Jänicke
cdd7c3ce92 SSL_shutdown() has even more properties... 2001-08-17 15:09:31 +00:00
Lutz Jänicke
c1497b4d19 One more step on the way for complete documentation... 2001-08-17 14:32:38 +00:00
Lutz Jänicke
b2ed462934 Unidirectional shutdown is allowed according to the RFC. 2001-08-17 09:08:32 +00:00
Lutz Jänicke
9e09eebf94 Better description of the behaviour of SSL_shutdown() as it is now, broken
or not.
2001-08-16 14:27:55 +00:00
Lutz Jänicke
06da6e4977 Don't disable rollback attack detection as a recommended bug workaround. 2001-08-03 08:45:13 +00:00
Lutz Jänicke
37f599bcec Reworked manual pages with a lot of input from Bodo Moeller. 2001-07-31 15:04:50 +00:00
Lutz Jänicke
7abe76e1bd Fix wrong information about SSL_set_connect_state()... 2001-07-25 12:12:51 +00:00
Lutz Jänicke
3e3dac9f97 Additional inline reference. 2001-07-23 12:57:37 +00:00
Lutz Jänicke
397ba0f08a Add missing reference. 2001-07-23 12:52:05 +00:00
Lutz Jänicke
4db48ec0bd Documentation about ephemeral key exchange 2001-07-21 11:02:17 +00:00
Lutz Jänicke
6d3dec92fb Updated explanation. 2001-07-20 19:23:43 +00:00
Lutz Jänicke
2d3b6a5be7 Some more documentation bits. 2001-07-20 18:57:15 +00:00
Lutz Jänicke
a1a63a4239 Clarify! (based on recent mailing-list discussions) 2001-07-11 15:10:28 +00:00
Lutz Jänicke
74daa124c2 Add missing item(s) SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT. 2001-05-16 09:43:51 +00:00
Lutz Jänicke
5892855c5f Typos. 2001-05-14 09:52:44 +00:00
Lutz Jänicke
a6e859e9ec One more point to clarify, pointed out by "Greg Stark" <ghstark@pobox.com> 2001-05-14 09:02:38 +00:00
Lutz Jänicke
33ab4699ba Clarify behaviour with respect to SSL/TLS records. 2001-05-12 09:49:02 +00:00
Lutz Jänicke
4b3270f78e Clarify behaviour of SSL_write() by mentioning SSL_MODE_ENABLE_PARTIAL_WRITE
flag as discussed on the mailing list.
2001-05-11 09:53:10 +00:00
Lutz Jänicke
197322455d Clarify request of client certificates. This is a FAQ. 2001-04-17 13:18:56 +00:00
Lutz Jänicke
638b0d4277 Fix wrong information with respect to CAs listed to the client
(follows from technical discussion with Amit Chopra <amitc@pspl.co.in>).
2001-04-12 16:02:34 +00:00
Lutz Jänicke
f7181a9179 Typo (Jun-ichiro itojun Hagino <itojun@iijlab.net>) 2001-04-12 11:45:42 +00:00