- 04 7月, 2002 1 次提交
-
-
由 Bodo Möller 提交于
-
- 14 6月, 2002 1 次提交
-
-
由 Bodo Möller 提交于
vulnerability workaround (included in SSL_OP_ALL). PR: #90
-
- 07 5月, 2002 2 次提交
-
-
由 Bodo Möller 提交于
-
由 Bodo Möller 提交于
in the default ciphersuite list
-
- 06 5月, 2002 1 次提交
-
-
由 Bodo Möller 提交于
-
- 12 3月, 2002 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Fix ASN1 additions for KRB5
-
- 28 2月, 2002 1 次提交
-
-
由 Bodo Möller 提交于
Submitted by: D. K. Smetters <smetters@parc.xerox.com> Reviewed by: Bodo Moeller
-
- 15 1月, 2002 1 次提交
-
-
由 Bodo Möller 提交于
to indicate that a real handshake is taking place (the value will be lost during multiple invocations). Set s->new_session to 2 instead.
-
- 12 1月, 2002 2 次提交
-
-
由 Ben Laurie 提交于
-
由 Ben Laurie 提交于
-
- 18 12月, 2001 1 次提交
-
-
由 Bodo Möller 提交于
-
- 10 11月, 2001 1 次提交
-
-
由 Bodo Möller 提交于
Important SSL 2.0 bugfixes (bugs found while implementing msg_callback).
-
- 24 10月, 2001 1 次提交
-
-
由 Richard Levitte 提交于
-
- 21 10月, 2001 1 次提交
-
-
由 Bodo Möller 提交于
New macros SSL[_CTX]_set_msg_callback_arg(). Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet). New '-msg' option for 'openssl s_client' and 'openssl s_server' that enable a message callback that displays all protocol messages. In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if client_version is smaller than the protocol version in use. Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the client will at least see that alert. Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic pointer). Add/update some OpenSSL copyright notices.
-
- 18 10月, 2001 1 次提交
-
-
由 Bodo Möller 提交于
variable name occured just in a function *prototype* -- so rename it
-
- 16 10月, 2001 2 次提交
-
-
由 Bodo Möller 提交于
Both have per-SSL_CTX defaults. These new values can be set by calling SSL[_CTX]_[callback_]ctrl with codes SSL_CTRL_SET_MSG_CALLBACK and SSL_CTRL_SET_MSG_CALLBACK_ARG. So far, the callback is never actually called. Also rearrange some SSL_CTX struct members (some exist just in SSL_CTXs, others are defaults for SSLs and are either copied during SSL_new, or used if the value in the SSL is not set; these three classes of members were not in a logical order), and add some missing assignments to SSL_dup.
-
由 Bodo Möller 提交于
'Handshake' protocol structures are kept in memory, including 'msg_type' and 'length'. (This is in preparation of future support for callbacks that get to peek at handshake messages and the like.)
-
- 10 10月, 2001 1 次提交
-
-
由 Richard Levitte 提交于
depend on the environment, like the presence of the OpenBSD crypto device or of Kerberos, do not change the dependencies within OpenSSL.
-
- 21 9月, 2001 3 次提交
-
-
由 Bodo Möller 提交于
just sent a HelloRequest.
-
由 Bodo Möller 提交于
New option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.
-
由 Bodo Möller 提交于
reveal whether illegal block cipher padding was found or a MAC verification error occured. In ssl/s2_pkt.c, verify that the purported number of padding bytes is in the legal range.
-
- 11 9月, 2001 1 次提交
-
-
由 Lutz Jänicke 提交于
settable (proposed by "Douglas E. Engert" <deengert@anl.gov>).
-
- 24 8月, 2001 1 次提交
-
-
由 Lutz Jänicke 提交于
-
- 03 8月, 2001 1 次提交
-
-
由 Lutz Jänicke 提交于
-
- 01 8月, 2001 1 次提交
-
-
由 Lutz Jänicke 提交于
It did not work, it was deactivated by #if 0/#endif anyway _and_ we now have the working SSL_OP_CIPHER_SERVER_PREFERENCE.
-
- 31 7月, 2001 1 次提交
-
-
由 Richard Levitte 提交于
His comments are: First, it corrects a problem introduced in the last patch where the kssl_map_enc() would intentionally return NULL for valid ENCTYPE values. This was done to prevent verification of the kerberos 5 authenticator from being performed when Derived Key ciphers were in use. Unfortunately, the authenticator verification routine was not the only place that function was used. And it caused core dumps. Second, it attempt to add to SSL_SESSION the Kerberos 5 Client Principal Name.
-
- 16 7月, 2001 1 次提交
-
-
由 Richard Levitte 提交于
-
- 10 7月, 2001 1 次提交
-
-
由 Richard Levitte 提交于
SSL according to RFC 2712. His comment is: This is a patch to openssl-SNAP-20010702 to support Kerberized SSL authentication. I'm expecting to have the full kssl-0.5 kit up on sourceforge by the end of the week. The full kit includes patches for mod-ssl, apache, and a few text clients. The sourceforge URL is http://sourceforge.net/projects/kssl/ . Thanks to a note from Simon Wilkinson I've replaced my KRB5 AP_REQ message with a real KerberosWrapper struct. I think this is fully RFC 2712 compliant now, including support for the optional authenticator field. I also added openssl-style ASN.1 macros for a few Kerberos structs; see crypto/krb5/ if you're interested.
-
- 08 4月, 2001 1 次提交
-
-
由 Bodo Möller 提交于
-
- 09 3月, 2001 2 次提交
-
-
由 Bodo Möller 提交于
-
由 Bodo Möller 提交于
-
- 07 3月, 2001 1 次提交
-
-
由 Bodo Möller 提交于
-
- 06 3月, 2001 1 次提交
-
-
由 Bodo Möller 提交于
Add EC vaporware: change relevant Makefiles and add some empty source files. "make update".
-
- 23 2月, 2001 1 次提交
-
-
由 Geoff Thorpe 提交于
an SSL_CTX's session cache, it is necessary to compare the ssl_version at the same time (a conflict is defined, courtesy of SSL_SESSION_cmp(), as a matching id/id_length pair and a matching ssl_version). However, the SSL_SESSION that will result from the current negotiation does not necessarily have the same ssl version as the "SSL_METHOD" in use by the SSL_CTX - part of the work in a handshake is to agree on an ssl version! This is fixed by having the check function accept an SSL pointer rather than the SSL_CTX it belongs to. [Thanks to Lutz for illuminating the full extent of my stupidity]
-
- 22 2月, 2001 2 次提交
-
-
由 Richard Levitte 提交于
SSL_add_dir_cert_subjects_to_stack is not implemented on WIN32 and VMS, so declare it the same way.
-
由 Geoff Thorpe 提交于
SSL/TLS session IDs in a server. According to RFC2246, the session ID is an arbitrary value chosen by the server. It can be useful to have some control over this "arbitrary value" so as to choose it in ways that can aid in things like external session caching and balancing (eg. clustering). The default session ID generation is to fill the ID with random data. The callback used by default is built in to ssl_sess.c, but registering a callback in an SSL_CTX or in a particular SSL overrides this. BTW: SSL callbacks will override SSL_CTX callbacks, and a new SSL structure inherits any callback set in its 'parent' SSL_CTX. The header comments describe how this mechanism ticks, and source code comments describe (hopefully) why it ticks the way it does. Man pages are on the way ... [NB: Lutz was also hacking away and helping me to figure out how best to do this.]
-
- 20 2月, 2001 1 次提交
-
-
由 Richard Levitte 提交于
sure they are available in opensslconf.h, by giving them names starting with "OPENSSL_" to avoid conflicts with other packages and by making sure e_os2.h will cover all platform-specific cases together with opensslconf.h. I've checked fairly well that nothing breaks with this (apart from external software that will adapt if they have used something like NO_KRB5), but I can't guarantee it completely, so a review of this change would be a good thing.
-
- 10 2月, 2001 1 次提交
-
-
由 Lutz Jänicke 提交于
the clients choice; in SSLv2 the client uses the server's preferences.
-
- 08 2月, 2001 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Fix AES code. Update Rijndael source to v3.0 Add AES OIDs. Change most references of Rijndael to AES. Add new draft AES ciphersuites.
-
- 06 2月, 2001 1 次提交
-
-
由 Ben Laurie 提交于
-