Manuel Pégourié-Gonnard
|
b445805283
|
Auto-renegotiate before sequence number wrapping
|
2014-12-02 10:40:55 +01:00 |
|
Manuel Pégourié-Gonnard
|
fa4238838a
|
Update Changelog for compile-option renegotiation
|
2014-12-02 10:40:54 +01:00 |
|
Manuel Pégourié-Gonnard
|
037170465a
|
Switch from an enable to a disable flag
|
2014-12-02 10:40:54 +01:00 |
|
Manuel Pégourié-Gonnard
|
6186019d5d
|
Save 48 bytes if SSLv3 is not defined
|
2014-12-02 10:40:54 +01:00 |
|
Manuel Pégourié-Gonnard
|
615e677c0b
|
Make renegotiation a compile-time option
|
2014-12-02 10:40:54 +01:00 |
|
Manuel Pégourié-Gonnard
|
85d915b81d
|
Add tests for renego security enforcement
|
2014-12-02 10:40:54 +01:00 |
|
Manuel Pégourié-Gonnard
|
d3b90f797d
|
Fix bug in ssl_client2 reconnect option
|
2014-11-27 17:44:46 +01:00 |
|
Manuel Pégourié-Gonnard
|
f29e5de09d
|
Cosmetics in ssl_server2
|
2014-11-27 17:44:46 +01:00 |
|
Manuel Pégourié-Gonnard
|
60346be2a3
|
Improve debugging message.
This actually prints only the payload, not the potential IV and/or MAC,
so (to me at least) it's much less confusing
|
2014-11-27 17:44:46 +01:00 |
|
Manuel Pégourié-Gonnard
|
e423246e7f
|
Fix net_usleep for durations greater than 1 second
|
2014-11-27 17:44:46 +01:00 |
|
Manuel Pégourié-Gonnard
|
9439f93ea4
|
Use pk_load_file() in X509
Saves a bit of ROM. X509 depends on PK anyway.
|
2014-11-27 17:44:46 +01:00 |
|
Manuel Pégourié-Gonnard
|
2457fa0915
|
Create ticket keys only if enabled
|
2014-11-27 17:44:45 +01:00 |
|
Manuel Pégourié-Gonnard
|
cb7da352fd
|
Fix typo in #ifdef
Since length is checked afterwards anyway, no security risk here
|
2014-11-27 17:44:45 +01:00 |
|
Manuel Pégourié-Gonnard
|
150c4f62f1
|
Clarify documentation a bit
|
2014-11-27 17:44:45 +01:00 |
|
Manuel Pégourié-Gonnard
|
3e9449350c
|
Fix comment on resumption
|
2014-11-27 17:44:45 +01:00 |
|
Manuel Pégourié-Gonnard
|
6b298e6cc1
|
Update comment from draft to RFC
|
2014-11-27 17:44:45 +01:00 |
|
Manuel Pégourié-Gonnard
|
d16d1cb96a
|
Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c
|
2014-11-27 17:44:45 +01:00 |
|
Manuel Pégourié-Gonnard
|
ea29d152c7
|
Add recursion.pl to all.sh
|
2014-11-20 17:32:33 +01:00 |
|
Manuel Pégourié-Gonnard
|
10c44d767d
|
Allow x509_crt_verify_child() in recursion.pl
|
2014-11-20 17:30:37 +01:00 |
|
Manuel Pégourié-Gonnard
|
fd6c85c3eb
|
Set a compile-time limit to X.509 chain length
|
2014-11-20 16:37:41 +01:00 |
|
Manuel Pégourié-Gonnard
|
89d69b398c
|
Fix 3DES -> DES in all.sh (+ time estimates)
|
2014-11-20 16:36:08 +01:00 |
|
Manuel Pégourié-Gonnard
|
246978d97d
|
Add curves.pl to all.sh
|
2014-11-20 16:36:08 +01:00 |
|
Manuel Pégourié-Gonnard
|
9bda9b3b92
|
Rework all.sh to use MSan instead of valgrind
|
2014-11-20 16:36:08 +01:00 |
|
Manuel Pégourié-Gonnard
|
cf4de32f58
|
Fix depends on individual curves in tests
|
2014-11-20 16:36:08 +01:00 |
|
Manuel Pégourié-Gonnard
|
2727dc1e09
|
Add script to test depends on individual curves
|
2014-11-20 16:36:08 +01:00 |
|
Manuel Pégourié-Gonnard
|
5c2aa10c15
|
Fix curve dependency issues in X.509 test suite
|
2014-11-20 16:36:07 +01:00 |
|
Manuel Pégourié-Gonnard
|
6ed2d92629
|
Make x509_crl_parse() iterative
|
2014-11-20 16:36:07 +01:00 |
|
Manuel Pégourié-Gonnard
|
426d4ae7ff
|
Split x509_crl_parse_der() out of x509_crl_parse()
|
2014-11-20 16:36:07 +01:00 |
|
Manuel Pégourié-Gonnard
|
57a5d60abb
|
Add tests for concatenated CRLs
|
2014-11-19 16:08:34 +01:00 |
|
Manuel Pégourié-Gonnard
|
4be3449dbc
|
Add Readme about X.509 test files
|
2014-11-19 14:03:59 +01:00 |
|
Manuel Pégourié-Gonnard
|
8c9223df84
|
Add text view to debug_print_buf()
|
2014-11-19 13:21:38 +01:00 |
|
Manuel Pégourié-Gonnard
|
8e4b3374d7
|
Fix some more warnings in reduced configs
|
2014-11-17 15:06:13 +01:00 |
|
Manuel Pégourié-Gonnard
|
be6ce835a2
|
Fix typo causing MSVC errors
|
2014-11-17 14:29:36 +01:00 |
|
Manuel Pégourié-Gonnard
|
3a3066c3ee
|
ssl_server2 now exits on signal during a read too
|
2014-11-17 12:50:34 +01:00 |
|
Manuel Pégourié-Gonnard
|
403a86f73d
|
ssl_server2: exit cleanly on SIGINT too
|
2014-11-17 12:46:49 +01:00 |
|
Manuel Pégourié-Gonnard
|
98aa19148c
|
Adjust warnings in different modes
|
2014-11-14 16:45:48 +01:00 |
|
Manuel Pégourié-Gonnard
|
e80083cafa
|
Add precision about cmake cache
|
2014-11-14 14:18:24 +01:00 |
|
Manuel Pégourié-Gonnard
|
052ae25e56
|
Avoid advertising private option
|
2014-11-14 13:09:41 +01:00 |
|
Manuel Pégourié-Gonnard
|
6cf11642a4
|
Update README to mention config.pl
|
2014-11-14 12:29:59 +01:00 |
|
Manuel Pégourié-Gonnard
|
ca89d89a10
|
Document build modes better
|
2014-11-13 13:56:05 +01:00 |
|
Manuel Pégourié-Gonnard
|
705b70f122
|
Add new build modes for sanitizers
|
2014-11-13 13:35:50 +01:00 |
|
Manuel Pégourié-Gonnard
|
fd60a5c621
|
Add script finding recursive functions
|
2014-11-13 12:42:12 +01:00 |
|
Manuel Pégourié-Gonnard
|
e5b0fc1847
|
Make malloc-init script a bit happier
|
2014-11-13 12:42:12 +01:00 |
|
Manuel Pégourié-Gonnard
|
5924f9f810
|
Add script to find malloc() not followed by init
|
2014-11-13 12:42:12 +01:00 |
|
Manuel Pégourié-Gonnard
|
f631bbc1da
|
Make x509_string_cmp() iterative
|
2014-11-13 12:42:06 +01:00 |
|
Manuel Pégourié-Gonnard
|
8a5e3d4a40
|
Forbid repeated X.509 extensions
|
2014-11-12 18:13:58 +01:00 |
|
Manuel Pégourié-Gonnard
|
d681443f69
|
Fix potential stack overflow
|
2014-11-12 01:25:31 +01:00 |
|
Manuel Pégourié-Gonnard
|
b134060f90
|
Fix memory leak with crafted X.509 certs
|
2014-11-12 00:01:52 +01:00 |
|
Manuel Pégourié-Gonnard
|
0369a5291b
|
Fix uninitialised pointer dereference
|
2014-11-12 00:01:52 +01:00 |
|
Manuel Pégourié-Gonnard
|
e9271e6835
|
Add a MemSan Cmake build type
Detects uninitialised memory reads. Available only with Clang on Linux x86_64
for now. Experimental but seems usable enough.
|
2014-11-12 00:01:52 +01:00 |
|