|  Paul Bakker | 0f90d7d2b5 | version_check_feature() added to check for compile-time options at run-time | 2014-04-30 11:49:44 +02:00 |  | 
				
					
						|  Paul Bakker | a70366317d | Improve interop by not writing ext_len in ClientHello / ServerHello when 0 The RFC also indicates that without any extensions, we should write a
struct {} (empty) not an array of length zero. | 2014-04-30 10:16:16 +02:00 |  | 
				
					
						|  Paul Bakker | c73079a78c | Add debug_set_threshold() and thresholding of messages | 2014-04-25 16:58:16 +02:00 |  | 
				
					
						|  Paul Bakker | 92478c37a6 | Debug module only outputs full lines instead of parts | 2014-04-25 16:58:15 +02:00 |  | 
				
					
						|  Paul Bakker | eaebbd5eaa | debug_set_log_mode() added to determine raw or full logging | 2014-04-25 16:58:14 +02:00 |  | 
				
					
						|  Paul Bakker | 61885c7f7f | Fix false reject in padding check in ssl_decrypt_buf() for CBC ciphersuites In case full SSL frames arrived, they were rejected because an overly
strict padding check. | 2014-04-25 12:59:51 +02:00 |  | 
				
					
						|  Paul Bakker | 4ffcd2f9c3 | Typo in PKCS#11 module | 2014-04-25 11:44:12 +02:00 |  | 
				
					
						|  Paul Bakker | 10a9dd35ea | Typo in POLARSSL_PLATFORM_STD_FPRINTF in platform.c | 2014-04-25 11:27:16 +02:00 |  | 
				
					
						|  Paul Bakker | 0767e67d17 | Add support for 'emailAddress' to x509_string_to_names() | 2014-04-18 14:11:37 +02:00 |  | 
				
					
						|  Paul Bakker | c70e425a73 | Only iterate over actual certificates in ssl_write_certificate_request() | 2014-04-18 13:50:19 +02:00 |  | 
				
					
						|  Paul Bakker | f4cf80b86f | Restructured pk_parse_key_pkcs8_encrypted_der() to prevent unreachable code | 2014-04-17 17:24:29 +02:00 |  | 
				
					
						|  Paul Bakker | 4f42c11846 | Remove arbitrary maximum length for cipher_list and content length | 2014-04-17 15:37:39 +02:00 |  | 
				
					
						|  Paul Bakker | d893aef867 | Force default value to curve parameter | 2014-04-17 14:45:34 +02:00 |  | 
				
					
						|  Paul Bakker | 93389cc620 | Remove const indicator | 2014-04-17 14:44:38 +02:00 |  | 
				
					
						|  Paul Bakker | 874bd64b28 | Check setsockopt() return value in net_bind() | 2014-04-17 12:43:05 +02:00 |  | 
				
					
						|  Paul Bakker | 3d8fb63e11 | Added missing MPI_CHK around mpi functions | 2014-04-17 12:42:41 +02:00 |  | 
				
					
						|  Paul Bakker | a9c16d2825 | Removed unused cur variable in x509_string_to_names() | 2014-04-17 12:42:18 +02:00 |  | 
				
					
						|  Paul Bakker | 0e4f9115dc | Fix iteration counter | 2014-04-17 12:39:05 +02:00 |  | 
				
					
						|  Paul Bakker | 784b04ff9a | Prepared for version 1.3.6 | 2014-04-11 15:33:59 +02:00 |  | 
				
					
						|  Manuel Pégourié-Gonnard | 9655e4597a | Reject certificates with times not in UTC | 2014-04-11 13:59:36 +02:00 |  | 
				
					
						|  Manuel Pégourié-Gonnard | 0776a43788 | Use UTC to heck certificate validity | 2014-04-11 13:59:31 +02:00 |  | 
				
					
						|  Paul Bakker | 52c5af7d2d | Merge support for verifying the extendedKeyUsage extension in X.509 | 2014-04-11 13:58:57 +02:00 |  | 
				
					
						|  Manuel Pégourié-Gonnard | 78848375c0 | Declare EC constants as 'const' | 2014-04-11 13:58:41 +02:00 |  | 
				
					
						|  Paul Bakker | 1630058dde | Potential buffer overwrite in pem_write_buffer() fixed Length indication when given a too small buffer was off.
Added regression test in test_suite_pem to detect this. | 2014-04-11 13:58:05 +02:00 |  | 
				
					
						|  Manuel Pégourié-Gonnard | 0408fd1fbb | Add extendedKeyUsage checking in SSL modules | 2014-04-11 11:09:09 +02:00 |  | 
				
					
						|  Manuel Pégourié-Gonnard | 7afb8a0dca | Add x509_crt_check_extended_key_usage() | 2014-04-11 11:09:00 +02:00 |  | 
				
					
						|  Paul Bakker | d6ad8e949b | Make ssl_check_cert_usage() dependent on POLARSSL_X509_CRT_PARSE_C | 2014-04-09 17:24:14 +02:00 |  | 
				
					
						|  Paul Bakker | a77de8c841 | Prevent warnings in ssl_check_cert_usage() if keyUsage checks are off | 2014-04-09 16:39:35 +02:00 |  | 
				
					
						|  Paul Bakker | 043a2e26d0 | Merge verification of the keyUsage extension in X.509 certificates | 2014-04-09 15:55:08 +02:00 |  | 
				
					
						|  Manuel Pégourié-Gonnard | a9db85df73 | Add tests for keyUsage with client auth | 2014-04-09 15:50:58 +02:00 |  | 
				
					
						|  Manuel Pégourié-Gonnard | 490047cc44 | Code cosmetics | 2014-04-09 15:50:58 +02:00 |  | 
				
					
						|  Manuel Pégourié-Gonnard | 312010e6e9 | Factor common parent checking code | 2014-04-09 15:50:58 +02:00 |  | 
				
					
						|  Manuel Pégourié-Gonnard | f93a3c4335 | Check the CA bit on trusted CAs too | 2014-04-09 15:50:58 +02:00 |  | 
				
					
						|  Manuel Pégourié-Gonnard | 99d4f19111 | Add keyUsage checking for CAs | 2014-04-09 15:50:58 +02:00 |  | 
				
					
						|  Manuel Pégourié-Gonnard | 3fed0b3264 | Factor some common code in x509_verify{,_child} | 2014-04-09 15:50:57 +02:00 |  | 
				
					
						|  Manuel Pégourié-Gonnard | 7f2a07d7b2 | Check keyUsage in SSL client and server | 2014-04-09 15:50:57 +02:00 |  | 
				
					
						|  Manuel Pégourié-Gonnard | 603116c570 | Add x509_crt_check_key_usage() | 2014-04-09 15:50:57 +02:00 |  | 
				
					
						|  Manuel Pégourié-Gonnard | 2abed84225 | Specific return code for PK sig length mismatch | 2014-04-09 15:50:00 +02:00 |  | 
				
					
						|  Manuel Pégourié-Gonnard | 35e95ddca4 | Add special return code for ecdsa length mismatch | 2014-04-09 15:49:59 +02:00 |  | 
				
					
						|  Paul Bakker | ddd427a8fc | Fixed spacing in entropy_gather() | 2014-04-09 15:49:57 +02:00 |  | 
				
					
						|  Paul Bakker | 75342a65e4 | Fixed typos in code | 2014-04-09 15:49:57 +02:00 |  | 
				
					
						|  Manuel Pégourié-Gonnard | 0f79babd4b | Disable timing_selftest() for now | 2014-04-09 15:49:51 +02:00 |  | 
				
					
						|  Paul Bakker | 17b85cbd69 | Merged additional tests and improved code coverage Conflicts:
	ChangeLog | 2014-04-08 14:38:48 +02:00 |  | 
				
					
						|  Paul Bakker | 0763a401a7 | Merged support for the ALPN extension | 2014-04-08 14:37:12 +02:00 |  | 
				
					
						|  Paul Bakker | 4224bc0a4f | Prevent potential NULL pointer dereference in ssl_read_record() | 2014-04-08 14:36:50 +02:00 |  | 
				
					
						|  Manuel Pégourié-Gonnard | 8c045ef8e4 | Fix embarrassing X.509 bug introduced in 9533765 | 2014-04-08 11:55:03 +02:00 |  | 
				
					
						|  Manuel Pégourié-Gonnard | f6521de17b | Add ALPN tests to ssl-opt.sh Only self-op for now, required peer versions are a bit high:
- OpenSSL 1.0.2-beta
- GnuTLS 3.2.0 (released 2013-05-10) (gnutls-cli only) | 2014-04-07 12:42:04 +02:00 |  | 
				
					
						|  Manuel Pégourié-Gonnard | 89e35798ae | Implement ALPN server-side | 2014-04-07 12:26:35 +02:00 |  | 
				
					
						|  Manuel Pégourié-Gonnard | 0b874dc580 | Implement ALPN client-side | 2014-04-07 10:57:45 +02:00 |  | 
				
					
						|  Manuel Pégourié-Gonnard | 0148875cfc | Add tests and fix bugs for RSA-alt contexts | 2014-04-04 17:46:46 +02:00 |  |