Commit graph

243 commits

Author SHA1 Message Date
Paul Bakker 1f9d02dc90 Added more notes / comments on own_cert, trust_ca purposes 2012-11-20 10:30:55 +01:00
Paul Bakker 75242c30fb Added checking of CA peer cert to ssl_client1 as sane default 2012-11-17 00:03:46 +01:00
Paul Bakker 645ce3a2b4 - Moved ciphersuite naming scheme to IANA reserved names 2012-10-31 12:32:41 +00:00
Paul Bakker b0550d90c9 - Added ssl_get_peer_cert() to SSL API 2012-10-30 07:51:03 +00:00
Paul Bakker 1d29fb5e33 - Added option to add minimum accepted SSL/TLS protocol version 2012-09-28 13:28:45 +00:00
Paul Bakker 5d19f86fdd - Added comment 2012-09-28 07:33:00 +00:00
Paul Bakker cbbd9998da - SSL/TLS now has default group 2012-09-28 07:32:06 +00:00
Paul Bakker 915275ba78 - Revamped x509_verify() and the SSL f_vrfy callback implementations 2012-09-28 07:10:55 +00:00
Paul Bakker 819370c7b7 - Removed lowercasing of parameters 2012-09-28 07:04:41 +00:00
Paul Bakker d43241060b - Removed clutter from my_dhm values 2012-09-26 08:29:38 +00:00
Paul Bakker 0a59707523 - Added simple SSL session cache implementation
- Revamped session resumption handling
2012-09-25 21:55:46 +00:00
Paul Bakker 29b64761fd - Added predefined DHM groups from RFC 5114 2012-09-25 09:36:44 +00:00
Paul Bakker b60b95fd7f - Added first version of ssl_server2 example application 2012-09-25 09:05:17 +00:00
Paul Bakker d0f6fa7bdc - Sending of handshake_failures during renegotiation added
- Handle two legacy modes differently: SSL_LEGACY_BREAK_HANDSHAKE and SSL_LEGACY_NO_RENEGOTIATION
2012-09-17 09:18:12 +00:00
Paul Bakker 48916f9b67 - Added Secure Renegotiation (RFC 5746) 2012-09-16 19:57:18 +00:00
Paul Bakker 835b29e7c3 - Should not be debug_level 5 in repo (reset to 0) 2012-08-23 08:31:59 +00:00
Paul Bakker 92eeea4627 - Modified CMakeLists to support zlib 2012-07-03 15:10:33 +00:00
Paul Bakker 2770fbd651 - Added DEFLATE compression support as per RFC3749 (requires zlib) 2012-07-03 13:30:23 +00:00
Paul Bakker 8d914583f3 - Added X509 CA Path support 2012-06-04 12:46:42 +00:00
Paul Bakker 4248823f43 - Updated to handle x509parse_crtfile() positive return values 2012-05-16 08:21:05 +00:00
Paul Bakker 4d2c1243b1 - Changed certificate verify behaviour to comply with RFC 6125 section 6.3 to not match CN if subjectAltName extension is present. 2012-05-10 14:12:46 +00:00
Paul Bakker ca4ab49158 - Added GCM ciphersuites to TLS implementation 2012-04-18 14:23:57 +00:00
Paul Bakker 0b22e3e989 - Print return codes properly 2012-04-18 14:23:29 +00:00
Paul Bakker 6f3578cfc8 - Report proper error number 2012-04-16 06:46:01 +00:00
Paul Bakker 10cd225962 - Added support for the SHA256 ciphersuites of AES and Camellia 2012-04-12 21:26:34 +00:00
Paul Bakker 570267f01a - print error string in useful format 2012-04-10 08:22:46 +00:00
Paul Bakker 92101f2d02 - Keep requests for future use 2012-02-16 14:09:31 +00:00
Paul Bakker 57b12982b3 - Multi-domain certificates support wildcards as well 2012-02-11 17:38:38 +00:00
Paul Bakker a8cd239d6b - Added support for wildcard certificates
- Added support for multi-domain certificates through the X509 Subject Alternative Name extension
2012-02-11 16:09:32 +00:00
Paul Bakker fab5c829e7 - Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default! 2012-02-06 16:45:10 +00:00
Paul Bakker 13eb9f01cf - Added error exit code 2012-02-06 15:35:10 +00:00
Paul Bakker b1dee1cfd2 - Changed commands to lowercase where it was not the case 2011-12-11 11:29:51 +00:00
Paul Bakker 69e095cc15 - Changed the behaviour of x509parse_parse_crt for permissive parsing. Now returns the number of 'failed certificates' instead of having a switch to enable it.
- As a consequence all error code that were positive were changed. A lot of MALLOC_FAILED and FILE_IO_ERROR error codes added for different modules.
 - Programs and tests were adapted accordingly
2011-12-10 21:55:01 +00:00
Paul Bakker 508ad5ab6d - Moved all examples programs to use the new entropy and CTR_DRBG 2011-12-04 17:09:26 +00:00
Paul Bakker 4dc6457274 - Added public key of server1.key 2011-12-04 17:09:08 +00:00
Paul Bakker 6c0ceb3f9a - Added permissive certificate parsing to x509parse_crt() and x509parse_crtfile(). With permissive parsing the parsing does not stop on encountering a parse-error 2011-12-04 12:24:18 +00:00
Paul Bakker a3d195c41f - Changed the used random function pointer to more flexible format. Renamed havege_rand() to havege_random() to prevent mistakes. Lots of changes as a consequence in library code and programs 2011-11-27 21:07:34 +00:00
Paul Bakker cce9d77745 - Lots of minimal changes to better support WINCE as a build target 2011-11-18 14:26:47 +00:00
Paul Bakker 61da752077 - Changed read from server loop to read more than a single read. 2011-11-11 10:28:58 +00:00
Paul Bakker 436e4c59c3 - Removed redundant "ok" printing 2011-11-11 10:28:24 +00:00
Paul Bakker b892b1326c - Prevented compiler warning 2011-10-12 09:19:43 +00:00
Paul Bakker 5a8352294b - Added Windows dependent header code 2011-10-12 09:19:31 +00:00
Paul Bakker 7eb013face - Added ssl_session_reset() to allow re-use of already set non-connection specific context information 2011-10-06 12:37:39 +00:00
Paul Bakker b81b3abb45 - Added safeguard not to build in WIN32 environment. 2011-08-25 09:47:36 +00:00
Paul Bakker 5690efccc4 - Fixed a whole bunch of dependencies on defines between files, examples and tests 2011-05-26 13:16:06 +00:00
Paul Bakker e22d7030c6 - Fixed warnings with cast 2011-05-23 16:02:34 +00:00
Paul Bakker 1496d38028 - Added the ssl_mail_client example application 2011-05-23 12:07:29 +00:00
Paul Bakker cb79ae0b9b - Fixed description in header 2011-05-20 12:44:16 +00:00
Paul Bakker 896ac22071 - Added ssl_fork_server example program 2011-05-20 12:33:05 +00:00
Paul Bakker f357131a7b - Gather data until server gives EOF 2011-05-20 12:32:35 +00:00
Paul Bakker 831a755d9e - Changed behaviour of net_recv(), ssl_fetch_input() and ssl_read(). net_recv() now returns 0 on EOF instead of POLARSSL_ERR_NET_CONN_RESET. ssl_fetch_input() returns POLARSSL_ERR_SSL_CONN_EOF on an EOF from its f_recv() function. ssl_read() returns 0 if a POLARSSL_ERR_SSL_CONN_EOF is received after the handshake.
- Network functions now return POLARSSL_ERR_NET_WANT_READ or POLARSSL_ERR_NET_WANT_WRITE instead of the ambiguous POLARSSL_ERR_NET_TRY_AGAIN
2011-05-18 13:32:51 +00:00
Paul Bakker 91b4159834 - Added missing rsa_init() statement 2011-05-05 12:01:31 +00:00
Paul Bakker 23986e5d5d - Major type rewrite of int to size_t for most variables and arguments used for buffer lengths and loops 2011-04-24 08:57:21 +00:00
Paul Bakker 5193688682 - Added force_ciphersuite option to ssl_client2 application 2011-02-20 16:05:58 +00:00
Paul Bakker 400ff6f0fd - Corrected parsing of UTCTime dates before 1990 and after 1950
- Support more exotic OID's when parsing certificates
 - Support more exotic name representations when parsing certificates
 - Replaced the expired test certificates
2011-02-20 10:40:16 +00:00
Paul Bakker 1a207ec8af - Set sane start values for structures that are closed or freed. 2011-02-06 13:22:40 +00:00
Paul Bakker e3166ce040 - Renamed ciphers member of ssl_context and cipher member of ssl_session to ciphersuites and ciphersuite respectively. This clarifies the difference with the generic cipher layer and is better naming altogether
- Adapted in the rest of using code as well
2011-01-27 17:40:50 +00:00
Paul Bakker b06819bb5d - Adapted CMake files for the PKCS#11 support 2011-01-18 16:18:38 +00:00
Paul Bakker 547f73d66f - Added install targets to the CMake files 2011-01-05 15:07:54 +00:00
Paul Bakker eaca51d739 - Minor text/debug fixes for release 2010-08-16 12:00:14 +00:00
Paul Bakker b96f154e51 - Fixed copyright message 2010-07-18 20:36:00 +00:00
Paul Bakker 84f12b76fc - Updated Copyright to correct entity 2010-07-18 10:13:04 +00:00
Paul Bakker 6796839695 2010-07-18 08:28:20 +00:00
Paul Bakker 77a43580da - Added support for the SSL_EDH_RSA_AES_128_SHA and SSL_EDH_RSA_CAMELLIA_128_SHA ciphersuites 2010-06-15 21:32:46 +00:00
Paul Bakker fc8c4360b8 - Updated copyright line to 2010 2010-03-21 17:37:16 +00:00
Paul Bakker 1f3c39c194 - Removed copyright line for Christophe Devine for clarity 2010-03-21 17:30:05 +00:00
Paul Bakker 43f7ff6906 - Removed debug print 2010-03-18 20:10:27 +00:00
Paul Bakker f80d4539d1 - Small fix to initialize value 2010-03-16 21:16:04 +00:00
Paul Bakker ff60ee6c2a - Added const-correctness to main codebase 2010-03-16 21:09:09 +00:00
Paul Bakker 9caf2d2d38 - Added option parsing for ssl_client2 to select host and port 2010-02-18 19:37:19 +00:00
Paul Bakker 757e2507fd - Fixed port number to ssl_server's 2010-02-18 19:29:00 +00:00
Paul Bakker 361e6382db - Test SSL information 2010-02-18 16:55:49 +00:00
Paul Bakker 77b385e91a - Updated copyright messages on all relevant files 2009-07-28 17:23:11 +00:00
Paul Bakker 5d4a193e77 - Also generate CRL's with all the digests 2009-07-19 20:31:02 +00:00
Paul Bakker 9cdc87c1ad - Longer valid CRL 2009-07-12 11:04:30 +00:00
Paul Bakker e23166f7e8 - Added generation of all digest certificates from a single key 2009-07-12 11:00:06 +00:00
Paul Bakker 367dae44b2 - Added CMake makefiles as alternative to regular Makefiles.
- Added preliminary Code Coverage tests for AES, ARC4, Base64, MPI, SHA-family, MD-family and  HMAC-SHA-family.
2009-06-28 21:50:27 +00:00
Paul Bakker 40ea7de46d - Added CRL revocation support to x509parse_verify()
- Fixed an off-by-one allocation in ssl_set_hostname()
 - Added CRL support to SSL/TLS code
2009-05-03 10:18:48 +00:00
Paul Bakker d98030e7d6 - Added prelimenary CRL parsing and info support 2009-05-02 15:13:40 +00:00
Paul Bakker 0e6975b7ed - Fixed use of correct ca certificate (test_ca_cert) instead of xyssl_ca_cert 2009-02-10 22:19:10 +00:00
Paul Bakker c03d9258f6 - Fixed server2 certificate to CN=localhost 2009-02-10 22:17:58 +00:00
Paul Bakker 92f880bf47 - Second server should be called localhost 2009-02-10 22:17:38 +00:00
Paul Bakker 4593aeadaf - Added support for RFC4055 SHA2 and SHA4 signature algorithms for
use with PKCS#1 v1.5 signing and verification.
 - Added extra certificates to test-ca and test code to further test
   functionality of SHA2 and SHA4 signing and verification.
 - Updated other program files accordingly
2009-02-09 22:32:35 +00:00
Paul Bakker b29e23c586 - Enhanced generation CA script and config to further automate different actions 2009-02-09 21:06:41 +00:00
Paul Bakker 785a9eeece - Added email address to header license information 2009-01-25 14:15:10 +00:00
Paul Bakker 3375b21081 - Fixed last mistake 2009-01-15 20:46:08 +00:00
Paul Bakker 222aa4bd61 - New PolarSSL test CA, servers and clients 2009-01-14 22:44:12 +00:00
Paul Bakker b159ed234a - Added test-ca generation script 2009-01-14 22:39:57 +00:00
Paul Bakker b5ef0bada4 - Added SSL_RSA_CAMELLIA_128_SHA, SSL_RSA_CAMELLIA_256_SHA, SSL_EDH_RSA_CAMELLIA_256_SHA ciphersuites to SSL 2009-01-11 20:25:36 +00:00
Paul Bakker e0ccd0a7c3 - Updated Copyright notices 2009-01-04 16:27:10 +00:00
Paul Bakker b749d68f9c - Updates to PolarSSL
- Added ignores
2009-01-04 16:08:55 +00:00
Paul Bakker 40e46940df - First replacement of xyssl by polarssl where needed 2009-01-03 21:51:57 +00:00
Paul Bakker 5121ce5bdb - Renamed include directory to polarssl 2009-01-03 21:22:43 +00:00