Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								9698f5852c 
								
							 
						 
						
							
							
								
								Remove maintainer line.  
							
							
							
						 
						
							2015-01-23 10:59:00 +00:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								19f6b5dfaa 
								
							 
						 
						
							
							
								
								Remove redundant "all rights reserved"  
							
							
							
						 
						
							2015-01-23 10:54:00 +00:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								a34aa70b23 
								
							 
						 
						
							
							
								
								Update version_features  
							
							
							
						 
						
							2015-01-23 10:27:36 +00:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								a658a4051b 
								
							 
						 
						
							
							
								
								Update copyright  
							
							
							
						 
						
							2015-01-23 09:55:24 +00:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								b4fe3cb1fa 
								
							 
						 
						
							
							
								
								Rename to mbed TLS in the documentation/comments  
							
							
							
						 
						
							2015-01-22 16:11:05 +00:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								967a2a5f8c 
								
							 
						 
						
							
							
								
								Change name to mbed TLS in the copyright notice  
							
							
							
						 
						
							2015-01-22 14:28:16 +00:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								11c919208d 
								
							 
						 
						
							
							
								
								Fix error code description.  
							
							
							
						 
						
							2015-01-22 13:22:12 +00:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								59c6f2ef21 
								
							 
						 
						
							
							
								
								Avoid nested if's without braces.  
							
							... 
							
							
							
							Creates a potential for confusing code if we later want to add an else clause. 
							
						 
						
							2015-01-22 11:06:40 +00:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								5d9cde25da 
								
							 
						 
						
							
							
								
								Move renego SCSV after actual ciphersuites  
							
							
							
						 
						
							2015-01-22 10:49:41 +00:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								5b8f7eaa3e 
								
							 
						 
						
							
							
								
								Merge new security defaults for programs (RC4 disabled, SSL3 disabled)  
							
							
							
						 
						
							2015-01-14 16:26:54 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								36adc3631c 
								
							 
						 
						
							
							
								
								Merge support for getrandom() call  
							
							
							
						 
						
							2015-01-14 16:19:59 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								c82b7e2003 
								
							 
						 
						
							
							
								
								Merge option to disable truncated hmac on the server-side  
							
							
							
						 
						
							2015-01-14 16:16:55 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								e522d0fa57 
								
							 
						 
						
							
							
								
								Merge smarter certificate selection for pre-TLS-1.2 clients  
							
							
							
						 
						
							2015-01-14 16:12:48 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								a852cf4833 
								
							 
						 
						
							
							
								
								Fix issue with non-blocking I/O & record splitting  
							
							
							
						 
						
							2015-01-13 20:56:15 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								d5746b36f9 
								
							 
						 
						
							
							
								
								Fix warning  
							
							
							
						 
						
							2015-01-13 20:33:24 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								f3561154ff 
								
							 
						 
						
							
							
								
								Merge support for 1/n-1 record splitting  
							
							
							
						 
						
							2015-01-13 16:31:34 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								f6080b8557 
								
							 
						 
						
							
							
								
								Merge support for enabling / disabling renegotiation support at compile-time  
							
							
							
						 
						
							2015-01-13 16:18:23 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								d7e2483bfc 
								
							 
						 
						
							
							
								
								Merge miscellaneous fixes into development  
							
							
							
						 
						
							2015-01-13 16:04:38 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								5dd28ea432 
								
							 
						 
						
							
							
								
								Fix len miscalculation in buffer-based allocator  
							
							
							
						 
						
							2015-01-13 14:58:01 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								547ff6618f 
								
							 
						 
						
							
							
								
								Fix NULL dereference in buffer-based allocator  
							
							
							
						 
						
							2015-01-13 14:58:01 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								5ba1d52f96 
								
							 
						 
						
							
							
								
								Add memory_buffer_alloc_self_test()  
							
							
							
						 
						
							2015-01-13 14:58:00 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								5cb4b31057 
								
							 
						 
						
							
							
								
								Fix missing bound check  
							
							
							
						 
						
							2015-01-13 14:58:00 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								bd47a58221 
								
							 
						 
						
							
							
								
								Add ssl_set_arc4_support()  
							
							... 
							
							
							
							Rationale: if people want to disable RC4 but otherwise keep the default suite
list, it was cumbersome. Also, since it uses a global array,
ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like
the best place, even if it means temporarily adding one SSL setting. 
							
						 
						
							2015-01-13 13:03:06 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								352143fa1e 
								
							 
						 
						
							
							
								
								Refactor for clearer correctness/security  
							
							
							
						 
						
							2015-01-13 12:02:55 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								18292456c5 
								
							 
						 
						
							
							
								
								Add support for getrandom()  
							
							
							
						 
						
							2015-01-09 14:34:13 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								e117a8fc0d 
								
							 
						 
						
							
							
								
								Make truncated hmac a runtime option server-side  
							
							... 
							
							
							
							Reading the documentation of ssl_set_truncated_hmac() may give the impression
I changed the default for clients but I didn't, the old documentation was
wrong. 
							
						 
						
							2015-01-09 12:52:20 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								f01768c55e 
								
							 
						 
						
							
							
								
								Specific error for suites in common but none good  
							
							
							
						 
						
							2015-01-08 17:06:16 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								df331a55d2 
								
							 
						 
						
							
							
								
								Prefer SHA-1 certificates for pre-1.2 clients  
							
							
							
						 
						
							2015-01-08 16:43:07 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								6458e3b743 
								
							 
						 
						
							
							
								
								Some more refactoring/tuning.  
							
							
							
						 
						
							2015-01-08 14:16:56 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								846ba473af 
								
							 
						 
						
							
							
								
								Minor refactoring  
							
							
							
						 
						
							2015-01-08 13:54:38 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								cfa477ef2f 
								
							 
						 
						
							
							
								
								Allow disabling record splitting at runtime  
							
							
							
						 
						
							2015-01-07 14:56:54 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								d76314c44c 
								
							 
						 
						
							
							
								
								Add 1/n-1 record splitting  
							
							
							
						 
						
							2015-01-07 14:56:54 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								d94232389e 
								
							 
						 
						
							
							
								
								Skip signature_algorithms ext if PSK only  
							
							
							
						 
						
							2014-12-02 11:57:29 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								eaecbd3ba8 
								
							 
						 
						
							
							
								
								Fix warning in reduced configs  
							
							
							
						 
						
							2014-12-02 10:40:55 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								837f0fe831 
								
							 
						 
						
							
							
								
								Make renego period configurable  
							
							
							
						 
						
							2014-12-02 10:40:55 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								b445805283 
								
							 
						 
						
							
							
								
								Auto-renegotiate before sequence number wrapping  
							
							
							
						 
						
							2014-12-02 10:40:55 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								6186019d5d 
								
							 
						 
						
							
							
								
								Save 48 bytes if SSLv3 is not defined  
							
							
							
						 
						
							2014-12-02 10:40:54 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								615e677c0b 
								
							 
						 
						
							
							
								
								Make renegotiation a compile-time option  
							
							
							
						 
						
							2014-12-02 10:40:54 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								60346be2a3 
								
							 
						 
						
							
							
								
								Improve debugging message.  
							
							... 
							
							
							
							This actually prints only the payload, not the potential IV and/or MAC,
so (to me at least) it's much less confusing 
							
						 
						
							2014-11-27 17:44:46 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								e423246e7f 
								
							 
						 
						
							
							
								
								Fix net_usleep for durations greater than 1 second  
							
							
							
						 
						
							2014-11-27 17:44:46 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								9439f93ea4 
								
							 
						 
						
							
							
								
								Use pk_load_file() in X509  
							
							... 
							
							
							
							Saves a bit of ROM. X509 depends on PK anyway. 
							
						 
						
							2014-11-27 17:44:46 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								2457fa0915 
								
							 
						 
						
							
							
								
								Create ticket keys only if enabled  
							
							
							
						 
						
							2014-11-27 17:44:45 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								d16d1cb96a 
								
							 
						 
						
							
							
								
								Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c  
							
							
							
						 
						
							2014-11-27 17:44:45 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								fd6c85c3eb 
								
							 
						 
						
							
							
								
								Set a compile-time limit to X.509 chain length  
							
							
							
						 
						
							2014-11-20 16:37:41 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								6ed2d92629 
								
							 
						 
						
							
							
								
								Make x509_crl_parse() iterative  
							
							
							
						 
						
							2014-11-20 16:36:07 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								426d4ae7ff 
								
							 
						 
						
							
							
								
								Split x509_crl_parse_der() out of x509_crl_parse()  
							
							
							
						 
						
							2014-11-20 16:36:07 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								8c9223df84 
								
							 
						 
						
							
							
								
								Add text view to debug_print_buf()  
							
							
							
						 
						
							2014-11-19 13:21:38 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								8e4b3374d7 
								
							 
						 
						
							
							
								
								Fix some more warnings in reduced configs  
							
							
							
						 
						
							2014-11-17 15:06:13 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								98aa19148c 
								
							 
						 
						
							
							
								
								Adjust warnings in different modes  
							
							
							
						 
						
							2014-11-14 16:45:48 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								e5b0fc1847 
								
							 
						 
						
							
							
								
								Make malloc-init script a bit happier  
							
							
							
						 
						
							2014-11-13 12:42:12 +01:00