Rich Evans 
							
						 
						
							
							
							
							
								
							
							
								00ab47026b 
								
							 
						 
						
							
							
								
								cleanup library and some basic tests. Includes, add guards to includes  
							
							
							
						 
						
							2015-02-10 11:28:46 +00:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								860b51642d 
								
							 
						 
						
							
							
								
								Fix url again  
							
							
							
						 
						
							2015-01-28 17:12:07 +00:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								085ab040aa 
								
							 
						 
						
							
							
								
								Fix website url to use https.  
							
							
							
						 
						
							2015-01-23 11:06:27 +00:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								9698f5852c 
								
							 
						 
						
							
							
								
								Remove maintainer line.  
							
							
							
						 
						
							2015-01-23 10:59:00 +00:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								19f6b5dfaa 
								
							 
						 
						
							
							
								
								Remove redundant "all rights reserved"  
							
							
							
						 
						
							2015-01-23 10:54:00 +00:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								a658a4051b 
								
							 
						 
						
							
							
								
								Update copyright  
							
							
							
						 
						
							2015-01-23 09:55:24 +00:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								967a2a5f8c 
								
							 
						 
						
							
							
								
								Change name to mbed TLS in the copyright notice  
							
							
							
						 
						
							2015-01-22 14:28:16 +00:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								59c6f2ef21 
								
							 
						 
						
							
							
								
								Avoid nested if's without braces.  
							
							... 
							
							
							
							Creates a potential for confusing code if we later want to add an else clause. 
							
						 
						
							2015-01-22 11:06:40 +00:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								5d9cde25da 
								
							 
						 
						
							
							
								
								Move renego SCSV after actual ciphersuites  
							
							
							
						 
						
							2015-01-22 10:49:41 +00:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								5b8f7eaa3e 
								
							 
						 
						
							
							
								
								Merge new security defaults for programs (RC4 disabled, SSL3 disabled)  
							
							
							
						 
						
							2015-01-14 16:26:54 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								f6080b8557 
								
							 
						 
						
							
							
								
								Merge support for enabling / disabling renegotiation support at compile-time  
							
							
							
						 
						
							2015-01-13 16:18:23 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								d7e2483bfc 
								
							 
						 
						
							
							
								
								Merge miscellaneous fixes into development  
							
							
							
						 
						
							2015-01-13 16:04:38 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								bd47a58221 
								
							 
						 
						
							
							
								
								Add ssl_set_arc4_support()  
							
							... 
							
							
							
							Rationale: if people want to disable RC4 but otherwise keep the default suite
list, it was cumbersome. Also, since it uses a global array,
ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like
the best place, even if it means temporarily adding one SSL setting. 
							
						 
						
							2015-01-13 13:03:06 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								d94232389e 
								
							 
						 
						
							
							
								
								Skip signature_algorithms ext if PSK only  
							
							
							
						 
						
							2014-12-02 11:57:29 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								eaecbd3ba8 
								
							 
						 
						
							
							
								
								Fix warning in reduced configs  
							
							
							
						 
						
							2014-12-02 10:40:55 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								615e677c0b 
								
							 
						 
						
							
							
								
								Make renegotiation a compile-time option  
							
							
							
						 
						
							2014-12-02 10:40:54 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								699cafaea2 
								
							 
						 
						
							
							
								
								Implement initial negotiation of EtM  
							
							... 
							
							
							
							Not implemented yet:
- actually using EtM
- conditions on renegotiation 
							
						 
						
							2014-11-05 16:00:50 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								b575b54cb9 
								
							 
						 
						
							
							
								
								Forbid extended master secret with SSLv3  
							
							
							
						 
						
							2014-11-05 16:00:50 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								ada3030485 
								
							 
						 
						
							
							
								
								Implement extended master secret  
							
							
							
						 
						
							2014-11-05 16:00:49 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								367381fddd 
								
							 
						 
						
							
							
								
								Add negotiation of Extended Master Secret  
							
							... 
							
							
							
							(But not the actual thing yet.) 
							
						 
						
							2014-11-05 16:00:49 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								1cbd39dbeb 
								
							 
						 
						
							
							
								
								Implement FALLBACK_SCSV client-side  
							
							
							
						 
						
							2014-11-05 16:00:49 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								f7cdbc0e87 
								
							 
						 
						
							
							
								
								Fix potential bad read of length  
							
							
							
						 
						
							2014-10-17 17:02:10 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								44ade654c5 
								
							 
						 
						
							
							
								
								Implement (partial) renego delay on client  
							
							
							
						 
						
							2014-08-19 13:58:40 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								6591962f06 
								
							 
						 
						
							
							
								
								Allow delay on renego on client  
							
							... 
							
							
							
							Currently unbounded: will be fixed later 
							
						 
						
							2014-08-19 12:50:30 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								84bbeb58df 
								
							 
						 
						
							
							
								
								Adapt cipher and MD layer with _init() and _free()  
							
							
							
						 
						
							2014-07-09 10:19:24 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								5b4af39a36 
								
							 
						 
						
							
							
								
								Add _init() and _free() for hash modules  
							
							
							
						 
						
							2014-07-09 10:19:23 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								2a45d1c8bb 
								
							 
						 
						
							
							
								
								Merge changes to config examples and configuration issues  
							
							
							
						 
						
							2014-06-25 11:27:00 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								dd0c0f33c0 
								
							 
						 
						
							
							
								
								Better usage of dhm_calc_secret in SSL  
							
							
							
						 
						
							2014-06-25 11:26:14 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								5c1f032653 
								
							 
						 
						
							
							
								
								Abort handshake if no point format in common  
							
							
							
						 
						
							2014-06-25 11:26:14 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								fd35af1579 
								
							 
						 
						
							
							
								
								Fix off-by-one error in point format parsing  
							
							
							
						 
						
							2014-06-25 11:26:14 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								5bfd968e01 
								
							 
						 
						
							
							
								
								Fix warning with TLS 1.2 without RSA or ECDSA  
							
							
							
						 
						
							2014-06-24 15:18:11 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								66d5d076f7 
								
							 
						 
						
							
							
								
								Fix formatting in various code to match spacing from coding style  
							
							
							
						 
						
							2014-06-17 17:06:47 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								3461772559 
								
							 
						 
						
							
							
								
								Introduce polarssl_zeroize() instead of memset() for zeroization  
							
							
							
						 
						
							2014-06-14 16:46:03 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								61edffef28 
								
							 
						 
						
							
							
								
								Normalize "should never happen" messages/errors  
							
							
							
						 
						
							2014-05-22 13:52:47 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								b9e4e2c97a 
								
							 
						 
						
							
							
								
								Fix formatting: fix some 'easy' > 80 length lines  
							
							
							
						 
						
							2014-05-01 14:18:25 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								9af723cee7 
								
							 
						 
						
							
							
								
								Fix formatting: remove trailing spaces, #endif with comments (> 10 lines)  
							
							
							
						 
						
							2014-05-01 13:03:14 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								cef4ad2509 
								
							 
						 
						
							
							
								
								Adapt sources to configurable config.h name  
							
							
							
						 
						
							2014-04-30 16:40:20 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								a70366317d 
								
							 
						 
						
							
							
								
								Improve interop by not writing ext_len in ClientHello / ServerHello when 0  
							
							... 
							
							
							
							The RFC also indicates that without any extensions, we should write a
struct {} (empty) not an array of length zero. 
							
						 
						
							2014-04-30 10:16:16 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								f6521de17b 
								
							 
						 
						
							
							
								
								Add ALPN tests to ssl-opt.sh  
							
							... 
							
							
							
							Only self-op for now, required peer versions are a bit high:
- OpenSSL 1.0.2-beta
- GnuTLS 3.2.0 (released 2013-05-10) (gnutls-cli only) 
							
						 
						
							2014-04-07 12:42:04 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								0b874dc580 
								
							 
						 
						
							
							
								
								Implement ALPN client-side  
							
							
							
						 
						
							2014-04-07 10:57:45 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								3c599f11b0 
								
							 
						 
						
							
							
								
								Avoid possible segfault on bad server ciphersuite  
							
							
							
						 
						
							2014-03-13 19:25:06 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								6a28e722c9 
								
							 
						 
						
							
							
								
								Merged platform compatibility layer  
							
							
							
						 
						
							2014-02-06 13:44:19 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								0910f32ee3 
								
							 
						 
						
							
							
								
								Fixed compile warning (in test-ref-configs)  
							
							
							
						 
						
							2014-02-06 13:41:18 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								7dc4c44267 
								
							 
						 
						
							
							
								
								Library files moved to use platform layer  
							
							
							
						 
						
							2014-02-06 13:20:16 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								c3f6b62ccc 
								
							 
						 
						
							
							
								
								Print curve name instead of size in debugging  
							
							... 
							
							
							
							Also refactor server-side curve selection 
							
						 
						
							2014-02-06 10:28:38 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								ab24010b54 
								
							 
						 
						
							
							
								
								Enforce our choice of allowed curves.  
							
							
							
						 
						
							2014-02-06 10:28:38 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								cd49f76898 
								
							 
						 
						
							
							
								
								Make ssl_set_curves() work client-side too.  
							
							
							
						 
						
							2014-02-06 10:28:38 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								8e205fc0bc 
								
							 
						 
						
							
							
								
								Fix potential buffer overflow in suported_curves_ext  
							
							
							
						 
						
							2014-01-23 17:27:10 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								d18cc57962 
								
							 
						 
						
							
							
								
								Add client-side support for ECDH key exchanges  
							
							
							
						 
						
							2013-12-17 11:32:31 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								da1ff38715 
								
							 
						 
						
							
							
								
								Don't accept CertificateRequest with PSK suites  
							
							
							
						 
						
							2013-11-26 15:19:57 +01:00