Hanno Becker 
							
						 
						
							
							
							
							
								
							
							
								1a662eb928 
								
							 
						 
						
							
							
								
								Allow requests of size larger than 16384 in ssl_client2  
							
							
							
						 
						
							2017-10-19 15:44:37 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Hanno Becker 
							
						 
						
							
							
							
							
								
							
							
								46a1629c5f 
								
							 
						 
						
							
							
								
								Remove %zu format string from ssl_client2 and ssl_server2  
							
							
							
						 
						
							2017-06-09 16:14:49 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Hanno Becker 
							
						 
						
							
							
							
							
								
							
							
								61c0c70418 
								
							 
						 
						
							
							
								
								Add tests for missing CA chains and bad curves.  
							
							... 
							
							
							
							This commit adds four tests to tests/ssl-opt.sh:
(1) & (2): Check behaviour of optional/required verification when the
trusted CA chain is empty.
(3) & (4): Check behaviour of optional/required verification when the
client receives a server certificate with an unsupported curve. 
							
						 
						
							2017-06-07 11:36:12 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Gilles Peskine 
							
						 
						
							
							
							
							
								
							
							
								ae76599686 
								
							 
						 
						
							
							
								
								Test that SHA-1 defaults off  
							
							... 
							
							
							
							Added tests to validate that certificates signed using SHA-1 are
rejected by default, but accepted if SHA-1 is explicitly enabled. 
							
						 
						
							2017-06-06 19:08:23 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Gilles Peskine 
							
						 
						
							
							
							
							
								
							
							
								12c19541a9 
								
							 
						 
						
							
							
								
								Allow SHA-1 in SSL renegotiation tests  
							
							... 
							
							
							
							In the TLS test client, allow SHA-1 as a signature hash algorithm.
Without this, the renegotation tests failed.
A previous commit had allowed SHA-1 via the certificate profile but
that only applied before the initial negotiation which includes the
signature_algorithms extension. 
							
						 
						
							2017-06-06 19:08:23 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Gilles Peskine 
							
						 
						
							
							
							
							
								
							
							
								dd57d75dfa 
								
							 
						 
						
							
							
								
								Allow SHA-1 in X.509 and TLS tests  
							
							... 
							
							
							
							SHA-1 is now disabled by default in the X.509 layer. Explicitly enable
it in our tests for now. Updating all the test data to SHA-256 should
be done over time. 
							
						 
						
							2017-06-06 19:08:23 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								22311ae62e 
								
							 
						 
						
							
							
								
								Improve help message of ssl_*2.c  
							
							
							
						 
						
							2015-09-09 11:22:58 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								dbd23079d0 
								
							 
						 
						
							
							
								
								Add option reconnect_hard to ssl_client2  
							
							... 
							
							
							
							- interrupt the connection abruptly (no close_notify)
- reconnect from the same port while server sill has an active connection from
  this port.
Some real-world clients do that, see section 4.2.8 of RFC 6347. 
							
						 
						
							2015-09-08 10:39:06 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								37ff14062e 
								
							 
						 
						
							
							
								
								Change main license to Apache 2.0  
							
							
							
						 
						
							2015-09-04 14:21:07 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								a2cda6bfaf 
								
							 
						 
						
							
							
								
								Add mbedtls_ssl_get_max_frag_len()  
							
							... 
							
							
							
							This is not very useful for TLS as mbedtls_ssl_write() will automatically
fragment and return the length used, and the application should check for that
anyway, but this is useful for DTLS where mbedtls_ssl_write() returns an
error, and the application needs to be able to query the maximum length
instead of just guessing. 
							
						 
						
							2015-08-31 20:47:04 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								6fb8187279 
								
							 
						 
						
							
							
								
								Update date in copyright line  
							
							
							
						 
						
							2015-07-28 17:11:58 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								046589e424 
								
							 
						 
						
							
							
								
								Rm obsolete defines for snprintf in programs  
							
							... 
							
							
							
							Now centralized in the platform layer 
							
						 
						
							2015-07-01 17:26:20 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								9de64f5af1 
								
							 
						 
						
							
							
								
								Fix MSVC warnings in library and programs  
							
							
							
						 
						
							2015-07-01 16:56:08 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								052f28853b 
								
							 
						 
						
							
							
								
								Cosmetics in debug in ssl_{client,server}2.c  
							
							... 
							
							
							
							Print only the basename from the file, and print level too. 
							
						 
						
							2015-07-01 12:01:13 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								3d7d00ad23 
								
							 
						 
						
							
							
								
								Rename mbedtls_net_close() to mbedtls_net_free()  
							
							... 
							
							
							
							close() may be more meaningful, but free() is symmetric with _init(), and more
consistent with all other modules 
							
						 
						
							2015-06-30 16:50:37 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								5db64328ab 
								
							 
						 
						
							
							
								
								Adapt programs to the new NET API  
							
							
							
						 
						
							2015-06-30 16:48:17 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								61ee351af4 
								
							 
						 
						
							
							
								
								Adapt programs to the new debug API  
							
							
							
						 
						
							2015-06-23 23:30:16 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								c0d749418b 
								
							 
						 
						
							
							
								
								Make 'port' a string in NET module  
							
							... 
							
							
							
							- avoids dependency on snprintf
- allows using "smtps" instead of "456" if desired 
							
						 
						
							2015-06-23 13:09:11 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								b31c5f68b1 
								
							 
						 
						
							
							
								
								Add SSL presets.  
							
							... 
							
							
							
							No need to use a separate profile as in X.509, everything we need is already
in ssl_config. Just load appropriate values. 
							
						 
						
							2015-06-17 14:59:27 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								9096682352 
								
							 
						 
						
							
							
								
								Add dhmlen option in ssl_client2.c  
							
							
							
						 
						
							2015-06-17 11:37:04 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								bf27eaac79 
								
							 
						 
						
							
							
								
								Fix help string in ssl_client2.c  
							
							
							
						 
						
							2015-06-12 11:22:02 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								b596abfdc0 
								
							 
						 
						
							
							
								
								Refine cli/srv ifdefs for session tickets  
							
							... 
							
							
							
							- Only the server needs to generate/parse tickets
- Only the client needs to store them
Also adjust prototype of ssl_conf_session_tickets() while at it. 
							
						 
						
							2015-05-20 11:14:57 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								d4f04dba42 
								
							 
						 
						
							
							
								
								net.c now depends on select() unconditionally  
							
							
							
						 
						
							2015-05-14 21:58:34 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								a63bc94a2d 
								
							 
						 
						
							
							
								
								Remove timing_m_sleep() -> net_usleep()  
							
							
							
						 
						
							2015-05-14 21:58:34 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								66dc5555f0 
								
							 
						 
						
							
							
								
								mbedtls_ssl_conf_arc4_support() depends on ARC4_C  
							
							
							
						 
						
							2015-05-14 12:31:10 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								d2377e7e78 
								
							 
						 
						
							
							
								
								ssl_client/server2 shouln't depend on timing.c  
							
							... 
							
							
							
							Would break test-ref-configs.pl. 
							
						 
						
							2015-05-13 13:58:56 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								e3c41ad8a4 
								
							 
						 
						
							
							
								
								Use the new timer callback API in programs  
							
							
							
						 
						
							2015-05-13 10:04:32 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								db1cc76091 
								
							 
						 
						
							
							
								
								Fix depend issue in program/ssl/ssl_*2.c  
							
							
							
						 
						
							2015-05-12 11:27:25 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								e6ef16f98c 
								
							 
						 
						
							
							
								
								Change X.509 verify flags to uint32_t  
							
							
							
						 
						
							2015-05-11 19:54:43 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								159c82ecc6 
								
							 
						 
						
							
							
								
								Fix ssl_set_hostname usage (duplication, ifdef)  
							
							
							
						 
						
							2015-05-11 17:59:14 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								06939cebef 
								
							 
						 
						
							
							
								
								Fix order of ssl_conf vs ssl_setup in programs  
							
							... 
							
							
							
							Except ssl_phtread_server that will be done later 
							
						 
						
							2015-05-11 14:35:42 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								01e5e8c1f8 
								
							 
						 
						
							
							
								
								Change a few ssl_conf return types to void  
							
							
							
						 
						
							2015-05-11 14:35:41 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								6729e79482 
								
							 
						 
						
							
							
								
								Rename ssl_set_xxx() to ssl_conf_xxx()  
							
							
							
						 
						
							2015-05-11 14:35:41 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								17a40cd255 
								
							 
						 
						
							
							
								
								Change ssl_own_cert to work on ssl_config  
							
							
							
						 
						
							2015-05-11 14:35:41 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								120fdbdb3d 
								
							 
						 
						
							
							
								
								Change ssl_set_psk() to act on ssl_config  
							
							
							
						 
						
							2015-05-11 14:35:41 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								750e4d7769 
								
							 
						 
						
							
							
								
								Move ssl_set_rng() to act on config  
							
							
							
						 
						
							2015-05-11 12:33:27 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								ae31914990 
								
							 
						 
						
							
							
								
								Rename ssl_legacy_renegotiation() to ssl_set_...  
							
							
							
						 
						
							2015-05-11 12:33:27 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								8836994f6b 
								
							 
						 
						
							
							
								
								Move WANT_READ/WANT_WRITE codes to SSL  
							
							
							
						 
						
							2015-05-11 12:33:26 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								1b511f93c6 
								
							 
						 
						
							
							
								
								Rename ssl_set_bio_timeout() to set_bio()  
							
							... 
							
							
							
							Initially thought it was best to keep the old function around and add a new
one, but this so many ssl_set_xxx() functions are changing anyway... 
							
						 
						
							2015-05-11 12:33:26 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								97fd52c529 
								
							 
						 
						
							
							
								
								Split ssl_set_read_timeout() out of bio_timeout()  
							
							
							
						 
						
							2015-05-11 12:33:26 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								bc2b771af4 
								
							 
						 
						
							
							
								
								Move ssl_set_ca_chain() to work on config  
							
							
							
						 
						
							2015-05-11 12:33:26 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								2b49445876 
								
							 
						 
						
							
							
								
								Move session ticket keys to conf  
							
							... 
							
							
							
							This is temporary, they will soon be replaced by callbacks.
!!! In this intermediate step security is removed !!! 
							
						 
						
							2015-05-07 10:19:13 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								684b0592cb 
								
							 
						 
						
							
							
								
								Move ssl_set_fallback() to work on conf  
							
							... 
							
							
							
							Initially thought it would be per-connection, but since max_version is in conf
too, and you need to lower that for a fallback connection, the fallback flag
should be in the same place 
							
						 
						
							2015-05-07 10:19:13 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								6bf89d6ad9 
								
							 
						 
						
							
							
								
								Move ssl_set_max_fragment_len to work on conf  
							
							
							
						 
						
							2015-05-07 10:19:13 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								17eab2b65c 
								
							 
						 
						
							
							
								
								Move set_cbc_record_splitting() to conf  
							
							
							
						 
						
							2015-05-07 10:19:13 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								d36e33fc07 
								
							 
						 
						
							
							
								
								Move easy ssl_set_xxx() functions to work on conf  
							
							... 
							
							
							
							mbedtls_ssl_set_alpn_protocols
mbedtls_ssl_set_arc4_support
mbedtls_ssl_set_authmode
mbedtls_ssl_set_ciphersuites
mbedtls_ssl_set_ciphersuites_for_version
mbedtls_ssl_set_curves
mbedtls_ssl_set_dbg
mbedtls_ssl_set_dh_param
mbedtls_ssl_set_dh_param_ctx
mbedtls_ssl_set_dtls_anti_replay
mbedtls_ssl_set_dtls_badmac_limit
mbedtls_ssl_set_dtls_cookies
mbedtls_ssl_set_encrypt_then_mac
mbedtls_ssl_set_endpoint
mbedtls_ssl_set_extended_master_secret
mbedtls_ssl_set_handshake_timeout
mbedtls_ssl_legacy_renegotiation
mbedtls_ssl_set_max_version
mbedtls_ssl_set_min_version
mbedtls_ssl_set_psk_cb
mbedtls_ssl_set_renegotiation
mbedtls_ssl_set_renegotiation_enforced
mbedtls_ssl_set_renegotiation_period
mbedtls_ssl_set_session_cache
mbedtls_ssl_set_session_ticket_lifetime
mbedtls_ssl_set_sni
mbedtls_ssl_set_transport
mbedtls_ssl_set_truncated_hmac
mbedtls_ssl_set_verify 
							
						 
						
							2015-05-07 10:19:13 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								419d5ae419 
								
							 
						 
						
							
							
								
								Make endpoint+transport args of config_defaults()  
							
							
							
						 
						
							2015-05-07 10:19:13 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								def0bbe3ab 
								
							 
						 
						
							
							
								
								Allocate ssl_config out of ssl_setup()  
							
							
							
						 
						
							2015-05-07 10:19:13 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								41d479e7df 
								
							 
						 
						
							
							
								
								Split ssl_init() -> ssl_setup()  
							
							
							
						 
						
							2015-04-29 02:08:34 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								ec160c0f53 
								
							 
						 
						
							
							
								
								Update ctr_drbg_init() usage in programs  
							
							
							
						 
						
							2015-04-29 02:08:34 +02:00