Paul Bakker
0a59707523
- Added simple SSL session cache implementation
...
- Revamped session resumption handling
2012-09-25 21:55:46 +00:00
Paul Bakker
d0f6fa7bdc
- Sending of handshake_failures during renegotiation added
...
- Handle two legacy modes differently: SSL_LEGACY_BREAK_HANDSHAKE and SSL_LEGACY_NO_RENEGOTIATION
2012-09-17 09:18:12 +00:00
Paul Bakker
48916f9b67
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
Paul Bakker
b68cad6cc7
- Made cipersuites in ssl context const (no intention to modify)
...
- Adjusted ssl_set_ciphersuites() to match
2012-08-23 08:34:18 +00:00
Paul Bakker
2770fbd651
- Added DEFLATE compression support as per RFC3749 (requires zlib)
2012-07-03 13:30:23 +00:00
Paul Bakker
186751d9dd
- Moved out_msg to out_hdr + 32 to support hardware acceleration
2012-05-08 13:16:14 +00:00
Paul Bakker
05ef835b6a
- Added support for Hardware Acceleration hooking in SSL/TLS
2012-05-08 09:17:57 +00:00
Paul Bakker
380da53c48
- Abstracted checksum updating during handshake
2012-04-18 16:10:25 +00:00
Paul Bakker
ca4ab49158
- Added GCM ciphersuites to TLS implementation
2012-04-18 14:23:57 +00:00
Paul Bakker
0a9251870a
- Report unexpected_message if unknown record type is received
2012-04-16 06:46:41 +00:00
Paul Bakker
10cd225962
- Added support for the SHA256 ciphersuites of AES and Camellia
2012-04-12 21:26:34 +00:00
Paul Bakker
c3f177a77b
- Added client side support for signature_algorithm extension and affiliated handling
2012-04-11 16:11:49 +00:00
Paul Bakker
1ef83d66dd
- Initial bare version of TLS 1.2
2012-04-11 12:09:53 +00:00
Paul Bakker
e93dfa72a5
- Added hex documentation for alerts
2012-04-10 08:03:03 +00:00
Paul Bakker
fab5c829e7
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
2012-02-06 16:45:10 +00:00
Paul Bakker
b15b851d6d
- Check for failed malloc() in ssl_set_hostname() and x509_get_entries() (Closes ticket #47 , found by Hugo Leisink)
2012-01-13 13:44:06 +00:00
Paul Bakker
69e095cc15
- Changed the behaviour of x509parse_parse_crt for permissive parsing. Now returns the number of 'failed certificates' instead of having a switch to enable it.
...
- As a consequence all error code that were positive were changed. A lot of MALLOC_FAILED and FILE_IO_ERROR error codes added for different modules.
- Programs and tests were adapted accordingly
2011-12-10 21:55:01 +00:00
Paul Bakker
a3d195c41f
- Changed the used random function pointer to more flexible format. Renamed havege_rand() to havege_random() to prevent mistakes. Lots of changes as a consequence in library code and programs
2011-11-27 21:07:34 +00:00
Paul Bakker
490ecc8c3e
- Added ssl_set_max_version() to set the client's maximum sent version number
2011-10-06 13:04:09 +00:00
Paul Bakker
7eb013face
- Added ssl_session_reset() to allow re-use of already set non-connection specific context information
2011-10-06 12:37:39 +00:00
Paul Bakker
314052fbfc
- Removed extraneous "polarssl/" in front on include directives in header files
2011-08-15 09:07:52 +00:00
Paul Bakker
09b1ec68c8
- Adapted define for inline to be more solid
2011-07-27 16:28:54 +00:00
Paul Bakker
74fb74ebd9
- Updated ARMCC_VERSION to __ARMCC_VERSION
2011-06-21 13:36:18 +00:00
Paul Bakker
569df2c135
- Fixed inline definition for ARM systems
2011-06-21 07:48:07 +00:00
Paul Bakker
39bb418d93
- Made second argument of f_send() prototype and of net_send() const
2011-06-21 07:36:43 +00:00
Paul Bakker
831a755d9e
- Changed behaviour of net_recv(), ssl_fetch_input() and ssl_read(). net_recv() now returns 0 on EOF instead of POLARSSL_ERR_NET_CONN_RESET. ssl_fetch_input() returns POLARSSL_ERR_SSL_CONN_EOF on an EOF from its f_recv() function. ssl_read() returns 0 if a POLARSSL_ERR_SSL_CONN_EOF is received after the handshake.
...
- Network functions now return POLARSSL_ERR_NET_WANT_READ or POLARSSL_ERR_NET_WANT_WRITE instead of the ambiguous POLARSSL_ERR_NET_TRY_AGAIN
2011-05-18 13:32:51 +00:00
Paul Bakker
9d781407bc
- A error_strerror function() has been added to translate between error codes and their description.
...
- The error codes have been remapped and combining error codes is now done with a PLUS instead of an OR as error codes used are negative.
- Descriptions to all error codes have been added.
- Generation script for error.c has been created to automatically generate error.c from the available error definitions in the headers.
2011-05-09 16:17:09 +00:00
Paul Bakker
23986e5d5d
- Major type rewrite of int to size_t for most variables and arguments used for buffer lengths and loops
2011-04-24 08:57:21 +00:00
Paul Bakker
af5c85fc10
- Improved portability with Microsoft Visual C
2011-04-18 03:47:52 +00:00
Paul Bakker
fbc4a45f15
- Fixed typo in define
2011-03-25 09:07:46 +00:00
Paul Bakker
e3166ce040
- Renamed ciphers member of ssl_context and cipher member of ssl_session to ciphersuites and ciphersuite respectively. This clarifies the difference with the generic cipher layer and is better naming altogether
...
- Adapted in the rest of using code as well
2011-01-27 17:40:50 +00:00
Paul Bakker
43b7e35b25
- Support for PKCS#11 through the use of the pkcs11-helper library
2011-01-18 15:27:19 +00:00
Paul Bakker
72f6266f02
- Improved information provided about current Hashing, Cipher and Suite capabilities
2011-01-16 21:27:44 +00:00
Paul Bakker
43ca69c38a
- Added function for stringified SSL/TLS version
2011-01-15 17:35:19 +00:00
Paul Bakker
b63b0afc05
- Added verification callback in certificate verification chain in order to allow external blacklisting
2011-01-13 17:54:59 +00:00
Paul Bakker
1b57b06751
- Added reading of DHM context from memory and file
2011-01-06 15:48:19 +00:00
Paul Bakker
37ca75d6f2
- Added Doxygen source code documentation parts (donated by Fox-IT)
2011-01-06 12:28:03 +00:00
Paul Bakker
2e11f7d966
- Added support for TLS v1.1
...
- Renamed some SSL defines to prevent future naming confusion
2010-07-25 14:24:53 +00:00
Paul Bakker
b96f154e51
- Fixed copyright message
2010-07-18 20:36:00 +00:00
Paul Bakker
84f12b76fc
- Updated Copyright to correct entity
2010-07-18 10:13:04 +00:00
Paul Bakker
77a43580da
- Added support for the SSL_EDH_RSA_AES_128_SHA and SSL_EDH_RSA_CAMELLIA_128_SHA ciphersuites
2010-06-15 21:32:46 +00:00
Paul Bakker
57b7914445
- String peer_cn in ssl context made const as well.
2010-03-24 06:51:15 +00:00
Paul Bakker
fc8c4360b8
- Updated copyright line to 2010
2010-03-21 17:37:16 +00:00
Paul Bakker
1f3c39c194
- Removed copyright line for Christophe Devine for clarity
2010-03-21 17:30:05 +00:00
Paul Bakker
ff60ee6c2a
- Added const-correctness to main codebase
2010-03-16 21:09:09 +00:00
Paul Bakker
3391b12ce3
- Fixed error codes. Negative when needed (SSL error codes). Non-negative if error-codes are OR'ed to other error codes (ASN1, Base64, MPI, DHM). The rest is negative by default.
2009-07-28 20:11:54 +00:00
Paul Bakker
77b385e91a
- Updated copyright messages on all relevant files
2009-07-28 17:23:11 +00:00
Paul Bakker
13e2dfecaa
- Cleaned up header documentation
2009-07-28 07:18:38 +00:00
Paul Bakker
b5bf176f4c
- Major change: Errors are now positive numbers instead of negative.
...
Reason: You cannot OR negative values correctly
2009-07-19 20:28:35 +00:00
Paul Bakker
40ea7de46d
- Added CRL revocation support to x509parse_verify()
...
- Fixed an off-by-one allocation in ssl_set_hostname()
- Added CRL support to SSL/TLS code
2009-05-03 10:18:48 +00:00