Paul Bakker
c559c7a680
Renamed x509_cert structure to x509_crt for consistency
2013-09-18 14:32:52 +02:00
Paul Bakker
ddf26b4e38
Renamed x509parse_* functions to new form
...
e.g. x509parse_crtfile -> x509_crt_parse_file
2013-09-18 13:46:23 +02:00
Paul Bakker
369d2eb2a2
Introduced x509_crt_init(), x509_crl_init() and x509_csr_init()
2013-09-18 12:01:43 +02:00
Paul Bakker
36713e8ed9
Fixed bunch of X509_PARSE related defines / dependencies
2013-09-17 13:25:29 +02:00
Paul Bakker
1a7550ac67
Moved PK key parsing from X509 module to PK module
2013-09-15 13:47:30 +02:00
Manuel Pégourié-Gonnard
e8ea0c0421
Fix exit value on SERVERQUIT
2013-09-08 20:08:24 +02:00
Paul Bakker
577e006c2f
Merged ECDSA-based key-exchange and ciphersuites into development
...
Conflicts:
include/polarssl/config.h
library/ssl_cli.c
library/ssl_srv.c
library/ssl_tls.c
2013-08-28 11:58:40 +02:00
Manuel Pégourié-Gonnard
ac75523593
Adapt ssl_set_own_cert() to generic keys
2013-08-27 22:21:20 +02:00
Paul Bakker
0be444a8b1
Ability to disable server_name extension (RFC 6066)
2013-08-27 21:55:01 +02:00
Manuel Pégourié-Gonnard
38d1eba3b5
Move verify_result from ssl_context to session
2013-08-26 14:26:02 +02:00
Paul Bakker
1f2bc6238b
Made support for the truncated_hmac extension configurable
2013-08-15 13:45:55 +02:00
Paul Bakker
05decb24c3
Made support for the max_fragment_length extension configurable
2013-08-15 13:33:48 +02:00
Paul Bakker
a503a63b85
Made session tickets support configurable from config.h
2013-08-14 14:26:03 +02:00
Manuel Pégourié-Gonnard
aa0d4d1aff
Add ssl_set_session_tickets()
2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
06650f6a37
Fix reusing session more than once
2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
cf2e97eae2
ssl_client2: allow reconnecting twice
2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
aaa1eab55a
Add an option to reconnect in ssl_client2
...
Purpose: test resuming sessions.
2013-08-14 14:08:04 +02:00
Paul Bakker
66c4810ffe
Better handling of ciphersuite version range and forced version in
...
ssl_client2
2013-07-26 14:05:32 +02:00
Paul Bakker
6c85279719
Newline fixes in help text for ssl_client2 / ssl_server2
2013-07-26 14:02:13 +02:00
Paul Bakker
dbd79ca617
ssl_client2 and ssl_server2 now exit with 1 on errors (shell
...
limitations)
2013-07-24 16:28:35 +02:00
Paul Bakker
8c1ede655f
Changed prototype for ssl_set_truncated_hmac() to allow disabling
2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard
e980a994f0
Add interface for truncated hmac
2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard
e048b67d0a
Misc minor fixes
...
- avoid "multi-line comment" warning in ssl_client2.c
- rm useless initialisation of mfl_code in ssl_init()
- const-correctness of ssl_parse_*_ext()
- a code formating issue
2013-07-19 12:56:08 +02:00
Manuel Pégourié-Gonnard
0c017a55e0
Add max_frag_len option in ssl_server2
...
Also reformat code and output more information in ssl_client2
2013-07-18 14:07:36 +02:00
Manuel Pégourié-Gonnard
787b658bb3
Implement max_frag_len write restriction
2013-07-18 11:18:14 +02:00
Manuel Pégourié-Gonnard
0df6b1f068
ssl_client2: add max_frag_len option
2013-07-18 11:18:13 +02:00
Manuel Pégourié-Gonnard
ba4878aa64
Rename x509parse_key & co with _rsa suffix
2013-07-08 15:31:18 +02:00
Paul Bakker
03a8a79516
Programs adapted to use polarssl_strerror() instead of error_strerror()
2013-06-30 12:18:08 +02:00
Paul Bakker
c1516be99d
ssl_server2 and ssl_client2 adapted to support maximum protocol version
2013-06-29 18:35:41 +02:00
Paul Bakker
3c5ef71322
Cleanup up non-prototyped functions (static) and const-correctness in programs
2013-06-25 16:37:45 +02:00
Paul Bakker
ef3f8c747e
Fixed const correctness issues in programs and tests
...
(cherry picked from commit e0225e4d7f18f4565224f4997af537533d06a80d)
Conflicts:
programs/ssl/ssl_client2.c
programs/ssl/ssl_server2.c
programs/test/ssl_test.c
programs/x509/cert_app.c
2013-06-24 19:09:24 +02:00
Paul Bakker
bcbe2d8d81
Prettier printing of the lists for longer ciphersuite names
2013-04-19 09:10:20 +02:00
Paul Bakker
ed27a041e4
More granular define selections within code to allow for smaller code
...
sizes
2013-04-18 23:12:34 +02:00
Paul Bakker
d4a56ec6bf
Added pre-shared key handling for the client side of SSL / TLS
...
Client side handling of the pure PSK ciphersuites is now in the base
code.
2013-04-18 23:12:33 +02:00
Paul Bakker
91ebfb5272
Made auth_mode as an command line option
2012-11-23 14:04:08 +01:00
Paul Bakker
1f9d02dc90
Added more notes / comments on own_cert, trust_ca purposes
2012-11-20 10:30:55 +01:00
Paul Bakker
645ce3a2b4
- Moved ciphersuite naming scheme to IANA reserved names
2012-10-31 12:32:41 +00:00
Paul Bakker
b0550d90c9
- Added ssl_get_peer_cert() to SSL API
2012-10-30 07:51:03 +00:00
Paul Bakker
1d29fb5e33
- Added option to add minimum accepted SSL/TLS protocol version
2012-09-28 13:28:45 +00:00
Paul Bakker
915275ba78
- Revamped x509_verify() and the SSL f_vrfy callback implementations
2012-09-28 07:10:55 +00:00
Paul Bakker
0a59707523
- Added simple SSL session cache implementation
...
- Revamped session resumption handling
2012-09-25 21:55:46 +00:00
Paul Bakker
d0f6fa7bdc
- Sending of handshake_failures during renegotiation added
...
- Handle two legacy modes differently: SSL_LEGACY_BREAK_HANDSHAKE and SSL_LEGACY_NO_RENEGOTIATION
2012-09-17 09:18:12 +00:00
Paul Bakker
48916f9b67
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
Paul Bakker
8d914583f3
- Added X509 CA Path support
2012-06-04 12:46:42 +00:00
Paul Bakker
4248823f43
- Updated to handle x509parse_crtfile() positive return values
2012-05-16 08:21:05 +00:00
Paul Bakker
0b22e3e989
- Print return codes properly
2012-04-18 14:23:29 +00:00
Paul Bakker
570267f01a
- print error string in useful format
2012-04-10 08:22:46 +00:00
Paul Bakker
fab5c829e7
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
2012-02-06 16:45:10 +00:00
Paul Bakker
13eb9f01cf
- Added error exit code
2012-02-06 15:35:10 +00:00
Paul Bakker
69e095cc15
- Changed the behaviour of x509parse_parse_crt for permissive parsing. Now returns the number of 'failed certificates' instead of having a switch to enable it.
...
- As a consequence all error code that were positive were changed. A lot of MALLOC_FAILED and FILE_IO_ERROR error codes added for different modules.
- Programs and tests were adapted accordingly
2011-12-10 21:55:01 +00:00