Commit graph

244 commits

Author SHA1 Message Date
Paul Bakker
fbb5cf9f59 Fixed typo in base64.h 2013-02-14 11:56:58 +01:00
Paul Bakker
c7a2da437e Updated for PolarSSL 1.2.5 2013-02-02 19:23:57 +01:00
Paul Bakker
40865c8e5d Added sending of alert messages in case of decryption failures as per RFC
The flag POLARSSL_SSL_ALERT_MESSAGES switched between enabling and
disabling the sending of alert messages that give adversaries intel
about the result of their action. PolarSSL can still communicate with
other parties if they are disabled, but debugging of issues might be
harder.
2013-02-02 19:04:13 +01:00
Paul Bakker
d66f070d49 Disable debug messages that can introduce a timing side channel.
Introduced the POLARSSL_SSL_DEBUG_ALL flag to enable all these debug
messages in case somebody does want to see the reason checks fail.
2013-02-02 19:04:13 +01:00
Paul Bakker
8fe40dcd7d Allow enabling of dummy error_strerror() to support some use-cases
Enable a dummy error function to make use of error_strerror() in
third party libraries easier.

Disable if you run into name conflicts and want to really remove the
error_strerror()
2013-02-02 12:43:08 +01:00
Paul Bakker
14c56a3378 Updated for PolarSSL 1.2.4 2013-01-25 17:11:37 +01:00
Paul Bakker
1961b709d8 Added ssl_handshake_step() to allow single stepping the handshake
process

Single stepping the handshake process allows for better support of
non-blocking network stacks and for getting information from specific
handshake messages if wanted.
2013-01-25 14:49:24 +01:00
Paul Bakker
f626e1dd28 Fixed comment on maximum tested size for POLARSSL_MPI_MAX_LIMBS 2013-01-21 12:14:17 +01:00
Paul Bakker
fb1ba781b3 Updated for release 1.2.3 2012-11-26 16:28:25 +01:00
Paul Bakker
df5069cb97 Updated for 1.2.2 release 2012-11-24 12:20:19 +01:00
Paul Bakker
769075dfb6 Fixed dependency on POLARSSL_SHA4_C in ssl modules 2012-11-24 11:26:46 +01:00
Paul Bakker
926af7582a Fixed client certificate handling with TLS 1.2 2012-11-23 13:38:07 +01:00
Paul Bakker
e667c98fb1 Added p_hw_data to ssl_context for context specific hardware acceleration data 2012-11-20 13:50:22 +01:00
Paul Bakker
1f9d02dc90 Added more notes / comments on own_cert, trust_ca purposes 2012-11-20 10:30:55 +01:00
Paul Bakker
25338d74ac Added proper gitignores for Linux CMake use 2012-11-18 22:56:39 +01:00
Paul Bakker
43ae298410 - Fixed argument types 2012-11-14 12:14:19 +00:00
Paul Bakker
34d8dbcc6d - Depth that the certificate verify callback receives is now numbered bottom-up (Peer cert depth is 0) 2012-11-14 12:11:38 +00:00
Paul Bakker
e0f41f3086 - Updated version to 1.2.1 2012-11-13 12:55:02 +00:00
Paul Bakker
c893e0257f - Added extra documentation 2012-11-07 20:41:16 +00:00
Paul Bakker
096348fa79 - Fixed comments / typos 2012-11-07 20:05:38 +00:00
Paul Bakker
77db6ce348 - Fixed doxygen blocks 2012-11-07 19:57:39 +00:00
Paul Bakker
6831c4a1a8 - Fixed typos 2012-11-07 19:46:27 +00:00
Paul Bakker
7c900780d9 - Default to disabled renegotiation 2012-11-04 16:29:08 +00:00
Paul Bakker
7a2538ee38 - Fixes for MSVC6 2012-11-02 10:59:36 +00:00
Paul Bakker
645ce3a2b4 - Moved ciphersuite naming scheme to IANA reserved names 2012-10-31 12:32:41 +00:00
Paul Bakker
b0550d90c9 - Added ssl_get_peer_cert() to SSL API 2012-10-30 07:51:03 +00:00
Paul Bakker
4f024b7ba9 - Fixed for SPARC64 2012-10-30 07:29:57 +00:00
Paul Bakker
df2bb75c28 - Premaster should have a maximum of MPI size 2012-10-24 14:30:00 +00:00
Paul Bakker
ba26e9ebfd - Cache now only allows a maximum of entries in cache for preventing memory overrun 2012-10-23 22:18:28 +00:00
Paul Bakker
0fd018efb2 - Fixed preprocessor typo 2012-10-23 12:44:47 +00:00
Paul Bakker
09f097d45f - Added more documentation on disable / enable renegotiation 2012-10-23 11:54:56 +00:00
Paul Bakker
2b6af2fbf0 - Only define mpi_read_file and mpi_write_file if POLARSSL_FS_IO is present 2012-10-23 11:08:02 +00:00
Paul Bakker
0f5281a35b - Enlarged buffer to fit gcm_context on all platforms 2012-10-23 11:06:25 +00:00
Paul Bakker
8f387e6605 - Updated trunk base version to 1.2.0 for prerelease 1 2012-10-02 15:26:45 +00:00
Paul Bakker
62261d6bd6 - Rewrote bignum type definition #ifdef tree to work better on all
systems
2012-10-02 12:19:31 +00:00
Paul Bakker
9ef6e2bfb6 - Added missing int32_t definition 2012-10-01 20:57:38 +00:00
Paul Bakker
e23c31561f - Fixed typo 2012-10-01 14:42:47 +00:00
Paul Bakker
5c2364c2ba - Moved from unsigned long to uint32_t throughout code 2012-10-01 14:41:15 +00:00
Paul Bakker
6adff7497a - Fixed typo 2012-10-01 11:03:14 +00:00
Paul Bakker
23f3680898 - Added proper support for TLS 1.2 signature_algorithm extension on server
side
 - Minor const changes to other extension parsing functions
2012-09-28 14:15:14 +00:00
Paul Bakker
1d29fb5e33 - Added option to add minimum accepted SSL/TLS protocol version 2012-09-28 13:28:45 +00:00
Paul Bakker
62f2deef8b - Set POLARSSL_DHM_RFC5114_MODP_1024_[PG] as default DHM MODP group for SSL/TLS 2012-09-28 07:31:51 +00:00
Paul Bakker
da7e3f225a - Added RFC 3526 2048-bit and 3072-bit MODP groups 2012-09-28 07:18:17 +00:00
Paul Bakker
915275ba78 - Revamped x509_verify() and the SSL f_vrfy callback implementations 2012-09-28 07:10:55 +00:00
Paul Bakker
5701cdcd02 - Added ServerName extension parsing (SNI) at server side 2012-09-27 21:49:42 +00:00
Paul Bakker
f918310193 - Autosize POLARSSL_MPI_RW_BUFFER_SIZE at compile time 2012-09-27 20:42:35 +00:00
Paul Bakker
eb2c658163 - Generalized external private key implementation handling (like PKCS#11) in SSL/TLS 2012-09-27 19:15:01 +00:00
Paul Bakker
5531c6d92c - Change buffer size on mpi_write_file() to cover larger size MPIs 2012-09-26 19:20:46 +00:00
Paul Bakker
a864f2ee51 - Removed trailing semicolon 2012-09-26 08:29:20 +00:00
Paul Bakker
0a59707523 - Added simple SSL session cache implementation
- Revamped session resumption handling
2012-09-25 21:55:46 +00:00