Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							0b03200e96 
							
						 
					 
					
						
						
							
							Add server-side support for ECDSA client auth  
						
						
						
						
					 
					
						2013-08-27 22:21:19 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							0be444a8b1 
							
						 
					 
					
						
						
							
							Ability to disable server_name extension (RFC 6066)  
						
						
						
						
					 
					
						2013-08-27 21:55:01 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							d2f068e071 
							
						 
					 
					
						
						
							
							Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2 individually  
						
						
						
						
					 
					
						2013-08-27 21:19:20 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							0a20171d52 
							
						 
					 
					
						
						
							
							Fix compiler warning from gcc -Os  
						
						
						
						
					 
					
						2013-08-26 14:31:43 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							c6554aab3d 
							
						 
					 
					
						
						
							
							Check length of session tickets we write  
						
						
						
						
					 
					
						2013-08-26 14:26:33 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							b3d9187cea 
							
						 
					 
					
						
						
							
							PK: add nice interface functions  
						
						... 
						
						
						
						Also fix a const-corectness issue. 
						
						
					 
					
						2013-08-20 20:46:04 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							5fd4917d97 
							
						 
					 
					
						
						
							
							Add missing ifdefs in ssl modules  
						
						
						
						
					 
					
						2013-08-19 13:30:28 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							0b2726732e 
							
						 
					 
					
						
						
							
							Fix ifdef conditions for EC-related extensions.  
						
						... 
						
						
						
						Was alternatively ECP_C and ECDH_C. 
						
						
					 
					
						2013-08-16 13:56:17 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							5734b2d358 
							
						 
					 
					
						
						
							
							Actually use the point format selected for ECDH  
						
						
						
						
					 
					
						2013-08-16 13:56:16 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							7b19c16b74 
							
						 
					 
					
						
						
							
							Handle suported_point_formats in ServerHello  
						
						
						
						
					 
					
						2013-08-16 13:56:16 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							1f2bc6238b 
							
						 
					 
					
						
						
							
							Made support for the truncated_hmac extension configurable  
						
						
						
						
					 
					
						2013-08-15 13:45:55 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							05decb24c3 
							
						 
					 
					
						
						
							
							Made support for the max_fragment_length extension configurable  
						
						
						
						
					 
					
						2013-08-15 13:33:48 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							606b4ba20f 
							
						 
					 
					
						
						
							
							Session ticket expiration checked on server  
						
						
						
						
					 
					
						2013-08-15 11:42:48 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							f0e39acb58 
							
						 
					 
					
						
						
							
							Fixed unitialized n when resuming a session  
						
						
						
						
					 
					
						2013-08-15 11:40:48 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							a503a63b85 
							
						 
					 
					
						
						
							
							Made session tickets support configurable from config.h  
						
						
						
						
					 
					
						2013-08-14 14:26:03 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							56dc9e8bba 
							
						 
					 
					
						
						
							
							Authenticate session tickets.  
						
						
						
						
					 
					
						2013-08-14 14:08:07 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							990c51a557 
							
						 
					 
					
						
						
							
							Encrypt session tickets  
						
						
						
						
					 
					
						2013-08-14 14:08:07 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							779e42982c 
							
						 
					 
					
						
						
							
							Start adding ticket keys (only key_name for now)  
						
						
						
						
					 
					
						2013-08-14 14:08:06 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							aa0d4d1aff 
							
						 
					 
					
						
						
							
							Add ssl_set_session_tickets()  
						
						
						
						
					 
					
						2013-08-14 14:08:06 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							306827e3bc 
							
						 
					 
					
						
						
							
							Prepare ticket structure for securing  
						
						
						
						
					 
					
						2013-08-14 14:08:06 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							593058e35e 
							
						 
					 
					
						
						
							
							Don't renew ticket when the current one is OK  
						
						
						
						
					 
					
						2013-08-14 14:08:05 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							c086cce3d3 
							
						 
					 
					
						
						
							
							Don't cache empty session ID nor resumed session  
						
						
						
						
					 
					
						2013-08-14 14:08:05 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							7cd5924cec 
							
						 
					 
					
						
						
							
							Rework NewSessionTicket handling in state machine  
						
						... 
						
						
						
						Fixes bug: NewSessionTicket was ommited in resumed sessions. 
						
						
					 
					
						2013-08-14 14:08:05 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							3ffa3db80b 
							
						 
					 
					
						
						
							
							Fix server session ID handling with ticket  
						
						
						
						
					 
					
						2013-08-14 14:08:05 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							72882b2079 
							
						 
					 
					
						
						
							
							Relax limit on ClientHello size  
						
						
						
						
					 
					
						2013-08-14 14:08:05 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							609bc81a76 
							
						 
					 
					
						
						
							
							ssl_srv: read & write ticket, unsecure for now  
						
						
						
						
					 
					
						2013-08-14 14:08:05 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							94f6a79cde 
							
						 
					 
					
						
						
							
							Auxiliary functions to (de)serialize ssl_session  
						
						
						
						
					 
					
						2013-08-14 14:08:05 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							7a358b8580 
							
						 
					 
					
						
						
							
							ssl_srv: write & parse session ticket ext & msg  
						
						
						
						
					 
					
						2013-08-14 14:08:04 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							57c2852807 
							
						 
					 
					
						
						
							
							Added truncated hmac negociation (without effect)  
						
						
						
						
					 
					
						2013-07-19 14:51:47 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							e048b67d0a 
							
						 
					 
					
						
						
							
							Misc minor fixes  
						
						... 
						
						
						
						- avoid "multi-line comment" warning in ssl_client2.c
- rm useless initialisation of mfl_code in ssl_init()
- const-correctness of ssl_parse_*_ext()
- a code formating issue 
						
						
					 
					
						2013-07-19 12:56:08 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							ed4af8b57c 
							
						 
					 
					
						
						
							
							Move negotiated max fragment length to session  
						
						... 
						
						
						
						User-set max fragment length remains in ssl_context.
The min of the two is used for sizing fragments. 
						
						
					 
					
						2013-07-18 14:07:09 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							7bb7899121 
							
						 
					 
					
						
						
							
							Send max_fragment_length extension (server)  
						
						
						
						
					 
					
						2013-07-18 11:23:48 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							f11a6d78c7 
							
						 
					 
					
						
						
							
							Rework server extensions writing  
						
						
						
						
					 
					
						2013-07-18 11:23:38 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							48f8d0dbbd 
							
						 
					 
					
						
						
							
							Read max_fragment_length extension (server)  
						
						
						
						
					 
					
						2013-07-18 11:18:14 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							ff56da3a26 
							
						 
					 
					
						
						
							
							Fix direct uses of x509_cert.rsa, now use pk_rsa()  
						
						
						
						
					 
					
						2013-07-17 15:59:42 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							61d113bb7b 
							
						 
					 
					
						
						
							
							Init and free new contexts in the right place for SSL to prevent  
						
						... 
						
						
						
						memory leaks 
						
						
					 
					
						2013-07-16 17:48:58 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							fa9b10050b 
							
						 
					 
					
						
						
							
							Also compiles / runs without time-based functions in OS  
						
						... 
						
						
						
						Can now run without need of time() / localtime() and gettimeofday() 
						
						
					 
					
						2013-07-03 17:22:32 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							9e36f0475f 
							
						 
					 
					
						
						
							
							SHA2 renamed to SHA256, SHA4 renamed to SHA512 and functions accordingly  
						
						... 
						
						
						
						The SHA4 name was not clear with regards to the new SHA-3 standard. So
SHA2 and SHA4 have been renamed to better represent what they are:
SHA256 and SHA512 modules. 
						
						
					 
					
						2013-06-30 14:34:05 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							5dc6b5fb05 
							
						 
					 
					
						
						
							
							Made supported curves configurable  
						
						
						
						
					 
					
						2013-06-29 23:26:34 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							2fbefde1d8 
							
						 
					 
					
						
						
							
							Client and server now filter sent and accepted ciphersuites on minimum  
						
						... 
						
						
						
						and maximum protocol version 
						
						
					 
					
						2013-06-29 18:35:40 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							59c28a2723 
							
						 
					 
					
						
						
							
							SSL v2 handshake should also handle dynamic ciphersuites  
						
						
						
						
					 
					
						2013-06-29 18:35:40 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							b6c5d2e1a6 
							
						 
					 
					
						
						
							
							Cleanup up non-prototyped functions (static) and const-correctness  
						
						... 
						
						
						
						More fixes based on the compiler directives -Wcast-qual -Wwrite-strings
-Wmissing-prototypes -Wmissing-declarations. Not everything with regards
to -Wcast-qual has been fixed as some have unwanted consequences for the
rest of the code. 
						
						
					 
					
						2013-06-25 16:25:17 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							2013950545 
							
						 
					 
					
						
						
							
							Secure renegotiation extension should only be sent in case client supports secure renegotiation  
						
						... 
						
						
						
						(cherry picked from commit 7c3c3899cf528f00b346f465e69d5a59f9e8410e) 
						
						
					 
					
						2013-06-24 19:09:24 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							48f7a5d724 
							
						 
					 
					
						
						
							
							DHE-PSK based ciphersuite support added and cleaner key exchange based  
						
						... 
						
						
						
						code selection
The base RFC 4279 DHE-PSK ciphersuites are now supported and added.
The SSL code cuts out code not relevant for defined key exchange methods 
						
						
					 
					
						2013-04-19 20:47:26 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							ed27a041e4 
							
						 
					 
					
						
						
							
							More granular define selections within code to allow for smaller code  
						
						... 
						
						
						
						sizes 
						
						
					 
					
						2013-04-18 23:12:34 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							fbb17804d8 
							
						 
					 
					
						
						
							
							Added pre-shared key handling for the server side of SSL / TLS  
						
						... 
						
						
						
						Server side handling of the pure PSK ciphersuites is now in the base
code. 
						
						
					 
					
						2013-04-18 23:12:33 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							70df2fbaa5 
							
						 
					 
					
						
						
							
							Split parts of ssl_parse_client_key_exchange() into separate functions  
						
						... 
						
						
						
						Made ssl_parse_client_dh_public(), ssl_parse_cient_ecdh_public() and
ssl_parse_encrypted_pms_secret() in preparation for PSK-related code 
						
						
					 
					
						2013-04-18 23:12:33 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							f7abd422dc 
							
						 
					 
					
						
						
							
							Removed extra spaces on end of lines  
						
						
						
						
					 
					
						2013-04-16 18:09:45 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							8f4ddaeea9 
							
						 
					 
					
						
						
							
							Ability to specify allowed ciphersuites based on the protocol version.  
						
						... 
						
						
						
						The ciphersuites parameter in the ssl_session structure changed from
'int *' to 'int *[4]'.
The new function ssl_set_ciphersuite_for_version() sets specific entries
inside this array. ssl_set_ciphersuite() sets all entries to the same
value.
(cherry picked from commit a62729888b9d8eafbfa952fca63a04100ed90f69)
Conflicts:
	ChangeLog
	library/ssl_srv.c
	library/ssl_tls.c 
						
						
					 
					
						2013-04-16 18:09:45 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							c70b982056 
							
						 
					 
					
						
						
							
							OID functionality moved to a separate module.  
						
						... 
						
						
						
						A new OID module has been created that contains the main OID searching
functionality based on type-dependent arrays. A base type is used to
contain the basic values (oid_descriptor_t) and that type is extended to
contain type specific information (like a pk_alg_t).
As a result the rsa sign and verify function prototypes have changed. They
now expect a md_type_t identifier instead of the removed RSA_SIG_XXX
defines.
All OID definitions have been moved to oid.h
All OID matching code is in the OID module.
The RSA PKCS#1 functions cleaned up as a result and adapted to use the
MD layer.
The SSL layer cleanup up as a result and adapted to use the MD layer.
The X509 parser cleaned up and matches OIDs in certificates with new
module and adapted to use the MD layer.
The X509 writer cleaned up and adapted to use the MD layer.
Apps and tests modified accordingly 
						
						
					 
					
						2013-04-07 22:00:46 +02:00