Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							67505bf9e8 
							
						 
					 
					
						
						
							
							Merge branch 'development' into dtls  
						
						... 
						
						
						
						* development:
  Adapt tests to new defaults/errors.
  Fix typos/cosmetics in Changelog
  Disable RC4 by default in example programs.
  Add ssl_set_arc4_support()
  Set min version to TLS 1.0 in programs
Conflicts:
	include/polarssl/ssl.h
	library/ssl_cli.c
	library/ssl_srv.c
	tests/compat.sh 
						
						
					 
					
						2015-01-21 13:57:33 +00:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							fa06581c73 
							
						 
					 
					
						
						
							
							Disable RC4 by default in example programs.  
						
						
						
						
					 
					
						2015-01-13 13:03:06 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							448ea506bf 
							
						 
					 
					
						
						
							
							Set min version to TLS 1.0 in programs  
						
						
						
						
					 
					
						2015-01-12 12:32:04 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							f5a1312eaa 
							
						 
					 
					
						
						
							
							Add UDP support to the NET module  
						
						
						
						
					 
					
						2014-10-21 16:30:09 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							a317a98221 
							
						 
					 
					
						
						
							
							Adapt programs / test suites  
						
						
						
						
					 
					
						2014-07-09 10:19:24 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							c5fd391e04 
							
						 
					 
					
						
						
							
							Check return value of ssl_set_xxx() in programs  
						
						
						
						
					 
					
						2014-07-08 14:20:26 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							cef4ad2509 
							
						 
					 
					
						
						
							
							Adapt sources to configurable config.h name  
						
						
						
						
					 
					
						2014-04-30 16:40:20 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							c73079a78c 
							
						 
					 
					
						
						
							
							Add debug_set_threshold() and thresholding of messages  
						
						
						
						
					 
					
						2014-04-25 16:58:16 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							0c22610693 
							
						 
					 
					
						
						
							
							Cleaned up location of init and free for some programs to prevent memory  
						
						... 
						
						
						
						leaks on incorrect arguments 
						
						
					 
					
						2014-04-17 16:02:36 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							6b0d268bc9 
							
						 
					 
					
						
						
							
							Add ssl_close_notify() to servers that missed it  
						
						
						
						
					 
					
						2014-03-31 11:28:11 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							a8239a4490 
							
						 
					 
					
						
						
							
							Removed Windows auto-spawn client code  
						
						
						
						
					 
					
						2013-11-29 11:16:37 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							1ffefaca1e 
							
						 
					 
					
						
						
							
							Introduced entropy_free()  
						
						
						
						
					 
					
						2013-09-29 15:01:42 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							641de714b6 
							
						 
					 
					
						
						
							
							Use both RSA and ECDSA CA if available  
						
						
						
						
					 
					
						2013-09-25 13:23:33 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							abd6e02b7b 
							
						 
					 
					
						
						
							
							Rm _CRT_SECURE_NO_DEPRECATE for programs  
						
						... 
						
						
						
						(Already in config.h.) 
						
						
					 
					
						2013-09-20 16:51:13 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							c559c7a680 
							
						 
					 
					
						
						
							
							Renamed x509_cert structure to x509_crt for consistency  
						
						
						
						
					 
					
						2013-09-18 14:32:52 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							ddf26b4e38 
							
						 
					 
					
						
						
							
							Renamed x509parse_* functions to new form  
						
						... 
						
						
						
						e.g. x509parse_crtfile -> x509_crt_parse_file 
						
						
					 
					
						2013-09-18 13:46:23 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							369d2eb2a2 
							
						 
					 
					
						
						
							
							Introduced x509_crt_init(), x509_crl_init() and x509_csr_init()  
						
						
						
						
					 
					
						2013-09-18 12:01:43 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							36713e8ed9 
							
						 
					 
					
						
						
							
							Fixed bunch of X509_PARSE related defines / dependencies  
						
						
						
						
					 
					
						2013-09-17 13:25:29 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							9a97c5d894 
							
						 
					 
					
						
						
							
							Fixed warnings in case application dependencies are not met  
						
						
						
						
					 
					
						2013-09-15 17:07:33 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							1a7550ac67 
							
						 
					 
					
						
						
							
							Moved PK key parsing from X509 module to PK module  
						
						
						
						
					 
					
						2013-09-15 13:47:30 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							ac75523593 
							
						 
					 
					
						
						
							
							Adapt ssl_set_own_cert() to generic keys  
						
						
						
						
					 
					
						2013-08-27 22:21:20 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							ba4878aa64 
							
						 
					 
					
						
						
							
							Rename x509parse_key & co with _rsa suffix  
						
						
						
						
					 
					
						2013-07-08 15:31:18 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							03a8a79516 
							
						 
					 
					
						
						
							
							Programs adapted to use polarssl_strerror() instead of error_strerror()  
						
						
						
						
					 
					
						2013-06-30 12:18:08 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							3c5ef71322 
							
						 
					 
					
						
						
							
							Cleanup up non-prototyped functions (static) and const-correctness in programs  
						
						
						
						
					 
					
						2013-06-25 16:37:45 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							ef3f8c747e 
							
						 
					 
					
						
						
							
							Fixed const correctness issues in programs and tests  
						
						... 
						
						
						
						(cherry picked from commit e0225e4d7f18f4565224f4997af537533d06a80d)
Conflicts:
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
	programs/test/ssl_test.c
	programs/x509/cert_app.c 
						
						
					 
					
						2013-06-24 19:09:24 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							ed27a041e4 
							
						 
					 
					
						
						
							
							More granular define selections within code to allow for smaller code  
						
						... 
						
						
						
						sizes 
						
						
					 
					
						2013-04-18 23:12:34 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							645ce3a2b4 
							
						 
					 
					
						
						
							
							- Moved ciphersuite naming scheme to IANA reserved names  
						
						
						
						
					 
					
						2012-10-31 12:32:41 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							cbbd9998da 
							
						 
					 
					
						
						
							
							- SSL/TLS now has default group  
						
						
						
						
					 
					
						2012-09-28 07:32:06 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							d43241060b 
							
						 
					 
					
						
						
							
							- Removed clutter from my_dhm values  
						
						
						
						
					 
					
						2012-09-26 08:29:38 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							0a59707523 
							
						 
					 
					
						
						
							
							- Added simple SSL session cache implementation  
						
						... 
						
						
						
						- Revamped session resumption handling 
						
						
					 
					
						2012-09-25 21:55:46 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							29b64761fd 
							
						 
					 
					
						
						
							
							- Added predefined DHM groups from RFC 5114  
						
						
						
						
					 
					
						2012-09-25 09:36:44 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							48916f9b67 
							
						 
					 
					
						
						
							
							- Added Secure Renegotiation (RFC 5746)  
						
						
						
						
					 
					
						2012-09-16 19:57:18 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							835b29e7c3 
							
						 
					 
					
						
						
							
							- Should not be debug_level 5 in repo (reset to 0)  
						
						
						
						
					 
					
						2012-08-23 08:31:59 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							2770fbd651 
							
						 
					 
					
						
						
							
							- Added DEFLATE compression support as per RFC3749 (requires zlib)  
						
						
						
						
					 
					
						2012-07-03 13:30:23 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							ca4ab49158 
							
						 
					 
					
						
						
							
							- Added GCM ciphersuites to TLS implementation  
						
						
						
						
					 
					
						2012-04-18 14:23:57 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							6f3578cfc8 
							
						 
					 
					
						
						
							
							- Report proper error number  
						
						
						
						
					 
					
						2012-04-16 06:46:01 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							10cd225962 
							
						 
					 
					
						
						
							
							- Added support for the SHA256 ciphersuites of AES and Camellia  
						
						
						
						
					 
					
						2012-04-12 21:26:34 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							fab5c829e7 
							
						 
					 
					
						
						
							
							- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!  
						
						
						
						
					 
					
						2012-02-06 16:45:10 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							69e095cc15 
							
						 
					 
					
						
						
							
							- Changed the behaviour of x509parse_parse_crt for permissive parsing. Now returns the number of 'failed certificates' instead of having a switch to enable it.  
						
						... 
						
						
						
						- As a consequence all error code that were positive were changed. A lot of MALLOC_FAILED and FILE_IO_ERROR error codes added for different modules.
 - Programs and tests were adapted accordingly 
						
						
					 
					
						2011-12-10 21:55:01 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							508ad5ab6d 
							
						 
					 
					
						
						
							
							- Moved all examples programs to use the new entropy and CTR_DRBG  
						
						
						
						
					 
					
						2011-12-04 17:09:26 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							6c0ceb3f9a 
							
						 
					 
					
						
						
							
							-  Added permissive certificate parsing to x509parse_crt() and x509parse_crtfile(). With permissive parsing the parsing does not stop on encountering a parse-error  
						
						
						
						
					 
					
						2011-12-04 12:24:18 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							a3d195c41f 
							
						 
					 
					
						
						
							
							- Changed the used random function pointer to more flexible format. Renamed havege_rand() to havege_random() to prevent mistakes. Lots of changes as a consequence in library code and programs  
						
						
						
						
					 
					
						2011-11-27 21:07:34 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							cce9d77745 
							
						 
					 
					
						
						
							
							- Lots of minimal changes to better support WINCE as a build target  
						
						
						
						
					 
					
						2011-11-18 14:26:47 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							436e4c59c3 
							
						 
					 
					
						
						
							
							- Removed redundant "ok" printing  
						
						
						
						
					 
					
						2011-11-11 10:28:24 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							7eb013face 
							
						 
					 
					
						
						
							
							- Added ssl_session_reset() to allow re-use of already set non-connection specific context information  
						
						
						
						
					 
					
						2011-10-06 12:37:39 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							5690efccc4 
							
						 
					 
					
						
						
							
							- Fixed a whole bunch of dependencies on defines between files, examples and tests  
						
						
						
						
					 
					
						2011-05-26 13:16:06 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							831a755d9e 
							
						 
					 
					
						
						
							
							- Changed behaviour of net_recv(), ssl_fetch_input() and ssl_read(). net_recv() now  returns 0 on EOF instead of POLARSSL_ERR_NET_CONN_RESET. ssl_fetch_input() returns POLARSSL_ERR_SSL_CONN_EOF on an EOF from its f_recv() function. ssl_read() returns 0 if a POLARSSL_ERR_SSL_CONN_EOF is received after the handshake.  
						
						... 
						
						
						
						- Network functions now return POLARSSL_ERR_NET_WANT_READ or POLARSSL_ERR_NET_WANT_WRITE instead of the ambiguous POLARSSL_ERR_NET_TRY_AGAIN 
						
						
					 
					
						2011-05-18 13:32:51 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							91b4159834 
							
						 
					 
					
						
						
							
							- Added missing rsa_init() statement  
						
						
						
						
					 
					
						2011-05-05 12:01:31 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							e3166ce040 
							
						 
					 
					
						
						
							
							- Renamed ciphers member of ssl_context and cipher member of ssl_session to ciphersuites and ciphersuite respectively. This clarifies the difference with the generic cipher layer and is better naming altogether  
						
						... 
						
						
						
						- Adapted in the rest of using code as well 
						
						
					 
					
						2011-01-27 17:40:50 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							eaca51d739 
							
						 
					 
					
						
						
							
							- Minor text/debug fixes for release  
						
						
						
						
					 
					
						2010-08-16 12:00:14 +00:00