Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							c70581c272 
							
						 
					 
					
						
						
							
							Add POLARSSL_DEPRECATED_{WARNING,REMOVED}  
						
						
						
						
					 
					
						2015-03-23 14:11:11 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							f427f8854a 
							
						 
					 
					
						
						
							
							Stop checking key-cert match systematically  
						
						
						
						
					 
					
						2015-03-10 15:35:29 +00:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							fe44643b0e 
							
						 
					 
					
						
						
							
							Rename website and repository  
						
						
						
						
					 
					
						2015-03-06 13:17:10 +00:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							f7db5e0a4a 
							
						 
					 
					
						
						
							
							Avoid possible dangling pointers  
						
						... 
						
						
						
						If the allocation fails, we don't really want ssl->in_ctr = 8 lying around. 
						
						
					 
					
						2015-02-18 10:32:41 +00:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							f45850c493 
							
						 
					 
					
						
						
							
							Fix the fix to ssl_set_psk()  
						
						... 
						
						
						
						- possible for the first malloc to fail and the second to succeed
- missing = NULL assignment 
						
						
					 
					
						2015-02-18 10:23:52 +00:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							ac08b543db 
							
						 
					 
					
						
						
							
							Merge remote-tracking branch 'rasp/mem-leak' into development  
						
						... 
						
						
						
						* rasp/mem-leak:
  Fix another potential memory leak found by find-mem-leak.cocci.
  Add a rule for another type of memory leak to find-mem-leak.cocci.
  Fix a potential memory leak found by find-mem-leak.cocci.
  Add a semantic patch to find potential memory leaks.
  Fix whitespace of 369e6c20.
  Apply the semantic patch rm-malloc-cast.cocci.
  Add a semantic patch to remove casts of malloc.
Conflicts:
	programs/ssl/ssl_server2.c 
						
						
					 
					
						2015-02-18 10:07:22 +00:00 
						 
				 
			
				
					
						
							
							
								Mansour Moufid 
							
						 
					 
					
						
						
						
						
							
						
						
							f81088bb80 
							
						 
					 
					
						
						
							
							Fix a potential memory leak found by find-mem-leak.cocci.  
						
						
						
						
					 
					
						2015-02-17 13:10:21 -05:00 
						 
				 
			
				
					
						
							
							
								Mansour Moufid 
							
						 
					 
					
						
						
						
						
							
						
						
							99b9259f76 
							
						 
					 
					
						
						
							
							Fix whitespace of 369e6c20.  
						
						
						
						
					 
					
						2015-02-16 10:43:52 +00:00 
						 
				 
			
				
					
						
							
							
								Mansour Moufid 
							
						 
					 
					
						
						
						
						
							
						
						
							c531b4af3c 
							
						 
					 
					
						
						
							
							Apply the semantic patch rm-malloc-cast.cocci.  
						
						... 
						
						
						
						for dir in library programs; do
        spatch --sp-file scripts/rm-malloc-cast.cocci --dir $dir \
        --in-place;
    done 
						
						
					 
					
						2015-02-16 10:43:52 +00:00 
						 
				 
			
				
					
						
							
							
								Mansour Moufid 
							
						 
					 
					
						
						
						
						
							
						
						
							bd1d44e251 
							
						 
					 
					
						
						
							
							Fix whitespace of 369e6c20.  
						
						
						
						
					 
					
						2015-02-15 17:51:07 -05:00 
						 
				 
			
				
					
						
							
							
								Mansour Moufid 
							
						 
					 
					
						
						
						
						
							
						
						
							369e6c20b3 
							
						 
					 
					
						
						
							
							Apply the semantic patch rm-malloc-cast.cocci.  
						
						... 
						
						
						
						for dir in library programs; do
        spatch --sp-file scripts/rm-malloc-cast.cocci --dir $dir \
        --in-place;
    done 
						
						
					 
					
						2015-02-15 17:49:11 -05:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							06d7519697 
							
						 
					 
					
						
						
							
							Fix msvc warning  
						
						
						
						
					 
					
						2015-02-11 14:54:11 +00:00 
						 
				 
			
				
					
						
							
							
								Rich Evans 
							
						 
					 
					
						
						
						
						
							
						
						
							00ab47026b 
							
						 
					 
					
						
						
							
							cleanup library and some basic tests. Includes, add guards to includes  
						
						
						
						
					 
					
						2015-02-10 11:28:46 +00:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							860b51642d 
							
						 
					 
					
						
						
							
							Fix url again  
						
						
						
						
					 
					
						2015-01-28 17:12:07 +00:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							e89163c0a8 
							
						 
					 
					
						
						
							
							Fix bug in ssl_get_verify_result()  
						
						
						
						
					 
					
						2015-01-28 15:28:30 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							085ab040aa 
							
						 
					 
					
						
						
							
							Fix website url to use https.  
						
						
						
						
					 
					
						2015-01-23 11:06:27 +00:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							9698f5852c 
							
						 
					 
					
						
						
							
							Remove maintainer line.  
						
						
						
						
					 
					
						2015-01-23 10:59:00 +00:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							19f6b5dfaa 
							
						 
					 
					
						
						
							
							Remove redundant "all rights reserved"  
						
						
						
						
					 
					
						2015-01-23 10:54:00 +00:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							a658a4051b 
							
						 
					 
					
						
						
							
							Update copyright  
						
						
						
						
					 
					
						2015-01-23 09:55:24 +00:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							967a2a5f8c 
							
						 
					 
					
						
						
							
							Change name to mbed TLS in the copyright notice  
						
						
						
						
					 
					
						2015-01-22 14:28:16 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							5b8f7eaa3e 
							
						 
					 
					
						
						
							
							Merge new security defaults for programs (RC4 disabled, SSL3 disabled)  
						
						
						
						
					 
					
						2015-01-14 16:26:54 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							c82b7e2003 
							
						 
					 
					
						
						
							
							Merge option to disable truncated hmac on the server-side  
						
						
						
						
					 
					
						2015-01-14 16:16:55 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							a852cf4833 
							
						 
					 
					
						
						
							
							Fix issue with non-blocking I/O & record splitting  
						
						
						
						
					 
					
						2015-01-13 20:56:15 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							d5746b36f9 
							
						 
					 
					
						
						
							
							Fix warning  
						
						
						
						
					 
					
						2015-01-13 20:33:24 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							f3561154ff 
							
						 
					 
					
						
						
							
							Merge support for 1/n-1 record splitting  
						
						
						
						
					 
					
						2015-01-13 16:31:34 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							f6080b8557 
							
						 
					 
					
						
						
							
							Merge support for enabling / disabling renegotiation support at compile-time  
						
						
						
						
					 
					
						2015-01-13 16:18:23 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							d7e2483bfc 
							
						 
					 
					
						
						
							
							Merge miscellaneous fixes into development  
						
						
						
						
					 
					
						2015-01-13 16:04:38 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							bd47a58221 
							
						 
					 
					
						
						
							
							Add ssl_set_arc4_support()  
						
						... 
						
						
						
						Rationale: if people want to disable RC4 but otherwise keep the default suite
list, it was cumbersome. Also, since it uses a global array,
ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like
the best place, even if it means temporarily adding one SSL setting. 
						
						
					 
					
						2015-01-13 13:03:06 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							352143fa1e 
							
						 
					 
					
						
						
							
							Refactor for clearer correctness/security  
						
						
						
						
					 
					
						2015-01-13 12:02:55 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							e117a8fc0d 
							
						 
					 
					
						
						
							
							Make truncated hmac a runtime option server-side  
						
						... 
						
						
						
						Reading the documentation of ssl_set_truncated_hmac() may give the impression
I changed the default for clients but I didn't, the old documentation was
wrong. 
						
						
					 
					
						2015-01-09 12:52:20 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							cfa477ef2f 
							
						 
					 
					
						
						
							
							Allow disabling record splitting at runtime  
						
						
						
						
					 
					
						2015-01-07 14:56:54 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							d76314c44c 
							
						 
					 
					
						
						
							
							Add 1/n-1 record splitting  
						
						
						
						
					 
					
						2015-01-07 14:56:54 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							837f0fe831 
							
						 
					 
					
						
						
							
							Make renego period configurable  
						
						
						
						
					 
					
						2014-12-02 10:40:55 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							b445805283 
							
						 
					 
					
						
						
							
							Auto-renegotiate before sequence number wrapping  
						
						
						
						
					 
					
						2014-12-02 10:40:55 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							6186019d5d 
							
						 
					 
					
						
						
							
							Save 48 bytes if SSLv3 is not defined  
						
						
						
						
					 
					
						2014-12-02 10:40:54 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							615e677c0b 
							
						 
					 
					
						
						
							
							Make renegotiation a compile-time option  
						
						
						
						
					 
					
						2014-12-02 10:40:54 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							60346be2a3 
							
						 
					 
					
						
						
							
							Improve debugging message.  
						
						... 
						
						
						
						This actually prints only the payload, not the potential IV and/or MAC,
so (to me at least) it's much less confusing 
						
						
					 
					
						2014-11-27 17:44:46 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							2457fa0915 
							
						 
					 
					
						
						
							
							Create ticket keys only if enabled  
						
						
						
						
					 
					
						2014-11-27 17:44:45 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							d16d1cb96a 
							
						 
					 
					
						
						
							
							Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c  
						
						
						
						
					 
					
						2014-11-27 17:44:45 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							8e4b3374d7 
							
						 
					 
					
						
						
							
							Fix some more warnings in reduced configs  
						
						
						
						
					 
					
						2014-11-17 15:06:13 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							e5b0fc1847 
							
						 
					 
					
						
						
							
							Make malloc-init script a bit happier  
						
						
						
						
					 
					
						2014-11-13 12:42:12 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							27e3edbe2c 
							
						 
					 
					
						
						
							
							Check key/cert pair in ssl_set_own_cert()  
						
						
						
						
					 
					
						2014-11-06 18:25:51 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							d056ce0e3e 
							
						 
					 
					
						
						
							
							Use seq_num as AEAD nonce by default  
						
						
						
						
					 
					
						2014-11-06 18:23:49 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							9d7821d774 
							
						 
					 
					
						
						
							
							Fix warning in reduced config  
						
						
						
						
					 
					
						2014-11-06 01:19:52 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							1a03473576 
							
						 
					 
					
						
						
							
							Keep EtM state across renegotiations  
						
						
						
						
					 
					
						2014-11-05 16:00:50 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							169dd6a514 
							
						 
					 
					
						
						
							
							Adjust minimum length for EtM  
						
						
						
						
					 
					
						2014-11-05 16:00:50 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							08558e5b46 
							
						 
					 
					
						
						
							
							Fix for the RFC erratum  
						
						
						
						
					 
					
						2014-11-05 16:00:50 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							313d796e80 
							
						 
					 
					
						
						
							
							Implement EtM  
						
						
						
						
					 
					
						2014-11-05 16:00:50 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							0098e7dc70 
							
						 
					 
					
						
						
							
							Preparation for EtM  
						
						
						
						
					 
					
						2014-11-05 16:00:50 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							699cafaea2 
							
						 
					 
					
						
						
							
							Implement initial negotiation of EtM  
						
						... 
						
						
						
						Not implemented yet:
- actually using EtM
- conditions on renegotiation 
						
						
					 
					
						2014-11-05 16:00:50 +01:00