Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							e117a8fc0d 
							
						 
					 
					
						
						
							
							Make truncated hmac a runtime option server-side  
						
						... 
						
						
						
						Reading the documentation of ssl_set_truncated_hmac() may give the impression
I changed the default for clients but I didn't, the old documentation was
wrong. 
						
						
					 
					
						2015-01-09 12:52:20 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							590f416142 
							
						 
					 
					
						
						
							
							Add tests for periodic renegotiation  
						
						
						
						
					 
					
						2014-12-02 10:40:55 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							615e677c0b 
							
						 
					 
					
						
						
							
							Make renegotiation a compile-time option  
						
						
						
						
					 
					
						2014-12-02 10:40:54 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							85d915b81d 
							
						 
					 
					
						
						
							
							Add tests for renego security enforcement  
						
						
						
						
					 
					
						2014-12-02 10:40:54 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							f29e5de09d 
							
						 
					 
					
						
						
							
							Cosmetics in ssl_server2  
						
						
						
						
					 
					
						2014-11-27 17:44:46 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							3a3066c3ee 
							
						 
					 
					
						
						
							
							ssl_server2 now exits on signal during a read too  
						
						
						
						
					 
					
						2014-11-17 12:50:34 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							403a86f73d 
							
						 
					 
					
						
						
							
							ssl_server2: exit cleanly on SIGINT too  
						
						
						
						
					 
					
						2014-11-17 12:46:49 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							f9d778d635 
							
						 
					 
					
						
						
							
							Merge branch 'etm' into dtls  
						
						... 
						
						
						
						* etm:
  Fix warning in reduced config
  Update Changelog for EtM
  Keep EtM state across renegotiations
  Adjust minimum length for EtM
  Don't send back EtM extension if not using CBC
  Fix for the RFC erratum
  Implement EtM
  Preparation for EtM
  Implement initial negotiation of EtM
Conflicts:
	include/polarssl/check_config.h 
						
						
					 
					
						2014-11-06 01:36:32 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							56d985d0a6 
							
						 
					 
					
						
						
							
							Merge branch 'session-hash' into dtls  
						
						... 
						
						
						
						* session-hash:
  Update Changelog for session-hash
  Make session-hash depend on TLS versions
  Forbid extended master secret with SSLv3
  compat.sh: allow git version of gnutls
  compat.sh: make options a bit more robust
  Implement extended master secret
  Add negotiation of Extended Master Secret
Conflicts:
	include/polarssl/check_config.h
	programs/ssl/ssl_server2.c 
						
						
					 
					
						2014-11-06 01:25:09 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							699cafaea2 
							
						 
					 
					
						
						
							
							Implement initial negotiation of EtM  
						
						... 
						
						
						
						Not implemented yet:
- actually using EtM
- conditions on renegotiation 
						
						
					 
					
						2014-11-05 16:00:50 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							367381fddd 
							
						 
					 
					
						
						
							
							Add negotiation of Extended Master Secret  
						
						... 
						
						
						
						(But not the actual thing yet.) 
						
						
					 
					
						2014-11-05 16:00:49 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							a6ace04c5c 
							
						 
					 
					
						
						
							
							Test for lost HelloRequest  
						
						
						
						
					 
					
						2014-10-21 16:32:57 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							e698f59a25 
							
						 
					 
					
						
						
							
							Add tests for ssl_set_dtls_badmac_limit()  
						
						
						
						
					 
					
						2014-10-21 16:32:56 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							9b35f18f66 
							
						 
					 
					
						
						
							
							Add ssl_get_record_expansion()  
						
						
						
						
					 
					
						2014-10-21 16:32:55 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							e63582a166 
							
						 
					 
					
						
						
							
							Add dlts_client.c and dtls_server.c  
						
						
						
						
					 
					
						2014-10-21 16:32:54 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							dc6a75a952 
							
						 
					 
					
						
						
							
							ERR_NET_CONN_RESET can't happen with UDP  
						
						
						
						
					 
					
						2014-10-21 16:32:54 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							caecdaed25 
							
						 
					 
					
						
						
							
							Cosmetics in ssl_server2 & complete tests for HVR  
						
						
						
						
					 
					
						2014-10-21 16:32:54 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							2d87e419e0 
							
						 
					 
					
						
						
							
							Adapt ssl_{client,server}2.c to datagram write  
						
						
						
						
					 
					
						2014-10-21 16:32:53 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							994f8b554f 
							
						 
					 
					
						
						
							
							Ok for close_notify to fail  
						
						
						
						
					 
					
						2014-10-21 16:32:52 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							a9d7d03e30 
							
						 
					 
					
						
						
							
							SIGTERM also interrupts server2 during net_read()  
						
						
						
						
					 
					
						2014-10-21 16:32:50 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							6a2bc23f63 
							
						 
					 
					
						
						
							
							Allow exchanges=0 in ssl_server2  
						
						... 
						
						
						
						Useful for testing with defensics with no data exchange 
						
						
					 
					
						2014-10-21 16:32:50 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							cce220d6aa 
							
						 
					 
					
						
						
							
							Adapt ssl_server2 to datagram-style read  
						
						
						
						
					 
					
						2014-10-21 16:32:49 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							6b65141718 
							
						 
					 
					
						
						
							
							Implement ssl_read() timeout (DTLS only for now)  
						
						
						
						
					 
					
						2014-10-21 16:32:46 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							d823bd0a04 
							
						 
					 
					
						
						
							
							Add handshake_timeout option to test server/client  
						
						
						
						
					 
					
						2014-10-21 16:32:44 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							f03651217c 
							
						 
					 
					
						
						
							
							Adapt programs to use nbio with DTLS  
						
						
						
						
					 
					
						2014-10-21 16:32:42 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							bd97fdb3a4 
							
						 
					 
					
						
						
							
							Make ssl_server2's HVR handling more realistic  
						
						... 
						
						
						
						It makes not sense to keep the connection open until the client is verified.
Until now it was useful since closing it crates a race where the second
ClientHello might be lost. But now that our client is able to resend, that's
not an issue any more. 
						
						
					 
					
						2014-10-21 16:32:40 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							2739313cea 
							
						 
					 
					
						
						
							
							Make anti-replay a runtime option  
						
						
						
						
					 
					
						2014-10-21 16:32:35 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							b6440a496b 
							
						 
					 
					
						
						
							
							ssl_server2 now dies on SIGTERM during a read  
						
						
						
						
					 
					
						2014-10-21 16:32:29 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							a014829024 
							
						 
					 
					
						
						
							
							Use ssl_set_bio_timeout() in test client/server  
						
						
						
						
					 
					
						2014-10-21 16:32:27 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							4ba6ab6d0d 
							
						 
					 
					
						
						
							
							Fix glitch with HelloVerifyRequest  
						
						... 
						
						
						
						With the close-rebind strategy, sometimes the second ClientHello was lost (if
received before close), and since our client doesn't resend yet, the tests
would fail (no problem with other client that resend). Anyway, it's not really
clean to lose messages. 
						
						
					 
					
						2014-10-21 16:30:20 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							26820e3061 
							
						 
					 
					
						
						
							
							Add option 'cookies' to ssl_server2  
						
						
						
						
					 
					
						2014-10-21 16:30:18 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							a64acd4f84 
							
						 
					 
					
						
						
							
							Add separate SSL_COOKIE_C define  
						
						
						
						
					 
					
						2014-10-21 16:30:18 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							232edd46be 
							
						 
					 
					
						
						
							
							Move cookie callbacks implementation to own module  
						
						
						
						
					 
					
						2014-10-21 16:30:17 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							d485d194f9 
							
						 
					 
					
						
						
							
							Move to a callback interface for DTLS cookies  
						
						
						
						
					 
					
						2014-10-21 16:30:17 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							82202f0a9c 
							
						 
					 
					
						
						
							
							Make DTLS_HELLO_VERIFY a compile option  
						
						
						
						
					 
					
						2014-10-21 16:30:16 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							98545f128a 
							
						 
					 
					
						
						
							
							Generate random key for HelloVerifyRequest  
						
						
						
						
					 
					
						2014-10-21 16:30:16 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							336b824f07 
							
						 
					 
					
						
						
							
							Use ssl_set_client_transport_id() in ssl_server2  
						
						
						
						
					 
					
						2014-10-21 16:30:15 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							798f15a500 
							
						 
					 
					
						
						
							
							Fix version adjustments with force_ciphersuite  
						
						
						
						
					 
					
						2014-10-21 16:30:10 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							fe3f73bdeb 
							
						 
					 
					
						
						
							
							Allow force_version to select DTLS  
						
						
						
						
					 
					
						2014-10-21 16:30:10 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							8a06d9c5d6 
							
						 
					 
					
						
						
							
							Actually use UDP for DTLS in test client/server  
						
						
						
						
					 
					
						2014-10-21 16:30:09 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							f5a1312eaa 
							
						 
					 
					
						
						
							
							Add UDP support to the NET module  
						
						
						
						
					 
					
						2014-10-21 16:30:09 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							83218f1da1 
							
						 
					 
					
						
						
							
							Add dtls version aliases to test serv/cli  
						
						
						
						
					 
					
						2014-10-21 16:30:05 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							864a81fdc0 
							
						 
					 
					
						
						
							
							More ssl_set_XXX() functions can return BAD_INPUT  
						
						
						
						
					 
					
						2014-10-21 16:30:04 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							e29fd4beaf 
							
						 
					 
					
						
						
							
							Add a dtls option to test server and client  
						
						
						
						
					 
					
						2014-10-21 16:30:03 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							a8c0a0dbd0 
							
						 
					 
					
						
						
							
							Add "exchanges" option to test server and client  
						
						... 
						
						
						
						Goal is to test renegotiation better: we need more than one exchange for
server-initiated renego to work reliably (the previous hack for this wouldn't
work with non-blocking I/O and probably not with DTLS either).
Also check message termination in a semi-realistic way. 
						
						
					 
					
						2014-08-19 13:26:05 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							296e3b1174 
							
						 
					 
					
						
						
							
							Request renego before write in ssl_server2  
						
						... 
						
						
						
						Will be useful for:
- detecting termination of messages by other means than connection close
- DTLS (can be seen as a special case of the above: datagram-oriented) 
						
						
					 
					
						2014-08-19 12:59:03 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							e08660e612 
							
						 
					 
					
						
						
							
							Fix ssl_read() and close_notify error handling in programs  
						
						
						
						
					 
					
						2014-08-19 10:34:37 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							67686c42e6 
							
						 
					 
					
						
						
							
							Fix undocumented option in ssl_server2  
						
						
						
						
					 
					
						2014-08-19 10:34:37 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							250b1ca6f3 
							
						 
					 
					
						
						
							
							Fix ssl_server2 exiting on recoverable errors  
						
						
						
						
					 
					
						2014-08-19 10:34:37 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							bc3e54c70d 
							
						 
					 
					
						
						
							
							Fix overly rigorous defines in ssl_server2.c  
						
						
						
						
					 
					
						2014-08-18 14:36:17 +02:00