0dd2ba2d80
adds unsupported_extension behavior to SNI
2017-11-03 15:31:13 -03:00
5e02100921
Merge pull request #1192 from dgarske/client_staticmem
...
Added static memory support to client example
2017-11-02 14:49:33 -06:00
1d1e904acb
Merge pull request #942 from ghoso/dev201705
...
New openssl compatibility functions for: `BN_mod_inverse`, `PKCS5_PBKDF2_HMAC_SHA1` and
`SSL_set_tlsext_status_type`.
2017-11-02 10:47:14 -07:00
4084255fd5
Improve SSL failure cleanup case where ssl->ctx isn't set yet.
2017-11-02 09:48:43 -07:00
229cecfb61
Fix static memory failure case (insuficient mem) in InitSSL case where ssl->ctx isn't set yet and SSL_ResourceFree is called NULL dereferece happens.
2017-11-02 09:48:43 -07:00
72f44aba87
Fix for X509 FreeAltNames with static memory enabled.
2017-11-02 09:48:43 -07:00
6369794b6f
Fixes for static memory with -r session resumption option on client. Fix for possible failed InitSSL cleanup using NULL ssl->ctx for static memory.
2017-11-02 09:48:43 -07:00
a14ea92d78
Merge pull request #1204 from dgarske/ec_tests
...
Fixes and improvements for `EC_POINT_mul`
2017-11-02 08:50:34 -07:00
57853fa3e9
Merge pull request #1202 from dgarske/fix_nofs
...
Build fixes for building without filesystem
2017-11-01 10:14:22 -07:00
f91b2e19d7
Merge pull request #1205 from SparkiDev/tls_ext_fix
...
Fix TLS extension code
2017-11-01 10:10:10 -07:00
cc7a5fd490
Fix for bug in wolfSSL_EC_POINT_free not freeing the internal ECC point. Unit test fixup for test_wolfSSL_EVP_PKEY_new_mac_key with malloc and size 0. Cleanup the EC_POINT unit test to not set Gxy->inSet, since its already 0.
2017-11-01 09:44:19 -07:00
f4ae86dc1b
Fix TLS extension code
...
Don't respond with TLS v1.3 extensions if doing TLS v1.2 or lower.
Use calculated size in SendServerHello rather than fixed maximum.
2017-11-01 18:08:11 +10:00
9c9978ce9f
OpenSSL Compatibility functions on PR#942.
2017-11-01 13:00:47 +09:00
72a33136f5
Fix for EC_POINT_mul population of result. Add NULL arg checks for a few compatability functions. Added unit tests for compatability layer API's EC_POINT_ and EC_GROUP_ in test_wolfSSL_EC. Cleanup of the EC_POINT_dump.
2017-10-31 16:09:39 -07:00
5cf175c49b
adds check for server side sig-algo extension
2017-10-30 23:02:36 -03:00
fa01c41ea9
Build fixes for building without filesystem.
2017-10-30 15:25:47 -07:00
264c481c71
Merge pull request #1191 from SparkiDev/tls13_no_ecc
...
Fix no ECC builds with TLS13 code.
2017-10-26 10:49:59 -07:00
ee489b12ef
Merge pull request #1198 from dgarske/fix_build
...
Fix build errors with various configs.
2017-10-26 09:46:50 -07:00
94e0b06b9f
Fix build errors with configs for no ASN and no PKI with PSK.
2017-10-26 07:34:41 -07:00
b4d802d524
Fix cipher_name_idx to be const.
2017-10-25 16:57:53 -07:00
323db1a95d
Fix no ECC builds with TLS13 code.
...
Fix tests so that having ECC disabled works as well.
Fix define protection for Draft 18 and HRR Cookie.
2017-10-24 09:11:24 -07:00
c0105b3008
Merge pull request #1175 from dgarske/cleanup_inlines
...
Cleanup to consolidate the inline helpers
2017-10-24 08:15:12 -07:00
96667b47ee
ec point format TLS extension ( #1034 )
...
* adds client support to ec_point_format
* adds ec_point_format support for server side
* makes ec-point-format activation dependent on supported-curves activation
* removes recursive functions preserving the writing order
* renames EllipticCurves to SupportedCurves
2017-10-23 14:06:20 -07:00
7f30397252
Remove execute bit on all code files.
2017-10-23 11:16:40 -07:00
911b6f95f8
Release v3.12.2 (lib 14.0.0). Updated copywright.
2017-10-22 15:58:35 -07:00
e904a38092
Fix to not send OCSP stapling extensions in client_hello when not enabled. Fix for typo in WOLFSSL_SHUTDOWN_NOT_DONE.
2017-10-19 11:18:34 -07:00
c9558ee27b
Updated a few more old names. Added PR for new configs to Jenkins.
2017-10-18 10:38:27 -07:00
7f2e6e1d8a
Cleanup to consolidate the inline helpers like cto, ato and bto into misc.c. Relocate the word24 typedef into types.h.
2017-10-18 09:06:48 -07:00
1377577af5
Merge pull request #1187 from dgarske/build_fixes
...
Build fixes for various TLS 1.3 disable options
2017-10-18 08:59:46 -07:00
ccda176bfa
Merge pull request #1183 from SparkiDev/tls13_nu
...
Disallow upgrading to TLS v1.3
2017-10-18 08:53:00 -07:00
9920bdf097
Merge pull request #1103 from SparkiDev/sp_rsa
...
Single Precision maths for RSA, DH and ECC
2017-10-18 08:44:47 -07:00
3d7e86f08d
Added missing API's for disabling OCSP stapling. Added OCSP stapling enable/disable for WOLFSSL.
2017-10-17 13:52:05 -07:00
8659140494
Build fixes for various TLS 1.3 disable options (RSA, ECC and ED/Curve 25519).
2017-10-17 09:39:32 -07:00
9e4e58fe8c
Disallow upgrading to TLS v1.3
...
Change SupportedVersions extension to only include TLS v1.3 if downgrade
is disabled.
Fix parsing of SupportedVersions extension
Don't upgrade
Only downgrade in SupportedVersions extension if option enabled
2017-10-17 08:52:12 +10:00
90f8f67982
Single Precision maths for RSA (and DH)
...
Single Precision ECC implementation
2017-10-17 08:36:39 +10:00
819acd18a7
Merge pull request #1180 from SparkiDev/tls13_nd
...
Fixed DRAFT_18 define and fixed downgrading with TLS v1.3
2017-10-13 09:24:55 -07:00
b79b816276
Merge pull request #1168 from dgarske/ctx_get_cm
...
Add method to get WOLFSSL_CTX certificate manager
2017-10-13 09:13:54 -07:00
6fd53d31c2
Merge pull request #1157 from dgarske/old-names
...
Refactor SSL_ and hashing types to use wolf specific prefix
2017-10-13 09:09:44 -07:00
04106a0089
Merge pull request #1174 from dgarske/ocsp_cb_ctx
...
Improvement to `wolfSSL_SetOCSP_Cb` to allow context per WOLFSSL object
2017-10-12 10:02:49 -07:00
6021c37ec7
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:10:43 -07:00
6707be2b0e
Added new --disable-oldnames option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). Add --enable-opensslcoexist which makes sure oldnames is disabled. Refactor of SSL_ to WOLF_SSL_. Refactor of SHA, MD5, SHA224, SHA256, SHA512 and SHA384 to WC_ naming.
2017-10-11 09:10:42 -07:00
7dca25ea88
Fixed DRAFT_18 define and fixed downgrading with TLS v1.3
...
Changed the define in configure.ac to match the one used in the code.
Fixed downgrading to disallow unless ssl->options.downgrade is set.
TLS 1.3 client method does not have downgrade on anymore.
Test changed to not expect downgrading to work.
Test of TLS v1.3 client downgrade is actually upgrading on server.
Fixed 80 character line problems.
2017-10-11 12:17:28 +10:00
4c8d228080
Added WOLFSSL_ALT_CERT_CHAINS option to enable checking cert aginst multiple CA's. Added new API's for wolfSSL_get_peer_alt_chain and wolfSSL_is_peer_alt_cert_chain, which allow a way to know if alternate cert chain is used and provides a way to get it (when SESSION_CERTS is defined). Cleanup of the defines to enable debugging certs (just use SHOW_CERTS now).
2017-10-10 08:55:35 -07:00
280de41515
Improvement to wolfSSL_SetOCSP_Cb to set the context per WOLFSSL object (callback functions are same). Adding API unit tests next.
2017-10-06 12:18:21 -07:00
19ea4716f3
Add unit tests for wolfSSL_CTX_GetCertManager, wolfSSL_CTX_UnloadCAs, wolfSSL_CertManagerUnloadCAs and wolfSSL_CTX_get_cert_cache_memsize. Fixed comment typo PERSISTE_CERT_CACHE.
2017-10-03 10:00:20 -07:00
dcf61bd10e
Added new API wolfSSL_CTX_GetCertManager for getting the WOLFSSL_CTX certificate manager.
2017-10-03 08:46:15 -07:00
9bf14a152f
change return value for wolfSSL_ASN1_TIME_print
2017-09-29 10:28:10 -06:00
8cd0b7dfc7
fix for wolfSSL_ASN1_TIME_print function
2017-09-28 15:30:46 -06:00
09e92c518d
Merge pull request #1163 from cconlon/mysql_sha
...
Add returns to OpenSSL compatibility SHA functions
2017-09-28 13:12:14 -06:00
34ef7207f9
check hash function returns in wolfSSL_EVP_DigestInit
2017-09-28 11:19:51 -06:00
Moisés Guimarães
JacobBarthelmeh
dgarske
toddouska
Sean Parkinson
Go Hosohara
Moisés Guimarães
Chris Conlon