David Garske
6ac03d41ef
Merge pull request #4203 from SparkiDev/tls13_peek_fix_off
...
TLS 1.3: ability to turn peek change off
2021-08-16 15:25:58 -07:00
Hayden Roche
c6f0fb11d0
Merge pull request #4253 from julek-wolfssl/lighttpd-1.4.55
...
Implement `wolfSSL_set_client_CA_list` and add 'HIGH' cipher suite
2021-08-16 15:05:51 -05:00
Hayden Roche
bbb514fa6d
Add support for rsyslog.
...
- Add an --enable-rsyslog option to configure.ac.
- Add a few missing `WOLFSSL_ERROR` calls that were expected by rsyslog unit
tests.
- Add better documentation around `WOLFSSL_SHUTDOWN_NOT_DONE` and define it to
be 0 (rather than 2) when `WOLFSSL_ERROR_CODE_OPENSSL` is defined. This is in
accordance with OpenSSL documentation. Without this change, rsyslog was
failing to do the bidirectional shutdown properly because it was checking the
shutdown return value against 0. I'm keeping the old value when
`WOLFSSL_ERROR_CODE_OPENSSL` isn't defined because it's part of the public
wolfssl interface (it's in ssl.h).
2021-08-13 23:24:28 -07:00
Juliusz Sosinowicz
0f6e564093
Rebase fixes
2021-08-14 00:35:55 +02:00
Juliusz Sosinowicz
6a5f40d698
Code review fixes.
2021-08-14 00:25:00 +02:00
Juliusz Sosinowicz
72f1d0adac
Refactor client_CA API to use wolfSSL_sk_X509_NAME_* API
2021-08-14 00:24:24 +02:00
Juliusz Sosinowicz
62cab15c64
Reorganize wolfSSL_sk_X509_NAME_*
...
Make the `wolfSSL_sk_X509_NAME_*` API's available in OPENSSL_EXTRA for use with `client_CA_list` API's.
2021-08-14 00:24:24 +02:00
Juliusz Sosinowicz
d4391bd997
Parse distinguished names in DoCertificateRequest
...
The CA names sent by the server are now being parsed in `DoCertificateRequest` and are saved on a stack in `ssl->ca_names`.
2021-08-14 00:24:08 +02:00
Juliusz Sosinowicz
647e007eea
Implement wolfSSL_set_client_CA_list and add 'HIGH' cipher suite
2021-08-14 00:24:08 +02:00
Chris Conlon
ca06694bfb
Merge pull request #4282 from miyazakh/SSL_CIPHER_xx
...
Add SSL_CIPHER_get_xxx_nid support
2021-08-13 13:48:31 -06:00
Chris Conlon
5235b7d1e6
Merge pull request #4291 from miyazakh/PARAM_set1_ip
...
Add X509_VERIFY_PARAM_set1_ip support
2021-08-13 13:45:33 -06:00
Juliusz Sosinowicz
7dea1dcd39
OpenResty 1.13.6.2 and 1.19.3.1 support
...
# New or Updated APIs
- wolfSSL_get_tlsext_status_type
- wolfSSL_X509_chain_up_ref
- wolfSSL_get0_verified_chain
- SSL_CTX_set_cert_cb
- SSL_certs_clear
- SSL_add0_chain_cert ssl_cert_add0_chain_cert
- SSL_add1_chain_cert ssl_cert_add1_chain_cert
- sk_X509_NAME_new_null
- SSL_CTX_set_cert_cb
- SSL_set0_verify_cert_store
- SSL_set_client_CA_list
# Other Changes
- Ignore gdbinit
- Add api.c tests for new API
- Add `WOLFSSL_X509_STORE* x509_store_pt` to `WOLFSSL`
- Add macro to select the `WOLFSSL` specific store when available and the associated `WOLFSSL_CTX` store otherwise. Calls to `ssl->ctx->cm` and `ssl->ctx->x509_store*` were replaced by macros.
- NO-OP when setting existing store
- Add reference counter to `WOLFSSL_X509_STORE`
- Cleanup MD5 redundant declarations
- WOLFSSL_ERROR may map to nothing so make assignment outside of it
- refMutex fields are excluded with SINGLE_THREADED macro
- Chain cert refactor
- Make `wolfSSL_add0_chain_cert` and `wolfSSL_add1_chain_cert` not affect the context associated with the SSL object
- `wolfSSL_CTX_add1_chain_cert` now updates the `ctx->certChain` on success and stores the cert in `ctx->x509Chain` for later free'ing
2021-08-12 23:58:22 +02:00
David Garske
cccb8f940a
Merge pull request #4209 from julek-wolfssl/net-snmp
...
Add support for net-snmp
2021-08-12 13:06:21 -07:00
David Garske
93a1fe4580
Merge pull request #4205 from julek-wolfssl/wpas-include-extra-stuff
...
Include stuff needed for EAP in hostap
2021-08-12 11:17:23 -07:00
Chris Conlon
d4b0ec0705
Merge pull request #4290 from TakayukiMatsuo/general
...
Add wolfSSL_GENERAL_NAME_print
2021-08-12 09:51:28 -06:00
Juliusz Sosinowicz
e583d0ab76
SslSessionCacheOn -> SslSessionCacheOff
2021-08-12 13:52:25 +02:00
TakayukiMatsuo
517309724a
Add wolfSSL_GENERAL_NAME_print
2021-08-12 14:17:41 +09:00
Hideki Miyazaki
0b070166cb
addressed review comments
2021-08-12 10:44:07 +09:00
Hideki Miyazaki
4fa69c0a3a
addressed review comments
2021-08-12 07:41:24 +09:00
David Garske
9c3502bea9
Merge pull request #4285 from haydenroche5/alerts
...
During the handshake, make sure alerts are getting read on the client side in the event of an error.
2021-08-11 15:22:05 -07:00
elms
d39b91de27
Merge pull request #4266 from dgarske/hexchar
2021-08-11 10:56:53 -07:00
Juliusz Sosinowicz
dd4adacee8
Code review changes
2021-08-11 17:58:46 +02:00
elms
d487916557
Merge pull request #4279 from haydenroche5/pkcs12
...
Cleanups for PKCS8 and PKCS12 macros (always support parsing PKCS8 header)
2021-08-10 18:37:33 -07:00
David Garske
df10152b54
Refactor hex char to byte conversions.
2021-08-10 12:07:41 -07:00
David Garske
fdb6c8141e
Merge pull request #4274 from haydenroche5/pyopenssl
...
Add support for pyOpenSSL.
2021-08-10 11:49:07 -07:00
Hayden Roche
fdc350fb52
Add a macro guard WOLFSSL_CHECK_ALERT_ON_ERR that has the client check for
...
alerts in the event of an error during the handshake.
2021-08-10 09:43:12 -07:00
Hayden Roche
ef5510cbcc
During the handshake, make sure alerts are getting read on the client side in
...
the event of an error.
2021-08-09 14:26:53 -07:00
David Garske
0e4b200df1
Merge pull request #4267 from elms/key_overflow
...
tls13: avoid buffer overflow with size check
2021-08-09 09:19:46 -07:00
Hideki Miyazaki
5c55be72ec
fix jenkins failure part2
2021-08-09 10:00:35 +09:00
Hideki Miyazaki
cf9d5ea8b6
fix jenkins failure part2
2021-08-07 14:14:39 +09:00
Hideki Miyazaki
dbf0977ed0
fix fenkins failure
2021-08-07 11:42:03 +09:00
Hideki Miyazaki
a066c48f55
fix jenkins failure
2021-08-07 11:13:41 +09:00
Hideki Miyazaki
a851e13f1d
implemented X509_VERIFY_PARAM_set1_ip
2021-08-07 10:50:57 +09:00
David Garske
bd6b765b17
Merge pull request #4287 from ejohnstown/ac-upd
...
flags update
2021-08-06 16:22:15 -07:00
John Safranek
2c62880fd2
flags update
...
1. Fixed typo in ifdef for HAVE_ED448.
2. Fixed typos in comments in sha512.
3. Add include config.h to bio.c.
2021-08-06 11:28:20 -06:00
Hideki Miyazaki
67e773db91
implement SSL_CIPHER_xxxx
2021-08-05 09:42:55 +09:00
Elms
d8a54e1a32
tls13: avoid buffer overflow with size check
...
For cases where a private key that is larger than the configured
maximum is passed.
2021-08-04 17:14:25 -07:00
Hayden Roche
35a33b2f00
Add support for pyOpenSSL.
...
pyOpenSSL needs the OpenSSL function X509_EXTENSION_dup, so this commit adds
that to the compatibility layer. It also needs to be able to access the DER
encoding of the subject alt names in a cert, so that's added as well.
2021-08-04 14:08:43 -07:00
David Garske
45eddc68e2
Fix to always support parsing of the PKCS8 header. Improved macro logic for PKCS8 and PKCS12. Added --disable-pkcs8 option. Fix to enable PWDBASED and PKCS8 if PKCS12 is enabled.
2021-08-03 14:45:45 -07:00
Juliusz Sosinowicz
67ee3ddb0f
Set explicit conversion
2021-08-03 19:29:08 +02:00
Juliusz Sosinowicz
3b366d24f2
Rebase fixes
2021-08-03 19:29:08 +02:00
Juliusz Sosinowicz
51b6c413d3
For Windows API socklen_t = int
2021-08-03 19:29:08 +02:00
Juliusz Sosinowicz
2bbd04f10f
Implement BIO_new_accept and BIO_do_accept
2021-08-03 19:29:08 +02:00
Juliusz Sosinowicz
2cd499d2df
Refactor session cache on checking into function
2021-08-03 17:52:50 +02:00
Juliusz Sosinowicz
46b061c7bc
Include stuff needed for EAP in hostap
...
Patch that includes the API needed for EAP in hostapd and wpa_supplicant
2021-08-03 17:52:50 +02:00
Hayden Roche
dc7ae37f7a
Make changes to support port of NTP from OpenSSL to wolfSSL.
2021-08-02 13:33:18 -07:00
David Garske
9f6a963c60
Merge pull request #4262 from haydenroche5/libssh2
...
Add support for libssh2.
2021-08-02 11:29:54 -07:00
Hayden Roche
279b0facb5
Add support for libssh2.
2021-08-02 05:54:08 -07:00
John Safranek
6f2853ef28
Merge pull request #4251 from dgarske/openssl_all
...
Fixes for edge case builds with openssl all
2021-07-29 08:58:22 -07:00
David Garske
9df4312c4e
Merge pull request #3823 from per-allansson/checkaltname-fix
...
wolfSSL_X509_check_ip_asc/CheckForAltName fixes
2021-07-29 08:08:06 -07:00