David Garske
d75c2e2a91
Added new WOLFSSL_EXTRA define for expanded API's without openssl extra. Removed old GOAHEAD_WS, which had build errors and current project requires full openssl extra compatability. Fix unused arg build warnings for OCSP. The WOLFSSL_EXTRA adds: wolfSSL_CTX_set_quiet_shutdown, wolfSSL_set_quiet_shutdown, wolfSSL_set_accept_state and wolfSSL_set_connect_state.
2017-12-27 08:55:28 -08:00
Chris Conlon
2660ff0b93
Merge pull request #1251 from kojo1/openSSL-Compat-201711
...
openSSL compatibility 201711
2017-12-21 16:25:46 -07:00
Chris Conlon
e97f8b5a9c
fix scanbuild issues, internal.c and tfm.c
2017-12-20 12:18:49 -07:00
David Garske
4712376ce1
Fix for OCSP non-blocking with check all flag set.
2017-12-19 16:52:47 -08:00
toddouska
ddae61afbd
Merge pull request #1259 from dgarske/fix_ocsp_nonblock
...
Fixes for handling non-blocking OCSP
2017-12-18 16:43:24 -08:00
David Garske
5b003918ef
Fix for #ifdef issue causing some X509 functions to be unavailable when DH and ECC were disabled. Fix for HashAlgoToType not being available if building with DH and ECC disabled and RSA PSS enabled.
2017-12-18 11:10:12 -08:00
David Garske
de05c563b6
Fix to handle non-blocking OCSP when WOLFSSL_NONBLOCK_OCSP is defined and not using async. OCSP callback should return OCSP_WANT_READ. Added ability to simulate non-blocking OCSP using TEST_NONBLOCK_CERTS.
2017-12-08 03:12:33 +01:00
Sean Parkinson
4f97a49213
Fix placement of #endif
2017-12-08 09:13:53 +10:00
toddouska
ecb9e799a9
Merge pull request #1243 from dgarske/def_sec_reneg
...
Adds new define to enable secure-renegotiation by default
2017-11-29 14:40:23 -08:00
Takashi Kojo
05b9b39e06
free ctx->alpn_cli_protos
2017-11-24 06:27:36 +09:00
Takashi Kojo
5f025de0f8
pull ssl->protoMsgCb() from Part5
2017-11-24 05:49:41 +09:00
dgarske
8c15c65343
Merge pull request #1216 from abrahamsonn/windows-errors
...
Windows errors
2017-11-21 15:21:14 -08:00
David Garske
60a6da1c14
Adds new option to enable secure-renegotiation by default (used by IIS for client authentication). WOLFSSL_SECURE_RENEGOTIATION_ON_BY_DEFAULT.
2017-11-20 16:15:06 -08:00
Sean Parkinson
5ccf54dd1a
Handle reading record layer padding
2017-11-20 12:08:18 +10:00
toddouska
21e391fbce
Merge pull request #1235 from SparkiDev/tls13_draft21
...
Update code to support Draft 21 of TLS v1.3
2017-11-17 13:11:03 -08:00
abrahamsonn
6793a7bc4c
Voided 2 variables outside of their ifdef's
2017-11-16 14:54:54 -07:00
Sean Parkinson
cb8e284464
Update code to support Draft 21 of TLS v1.3
2017-11-15 16:40:48 +10:00
David Garske
fd455d5a5e
Fix for handling of static RSA PKCS formatting failures so they are indistinguishable from from correctly formatted RSA blocks (per RFC5246 section 7.4.7.1). Adjusted the static RSA preMasterSecret RNG creation for consistency in client case. Removed obsolete PMS_VERSION_ERROR.
2017-11-14 14:05:50 -08:00
abrahamsonn
f17470b42b
Added more of the requested changes & made an attempt to remove merge conflicts
2017-11-14 15:05:32 -07:00
David Garske
20f5c61675
Added debug message when signature/algorithm list is truncated.
2017-11-14 10:31:48 -08:00
David Garske
b08a99057c
Cleanup of hashSigAlgo handling in DoClientHello.
2017-11-13 15:02:13 -08:00
David Garske
2b5c4ffa7f
Enhancement to allow override of maximum sig/algos using new WOLFSSL_MAX_SIGALGO define (default is 32).
2017-11-13 14:35:15 -08:00
Moisés Guimarães
0dd2ba2d80
adds unsupported_extension behavior to SNI
2017-11-03 15:31:13 -03:00
JacobBarthelmeh
5e02100921
Merge pull request #1192 from dgarske/client_staticmem
...
Added static memory support to client example
2017-11-02 14:49:33 -06:00
dgarske
1d1e904acb
Merge pull request #942 from ghoso/dev201705
...
New openssl compatibility functions for: `BN_mod_inverse`, `PKCS5_PBKDF2_HMAC_SHA1` and
`SSL_set_tlsext_status_type`.
2017-11-02 10:47:14 -07:00
David Garske
4084255fd5
Improve SSL failure cleanup case where ssl->ctx isn't set yet.
2017-11-02 09:48:43 -07:00
David Garske
229cecfb61
Fix static memory failure case (insuficient mem) in InitSSL case where ssl->ctx isn't set yet and SSL_ResourceFree is called NULL dereferece happens.
2017-11-02 09:48:43 -07:00
David Garske
72f44aba87
Fix for X509 FreeAltNames with static memory enabled.
2017-11-02 09:48:43 -07:00
David Garske
6369794b6f
Fixes for static memory with -r session resumption option on client. Fix for possible failed InitSSL cleanup using NULL ssl->ctx for static memory.
2017-11-02 09:48:43 -07:00
Sean Parkinson
f4ae86dc1b
Fix TLS extension code
...
Don't respond with TLS v1.3 extensions if doing TLS v1.2 or lower.
Use calculated size in SendServerHello rather than fixed maximum.
2017-11-01 18:08:11 +10:00
Go Hosohara
9c9978ce9f
OpenSSL Compatibility functions on PR#942.
2017-11-01 13:00:47 +09:00
toddouska
264c481c71
Merge pull request #1191 from SparkiDev/tls13_no_ecc
...
Fix no ECC builds with TLS13 code.
2017-10-26 10:49:59 -07:00
toddouska
ee489b12ef
Merge pull request #1198 from dgarske/fix_build
...
Fix build errors with various configs.
2017-10-26 09:46:50 -07:00
David Garske
94e0b06b9f
Fix build errors with configs for no ASN and no PKI with PSK.
2017-10-26 07:34:41 -07:00
David Garske
b4d802d524
Fix cipher_name_idx to be const.
2017-10-25 16:57:53 -07:00
Sean Parkinson
323db1a95d
Fix no ECC builds with TLS13 code.
...
Fix tests so that having ECC disabled works as well.
Fix define protection for Draft 18 and HRR Cookie.
2017-10-24 09:11:24 -07:00
toddouska
c0105b3008
Merge pull request #1175 from dgarske/cleanup_inlines
...
Cleanup to consolidate the inline helpers
2017-10-24 08:15:12 -07:00
Moisés Guimarães
96667b47ee
ec point format TLS extension ( #1034 )
...
* adds client support to ec_point_format
* adds ec_point_format support for server side
* makes ec-point-format activation dependent on supported-curves activation
* removes recursive functions preserving the writing order
* renames EllipticCurves to SupportedCurves
2017-10-23 14:06:20 -07:00
David Garske
7f30397252
Remove execute bit on all code files.
2017-10-23 11:16:40 -07:00
David Garske
911b6f95f8
Release v3.12.2 (lib 14.0.0). Updated copywright.
2017-10-22 15:58:35 -07:00
David Garske
7f2e6e1d8a
Cleanup to consolidate the inline helpers like cto, ato and bto into misc.c. Relocate the word24 typedef into types.h.
2017-10-18 09:06:48 -07:00
toddouska
1377577af5
Merge pull request #1187 from dgarske/build_fixes
...
Build fixes for various TLS 1.3 disable options
2017-10-18 08:59:46 -07:00
David Garske
8659140494
Build fixes for various TLS 1.3 disable options (RSA, ECC and ED/Curve 25519).
2017-10-17 09:39:32 -07:00
Sean Parkinson
9e4e58fe8c
Disallow upgrading to TLS v1.3
...
Change SupportedVersions extension to only include TLS v1.3 if downgrade
is disabled.
Fix parsing of SupportedVersions extension
Don't upgrade
Only downgrade in SupportedVersions extension if option enabled
2017-10-17 08:52:12 +10:00
toddouska
6fd53d31c2
Merge pull request #1157 from dgarske/old-names
...
Refactor SSL_ and hashing types to use wolf specific prefix
2017-10-13 09:09:44 -07:00
toddouska
04106a0089
Merge pull request #1174 from dgarske/ocsp_cb_ctx
...
Improvement to `wolfSSL_SetOCSP_Cb` to allow context per WOLFSSL object
2017-10-12 10:02:49 -07:00
David Garske
6021c37ec7
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:10:43 -07:00
David Garske
6707be2b0e
Added new --disable-oldnames option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). Add --enable-opensslcoexist which makes sure oldnames is disabled. Refactor of SSL_ to WOLF_SSL_. Refactor of SHA, MD5, SHA224, SHA256, SHA512 and SHA384 to WC_ naming.
2017-10-11 09:10:42 -07:00
David Garske
4c8d228080
Added WOLFSSL_ALT_CERT_CHAINS option to enable checking cert aginst multiple CA's. Added new API's for wolfSSL_get_peer_alt_chain and wolfSSL_is_peer_alt_cert_chain, which allow a way to know if alternate cert chain is used and provides a way to get it (when SESSION_CERTS is defined). Cleanup of the defines to enable debugging certs (just use SHOW_CERTS now).
2017-10-10 08:55:35 -07:00
David Garske
280de41515
Improvement to wolfSSL_SetOCSP_Cb to set the context per WOLFSSL object (callback functions are same). Adding API unit tests next.
2017-10-06 12:18:21 -07:00