aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
* Avoid unnecessary copies during TLS handshakeJack Lloyd2019-05-243-24/+28
|
* Merge GH #1971 Add error_type for database errorJack Lloyd2019-05-245-62/+81
|\
| * Add a DatabaseError type, set the sqlite return code in exceptionJack Lloyd2019-05-235-62/+81
| |
* | Ignore large DTLS ciphertextsJack Lloyd2019-05-231-2/+6
| |
* | Fix bugs when DTLS initial handshake messages are replayedJack Lloyd2019-05-233-0/+13
| |
* | Fix some issues with DTLS version intoleranceJack Lloyd2019-05-233-7/+21
| |
* | Verify contents of DTLS CCS messageJack Lloyd2019-05-231-0/+3
|/
* Merge GH #1968 Document TLS::StreamJack Lloyd2019-05-231-1/+1
|\
| * fix Stream::async_handshake documentationHannes Rantzsch2019-05-231-1/+1
| |
* | Clean up extension decodingJack Lloyd2019-05-222-27/+11
| | | | | | | | TLS_Reader handles the offset checks for us
* | Shorten callback nameJack Lloyd2019-05-222-3/+3
| |
* | Add BoGo tests and fix resumption caseJack Lloyd2019-05-222-5/+8
| |
* | Formatting and post-rebase fixesJack Lloyd2019-05-224-34/+40
| |
* | added status_request extension and cert chain to the stapling-reponse ↵Falko Strenzke2019-05-224-14/+56
| | | | | | | | generating callback's signature
* | implemented ocsp stapling (code not yet formatted properly)Falko Strenzke2019-05-224-2/+36
| |
* | Fix more BoGo testsJack Lloyd2019-05-221-0/+3
|/ | | | | Now all tests either pass or are known to fail for some reason. Disable -allow-unimplemented
* Merge GH #1962 Add getauxval replacement for older AndroidJack Lloyd2019-05-221-3/+26
|\
| * tweakDavid Carlier2019-05-221-2/+5
| |
| * Providing little getauxval implementation for Android<18David Carlier2019-05-211-3/+23
| | | | | | | | tested with armv7 and ndk 16.
* | Merge GH #1964 Add configure helpers for Boost, enable Boost on AppVeyorJack Lloyd2019-05-221-2/+1
|\ \
| * | add --boost-library-name configure optionRené Meusel2019-05-221-2/+1
| |/
* | Fix DTLS MTU splittingJack Lloyd2019-05-211-19/+5
| | | | | | | | We could/would send packets somewhat larger than MTU
* | Fix TLS CBC in DTLS when a bad packet is received.Jack Lloyd2019-05-213-11/+25
|/ | | | | | The Lucky13 countermeasure causes the mac state to become corrupted, due to the extra inputs. Then the next packet fails its mac check. This causes the Lucky13 countermeasure to go off again, ...
* Merge GH #1954 Add BoGo test shimJack Lloyd2019-05-2027-187/+469
|\
| * Fix various issues in TLS found using BoGoJack Lloyd2019-05-2027-187/+469
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - BoGo sends unparseable OCSP responses, so we have to accomodate for this by delaying decoding until verification and simply ignoring OCSP responses that we can't parse. - Check that there is no trailing garbage at the end of various messages. - Don't send empty SNI - Check the TLS record header versions (previously ignored) - For CBC 1/n-1 splitting split every record instead of just first. I think this is not a problem but it is what BoGo expects. - New Channel::application_protocol virtual (previously was implemented on both Client and Server but not shared). - Changes to resumption version handling. - Fix server version selection when newer versions are disabled. New policy hooks added in service of BoGo: - maximum_certificate_chain_size gives the maximum cert chain in bytes that we'll accept. - allow_resumption_for_renegotiation specifies if a renegotiation attempt can be simply (re-)resumed instead. - abort_handshake_on_undesired_renegotiation - previously we just ignored it with a warning alert. Now behavior is configurable. - request_client_certificate_authentication - require_client_certificate_authentication
* | Don't artificially limit very small RSA keys.Jack Lloyd2019-05-201-1/+6
|/ | | | | | | | | Keys smaller than 384 bits are trivially breakable, but that's true for 512 as well so no reason to draw the line there. Just do 5 bits since the smallest legal RSA key is 3*5 and that handles the integer overflow warning from Coverity which was the original reason for it. GH #1953
* OpenBSD MAP_CONCEAL new flag supportDavid Carlier2019-05-151-0/+4
|
* add some commentsTim Oesterreich2019-05-141-0/+4
|
* Apply suggestions from code reviewTim Oesterreich2019-05-141-3/+3
| | | Co-Authored-By: René Meusel <[email protected]>
* restructure a bit to avoid code duplications and make find_cert more ↵Tim Oesterreich2019-05-142-88/+93
| | | | efficient, fix CI
* search certificates by key_id first, if possibleTim Oesterreich2019-05-141-9/+20
|
* address some review commentsTim Oesterreich2019-05-142-11/+10
|
* fix docu, dont throw in find_crl_forTim Oesterreich2019-05-142-3/+4
|
* deduplicate certificates in find_all_certsTim Oesterreich2019-05-142-213/+221
|
* search certificates by full subject_dn instead of common name onlyTim Oesterreich2019-05-141-46/+51
|
* wrap windows handles into RAIITim Oesterreich2019-05-141-84/+121
|
* fix find_cert_by_pubkey_sha1Tim Oesterreich2019-05-142-87/+67
|
* add find_cert by key_id functionalityTim Oesterreich2019-05-141-27/+84
|
* add all_subjects() functionalityTim Oesterreich2019-05-141-16/+20
|
* add windows certstore find_cert and find_cert_by_pubkey_sha1 functionalityPatrik Fiedler2019-05-144-0/+233
| | | | Signed-off-by: Patrik Fiedler <[email protected]>
* Increase ASN1_Time maximum allowed year to 3100Jack Lloyd2019-05-131-1/+2
| | | | See #1931
* Fix decoding of RSA-OAEP certsJack Lloyd2019-05-091-5/+1
| | | | GH #1943
* Merge GH #1938 Fix X509_DN comparisonsJack Lloyd2019-05-095-13/+62
|\
| * Fix X509_DN comparisonJack Lloyd2019-05-085-13/+62
| | | | | | | | | | | | An issue in #1936 indicated that X509_DN operator< was not behaving correctly. Indeed, DNs could compare in such a way that DN1 < DN2 && DN2 < DN1. STL containers do not like this.
* | Fix some warnings with Clang 8Jack Lloyd2019-05-088-29/+19
|/ | | | | | Notably several from the new -Wdefaulted-function-deleted Also remove some compat macro checks for MSVC 2013
* Merge GH #1940 Fix Boost lib linking on WindowsJack Lloyd2019-05-081-1/+2
|\
| * append .lib suffix for boost on windowsTim Oesterreich2019-05-071-1/+2
| |
* | functionality to support multiple OUs, missing unit tests on more_dnsndotb2019-05-072-0/+12
|/
* use map of vectors instead of multimap in flatfile certstorTim Oesterreich2019-05-072-14/+13
|
* Merge GH #1929 Use raw strings for inline asm statementsJack Lloyd2019-05-042-72/+64
|\
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-28 13:56:58 +0000