aboutsummaryrefslogtreecommitdiff
path: root/ssl/ssl_sess.c
AgeCommit message (Collapse)AuthorFilesLines
2015-01-22Fix source where indent will not be able to copeMatt Caswell1-1/+2
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-06Further comment amendments to preserve formatting prior to source reformatMatt Caswell1-1/+2
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-30mark all block comments that need format preserving so thatTim Hudson1-1/+1
indent will not alter them when reformatting comments Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-10SSL_set_session: check for NULL after allocating s->kssl_ctx->client_princJonas Maebe1-0/+5
Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-04Remove SSLv2 supportKurt Roeckx1-15/+5
The only support for SSLv2 left is receiving a SSLv2 compatible client hello. Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-10-28Tighten session ticket handlingEmilia Kasper1-1/+15
Tighten client-side session ticket handling during renegotiation: ensure that the client only accepts a session ticket if the server sends the extension anew in the ServerHello. Previously, a TLS client would reuse the old extension state and thus accept a session ticket if one was announced in the initial ServerHello. Reviewed-by: Bodo Moeller <bodo@openssl.org>
2013-09-06Add callbacks supporting generation and retrieval of supplemental data ↵Scott Deboy1-11/+0
entries, facilitating RFC 5878 (TLS auth extensions) Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API Tests exercising the new supplemental data registration and callback api can be found in ssltest.c. Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
2013-03-26Provisional DTLS 1.2 support.Dr. Stephen Henson1-0/+5
Add correct flags for DTLS 1.2, update s_server and s_client to handle DTLS 1.2 methods. Currently no support for version negotiation: i.e. if client/server selects DTLS 1.2 it is that or nothing.
2012-06-03Version skew reduction: trivia (I hope).Ben Laurie1-0/+2
2012-05-30RFC 5878 support.Ben Laurie1-0/+11
2012-03-28Initial revision of ECC extension handling.Dr. Stephen Henson1-26/+0
Tidy some code up. Don't allocate a structure to handle ECC extensions when it is used for default values. Make supported curves configurable. Add ctrls to retrieve shared curves: not fully integrated with rest of ECC code yet.
2011-12-22New ctrl values to clear or retrieve extra chain certs from an SSL_CTX.Dr. Stephen Henson1-10/+5
New function to retrieve compression method from SSL_SESSION structure. Delete SSL_SESSION_get_id_len and SSL_SESSION_get0_id functions as they duplicate functionality of SSL_SESSION_get_id. Note: these functions have never appeared in any release version of OpenSSL.
2011-09-05Fix session handling.Bodo Möller1-57/+78
2011-04-29Initial incomplete TLS v1.2 support. New ciphersuites added, new versionDr. Stephen Henson1-0/+5
checking added, SHA256 PRF support added. At present only RSA key exchange ciphersuites work with TLS v1.2 as the new signature format is not yet implemented.
2011-04-29Initial "opaque SSL" framework. If an application definesDr. Stephen Henson1-0/+29
OPENSSL_NO_SSL_INTERN all ssl related structures are opaque and internals cannot be directly accessed. Many applications will need some modification to support this and most likely some additional functions added to OpenSSL. The advantage of this option is that any application supporting it will still be binary compatible if SSL structures change.
2011-03-12Add SRP support.Ben Laurie1-0/+7
2010-02-01PR: 2160Dr. Stephen Henson1-1/+1
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Make session tickets work with DTLS.
2009-12-07Initial experimental TLSv1.1 supportDr. Stephen Henson1-0/+5
2009-04-20Updates from 1.0.0-stable branch.Dr. Stephen Henson1-0/+5
2008-11-15PR: 1574Dr. Stephen Henson1-0/+55
Submitted by: Jouni Malinen <j@w1.fi> Approved by: steve@openssl.org Ticket override support for EAP-FAST.
2008-09-03Fix from stable branch.Dr. Stephen Henson1-1/+1
2008-07-04Avoid warnings with -pedantic, specifically:Dr. Stephen Henson1-1/+1
Conversion between void * and function pointer. Value computed not used. Signed/unsigned argument.
2008-06-01Add client cert engine to SSL routines.Dr. Stephen Henson1-0/+22
2008-05-26LHASH revamp. make depend.Ben Laurie1-12/+13
2007-10-17Don't lookup zero length session ID.Dr. Stephen Henson1-1/+3
PR: 1591
2007-08-11RFC4507 (including RFC4507bis) TLS stateless session resumption supportDr. Stephen Henson1-6/+34
for OpenSSL.
2007-06-07Finish gcc 4.2 changes.Dr. Stephen Henson1-0/+1
2007-03-21stricter session ID context matchingBodo Möller1-21/+23
2007-02-10use user-supplied malloc functions for persistent kssl objectsNils Larsch1-1/+1
PR: 1467 Submitted by: Andrei Pelinescu-Onciul <andrei@iptel.org>
2006-11-30Win32 fixes from stable branch.Dr. Stephen Henson1-7/+7
2006-11-29replace macros with functionsNils Larsch1-0/+69
Submitted by: Tracy Camp <tracyx.e.camp@intel.com>
2006-03-30Implement Supported Elliptic Curves Extension.Bodo Möller1-0/+16
Submitted by: Douglas Stebila
2006-03-13udpate Supported Point Formats Extension codeBodo Möller1-0/+1
Submitted by: Douglas Stebila
2006-03-11Implement the Supported Point Formats Extension for ECC ciphersuitesBodo Möller1-0/+21
Submitted by: Douglas Stebila
2006-03-10add initial support for RFC 4279 PSK SSL ciphersuitesNils Larsch1-0/+36
PR: 1191 Submitted by: Mika Kousa and Pasi Eronen of Nokia Corporation Reviewed by: Nils Larsch
2006-01-09Further TLS extension updatesBodo Möller1-7/+11
Submitted by: Peter Sylvester
2006-01-06Fixes for TLS server_name extensionBodo Möller1-14/+20
Submitted by: Peter Sylvester
2006-01-03Various changes in the new TLS extension code, including the following:Bodo Möller1-2/+54
- fix indentation - rename some functions and macros - fix up confusion between SSL_ERROR_... and SSL_AD_... values
2006-01-02Support TLS extensions (specifically, HostName)Bodo Möller1-0/+7
Submitted by: Peter Sylvester
2005-12-30Rewrite timeout computation in a way that is less prone to overflow.Bodo Möller1-1/+1
(Problem reported by Peter Sylvester.)
2005-12-05Avoid warnings on VC++ 2005.Dr. Stephen Henson1-1/+1
2005-08-14Let the TLSv1_method() etc. functions return a const SSL_METHODNils Larsch1-1/+1
pointer and make the SSL_METHOD parameter in SSL_CTX_new, SSL_CTX_set_ssl_version and SSL_set_ssl_method const.
2005-04-29check return value of RAND_pseudo_bytes; backport from the stable branchNils Larsch1-1/+2
2005-04-26Add DTLS support.Ben Laurie1-0/+5
2005-03-30Constification.Ben Laurie1-5/+5
2003-12-27Avoid including cryptlib.h, it's not really needed.Richard Levitte1-1/+0
Check if IDEA is being built or not. This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-09-08These should be write-locks, not read-locks.Geoff Thorpe1-2/+2
2003-02-15Session cache implementations shouldn't have to access SSL_SESSIONGeoff Thorpe1-0/+7
elements directly, so this missing functionality is required. PR: 276
2002-11-28Cleanse memory using the new OPENSSL_cleanse() function.Richard Levitte1-4/+4
I've covered all the memset()s I felt safe modifying, but may have missed some.
2002-11-13Security fixes brought forward from 0.9.7.Ben Laurie1-3/+3
generated by cgit v1.1 at 2024-07-13 14:55:44 +0000