From ada6d5e41bf92324d479091746cc43a50d6b8e60 Mon Sep 17 00:00:00 2001 From: cameronrich Date: Thu, 30 Nov 2006 05:25:19 +0000 Subject: [PATCH] some small tidy up work git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@44 9a5d90b5-6617-0410-8a86-bb477d3ed2e3 --- README | 9 +++++++++ bindings/csharp/axTLS.cs | 3 +++ bindings/java/SSLCTX.java | 2 ++ docsrc/doco_footer.html | 2 +- ssl/ssl.h | 2 +- ssl/tls1.c | 2 +- 6 files changed, 17 insertions(+), 3 deletions(-) diff --git a/README b/README index 1ca202009..2e4d492bb 100644 --- a/README +++ b/README @@ -111,6 +111,15 @@ ActiveState's version works ok). # Known Issues ######################################################################## +* Firefox doesn't handle legacy SSLv2 at all well. Disabling SSLv2 still + initiates a SSLv23 handshake (v1.5). And continuous pressing of the + "Reload" page instigates a change to SSLv3 for some reason (even though the + TLS 1.0 option is selected). This will cause a "Firefox and cannot + communicate securely because they have no common encryption + algorithms" (v1.5), or "Firefox can't connect to because the site + uses a security protocol which isn't enabled" (v2.0). See bugzilla issues + 343543 and 359484 (Comment #7). It's all broken (hopefully fixed soon). + * Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile the latest version of Perl on an AMD64 box (using FC3). diff --git a/bindings/csharp/axTLS.cs b/bindings/csharp/axTLS.cs index 5239cd688..78734e436 100644 --- a/bindings/csharp/axTLS.cs +++ b/bindings/csharp/axTLS.cs @@ -340,6 +340,9 @@ namespace axTLS * * For a client this involves sending another "client hello" message. * For the server is means sending a "hello request" message. + * + * This is a blocking call on the client (until the handshake + * completes). * @param ssl [in] An SSL object reference. * @return SSL_OK if renegotiation instantiation was ok */ diff --git a/bindings/java/SSLCTX.java b/bindings/java/SSLCTX.java index 34bd9e48c..2823511b1 100644 --- a/bindings/java/SSLCTX.java +++ b/bindings/java/SSLCTX.java @@ -168,6 +168,8 @@ public class SSLCTX * * For a client this involves sending another "client hello" message. * For the server is means sending a "hello request" message. + * + * This is a blocking call on the client (until the handshake completes). * @param ssl [in] An SSL object reference. * @return SSL_OK if renegotiation instantiation was ok */ diff --git a/docsrc/doco_footer.html b/docsrc/doco_footer.html index 84c2b81e5..e16051cba 100644 --- a/docsrc/doco_footer.html +++ b/docsrc/doco_footer.html @@ -1,3 +1,3 @@

-Copyright © 2006 +Copyright © 2006 Cameron Rich diff --git a/ssl/ssl.h b/ssl/ssl.h index 6c939c1f2..b9dbb8320 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -300,7 +300,7 @@ EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(SSL *ssl); EXP_FUNC int STDCALL ssl_handshake_status(SSL *ssl); /** - * @brief Retrieve various parameters about the TLS engine. + * @brief Retrieve various parameters about the axTLS engine. * @param offset [in] The configuration offset. It will be one of the following: * - SSL_BUILD_MODE The build mode. This will be one of the following: * - SSL_BUILD_SERVER_ONLY (basic server mode) diff --git a/ssl/tls1.c b/ssl/tls1.c index 4aa6cbfa9..7e76e5a75 100644 --- a/ssl/tls1.c +++ b/ssl/tls1.c @@ -1150,7 +1150,7 @@ int basic_read(SSL *ssl, uint8_t **in_data) if (IS_SET_SSL_FLAG(SSL_NEED_RECORD)) { - /* check for sslv2 "client hello" TODO: this shouldn't be here. */ + /* check for sslv2 "client hello" */ if (buf[0] & 0x80 && buf[2] == 1 && buf[3] == 0x03) { #ifdef CONFIG_SSL_ENABLE_V23_HANDSHAKE