f41146fb17
Merge pull request #16 from jmue/fix/doubled_code
...
fix doubled code introduced with r231 - 97f9f969
2016-06-01 18:11:09 +08:00
9a9be633f2
Merge pull request #17 from jmue/fix/memset_usage
...
fix memset usage
2016-06-01 18:11:02 +08:00
a2311331f9
Update README.md
2016-06-01 17:41:09 +08:00
fe6e51a556
Merge pull request #15 from jmue/axtls-upgrade
...
axtls upgrade to svn r251 (1.5.3+)
2016-06-01 17:35:58 +08:00
07fe883157
fix doubled code introduced with r231 - 97f9f969
2016-05-21 21:26:39 +02:00
87163b23e0
fix memset usage
2016-05-21 21:13:48 +02:00
0c09e2c8a3
add be64toh
2016-05-13 23:45:46 +02:00
36e8b497ba
Merge branch upstream into axtls-upgrade
2016-05-13 23:40:49 +02:00
6209eaca16
Merge remote-tracking branch 'origin/master' into axtls-8266
2016-05-13 23:17:03 +02:00
c5c9c73e47
Merge branch 'master' into tail
...
Conflicts:
ssl/os_port.h
ssl/tls1.c
ssl/tls1.h
2016-05-13 23:12:21 +02:00
139914f312
Add option for blocking reads
2016-05-10 23:17:44 +08:00
cd6c04a809
Add hooks to feed watchdog during lengthy bigint operations
2016-05-10 23:00:33 +08:00
69c757f2a3
Allow plain buffer size increase during handshake
2016-04-19 09:30:50 +03:00
3fdea2885d
Fix Travis build
2016-04-19 08:41:06 +03:00
fe4518da8d
Make SNI host name an ssl_client_new argument
...
ssl_set_hostname was mostly useless, because it allowed setting host name of an existing SSL object. However SNI was sent as part of client_hello, which was done in ssl_client_new. So it wasn't possible to actually set host name before connection would start.
2016-04-19 08:23:15 +03:00
5b4be7d273
Reserve 16k fragment buffer only when it is actually required.
...
This change reduces memory pressure when server response size fits into 6k buffer allocated by default.
2016-03-02 15:34:15 +03:00
b33ef68e6a
Fix handshake status not being set if increase_bm_data_size fails
...
Also set warning level to -Wall
https://github.com/esp8266/Arduino/issues/1708
2016-03-02 15:17:47 +03:00
324c2fdade
Terminate connection if increase_bm_data_size fails
...
As suggested in https://github.com/igrr/axtls-8266/issues/2#issuecomment-188544798
2016-02-26 17:53:19 +03:00
96fbb39f21
Update README.md
2016-02-26 17:10:31 +03:00
c18bb56e61
Add travis CI
2016-02-26 16:59:10 +03:00
9eaeca3a03
Postpone freeing of X509 context to the first data exchange after handshake
...
X509 context contains certificate fingerprint and various names which may be used to verify the certificate.
Previously we would free it right after the handshake completion, which prevented the client from actually using any information from X509 context.
Postponing this to the first ssl_read/ssl_write call after the handshake, we give the client a chance to verify the certificate.
Also added logging to ssl_match_fingerprint function in case fingerprint doesn't match expected value.
2016-02-26 16:21:09 +03:00
28869ea94b
Use free followed by malloc instead of realloc when increasing raw buffer
...
At this point we don't need to preserve the data inside the buffer.
Using free followed by malloc reduces fragmentation for some heap implementations.
2016-02-26 16:09:47 +03:00
43a90bcf35
Merge pull request #8 from slaff/feature/lwipr-compat
...
Restructured the lwip raw compatability code.
2016-02-22 13:13:57 +03:00
66e1a5f423
Merge pull request #7 from slaff/feature/sni
...
Added SNI ( https://en.wikipedia.org/wiki/Server_Name_Indication ) su…
2016-02-22 12:24:41 +03:00
1154d0a985
Changed the code to reserve bytes for hostname only if needed.
2016-02-22 10:16:01 +01:00
63da8991c2
Added SNI ( https://en.wikipedia.org/wiki/Server_Name_Indication ) support.
2016-02-19 16:48:58 +01:00
7c38865f66
Restructured the lwip raw comat code.
...
Added replacements for the time functions on ESP8266.
2016-02-19 13:31:00 +01:00
885ff3e8f0
Merge pull request #6 from slaff/feature/lwip-raw
...
Initial support for LWIP raw tcp mode.
2016-02-01 14:56:08 +03:00
d78e7a0799
Initial version of axTLS integration with lwip raw tcp mode ( http://lwip.wikia.com/wiki/Raw/TCP ).
2016-02-01 12:05:09 +01:00
514b6685c5
Disable RC4
2015-12-09 23:39:26 +03:00
f98cae7b2f
Don't try to load certificate and private key if it is null
2015-12-04 18:44:40 +03:00
1551076816
Remove default private key and certificate ( #3 )
2015-12-04 17:08:04 +03:00
34ff4421d2
Get random bytes from hardware RNG
2015-12-02 23:49:49 +03:00
6830d98c7f
Pre-allocate encrypt/decrypt ctx to reduce memory fragmentation
2015-11-17 02:35:09 +03:00
10b41c811a
Increase plaintext buffer size after handshake is complete
2015-11-17 01:50:35 +03:00
d1bcdc5f97
Tag 64-bit constants with "LL" (make e.g. AVR32 gcc happy)
...
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@251 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
2015-10-01 15:58:22 +00:00
6f48f0d114
Store fingerprint as raw byte array
2015-09-18 12:38:27 +03:00
a069bc0eb6
Add function to match certificate fingerprint
2015-09-14 10:24:51 +03:00
ad9780684a
Calculate SHA-1 fingerprint when loading the certificate
2015-09-14 08:51:13 +03:00
6095fde37e
Allocation debugging, reduce SSL structure size.
2015-09-01 16:39:29 +03:00
6c91aa10fc
Create README.md
2015-08-31 09:22:23 +03:00
6030371051
Initial compilation fixes
2015-08-31 09:05:04 +03:00
3661c54000
Add makefile
2015-08-30 13:46:41 +03:00
4e0ccaf9b2
Import axTLS 1.4.9
2015-08-30 13:34:00 +03:00
a5f7ede493
* Fixed client certificate issue where there is no client certificate and a certificate verify msg was still being sent.
...
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@250 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
2015-07-28 02:44:52 +00:00
acf35f0ea7
* Added named unions in SHA256 code for compilers that don't support it.
...
* Some other porting suggestions from Chris Ghormley.
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@248 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
2015-04-30 06:06:09 +00:00
a88fd947b2
* Updated the release notes.
...
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@246 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
2015-03-10 04:41:32 +00:00
b0bd12beda
* Added SHA384 and SHA512 digests.
...
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@245 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
2015-03-10 03:08:16 +00:00
0d334d81c2
* PT_APP_PROTOCOL_DATA has a test for hs_status=SSL_OK to prevent possible exchanges before the handshake is complete.
...
* Changed license on sha256.c to full BSD.
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@244 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
2015-03-09 01:42:59 +00:00
67111693e6
* fixed issue where SSL mutex was not being picked up.
...
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@243 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
2014-11-26 19:50:20 +00:00
