c82ee3555f
Fix tests that were failing with record splitting
2015-01-07 16:39:10 +01:00
615e677c0b
Make renegotiation a compile-time option
2014-12-02 10:40:54 +01:00
85d915b81d
Add tests for renego security enforcement
2014-12-02 10:40:54 +01:00
d3b90f797d
Fix bug in ssl_client2 reconnect option
2014-11-27 17:44:46 +01:00
0975ad928d
Merge branch 'etm' into dtls
...
* etm:
Fix some more warnings in reduced configs
Fix typo causing MSVC errors
2014-11-17 15:07:17 +01:00
be6ce835a2
Fix typo causing MSVC errors
2014-11-17 14:29:36 +01:00
f9d778d635
Merge branch 'etm' into dtls
...
* etm:
Fix warning in reduced config
Update Changelog for EtM
Keep EtM state across renegotiations
Adjust minimum length for EtM
Don't send back EtM extension if not using CBC
Fix for the RFC erratum
Implement EtM
Preparation for EtM
Implement initial negotiation of EtM
Conflicts:
include/polarssl/check_config.h
2014-11-06 01:36:32 +01:00
56d985d0a6
Merge branch 'session-hash' into dtls
...
* session-hash:
Update Changelog for session-hash
Make session-hash depend on TLS versions
Forbid extended master secret with SSLv3
compat.sh: allow git version of gnutls
compat.sh: make options a bit more robust
Implement extended master secret
Add negotiation of Extended Master Secret
Conflicts:
include/polarssl/check_config.h
programs/ssl/ssl_server2.c
2014-11-06 01:25:09 +01:00
fedba98ede
Merge branch 'fb-scsv' into dtls
...
* fb-scsv:
Update Changelog for FALLBACK_SCSV
Implement FALLBACK_SCSV server-side
Implement FALLBACK_SCSV client-side
2014-11-05 16:12:09 +01:00
699cafaea2
Implement initial negotiation of EtM
...
Not implemented yet:
- actually using EtM
- conditions on renegotiation
2014-11-05 16:00:50 +01:00
1cbd39dbeb
Implement FALLBACK_SCSV client-side
2014-11-05 16:00:49 +01:00
367381fddd
Add negotiation of Extended Master Secret
...
(But not the actual thing yet.)
2014-11-05 16:00:49 +01:00
9b35f18f66
Add ssl_get_record_expansion()
2014-10-21 16:32:55 +02:00
e63582a166
Add dlts_client.c and dtls_server.c
2014-10-21 16:32:54 +02:00
dc6a75a952
ERR_NET_CONN_RESET can't happen with UDP
2014-10-21 16:32:54 +02:00
2d87e419e0
Adapt ssl_{client,server}2.c to datagram write
2014-10-21 16:32:53 +02:00
994f8b554f
Ok for close_notify to fail
2014-10-21 16:32:52 +02:00
85beb30b11
Add test for resumption with non-blocking I/O
2014-10-21 16:32:48 +02:00
f1e0df3ccd
Allow ssl_client2 to resend on read timeout
2014-10-21 16:32:46 +02:00
6b65141718
Implement ssl_read() timeout (DTLS only for now)
2014-10-21 16:32:46 +02:00
d823bd0a04
Add handshake_timeout option to test server/client
2014-10-21 16:32:44 +02:00
f03651217c
Adapt programs to use nbio with DTLS
2014-10-21 16:32:42 +02:00
484b8f9ed8
Fix bug in ssl_client2 reconnect option
2014-10-21 16:32:32 +02:00
a014829024
Use ssl_set_bio_timeout() in test client/server
2014-10-21 16:32:27 +02:00
ae5050c212
Start adapting ssl_client2 to datagram I/O
2014-10-21 16:30:11 +02:00
798f15a500
Fix version adjustments with force_ciphersuite
2014-10-21 16:30:10 +02:00
fe3f73bdeb
Allow force_version to select DTLS
2014-10-21 16:30:10 +02:00
8a06d9c5d6
Actually use UDP for DTLS in test client/server
2014-10-21 16:30:09 +02:00
f5a1312eaa
Add UDP support to the NET module
2014-10-21 16:30:09 +02:00
83218f1da1
Add dtls version aliases to test serv/cli
2014-10-21 16:30:05 +02:00
864a81fdc0
More ssl_set_XXX() functions can return BAD_INPUT
2014-10-21 16:30:04 +02:00
e29fd4beaf
Add a dtls option to test server and client
2014-10-21 16:30:03 +02:00
f138874811
Properly send close_notify in ssl_client2
2014-08-19 16:14:36 +02:00
a8c0a0dbd0
Add "exchanges" option to test server and client
...
Goal is to test renegotiation better: we need more than one exchange for
server-initiated renego to work reliably (the previous hack for this wouldn't
work with non-blocking I/O and probably not with DTLS either).
Also check message termination in a semi-realistic way.
2014-08-19 13:26:05 +02:00
e08660e612
Fix ssl_read() and close_notify error handling in programs
2014-08-19 10:34:37 +02:00
dcab293bd4
Get rid of SERVERQUIT code in ssl_{client,server}2
2014-08-14 18:33:00 +02:00
a317a98221
Adapt programs / test suites
2014-07-09 10:19:24 +02:00
c5fd391e04
Check return value of ssl_set_xxx() in programs
2014-07-08 14:20:26 +02:00
481fcfde93
Make PSK_LEN configurable and adjust PMS size
2014-07-04 14:59:08 +02:00
2a45d1c8bb
Merge changes to config examples and configuration issues
2014-06-25 11:27:00 +02:00
dea29c51fd
Extend request_size to small sizes in ssl_client2
2014-06-25 11:26:11 +02:00
8a4d571af8
Fix warnings in no-SSL configs
2014-06-24 14:19:59 +02:00
8de259b953
Minor code simplification in ssl programs
2014-06-11 18:35:33 +02:00
525f87559f
Cast alpn_list to void * to prevent MSVC compiler warnings
2014-05-01 10:59:27 +02:00
cef4ad2509
Adapt sources to configurable config.h name
2014-04-30 16:40:20 +02:00
c73079a78c
Add debug_set_threshold() and thresholding of messages
2014-04-25 16:58:16 +02:00
93c32b21b3
Allow ssl_client to pad request to SSL_MAX_CONTENT_LEN
2014-04-25 16:58:12 +02:00
1bd2281260
Add an alpn option to ssl_client2 and ssl_server2
2014-04-05 14:51:42 +02:00
6b0d268bc9
Add ssl_close_notify() to servers that missed it
2014-03-31 11:28:11 +02:00
00d538f8f9
Disable renegotiation by default in example cli/srv
2014-03-31 11:03:06 +02:00
