Paul Bakker 
							
						 
					 
					
						
						
							
						
						c82b7e2003 
					 
					
						
						
							
							Merge option to disable truncated hmac on the server-side  
						
						
						
						
					 
					
						2015-01-14 16:16:55 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						a92ed4845c 
					 
					
						
						
							
							Fix stupid error in previous commit  
						
						... 
						
						
						
						Since ret is no longer update by close_notify(), we need to reset it to 0
after a successful write. 
						
						
					 
					
						2015-01-14 10:46:53 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						687f89beab 
					 
					
						
						
							
							Don't check errors on ssl_close_notify()  
						
						... 
						
						
						
						Depending on timing we might get different errors (conn_reset, write failed)
and ignoring them all ends up being almost the same as just not checking
errors. 
						
						
					 
					
						2015-01-13 21:48:12 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						b2eaac154b 
					 
					
						
						
							
							Stop assuming chars are signed  
						
						
						
						
					 
					
						2015-01-13 17:15:31 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						f6080b8557 
					 
					
						
						
							
							Merge support for enabling / disabling renegotiation support at compile-time  
						
						
						
						
					 
					
						2015-01-13 16:18:23 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						d7e2483bfc 
					 
					
						
						
							
							Merge miscellaneous fixes into development  
						
						
						
						
					 
					
						2015-01-13 16:04:38 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						bd47a58221 
					 
					
						
						
							
							Add ssl_set_arc4_support()  
						
						... 
						
						
						
						Rationale: if people want to disable RC4 but otherwise keep the default suite
list, it was cumbersome. Also, since it uses a global array,
ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like
the best place, even if it means temporarily adding one SSL setting. 
						
						
					 
					
						2015-01-13 13:03:06 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						448ea506bf 
					 
					
						
						
							
							Set min version to TLS 1.0 in programs  
						
						
						
						
					 
					
						2015-01-12 12:32:04 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						e117a8fc0d 
					 
					
						
						
							
							Make truncated hmac a runtime option server-side  
						
						... 
						
						
						
						Reading the documentation of ssl_set_truncated_hmac() may give the impression
I changed the default for clients but I didn't, the old documentation was
wrong. 
						
						
					 
					
						2015-01-09 12:52:20 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						590f416142 
					 
					
						
						
							
							Add tests for periodic renegotiation  
						
						
						
						
					 
					
						2014-12-02 10:40:55 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						615e677c0b 
					 
					
						
						
							
							Make renegotiation a compile-time option  
						
						
						
						
					 
					
						2014-12-02 10:40:54 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						85d915b81d 
					 
					
						
						
							
							Add tests for renego security enforcement  
						
						
						
						
					 
					
						2014-12-02 10:40:54 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						f29e5de09d 
					 
					
						
						
							
							Cosmetics in ssl_server2  
						
						
						
						
					 
					
						2014-11-27 17:44:46 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						3a3066c3ee 
					 
					
						
						
							
							ssl_server2 now exits on signal during a read too  
						
						
						
						
					 
					
						2014-11-17 12:50:34 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						403a86f73d 
					 
					
						
						
							
							ssl_server2: exit cleanly on SIGINT too  
						
						
						
						
					 
					
						2014-11-17 12:46:49 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						f9d778d635 
					 
					
						
						
							
							Merge branch 'etm' into dtls  
						
						... 
						
						
						
						* etm:
  Fix warning in reduced config
  Update Changelog for EtM
  Keep EtM state across renegotiations
  Adjust minimum length for EtM
  Don't send back EtM extension if not using CBC
  Fix for the RFC erratum
  Implement EtM
  Preparation for EtM
  Implement initial negotiation of EtM
Conflicts:
	include/polarssl/check_config.h 
						
						
					 
					
						2014-11-06 01:36:32 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						56d985d0a6 
					 
					
						
						
							
							Merge branch 'session-hash' into dtls  
						
						... 
						
						
						
						* session-hash:
  Update Changelog for session-hash
  Make session-hash depend on TLS versions
  Forbid extended master secret with SSLv3
  compat.sh: allow git version of gnutls
  compat.sh: make options a bit more robust
  Implement extended master secret
  Add negotiation of Extended Master Secret
Conflicts:
	include/polarssl/check_config.h
	programs/ssl/ssl_server2.c 
						
						
					 
					
						2014-11-06 01:25:09 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						699cafaea2 
					 
					
						
						
							
							Implement initial negotiation of EtM  
						
						... 
						
						
						
						Not implemented yet:
- actually using EtM
- conditions on renegotiation 
						
						
					 
					
						2014-11-05 16:00:50 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						367381fddd 
					 
					
						
						
							
							Add negotiation of Extended Master Secret  
						
						... 
						
						
						
						(But not the actual thing yet.) 
						
						
					 
					
						2014-11-05 16:00:49 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						a6ace04c5c 
					 
					
						
						
							
							Test for lost HelloRequest  
						
						
						
						
					 
					
						2014-10-21 16:32:57 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						e698f59a25 
					 
					
						
						
							
							Add tests for ssl_set_dtls_badmac_limit()  
						
						
						
						
					 
					
						2014-10-21 16:32:56 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						9b35f18f66 
					 
					
						
						
							
							Add ssl_get_record_expansion()  
						
						
						
						
					 
					
						2014-10-21 16:32:55 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						e63582a166 
					 
					
						
						
							
							Add dlts_client.c and dtls_server.c  
						
						
						
						
					 
					
						2014-10-21 16:32:54 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						dc6a75a952 
					 
					
						
						
							
							ERR_NET_CONN_RESET can't happen with UDP  
						
						
						
						
					 
					
						2014-10-21 16:32:54 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						caecdaed25 
					 
					
						
						
							
							Cosmetics in ssl_server2 & complete tests for HVR  
						
						
						
						
					 
					
						2014-10-21 16:32:54 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						2d87e419e0 
					 
					
						
						
							
							Adapt ssl_{client,server}2.c to datagram write  
						
						
						
						
					 
					
						2014-10-21 16:32:53 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						994f8b554f 
					 
					
						
						
							
							Ok for close_notify to fail  
						
						
						
						
					 
					
						2014-10-21 16:32:52 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						a9d7d03e30 
					 
					
						
						
							
							SIGTERM also interrupts server2 during net_read()  
						
						
						
						
					 
					
						2014-10-21 16:32:50 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						6a2bc23f63 
					 
					
						
						
							
							Allow exchanges=0 in ssl_server2  
						
						... 
						
						
						
						Useful for testing with defensics with no data exchange 
						
						
					 
					
						2014-10-21 16:32:50 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						cce220d6aa 
					 
					
						
						
							
							Adapt ssl_server2 to datagram-style read  
						
						
						
						
					 
					
						2014-10-21 16:32:49 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						6b65141718 
					 
					
						
						
							
							Implement ssl_read() timeout (DTLS only for now)  
						
						
						
						
					 
					
						2014-10-21 16:32:46 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						d823bd0a04 
					 
					
						
						
							
							Add handshake_timeout option to test server/client  
						
						
						
						
					 
					
						2014-10-21 16:32:44 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						f03651217c 
					 
					
						
						
							
							Adapt programs to use nbio with DTLS  
						
						
						
						
					 
					
						2014-10-21 16:32:42 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						bd97fdb3a4 
					 
					
						
						
							
							Make ssl_server2's HVR handling more realistic  
						
						... 
						
						
						
						It makes not sense to keep the connection open until the client is verified.
Until now it was useful since closing it crates a race where the second
ClientHello might be lost. But now that our client is able to resend, that's
not an issue any more. 
						
						
					 
					
						2014-10-21 16:32:40 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						2739313cea 
					 
					
						
						
							
							Make anti-replay a runtime option  
						
						
						
						
					 
					
						2014-10-21 16:32:35 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						b6440a496b 
					 
					
						
						
							
							ssl_server2 now dies on SIGTERM during a read  
						
						
						
						
					 
					
						2014-10-21 16:32:29 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						a014829024 
					 
					
						
						
							
							Use ssl_set_bio_timeout() in test client/server  
						
						
						
						
					 
					
						2014-10-21 16:32:27 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						4ba6ab6d0d 
					 
					
						
						
							
							Fix glitch with HelloVerifyRequest  
						
						... 
						
						
						
						With the close-rebind strategy, sometimes the second ClientHello was lost (if
received before close), and since our client doesn't resend yet, the tests
would fail (no problem with other client that resend). Anyway, it's not really
clean to lose messages. 
						
						
					 
					
						2014-10-21 16:30:20 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						26820e3061 
					 
					
						
						
							
							Add option 'cookies' to ssl_server2  
						
						
						
						
					 
					
						2014-10-21 16:30:18 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						a64acd4f84 
					 
					
						
						
							
							Add separate SSL_COOKIE_C define  
						
						
						
						
					 
					
						2014-10-21 16:30:18 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						232edd46be 
					 
					
						
						
							
							Move cookie callbacks implementation to own module  
						
						
						
						
					 
					
						2014-10-21 16:30:17 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						d485d194f9 
					 
					
						
						
							
							Move to a callback interface for DTLS cookies  
						
						
						
						
					 
					
						2014-10-21 16:30:17 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						82202f0a9c 
					 
					
						
						
							
							Make DTLS_HELLO_VERIFY a compile option  
						
						
						
						
					 
					
						2014-10-21 16:30:16 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						98545f128a 
					 
					
						
						
							
							Generate random key for HelloVerifyRequest  
						
						
						
						
					 
					
						2014-10-21 16:30:16 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						336b824f07 
					 
					
						
						
							
							Use ssl_set_client_transport_id() in ssl_server2  
						
						
						
						
					 
					
						2014-10-21 16:30:15 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						798f15a500 
					 
					
						
						
							
							Fix version adjustments with force_ciphersuite  
						
						
						
						
					 
					
						2014-10-21 16:30:10 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						fe3f73bdeb 
					 
					
						
						
							
							Allow force_version to select DTLS  
						
						
						
						
					 
					
						2014-10-21 16:30:10 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						8a06d9c5d6 
					 
					
						
						
							
							Actually use UDP for DTLS in test client/server  
						
						
						
						
					 
					
						2014-10-21 16:30:09 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						f5a1312eaa 
					 
					
						
						
							
							Add UDP support to the NET module  
						
						
						
						
					 
					
						2014-10-21 16:30:09 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						83218f1da1 
					 
					
						
						
							
							Add dtls version aliases to test serv/cli  
						
						
						
						
					 
					
						2014-10-21 16:30:05 +02:00