Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						6d8404d6ba 
					 
					
						
						
							
							Server: enforce renegotiation  
						
						
						
						
					 
					
						2013-10-30 16:48:10 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						9c1e1898b6 
					 
					
						
						
							
							Move some code around, improve documentation  
						
						
						
						
					 
					
						2013-10-30 16:48:09 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						f3dc2f6a1d 
					 
					
						
						
							
							Add code for testing server-initiated renegotiation  
						
						
						
						
					 
					
						2013-10-30 16:46:46 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						8a3c64d73f 
					 
					
						
						
							
							Fix and simplify *-PSK ifdef's  
						
						
						
						
					 
					
						2013-10-14 19:54:10 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						1b62c7f93d 
					 
					
						
						
							
							Fix dependencies and related issues  
						
						
						
						
					 
					
						2013-10-14 14:02:19 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						1337affc91 
					 
					
						
						
							
							Buffer allocator threading support  
						
						
						
						
					 
					
						2013-09-29 15:02:11 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						1ffefaca1e 
					 
					
						
						
							
							Introduced entropy_free()  
						
						
						
						
					 
					
						2013-09-29 15:01:42 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						a0fdf8b0a0 
					 
					
						
						
							
							Simplify the way default certs are used  
						
						
						
						
					 
					
						2013-09-25 14:05:49 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						641de714b6 
					 
					
						
						
							
							Use both RSA and ECDSA CA if available  
						
						
						
						
					 
					
						2013-09-25 13:23:33 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						ac8474fb1c 
					 
					
						
						
							
							Changed default cert loading in ssl_server2  
						
						
						
						
					 
					
						2013-09-25 11:35:15 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						b095a7bf29 
					 
					
						
						
							
							Offer both RSA and ECDSA by default in ssl_server2  
						
						
						
						
					 
					
						2013-09-24 21:25:54 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						3ebb2cdb52 
					 
					
						
						
							
							Add support for multiple server certificates  
						
						
						
						
					 
					
						2013-09-24 21:25:53 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						abd6e02b7b 
					 
					
						
						
							
							Rm _CRT_SECURE_NO_DEPRECATE for programs  
						
						... 
						
						
						
						(Already in config.h.) 
						
						
					 
					
						2013-09-20 16:51:13 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						3bd2aae5a5 
					 
					
						
						
							
							Add forgotten initializations  
						
						
						
						
					 
					
						2013-09-20 16:51:13 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						c559c7a680 
					 
					
						
						
							
							Renamed x509_cert structure to x509_crt for consistency  
						
						
						
						
					 
					
						2013-09-18 14:32:52 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						ddf26b4e38 
					 
					
						
						
							
							Renamed x509parse_* functions to new form  
						
						... 
						
						
						
						e.g. x509parse_crtfile -> x509_crt_parse_file 
						
						
					 
					
						2013-09-18 13:46:23 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						369d2eb2a2 
					 
					
						
						
							
							Introduced x509_crt_init(), x509_crl_init() and x509_csr_init()  
						
						
						
						
					 
					
						2013-09-18 12:01:43 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						36713e8ed9 
					 
					
						
						
							
							Fixed bunch of X509_PARSE related defines / dependencies  
						
						
						
						
					 
					
						2013-09-17 13:25:29 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						1a7550ac67 
					 
					
						
						
							
							Moved PK key parsing from X509 module to PK module  
						
						
						
						
					 
					
						2013-09-15 13:47:30 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						e8ea0c0421 
					 
					
						
						
							
							Fix exit value on SERVERQUIT  
						
						
						
						
					 
					
						2013-09-08 20:08:24 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						ac75523593 
					 
					
						
						
							
							Adapt ssl_set_own_cert() to generic keys  
						
						
						
						
					 
					
						2013-08-27 22:21:20 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						05decb24c3 
					 
					
						
						
							
							Made support for the max_fragment_length extension configurable  
						
						
						
						
					 
					
						2013-08-15 13:33:48 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						a503a63b85 
					 
					
						
						
							
							Made session tickets support configurable from config.h  
						
						
						
						
					 
					
						2013-08-14 14:26:03 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						aa0d4d1aff 
					 
					
						
						
							
							Add ssl_set_session_tickets()  
						
						
						
						
					 
					
						2013-08-14 14:08:06 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						6c85279719 
					 
					
						
						
							
							Newline fixes in help text for ssl_client2 / ssl_server2  
						
						
						
						
					 
					
						2013-07-26 14:02:13 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						dbd79ca617 
					 
					
						
						
							
							ssl_client2 and ssl_server2 now exit with 1 on errors (shell  
						
						... 
						
						
						
						limitations) 
						
						
					 
					
						2013-07-24 16:28:35 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						5b55b79021 
					 
					
						
						
							
							Better handling of ciphersuite version range and forced version in  
						
						... 
						
						
						
						ssl_server2 
						
						
					 
					
						2013-07-19 14:51:31 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						0c017a55e0 
					 
					
						
						
							
							Add max_frag_len option in ssl_server2  
						
						... 
						
						
						
						Also reformat code and output more information in ssl_client2 
						
						
					 
					
						2013-07-18 14:07:36 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						8e714d7aca 
					 
					
						
						
							
							Modified LONG_RESPONSE and comments in ssl_server2  
						
						
						
						
					 
					
						2013-07-18 11:23:48 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						bd7ce63115 
					 
					
						
						
							
							Adapt ssl_server2 to test sending long messages  
						
						
						
						
					 
					
						2013-07-18 11:23:48 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						82024bf7b9 
					 
					
						
						
							
							ssl_server2 now uses alloc_buffer if present and can be 'SERVERQUIT'  
						
						
						
						
					 
					
						2013-07-16 17:48:58 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						ba4878aa64 
					 
					
						
						
							
							Rename x509parse_key & co with _rsa suffix  
						
						
						
						
					 
					
						2013-07-08 15:31:18 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						03a8a79516 
					 
					
						
						
							
							Programs adapted to use polarssl_strerror() instead of error_strerror()  
						
						
						
						
					 
					
						2013-06-30 12:18:08 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						c1516be99d 
					 
					
						
						
							
							ssl_server2 and ssl_client2 adapted to support maximum protocol version  
						
						
						
						
					 
					
						2013-06-29 18:35:41 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						3c5ef71322 
					 
					
						
						
							
							Cleanup up non-prototyped functions (static) and const-correctness in programs  
						
						
						
						
					 
					
						2013-06-25 16:37:45 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						ef3f8c747e 
					 
					
						
						
							
							Fixed const correctness issues in programs and tests  
						
						... 
						
						
						
						(cherry picked from commit e0225e4d7f 
						
						
					 
					
						2013-06-24 19:09:24 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						bcbe2d8d81 
					 
					
						
						
							
							Prettier printing of the lists for longer ciphersuite names  
						
						
						
						
					 
					
						2013-04-19 09:10:20 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						ed27a041e4 
					 
					
						
						
							
							More granular define selections within code to allow for smaller code  
						
						... 
						
						
						
						sizes 
						
						
					 
					
						2013-04-18 23:12:34 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						fbb17804d8 
					 
					
						
						
							
							Added pre-shared key handling for the server side of SSL / TLS  
						
						... 
						
						
						
						Server side handling of the pure PSK ciphersuites is now in the base
code. 
						
						
					 
					
						2013-04-18 23:12:33 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						41c83d3f67 
					 
					
						
						
							
							Added Ephemeral Elliptic Curve Diffie Hellman ciphersuites to SSL/TLS  
						
						... 
						
						
						
						Made all modifications to include Ephemeral Elliptic Curve Diffie
Hellman ciphersuites into the existing SSL/TLS modules. All basic
handling of the ECDHE-ciphersuites (TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
has been included. 
						
						
					 
					
						2013-03-20 14:39:14 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						91ebfb5272 
					 
					
						
						
							
							Made auth_mode as an command line option  
						
						
						
						
					 
					
						2012-11-23 14:04:08 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						1f9d02dc90 
					 
					
						
						
							
							Added more notes / comments on own_cert, trust_ca purposes  
						
						
						
						
					 
					
						2012-11-20 10:30:55 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						645ce3a2b4 
					 
					
						
						
							
							- Moved ciphersuite naming scheme to IANA reserved names  
						
						
						
						
					 
					
						2012-10-31 12:32:41 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						b0550d90c9 
					 
					
						
						
							
							- Added ssl_get_peer_cert() to SSL API  
						
						
						
						
					 
					
						2012-10-30 07:51:03 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						1d29fb5e33 
					 
					
						
						
							
							- Added option to add minimum accepted SSL/TLS protocol version  
						
						
						
						
					 
					
						2012-09-28 13:28:45 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						5d19f86fdd 
					 
					
						
						
							
							- Added comment  
						
						
						
						
					 
					
						2012-09-28 07:33:00 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						819370c7b7 
					 
					
						
						
							
							- Removed lowercasing of parameters  
						
						
						
						
					 
					
						2012-09-28 07:04:41 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						d43241060b 
					 
					
						
						
							
							- Removed clutter from my_dhm values  
						
						
						
						
					 
					
						2012-09-26 08:29:38 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						0a59707523 
					 
					
						
						
							
							- Added simple SSL session cache implementation  
						
						... 
						
						
						
						- Revamped session resumption handling 
						
						
					 
					
						2012-09-25 21:55:46 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						29b64761fd 
					 
					
						
						
							
							- Added predefined DHM groups from RFC 5114  
						
						
						
						
					 
					
						2012-09-25 09:36:44 +00:00