e522d0fa57
Merge smarter certificate selection for pre-TLS-1.2 clients
2015-01-14 16:12:48 +01:00
9835bc077a
Fix racy test.
...
With exchanges == renego period, sometimes the connection will be closed by
the client before the server had time to read the ClientHello, making the test
fail. The extra exchange avoids that.
2015-01-14 14:41:58 +01:00
a852cf4833
Fix issue with non-blocking I/O & record splitting
2015-01-13 20:56:15 +01:00
f3561154ff
Merge support for 1/n-1 record splitting
2015-01-13 16:31:34 +01:00
f6080b8557
Merge support for enabling / disabling renegotiation support at compile-time
2015-01-13 16:18:23 +01:00
d7e2483bfc
Merge miscellaneous fixes into development
2015-01-13 16:04:38 +01:00
765bb31d24
Add test_suite_memory_buffer_alloc
2015-01-13 14:58:00 +01:00
f5f25b3a0d
Add test for ctr_drbg_update() input sanitizing
2015-01-13 14:56:59 +01:00
d9e2dd2bb0
Merge support for Encrypt-then-MAC
2015-01-13 14:23:56 +01:00
bd47a58221
Add ssl_set_arc4_support()
...
Rationale: if people want to disable RC4 but otherwise keep the default suite
list, it was cumbersome. Also, since it uses a global array,
ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like
the best place, even if it means temporarily adding one SSL setting.
2015-01-13 13:03:06 +01:00
a65d5082b6
Merge branch 'development' into dtls
...
* development:
Fix previous commit
Allow flexible location of valgrind
Fix test scripts portability issues
Fix Gnu-ism in script
Conflicts:
tests/ssl-opt.sh
2015-01-12 14:54:55 +01:00
54b1a8fa4d
Merge support for Extended Master Secret (session-hash)
2015-01-12 14:14:07 +01:00
b52b015c0b
Merge support for FALLBACK_SCSV
2015-01-12 14:07:59 +01:00
448ea506bf
Set min version to TLS 1.0 in programs
2015-01-12 12:32:04 +01:00
e117a8fc0d
Make truncated hmac a runtime option server-side
...
Reading the documentation of ssl_set_truncated_hmac() may give the impression
I changed the default for clients but I didn't, the old documentation was
wrong.
2015-01-09 12:52:20 +01:00
f01768c55e
Specific error for suites in common but none good
2015-01-08 17:06:16 +01:00
df331a55d2
Prefer SHA-1 certificates for pre-1.2 clients
2015-01-08 16:43:07 +01:00
3ff78239fe
Add tests for CBC record splitting
2015-01-08 11:15:09 +01:00
c82ee3555f
Fix tests that were failing with record splitting
2015-01-07 16:39:10 +01:00
f46f128f4a
Fix test scripts portability issues
2014-12-11 17:26:09 +01:00
76c99a01a1
Fix Gnu-ism in script
2014-12-11 10:33:43 +01:00
590f416142
Add tests for periodic renegotiation
2014-12-02 10:40:55 +01:00
85d915b81d
Add tests for renego security enforcement
2014-12-02 10:40:54 +01:00
ea29d152c7
Add recursion.pl to all.sh
2014-11-20 17:32:33 +01:00
89d69b398c
Fix 3DES -> DES in all.sh (+ time estimates)
2014-11-20 16:36:08 +01:00
246978d97d
Add curves.pl to all.sh
2014-11-20 16:36:08 +01:00
9bda9b3b92
Rework all.sh to use MSan instead of valgrind
2014-11-20 16:36:08 +01:00
cf4de32f58
Fix depends on individual curves in tests
2014-11-20 16:36:08 +01:00
2727dc1e09
Add script to test depends on individual curves
2014-11-20 16:36:08 +01:00
5c2aa10c15
Fix curve dependency issues in X.509 test suite
2014-11-20 16:36:07 +01:00
57a5d60abb
Add tests for concatenated CRLs
2014-11-19 16:08:34 +01:00
4be3449dbc
Add Readme about X.509 test files
2014-11-19 14:03:59 +01:00
8c9223df84
Add text view to debug_print_buf()
2014-11-19 13:21:38 +01:00
98aa19148c
Adjust warnings in different modes
2014-11-14 16:45:48 +01:00
8a5e3d4a40
Forbid repeated X.509 extensions
2014-11-12 18:13:58 +01:00
b134060f90
Fix memory leak with crafted X.509 certs
2014-11-12 00:01:52 +01:00
0369a5291b
Fix uninitialised pointer dereference
2014-11-12 00:01:52 +01:00
7c13d69cb5
Fix dependency issues
2014-11-12 00:01:34 +01:00
a1efcb084f
Implement pk_check_pair() for RSA-alt
2014-11-08 18:00:22 +01:00
70bdadf54b
Add pk_check_pair()
2014-11-06 18:25:51 +01:00
30668d688d
Add ecp_check_pub_priv()
2014-11-06 18:25:51 +01:00
2f8d1f9fc3
Add rsa_check_pub_priv()
2014-11-06 18:25:51 +01:00
f9d778d635
Merge branch 'etm' into dtls
...
* etm:
Fix warning in reduced config
Update Changelog for EtM
Keep EtM state across renegotiations
Adjust minimum length for EtM
Don't send back EtM extension if not using CBC
Fix for the RFC erratum
Implement EtM
Preparation for EtM
Implement initial negotiation of EtM
Conflicts:
include/polarssl/check_config.h
2014-11-06 01:36:32 +01:00
56d985d0a6
Merge branch 'session-hash' into dtls
...
* session-hash:
Update Changelog for session-hash
Make session-hash depend on TLS versions
Forbid extended master secret with SSLv3
compat.sh: allow git version of gnutls
compat.sh: make options a bit more robust
Implement extended master secret
Add negotiation of Extended Master Secret
Conflicts:
include/polarssl/check_config.h
programs/ssl/ssl_server2.c
2014-11-06 01:25:09 +01:00
fedba98ede
Merge branch 'fb-scsv' into dtls
...
* fb-scsv:
Update Changelog for FALLBACK_SCSV
Implement FALLBACK_SCSV server-side
Implement FALLBACK_SCSV client-side
2014-11-05 16:12:09 +01:00
b575b54cb9
Forbid extended master secret with SSLv3
2014-11-05 16:00:50 +01:00
169dd6a514
Adjust minimum length for EtM
2014-11-05 16:00:50 +01:00
dd4592774b
compat.sh: allow git version of gnutls
2014-11-05 16:00:50 +01:00
78e745fc0a
Don't send back EtM extension if not using CBC
2014-11-05 16:00:50 +01:00
0098e7dc70
Preparation for EtM
2014-11-05 16:00:50 +01:00
