1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-22 04:01:53 +03:00
Commit Graph

137 Commits

Author SHA1 Message Date
b67c897ded removed outdated comment 2016-11-17 14:17:23 +00:00
99000142cb Merge fix for IE Certificate Compatibility 2016-10-13 17:21:01 +01:00
3616f6f261 Rename net.{c,h} to net_sockets.{c,h}
The library/net.c and its corresponding include/mbedtls/net.h file are
renamed to library/net_sockets.c and include/mbedtls/net_sockets.h
respectively. This is to avoid naming collisions in projects which also
have files with the common name 'net'.
2016-10-13 13:48:48 +01:00
8631143ae0 Puts platform time abstraction into a own header
Places the platform time abstraction into a separate header file to
avoid dependency issues where a build may need time but not the libc
abstraction.
2016-07-12 13:11:00 +01:00
7247f99b3e Fixes missing dependency in ss.h on platform.h
Fixes #522 - 'mbedtls_time_t does not name a type in ssl.h'
2016-07-11 13:57:05 +01:00
efc665f80f Fix mbedtls_ssl_set_hostname documentation 2016-06-22 00:21:32 +01:00
d96e526093 ssl.h: tidy up the documentation comments (#505)
ssl.h: Tidy up and correct documentation errors.
2016-06-17 15:40:41 +01:00
0b98d2f086 Fix minor doc issue 2016-05-02 11:06:47 +02:00
d5800b7761 Abstracts away time()/stdlib.h into platform
Substitutes time() into a configurable platform interface to allow it to be
easily substituted.
2016-04-26 14:49:59 +01:00
68c0bd72bc Clarified current status of RC4 usage
Made clear RC4 has been deprecated by IETF standard, and disabled
by default in the library.
2016-03-17 21:08:46 +00:00
d567a23c59 Fix typos, grammar in the comments and clarify them 2016-03-09 20:19:21 +00:00
e846b5128f Use the SSL IO and time callback typedefs consistently
The callback typedefs defined for mbedtls_ssl_set_bio() and
mbedtls_ssl_set_timer_cb() were not used consistently where the callbacks were
referenced in structures or in code.
2016-03-09 19:32:09 +00:00
c0957bdc13 Fix some minor typos in comments
Fix spelling mistakes and typos.
2016-03-09 19:32:09 +00:00
d1b7f2b8cf ssl: ignore CertificateRequest's content for real
- document why we made that choice
- remove the two TODOs about checking hash and CA
- remove the code that parsed certificate_type: it did nothing except store
  the selected type in handshake->cert_type, but that field was never accessed
afterwards. Since handshake_params is now an internal type, we can remove that
field without breaking the ABI.
2016-03-09 19:32:09 +00:00
9d6241269a Add note about not implementing PSK id_hint 2016-03-09 19:32:08 +00:00
157cb656a9 Clarified mbedtls_ssl_conf_alpn_protocols() doc
Clarified the lifetime of the protos parameter passed in the
function mbedtls_ssl_conf_alpn_protocols().
2016-03-09 19:32:08 +00:00
02049dcbd1 Add links to KB articles 2016-02-22 16:46:34 +00:00
d13b9507b3 Improve documentation of some SSL callbacks
The previous documentation was not explicit about what was expected of the
callbacks - the user had to infer that from the descriptions in net.h or
timing.h, and it was not clear what was part of the calling convention and
what was specific to our implementation.
2016-02-22 10:13:22 +01:00
edb1a48397 dtls: improve doc about handshake timeouts 2016-01-29 16:05:55 +01:00
4c2bfdbff6 Merge 'iotssl-558-md5-tls-sigs-restricted' 2015-12-23 18:33:54 +00:00
fabce5e137 Merge branch 'misc' into development
Fixes github #358, #362 and IOTSSL-536
2015-12-22 18:56:56 +00:00
acbb050118 Make documentation more explicit on TLS errors
fixes #358
2015-12-10 13:57:27 +01:00
47229c7cbb Disable MD5 in handshake signatures by default 2015-12-04 15:02:56 +01:00
e2e25e7427 DTLS: avoid dropping too many records
When the peer retransmits a flight with many record in the same datagram, and
we already saw one of the records in that datagram, we used to drop the whole
datagram, resulting in interoperability failure (spurious handshake timeouts,
due to ignoring record retransmitted by the peer) with some implementations
(issues with Chrome were reported).

So in those cases, we want to only drop the current record, and look at the
following records (if any) in the same datagram. OTOH, this is not something
we always want to do, as sometime the header of the current record is not
reliable enough.

This commit introduces a new return code for ssl_parse_header() that allows to
distinguish if we should drop only the current record or the whole datagram,
and uses it in mbedtls_ssl_read_record()

fixes #345
2015-12-03 16:13:17 +01:00
204606238c Merge branch 'development' into misc 2015-10-27 16:57:34 +00:00
5f7c34b8b0 Merge branch iotssl-521-keylen-check 2015-10-27 15:14:55 +00:00
65eefc8707 Fix missing check for RSA key length on EE certs
- also adapt tests to use lesser requirement for compatibility with old
  testing material
2015-10-23 16:19:53 +02:00
e5f3072aed Fix #ifdef inconsistency
fixes #310

Actually all key exchanges that use a certificate use signatures too, and
there is no key exchange that uses signatures but no cert, so merge those two
flags.
2015-10-23 08:40:23 +02:00
fadacb9d0b Merge branch 'development' into iotssl-461-ecjpake-finalization
* development: (73 commits)
  Bump yotta dependencies version
  Fix typo in documentation
  Corrected misleading fn description in ssl_cache.h
  Corrected URL/reference to MPI library
  Fix yotta dependencies
  Fix minor spelling mistake in programs/pkey/gen_key.c
  Bump version to 2.1.2
  Fix CVE number in ChangeLog
  Add 'inline' workaround where needed
  Fix references to non-standard SIZE_T_MAX
  Fix yotta version dependencies again
  Upgrade yotta dependency versions
  Fix compile error in net.c with musl libc
  Add missing warning in doc
  Remove inline workaround when not useful
  Fix macroization of inline in C++
  Changed attribution for Guido Vranken
  Merge of IOTSSL-476 - Random malloc in pem_read()
  Fix for IOTSSL-473 Double free error
  Fix potential overflow in CertificateRequest
  ...

Conflicts:
	include/mbedtls/ssl_internal.h
	library/ssl_cli.c
2015-10-20 15:00:29 +02:00
024b6df3b1 Improve key export API and documentation
- "master secret" is the usual name
- move key block arg closer to the related lengths
- document lengths

Also fix some trailing whitespace while at it
2015-10-19 13:52:53 +02:00
adeb7d8ec9 Move all KEY_EXCHANGE__ definitions in one place 2015-10-09 14:44:47 +01:00
4289c0d1fa Typo in parameter name 2015-10-06 17:20:41 +01:00
4feb7ae8c2 Added key export API 2015-10-02 13:33:37 +01:00
ef388f168d Merge branch 'development' into development-restricted
* development:
  Updated ChangeLog with credit
  Fix a fairly common typo in comments
  Make config check include for configs examples more consistent
2015-10-02 12:44:39 +02:00
9f81231fb8 Revised hostname length check from review 2015-09-28 19:22:33 +01:00
89f77623b8 Added max length checking of hostname 2015-09-27 22:50:49 +01:00
588ad50c5a Fix a fairly common typo in comments 2015-09-25 04:27:22 +02:00
eef142d753 Depend on ECJPAKE key exchange, not module
This is more consistent, as it doesn't make any sense for a user to be able to
set up an EC J-PAKE password with TLS if the corresponding key exchange is
disabled.

Arguably this is what we should de for other key exchanges as well instead of
depending on ECDH_C etc, but this is an independent issue, so let's just do
the right thing with the new key exchange and fix the other ones later. (This
is a marginal issue anyway, since people who disable all ECDH key exchange are
likely to also disable ECDH_C in order to minimize footprint.)
2015-09-16 22:58:29 +02:00
557535d8c4 Add ECJPAKE key exchange 2015-09-16 22:58:29 +02:00
5793e7ef01 Merge 'development' into iotssl-411-port-reuse
Conflicts:
	ChangeLog
2015-09-16 15:25:53 +01:00
294139b57a Add client extension writing 2015-09-16 16:10:48 +02:00
7002f4a560 Add mbedtls_ssl_set_hs_ecjpake_password() 2015-09-16 16:10:48 +02:00
1a57af1607 Update ssl.h
Typo
2015-09-11 17:14:16 +01:00
2088e2ebd9 fix const-ness of argument to mbedtls_ssl_conf_cert_profile
Otherwise, it's impossible to pass in a pointer to
mbedtls_x509_crt_profile_next!
2015-09-08 16:53:18 +01:00
222cb8db22 Tune related documentation while at it 2015-09-08 15:43:59 +02:00
3a2a4485d4 Update documentation 2015-09-08 15:36:09 +02:00
be619c1264 Clean up error codes 2015-09-08 11:21:21 +02:00
37ff14062e Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
5f5e0ec3f1 Improve mbedtls_ssl_write() documentation 2015-08-31 20:47:04 +02:00
a2cda6bfaf Add mbedtls_ssl_get_max_frag_len()
This is not very useful for TLS as mbedtls_ssl_write() will automatically
fragment and return the length used, and the application should check for that
anyway, but this is useful for DTLS where mbedtls_ssl_write() returns an
error, and the application needs to be able to query the maximum length
instead of just guessing.
2015-08-31 20:47:04 +02:00