fadacb9d0b
Merge branch 'development' into iotssl-461-ecjpake-finalization
...
* development: (73 commits)
Bump yotta dependencies version
Fix typo in documentation
Corrected misleading fn description in ssl_cache.h
Corrected URL/reference to MPI library
Fix yotta dependencies
Fix minor spelling mistake in programs/pkey/gen_key.c
Bump version to 2.1.2
Fix CVE number in ChangeLog
Add 'inline' workaround where needed
Fix references to non-standard SIZE_T_MAX
Fix yotta version dependencies again
Upgrade yotta dependency versions
Fix compile error in net.c with musl libc
Add missing warning in doc
Remove inline workaround when not useful
Fix macroization of inline in C++
Changed attribution for Guido Vranken
Merge of IOTSSL-476 - Random malloc in pem_read()
Fix for IOTSSL-473 Double free error
Fix potential overflow in CertificateRequest
...
Conflicts:
include/mbedtls/ssl_internal.h
library/ssl_cli.c
2015-10-20 15:00:29 +02:00
70905a7855
Add ecjpake_pw option to ssl_client2/server2
2015-09-16 22:58:29 +02:00
22311ae62e
Improve help message of ssl_*2.c
2015-09-09 11:22:58 +02:00
3f09b6d4c2
Fix API
2015-09-08 11:58:14 +02:00
37ff14062e
Change main license to Apache 2.0
2015-09-04 14:21:07 +02:00
ed51594337
Merge pull request #265 from ARMmbed/iotssl-460-bugfixes
...
Iotssl 460 bugfixes
2015-09-02 23:36:36 +01:00
a2cda6bfaf
Add mbedtls_ssl_get_max_frag_len()
...
This is not very useful for TLS as mbedtls_ssl_write() will automatically
fragment and return the length used, and the application should check for that
anyway, but this is useful for DTLS where mbedtls_ssl_write() returns an
error, and the application needs to be able to query the maximum length
instead of just guessing.
2015-08-31 20:47:04 +02:00
ea35666f50
Fix -Wshadow warnings
...
Checked that it is supported by gcc 4.2.1 (FreeBSD 9).
fixes #240
2015-08-31 10:34:26 +02:00
6fb8187279
Update date in copyright line
2015-07-28 17:11:58 +02:00
6755717f18
Fix stupid typo in ssl_server2.c
2015-07-02 11:15:48 +02:00
9de64f5af1
Fix MSVC warnings in library and programs
2015-07-01 16:56:08 +02:00
052f28853b
Cosmetics in debug in ssl_{client,server}2.c
...
Print only the basename from the file, and print level too.
2015-07-01 12:01:13 +02:00
abc729e664
Simplify net_accept() with UDP sockets
...
This is made possible by the new API where net_accept() gets a pointer to
bind_ctx, so it can update it.
2015-07-01 01:28:24 +02:00
3d7d00ad23
Rename mbedtls_net_close() to mbedtls_net_free()
...
close() may be more meaningful, but free() is symmetric with _init(), and more
consistent with all other modules
2015-06-30 16:50:37 +02:00
5db64328ab
Adapt programs to the new NET API
2015-06-30 16:48:17 +02:00
1c5b9fc19f
Avoid truncating peer cert info in ssl_server2
2015-06-27 14:38:51 +02:00
61ee351af4
Adapt programs to the new debug API
2015-06-23 23:30:16 +02:00
c0d749418b
Make 'port' a string in NET module
...
- avoids dependency on snprintf
- allows using "smtps" instead of "456" if desired
2015-06-23 13:09:11 +02:00
6ea831dcf4
Add tests for mbedtls_set_hs_ca_chain()
2015-06-22 17:30:18 +02:00
4d6f178376
Add support for SNI CA and authmode in ssl_server2
2015-06-22 14:52:40 +02:00
b31c5f68b1
Add SSL presets.
...
No need to use a separate profile as in X.509, everything we need is already
in ssl_config. Just load appropriate values.
2015-06-17 14:59:27 +02:00
7551cb9ee9
Replace malloc with calloc
...
- platform layer currently broken (not adapted yet)
- memmory_buffer_alloc too
2015-05-26 16:04:06 +02:00
56273daea0
Move some includes to ssl_internal.h
...
Also removed one from ssl.h and add it in programs where it belongs
2015-05-26 15:01:37 +02:00
a0adc1bbe4
Make cipher used in ssl tickets configurable
2015-05-25 10:35:16 +02:00
d59675d92c
Move to callback for session tickets
2015-05-20 11:14:57 +02:00
0b104b056b
Adapt prototype of net_accept() for explicit size
2015-05-14 21:58:34 +02:00
d4f04dba42
net.c now depends on select() unconditionally
2015-05-14 21:58:34 +02:00
151dc77732
Fix some old names that remained
...
- most in doxygen doc that was never renamed
- some re-introduced in comments/doc/strings by me
2015-05-14 21:58:34 +02:00
66dc5555f0
mbedtls_ssl_conf_arc4_support() depends on ARC4_C
2015-05-14 12:31:10 +02:00
d2377e7e78
ssl_client/server2 shouln't depend on timing.c
...
Would break test-ref-configs.pl.
2015-05-13 13:58:56 +02:00
e3c41ad8a4
Use the new timer callback API in programs
2015-05-13 10:04:32 +02:00
db1cc76091
Fix depend issue in program/ssl/ssl_*2.c
2015-05-12 11:27:25 +02:00
e6ef16f98c
Change X.509 verify flags to uint32_t
2015-05-11 19:54:43 +02:00
06939cebef
Fix order of ssl_conf vs ssl_setup in programs
...
Except ssl_phtread_server that will be done later
2015-05-11 14:35:42 +02:00
01e5e8c1f8
Change a few ssl_conf return types to void
2015-05-11 14:35:41 +02:00
6729e79482
Rename ssl_set_xxx() to ssl_conf_xxx()
2015-05-11 14:35:41 +02:00
17a40cd255
Change ssl_own_cert to work on ssl_config
2015-05-11 14:35:41 +02:00
1af6c8500b
Add ssl_set_hs_own_cert()
2015-05-11 14:35:41 +02:00
120fdbdb3d
Change ssl_set_psk() to act on ssl_config
2015-05-11 14:35:41 +02:00
4b68296626
Use a specific function in the PSK callback
2015-05-11 14:35:41 +02:00
750e4d7769
Move ssl_set_rng() to act on config
2015-05-11 12:33:27 +02:00
5cb3308e5f
Merge contexts for session cache
2015-05-11 12:33:27 +02:00
ae31914990
Rename ssl_legacy_renegotiation() to ssl_set_...
2015-05-11 12:33:27 +02:00
1028b74cff
Upgrade default DHM params size
2015-05-11 12:33:27 +02:00
8836994f6b
Move WANT_READ/WANT_WRITE codes to SSL
2015-05-11 12:33:26 +02:00
1b511f93c6
Rename ssl_set_bio_timeout() to set_bio()
...
Initially thought it was best to keep the old function around and add a new
one, but this so many ssl_set_xxx() functions are changing anyway...
2015-05-11 12:33:26 +02:00
97fd52c529
Split ssl_set_read_timeout() out of bio_timeout()
2015-05-11 12:33:26 +02:00
bc2b771af4
Move ssl_set_ca_chain() to work on config
2015-05-11 12:33:26 +02:00
2b49445876
Move session ticket keys to conf
...
This is temporary, they will soon be replaced by callbacks.
!!! In this intermediate step security is removed !!!
2015-05-07 10:19:13 +01:00
6bf89d6ad9
Move ssl_set_max_fragment_len to work on conf
2015-05-07 10:19:13 +01:00
