fadacb9d0b
Merge branch 'development' into iotssl-461-ecjpake-finalization
...
* development: (73 commits)
Bump yotta dependencies version
Fix typo in documentation
Corrected misleading fn description in ssl_cache.h
Corrected URL/reference to MPI library
Fix yotta dependencies
Fix minor spelling mistake in programs/pkey/gen_key.c
Bump version to 2.1.2
Fix CVE number in ChangeLog
Add 'inline' workaround where needed
Fix references to non-standard SIZE_T_MAX
Fix yotta version dependencies again
Upgrade yotta dependency versions
Fix compile error in net.c with musl libc
Add missing warning in doc
Remove inline workaround when not useful
Fix macroization of inline in C++
Changed attribution for Guido Vranken
Merge of IOTSSL-476 - Random malloc in pem_read()
Fix for IOTSSL-473 Double free error
Fix potential overflow in CertificateRequest
...
Conflicts:
include/mbedtls/ssl_internal.h
library/ssl_cli.c
2015-10-20 15:00:29 +02:00
70905a7855
Add ecjpake_pw option to ssl_client2/server2
2015-09-16 22:58:29 +02:00
22311ae62e
Improve help message of ssl_*2.c
2015-09-09 11:22:58 +02:00
dbd23079d0
Add option reconnect_hard to ssl_client2
...
- interrupt the connection abruptly (no close_notify)
- reconnect from the same port while server sill has an active connection from
this port.
Some real-world clients do that, see section 4.2.8 of RFC 6347.
2015-09-08 10:39:06 +02:00
37ff14062e
Change main license to Apache 2.0
2015-09-04 14:21:07 +02:00
a2cda6bfaf
Add mbedtls_ssl_get_max_frag_len()
...
This is not very useful for TLS as mbedtls_ssl_write() will automatically
fragment and return the length used, and the application should check for that
anyway, but this is useful for DTLS where mbedtls_ssl_write() returns an
error, and the application needs to be able to query the maximum length
instead of just guessing.
2015-08-31 20:47:04 +02:00
6fb8187279
Update date in copyright line
2015-07-28 17:11:58 +02:00
046589e424
Rm obsolete defines for snprintf in programs
...
Now centralized in the platform layer
2015-07-01 17:26:20 +02:00
9de64f5af1
Fix MSVC warnings in library and programs
2015-07-01 16:56:08 +02:00
052f28853b
Cosmetics in debug in ssl_{client,server}2.c
...
Print only the basename from the file, and print level too.
2015-07-01 12:01:13 +02:00
3d7d00ad23
Rename mbedtls_net_close() to mbedtls_net_free()
...
close() may be more meaningful, but free() is symmetric with _init(), and more
consistent with all other modules
2015-06-30 16:50:37 +02:00
5db64328ab
Adapt programs to the new NET API
2015-06-30 16:48:17 +02:00
61ee351af4
Adapt programs to the new debug API
2015-06-23 23:30:16 +02:00
c0d749418b
Make 'port' a string in NET module
...
- avoids dependency on snprintf
- allows using "smtps" instead of "456" if desired
2015-06-23 13:09:11 +02:00
b31c5f68b1
Add SSL presets.
...
No need to use a separate profile as in X.509, everything we need is already
in ssl_config. Just load appropriate values.
2015-06-17 14:59:27 +02:00
9096682352
Add dhmlen option in ssl_client2.c
2015-06-17 11:37:04 +02:00
bf27eaac79
Fix help string in ssl_client2.c
2015-06-12 11:22:02 +02:00
b596abfdc0
Refine cli/srv ifdefs for session tickets
...
- Only the server needs to generate/parse tickets
- Only the client needs to store them
Also adjust prototype of ssl_conf_session_tickets() while at it.
2015-05-20 11:14:57 +02:00
d4f04dba42
net.c now depends on select() unconditionally
2015-05-14 21:58:34 +02:00
a63bc94a2d
Remove timing_m_sleep() -> net_usleep()
2015-05-14 21:58:34 +02:00
66dc5555f0
mbedtls_ssl_conf_arc4_support() depends on ARC4_C
2015-05-14 12:31:10 +02:00
d2377e7e78
ssl_client/server2 shouln't depend on timing.c
...
Would break test-ref-configs.pl.
2015-05-13 13:58:56 +02:00
e3c41ad8a4
Use the new timer callback API in programs
2015-05-13 10:04:32 +02:00
db1cc76091
Fix depend issue in program/ssl/ssl_*2.c
2015-05-12 11:27:25 +02:00
e6ef16f98c
Change X.509 verify flags to uint32_t
2015-05-11 19:54:43 +02:00
159c82ecc6
Fix ssl_set_hostname usage (duplication, ifdef)
2015-05-11 17:59:14 +02:00
06939cebef
Fix order of ssl_conf vs ssl_setup in programs
...
Except ssl_phtread_server that will be done later
2015-05-11 14:35:42 +02:00
01e5e8c1f8
Change a few ssl_conf return types to void
2015-05-11 14:35:41 +02:00
6729e79482
Rename ssl_set_xxx() to ssl_conf_xxx()
2015-05-11 14:35:41 +02:00
17a40cd255
Change ssl_own_cert to work on ssl_config
2015-05-11 14:35:41 +02:00
120fdbdb3d
Change ssl_set_psk() to act on ssl_config
2015-05-11 14:35:41 +02:00
750e4d7769
Move ssl_set_rng() to act on config
2015-05-11 12:33:27 +02:00
ae31914990
Rename ssl_legacy_renegotiation() to ssl_set_...
2015-05-11 12:33:27 +02:00
8836994f6b
Move WANT_READ/WANT_WRITE codes to SSL
2015-05-11 12:33:26 +02:00
1b511f93c6
Rename ssl_set_bio_timeout() to set_bio()
...
Initially thought it was best to keep the old function around and add a new
one, but this so many ssl_set_xxx() functions are changing anyway...
2015-05-11 12:33:26 +02:00
97fd52c529
Split ssl_set_read_timeout() out of bio_timeout()
2015-05-11 12:33:26 +02:00
bc2b771af4
Move ssl_set_ca_chain() to work on config
2015-05-11 12:33:26 +02:00
2b49445876
Move session ticket keys to conf
...
This is temporary, they will soon be replaced by callbacks.
!!! In this intermediate step security is removed !!!
2015-05-07 10:19:13 +01:00
684b0592cb
Move ssl_set_fallback() to work on conf
...
Initially thought it would be per-connection, but since max_version is in conf
too, and you need to lower that for a fallback connection, the fallback flag
should be in the same place
2015-05-07 10:19:13 +01:00
6bf89d6ad9
Move ssl_set_max_fragment_len to work on conf
2015-05-07 10:19:13 +01:00
17eab2b65c
Move set_cbc_record_splitting() to conf
2015-05-07 10:19:13 +01:00
d36e33fc07
Move easy ssl_set_xxx() functions to work on conf
...
mbedtls_ssl_set_alpn_protocols
mbedtls_ssl_set_arc4_support
mbedtls_ssl_set_authmode
mbedtls_ssl_set_ciphersuites
mbedtls_ssl_set_ciphersuites_for_version
mbedtls_ssl_set_curves
mbedtls_ssl_set_dbg
mbedtls_ssl_set_dh_param
mbedtls_ssl_set_dh_param_ctx
mbedtls_ssl_set_dtls_anti_replay
mbedtls_ssl_set_dtls_badmac_limit
mbedtls_ssl_set_dtls_cookies
mbedtls_ssl_set_encrypt_then_mac
mbedtls_ssl_set_endpoint
mbedtls_ssl_set_extended_master_secret
mbedtls_ssl_set_handshake_timeout
mbedtls_ssl_legacy_renegotiation
mbedtls_ssl_set_max_version
mbedtls_ssl_set_min_version
mbedtls_ssl_set_psk_cb
mbedtls_ssl_set_renegotiation
mbedtls_ssl_set_renegotiation_enforced
mbedtls_ssl_set_renegotiation_period
mbedtls_ssl_set_session_cache
mbedtls_ssl_set_session_ticket_lifetime
mbedtls_ssl_set_sni
mbedtls_ssl_set_transport
mbedtls_ssl_set_truncated_hmac
mbedtls_ssl_set_verify
2015-05-07 10:19:13 +01:00
419d5ae419
Make endpoint+transport args of config_defaults()
2015-05-07 10:19:13 +01:00
def0bbe3ab
Allocate ssl_config out of ssl_setup()
2015-05-07 10:19:13 +01:00
41d479e7df
Split ssl_init() -> ssl_setup()
2015-04-29 02:08:34 +02:00
ec160c0f53
Update ctr_drbg_init() usage in programs
2015-04-29 02:08:34 +02:00
89addc43db
manually merge 0c6ce2f use x509_crt_verify_info()
2015-04-20 11:23:11 +01:00
2cf5a7c98e
The Great Renaming
...
A simple execution of tmp/invoke-rename.pl
2015-04-08 13:25:31 +02:00
8c8be1ebbb
Change default min TLS version to TLS 1.0
2015-03-31 14:22:30 +02:00
fa44f20b9f
Change authmode default to Required on client
2015-03-27 17:52:25 +01:00
