jepler/axtls
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
238 commits 5 branches 1 tag 4 MiB
Commit graph

238 commits

This branch
This branch
All branches
Author SHA1 Message Date
cameronrich
4315d76a67 Use <stdbool.h> for bools. 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@275 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2017-02-18 21:21:06 +00:00
cameronrich
8073d379d2 * Basic constraint/key usage v3 extensions now supported 
* Test harness must now be run without built-in default cert

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@274 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-12-30 21:59:50 +00:00
cameronrich
d19bcf5257 * Basic constraint functionality added. 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@273 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-12-28 19:43:52 +00:00
cameronrich
384241ebcd * X509 State, country and location are now used for verification and display. 
* SNI hostname memory is now managed by the calling application
* X509 version number is checked before processing v3 extensions.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@272 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-12-19 20:20:01 +00:00
cameronrich
df8e0afecf * SNI added 
* Some non-C sample code updated.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@271 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-12-12 19:27:38 +00:00
cameronrich
3805b7c2b9 * RC4 only used if PKCS12 is used. 
* Buffer sizes tightned up.
* Buffer check on client handshake due to some incompatibilities.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@270 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-08-30 10:26:04 +00:00
cameronrich
57b95e6e05 * Put back TLS 1.0. 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@268 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-08-17 10:42:49 +00:00
cameronrich
ee9f17bd6a * Tightened up the buffer sizes 
* Removed support for TLS1.0.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@267 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-08-16 07:13:15 +00:00
cameronrich
1017d8a5cc TLS 1.2 now passing a bunch of tests. 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@266 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-08-15 10:51:02 +00:00
cameronrich
294159d75e Server side v1.2 is basically working 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@265 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-08-11 10:04:13 +00:00
cameronrich
10f359add6 Client side works with a certificate verify - still lots of work to go. 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@264 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-08-09 07:15:32 +00:00
cameronrich
e23d6c390c * Initial crack at TLS 1.2 client side only (server side is seriously broken). 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@263 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-07-27 11:05:09 +00:00
cameronrich
287ed7dc14 Cleaned up alerts as per TLS v1.2 spec (7.2.2) 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@262 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-07-21 19:26:45 +00:00
cameronrich
9daa8bcd30 * Backed out code where close notify from other side closed the socket and ssl session. This needs to be done by the application. 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@261 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-07-19 20:44:20 +00:00
cameronrich
789e8517c3 Tightened up closure alerts for v1.2 (7.2.1) 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@260 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-07-18 20:29:14 +00:00
cameronrich
eabbfc866f Removed some printfs in skeleton mode 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@258 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-07-05 20:16:05 +00:00
cameronrich
240f39fa5a Fixed some skeleton mode warnings 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@257 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-07-05 20:07:17 +00:00
cameronrich
3e1b4909a2 removed endian.h from os_int.h as it is no longer needed and was causing issues with the micropython build 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@256 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-07-05 19:57:29 +00:00
cameronrich
35a9bec2fd Now include os_port.h in tls1.h, but removed ax_malloc and friends 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@255 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-07-05 19:54:05 +00:00
cameronrich
ef28667444 Can handle SSL chains which are out of order (thanks Paul Johnstone) 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@254 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-07-05 07:07:45 +00:00
cameronrich
3d0da1dc19 Fixed a memset issue and removed some doubled code (thanks Jens Muller) 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@253 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-07-05 06:46:55 +00:00
cameronrich
e223aa2133 Removed RC4 from the list of negotiated ciphers as browsers don't support it anymore 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@252 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-06-12 10:51:12 +00:00
olereinhardt
d1bcdc5f97 Tag 64-bit constants with "LL" (make e.g. AVR32 gcc happy) 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@251 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2015-10-01 15:58:22 +00:00
cameronrich
a5f7ede493 * Fixed client certificate issue where there is no client certificate and a certificate verify msg was still being sent. 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@250 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2015-07-28 02:44:52 +00:00
cameronrich
acf35f0ea7 * Added named unions in SHA256 code for compilers that don't support it. 
* Some other porting suggestions from Chris Ghormley.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@248 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2015-04-30 06:06:09 +00:00
cameronrich
a88fd947b2 * Updated the release notes. 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@246 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2015-03-10 04:41:32 +00:00
cameronrich
b0bd12beda * Added SHA384 and SHA512 digests. 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@245 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2015-03-10 03:08:16 +00:00
cameronrich
0d334d81c2 * PT_APP_PROTOCOL_DATA has a test for hs_status=SSL_OK to prevent possible exchanges before the handshake is complete. 
* Changed license on sha256.c to full BSD.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@244 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2015-03-09 01:42:59 +00:00
cameronrich
67111693e6 * fixed issue where SSL mutex was not being picked up. 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@243 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2014-11-26 19:50:20 +00:00
cameronrich
b9d43265b5 * axhttpd can load a certificate and private key from the command line 
* axssl now prints all output regardless of null bytes. It no longer writes a null byte.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@242 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2014-11-22 02:05:21 +00:00
cameronrich
b3fc32689d * Added diagnostic in case digest could not be identified. 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@240 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2014-11-19 10:28:29 +00:00
cameronrich
58790919c1 * Added check to get_asn1_length() to limit the number of octets and to not allow overflow. 
* Changed a few copyright dates to add a bit of new polish :-)

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@239 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2014-11-19 10:13:31 +00:00
cameronrich
82a7638efa * Added SHA256 
* Return code checked for get_random()
* MD2 code removed.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@238 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2014-11-19 03:51:22 +00:00
cameronrich
9ef84f9234 * RSA_decrypt now checks the integrity of the first 11 bytes. 
* The size of the output buffer in RSA_decrypt is now checked and cleared.
* get_random now returns an error code
* Various system calls now check the return code to remove gcc warnings.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@237 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2014-11-07 00:38:49 +00:00
cameronrich
08b27ee1cb Modified the test script 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@235 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2014-10-31 11:01:56 +00:00
olereinhardt
29e7d3554d Fixed array access out of bounds bug in add_cert() 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@234 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2014-09-24 10:21:23 +00:00
olereinhardt
ce488f9180 Fix handling of return values of SOCKET_READ in process_sslv23_client_hello() 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@233 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2014-09-24 10:19:21 +00:00
cameronrich
e6f9ae68c1 added generalized time for certificates 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@232 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2013-11-14 18:34:36 +00:00
cameronrich
97f9f969a3 added printf changes from Fabian Frank to stop warnings/erros 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@231 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2013-09-22 10:34:51 +00:00
ehuman
5c51893035 Moved setting encryption flags to after handshake completion 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@230 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2013-08-05 15:47:52 +00:00
cameronrich
f74c9cafca Client version number comes from client hello and not the record layer. This was causing issues in Chrome 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@229 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2013-01-06 12:38:42 +00:00
cameronrich
df4606a991 added cast to srand 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@228 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2012-07-01 11:10:14 +00:00
cameronrich
24384a37a4 Changed order of when os_int.h is imported 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@227 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2012-07-01 10:57:25 +00:00
cameronrich
8ac6264444 looks like some stuff didn't get checked in 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@226 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2012-06-08 10:42:11 +00:00
cameronrich
fec170a640 fixed issue with buffer limit 1 less than it should have been 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@225 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2012-06-01 11:23:00 +00:00
cameronrich
c0074b3044 Fixed issue with session id's in the future 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@224 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2012-02-25 08:07:12 +00:00
cameronrich
5fcb19810a removed diagnostic statement 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@223 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2012-02-11 11:32:48 +00:00
cameronrich
af155d91d9 Some fixes after going through the test harness 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@222 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2012-02-11 11:30:45 +00:00
cameronrich
ffa4da45ee Fix in asn1_get_printable string 
Buffer overflow vulnerability in proc.c
Possible double memory release on invalid certificates.


git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@221 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2012-02-10 10:31:02 +00:00
cameronrich
1378f8a78f Updated index.html and the default linux config. 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@220 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2011-09-30 09:54:21 +00:00