 Richard Levitte
|
4579924b7e
Cleanse memory using the new OPENSSL_cleanse() function.
|
21 vuotta sitten |
 Ben Laurie
|
54a656ef08
Security fixes brought forward from 0.9.7.
|
21 vuotta sitten |
 Geoff Thorpe
|
e0db2eed8d
Correct and enhance the behaviour of "internal" session caching as it
|
21 vuotta sitten |
 Bodo Möller
|
5574e0ed41
get rid of OpenSSLDie
|
22 vuotta sitten |
 Lutz Jänicke
|
c046fffa16
OpenSSL Security Advisory [30 July 2002]
|
22 vuotta sitten |
|
Lutz Jänicke
|
acfe628b6e
Make removal from session cache more robust.
|
22 vuotta sitten |
|
Geoff Thorpe
|
79aa04ef27
Make the necessary changes to work with the recent "ex_data" overhaul.
|
23 vuotta sitten |
|
Geoff Thorpe
|
b7727ee616
The indexes returned by ***_get_ex_new_index() functions are used when
|
23 vuotta sitten |
|
Richard Levitte
|
c2a3358b60
Whoops, my fault, a backslash got converted to a slash...
|
23 vuotta sitten |
|
Richard Levitte
|
882e891284
More Kerberos SSL changes from Jeffrey Altman <jaltman@columbia.edu>
|
23 vuotta sitten |
|
Geoff Thorpe
|
f85c9904c6
Fix an oversight - when checking a potential session ID for conflicts with
|
23 vuotta sitten |
|
Geoff Thorpe
|
dc644fe229
This change allows a callback to be used to override the generation of
|
23 vuotta sitten |
|
Geoff Thorpe
|
3c91484052
Move all the existing function pointer casts associated with LHASH's two
|
23 vuotta sitten |
|
Geoff Thorpe
|
385d81380c
First step in tidying up the LHASH code. The callback prototypes (and
|
23 vuotta sitten |
|
Lutz Jänicke
|
0dd2254d76
Store verify_result with sessions to avoid potential security hole.
|
23 vuotta sitten |
|
Richard Levitte
|
26a3a48d65
There have been a number of complaints from a number of sources that names
|
24 vuotta sitten |
 Ulf Möller
|
9d1a01be8f
Source code cleanups: Use void * rather than char * in lhash,
|
24 vuotta sitten |
|
Bodo Möller
|
52732b38da
Some comments added, and slight code clean-ups.
|
24 vuotta sitten |
 Dr. Stephen Henson
|
dd9d233e2a
|
24 vuotta sitten |
|
Ulf Möller
|
e7f97e2d22
Check RAND_bytes() return value or use RAND_pseudo_bytes().
|
24 vuotta sitten |
|
Bodo Möller
|
45fd4dbb84
Fix SSL_CTX_add_session: When two SSL_SESSIONs have the same ID,
|
24 vuotta sitten |
|
Bodo Möller
|
1088e27ca8
Restore traditional SSL_get_session behaviour so that s_client and s_server
|
24 vuotta sitten |
|
Bodo Möller
|
b1fe6ca175
Store verify_result with sessions to avoid potential security hole.
|
24 vuotta sitten |
 Mark J. Cox
|
b7cfcfb7f8
This corrects the reference count handling in SSL_get_session.
|
24 vuotta sitten |
|
Bodo Möller
|
b1c4fe3625
Don't mix real tabs with tabs expanded as 8 spaces -- that's
|
25 vuotta sitten |
|
Bodo Möller
|
bdc98ffba9
Don't use NULL-pointer :-/
|
25 vuotta sitten |
|
Bodo Möller
|
1dfad80565
Comment about bug.
|
25 vuotta sitten |
|
Bodo Möller
|
8876bc0548
Let ssl_get_prev_session reliably work in multi-threaded settings.
|
25 vuotta sitten |
|
Bodo Möller
|
9a193d8825
Avoid memory hole when we don't like the session proposed by the client
|
25 vuotta sitten |
|
Bodo Möller
|
673eadec2c
Additional, more descriptive error message for rejection of a session ID
|
25 vuotta sitten |
