Matt Caswell [Tue, 27 Jan 2015 10:03:29 +0000 (10:03 +0000)]
In certain situations the server provided certificate chain may no longer be
valid. However the issuer of the leaf, or some intermediate cert is in fact
in the trust store.
When building a trust chain if the first attempt fails, then try to see if
alternate chains could be constructed that are trusted.
RT3637
RT3621
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Rich Salz [Tue, 24 Feb 2015 22:40:22 +0000 (17:40 -0500)]
Move build config table to separate files.
Move the build configuration table into separate files. The Configurations
file is standard configs, and Configurations.team is for openssl-team
members. Any other file, Configurations*, found in the same directory
as the Configure script, is loaded.
To add another file, use --config=FILE flags (which should probably be
an absolute path).
Written by Stefen Eissing <stefan.eissing@greenbytes.de> and Rich Salz
<rsalz@openssl.org>, contributed by Akamai Technologies.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Sun, 22 Feb 2015 18:23:25 +0000 (19:23 +0100)]
perlasm/x86masm.pl: make it work.
Though this doesn't mean that masm becomes supported, the script is
still provided on don't-ask-in-case-of-doubt-use-nasm basis.
See RT#3650 for background.
Richard Levitte [Sun, 22 Feb 2015 07:27:36 +0000 (08:27 +0100)]
Restore -DTERMIO/-DTERMIOS on Windows platforms.
The previous defaulting to TERMIOS took away -DTERMIOS / -DTERMIO a
bit too enthusiastically. Windows/DOSish platforms of all sorts get
identified as OPENSSL_SYS_MSDOS, and they get a different treatment
altogether UNLESS -DTERMIO or -DTERMIOS is explicitely given with the
configuration. The answer is to restore those macro definitions for
the affected configuration targets.
Richard Levitte [Thu, 12 Feb 2015 10:41:48 +0000 (11:41 +0100)]
Assume TERMIOS is default, remove TERMIO on all Linux.
The rationale for this move is that TERMIOS is default, supported by
POSIX-1.2001, and most definitely on Linux. For a few other systems,
TERMIO may still be the termnial interface of preference, so we keep
-DTERMIO on those in Configure.
crypto/ui/ui_openssl.c is simplified in this regard, and will define
TERMIOS for all systems except a select few exceptions. Reviewed-by: Matt Caswell <matt@openssl.org>
Many applications require named curve parameter encoding instead of explicit
parameter encoding (including the TLS library in OpenSSL itself). Set this
encoding by default instead of requiring an explicit call to set it.
Add OPENSSL_EC_EXPLICT_CURVE define. Reviewed-by: Matt Caswell <matt@openssl.org>
Add two new keywords "PublicKey" and "PrivateKey". These will load a key
in PEM format from the lines immediately following the keyword and assign
it a name according to the value. These will be used later for public and
private key testing operations.
Add tests for Sign, Verify, VerifyRecover and Decrypt. Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Sun, 8 Feb 2015 22:41:10 +0000 (22:41 +0000)]
Correct reading back of tlsext_tick_lifetime_hint from ASN1.
When writing out the hint, if the hint > 0, then we write it out otherwise
we skip it.
Previously when reading the hint back in, if were expecting to see one
(because the ticket length > 0), but it wasn't present then we set the hint
to -1, otherwise we set it to 0. This fails to set the hint to the same as
when it was written out.
The hint should never be negative because the RFC states the hint is
unsigned. It is valid for a server to set the hint to 0 (this means the
lifetime is unspecified according to the RFC). If the server set it to 0, it
should still be 0 when we read it back in.
Matt Caswell [Sun, 8 Feb 2015 15:43:16 +0000 (15:43 +0000)]
Provide the API functions SSL_SESSION_has_ticket and
SSL_SESSION_get_ticket_lifetime_hint. The latter has been reported as
required to fix Qt for OpenSSL 1.1.0. I have also added the former in order
to determine whether a ticket is present or not - otherwise it is difficult
to know whether a zero lifetime hint is because the server set it to 0, or
because there is no ticket.
Matt Caswell [Sun, 8 Feb 2015 15:42:46 +0000 (15:42 +0000)]
Make tlsext_tick_lifetime_hint an unsigned long (from signed long).
From RFC4507:
"The ticket_lifetime_hint field contains a hint from the server about how
long the ticket should be stored. The value indicates the lifetime in
seconds as a 32-bit unsigned integer in network byte order."
Emilia Kasper [Thu, 5 Feb 2015 15:38:54 +0000 (16:38 +0100)]
Fix hostname validation in the command-line tool to honour negative return values.
Specifically, an ASN.1 NumericString in the certificate CN will fail UTF-8 conversion
and result in a negative return value, which the "x509 -checkhost" command-line option
incorrectly interpreted as success.
Also update X509_check_host docs to reflect reality.
Thanks to Sean Burford (Google) for reporting this issue.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 10 Feb 2015 10:07:07 +0000 (10:07 +0000)]
Remove -DOPENSSL_NO_DEPRECATED from --strict-warnings flags.
In master OPENSSL_NO_DEPRECATED is the default anyway. By including it in
--strict-warnings as well this means you cannot combine enable-deprecated
with --strict-warnings.
Free up bio_err after memory leak data has been printed to it.
In int_free_ex_data if ex_data is NULL there is nothing to free up
so return immediately and don't reallocate it. Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Sat, 7 Feb 2015 00:08:59 +0000 (00:08 +0000)]
Apache Traffic Server has a need to set the rbio without touching the wbio.
There is no mechanism to do that at the moment - SSL_set_bio makes changes
to the wbio even if you pass in SSL_get_wbio().
This commit introduces two new API functions SSL_set_rbio() and
SSL_set_wbio(). These do the same job as SSL_set_bio() except they enable
you to manage the rbio and wbio individually.
Rich Salz [Fri, 6 Feb 2015 15:52:12 +0000 (10:52 -0500)]
dead code cleanup: #if 0 in ssl
I left many "#if 0" lines, usually because I thought we would
probably want to revisit them later, or because they provided
some useful internal documentation tips.
Rich Salz [Fri, 6 Feb 2015 15:47:53 +0000 (10:47 -0500)]
util/mkstack.pl now generates entire safestack.h
The mkstack.pl script now generates the entire safestack.h file.
It generates output that follows the coding style.
Also, removed all instances of the obsolete IMPLEMENT_STACK_OF
macro.
Disabling HMAC doesn't work. If it did it would end up disabling a lot of
OpenSSL functionality (it is required for all versions of TLS for example). Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Wed, 4 Feb 2015 23:50:00 +0000 (18:50 -0500)]
Fix various build breaks
TABLE wasn't updated from a previous Configure change
Missed an RMD160/RIPE/RIPEMD unification in mkdef.pl
Makefile install_sw referenced file doc/openssl-shared.txt (RT3686)
Needed to run 'make update' because
- Various old code has been removed
- Varous old #ifdef tests were removed
Reviewed-by: Richard Levitte <levitte@openssl.org>
Modify behaviour of SSL_get_extms_support() so it returns -1 if the
master secret support of the peer is not known (e.g. handshake in progress). Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
Update master secret calculation to support extended master secret.
TLS 1.2 client authentication adds a complication because we need to
cache the handshake messages. This is simpllified however because
the point at which the handshake hashes are calculated for extended
master secret is identical to that required for TLS 1.2 client
authentication (immediately after client key exchange which is also
immediately before certificate verify). Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
Add and retrieve extended master secret extension, setting the flag
SSL_SESS_FLAG_EXTMS appropriately.
Note: this just sets the flag and doesn't include the changes to
master secret generation. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
Rewrite ssl3_send_client_key_exchange to support extms.
Rewrite ssl3_send_client_key_exchange to retain the premaster secret
instead of using it immediately.
This is needed because the premaster secret is used after the client key
exchange message has been sent to compute the extended master secret. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
Retrieve handshake hashes in a separate function. This tidies the existing
code and will be used for extended master secret generation. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
Add a "flags" field to SSL_SESSION. This will contain various flags
such as encrypt-then-mac and extended master secret support. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>