Daniel Roethlisberger
cdfaeedb80
Ignore all DH param files under extra/pki
2012-10-03 00:53:02 +02:00
Daniel Roethlisberger
ff6fbef91f
Add 4096-bit Diffie-Hellman to dh target
2012-10-03 00:50:50 +02:00
Daniel Roethlisberger
35c3967eef
Remove obsolete dhall target from .PHONY
2012-10-03 00:50:24 +02:00
Daniel Roethlisberger
bd77e6a228
Improve ssl_tmp_dh_callback() error messages
2012-10-01 14:55:55 +02:00
Daniel Roethlisberger
79c2c6e520
Add support for 2048 and 4096 bit Diffie-Hellman
...
Add group parameters for 2048 and 4096 bit Diffie-Hellman in addition to
the previous 512 and 1024 bit parameters. Also add a meaningful error
message when a group size is requested which is not provided.
2012-10-01 14:49:24 +02:00
Daniel Roethlisberger
e19a97b21f
Update NEWS and TODO
2012-10-01 14:49:24 +02:00
Daniel Roethlisberger
6b4b121da2
Fix address family check in netfilter NAT lookup
...
Use src_addr instead of the (yet to be set) dst_addr for determining the
address family. Fixes issue #4 .
2012-09-27 17:30:19 +02:00
Daniel Roethlisberger
6106940e0c
Omit nat_getsockname_lookup_cb() unless it is used
2012-08-06 08:33:39 +02:00
Daniel Roethlisberger
1b20544333
Add temporary RSA keys to TODO
2012-08-06 08:33:17 +02:00
Daniel Roethlisberger
fda4f57aa7
Remove unused IPv6 code for netfilter NAT engine
2012-06-05 23:24:53 +02:00
Daniel Roethlisberger
fc8c0110c5
Do not generate ECC keys for unit tests
2012-06-05 23:24:53 +02:00
Daniel Roethlisberger
5ed3e5172b
Make explanation of DEBUG_CFLAGS clearer
2012-06-05 23:12:08 +02:00
Daniel Roethlisberger
2266f07b4f
Update TODO
2012-06-05 22:59:53 +02:00
Daniel Roethlisberger
a4040d8372
Suppress warnings for system headers with -isystem
...
Use -isystem instead of -I in CPPFLAGS to suppress compiler warnings for
system and library headers.
2012-05-23 19:09:52 +02:00
Daniel Roethlisberger
911e15763d
Add opts->debug branch prediction test case
2012-05-14 22:50:20 +02:00
Daniel Roethlisberger
ef1330d69f
Remove const from util_skipws() and add tests
2012-05-14 21:44:38 +02:00
Daniel Roethlisberger
5c048e3990
Remove unneeded include statements
2012-05-14 21:43:24 +02:00
Daniel Roethlisberger
6fe4c5bf01
Sign release tarball using GnuPG
2012-05-14 21:07:53 +02:00
Daniel Roethlisberger
62af96e413
Clarify when it is preferred to use SNI proxyspecs
2012-05-13 22:33:31 +02:00
Daniel Roethlisberger
11fdf52553
Add NEWS file, documenting release history
2012-05-13 21:07:43 +02:00
Daniel Roethlisberger
f75d1bc01b
Use some more markdown syntax
2012-05-13 18:22:23 +02:00
Daniel Roethlisberger
457c2621b8
Fix warning when SSLv2 session cache is enabled
2012-05-13 15:29:39 +02:00
Daniel Roethlisberger
8eb5165760
Optimize debug branching using __builtin_expect()
2012-05-13 15:24:50 +02:00
Daniel Roethlisberger
e270fb127b
Unconditionally define _GNU_SOURCE
...
Get rid of the fragile glibc auto-detection mechanism and define
_GNU_SOURCE unconditionally in order to fix the build on recent GNU libc
systems such as Debian and Ubuntu. On non-GNU libc implementations,
_GNU_SOURCE should not have any effect.
Issue: #2
Reported by: Vincent Bernat
2012-05-13 14:28:22 +02:00
Daniel Roethlisberger
3742404fe9
Update ECDH default curve name in manual page
2012-05-11 18:19:07 +02:00
Daniel Roethlisberger
7ad1deb680
Document intended use of SSLsplit
2012-05-11 18:12:22 +02:00
Daniel Roethlisberger
a3b6d58df4
State why ECDH is disabled with OpenSSL < 1.0.0e
2012-05-11 18:03:07 +02:00
Daniel Roethlisberger
38d22415af
Generic EC loading, new default curve 'secp160r2'
2012-05-11 17:39:12 +02:00
Daniel Roethlisberger
6d58824de2
Fix typo in manual page
2012-05-03 01:01:57 +02:00
Daniel Roethlisberger
759ce87ff9
Add some basic unit tests for dynbuf
2012-05-03 00:54:10 +02:00
Daniel Roethlisberger
707480a1dd
Add file comments
2012-05-02 16:24:33 +02:00
Daniel Roethlisberger
a592f7149c
Improve error handling for no origcrt situations
2012-05-02 15:37:47 +02:00
Daniel Roethlisberger
605c1ab6e6
Improve error recovery under low memory conditions
2012-05-02 15:02:59 +02:00
Daniel Roethlisberger
2d1ad219b9
Change default cipher suite to "ALL:-aNULL"
2012-05-02 14:59:47 +02:00
Daniel Roethlisberger
1bd2872b20
DH group parameters are also loaded from -c
2012-05-02 13:46:18 +02:00
Daniel Roethlisberger
0e19243307
Reorder wildcard rules and improve error messages
2012-05-02 13:35:36 +02:00
Daniel Roethlisberger
43df203914
Handle empty strings correctly in URL routines
2012-05-01 02:01:31 +02:00
Daniel Roethlisberger
b6a0ff0c76
Free proxyspecs if they (unexpectedly) parse okay
2012-05-01 01:47:01 +02:00
Daniel Roethlisberger
ddbb945406
Rename unit test sources to fix language detection
2012-05-01 01:42:59 +02:00
Daniel Roethlisberger
90351cda7f
Handle SSL_ERROR_SSL quietly when shutting down
2012-04-30 23:27:51 +02:00
Daniel Roethlisberger
5861d786f5
Update TODO
2012-04-30 23:27:41 +02:00
Daniel Roethlisberger
982ad89f2f
Add generation of a password protected RSA key
2012-04-30 22:48:19 +02:00
Daniel Roethlisberger
e6c7b2e3ca
Mention PKG_CONFIG_PATH
2012-04-23 01:03:38 +02:00
Daniel Roethlisberger
fa425e08d4
Fix PURIFY and warn when not seeding the RNG
2012-04-23 00:51:02 +02:00
Daniel Roethlisberger
439e8a8267
Use WUNRES and MALLOC attribs and fix sloppy code
2012-04-23 00:35:17 +02:00
Daniel Roethlisberger
64cf874925
Header self-sufficience cleanup round
2012-04-23 00:33:33 +02:00
Daniel Roethlisberger
7aca81a7b7
Improve CA cert/key config code and docs
...
Make -c and -k functional twins by also loading DH params in -c and by
fixing certificate loading in -k. Improve the documentation for both
switches and simplify the SYNOPSIS in sslsplit(1).
2012-04-22 22:59:00 +02:00
Daniel Roethlisberger
c5335afc3b
Handle empty strings correctly in Base64 routines
2012-04-22 22:30:32 +02:00
Daniel Roethlisberger
3fd9084fe1
Quickly decide on GET URIs obviously not OCSP
2012-04-22 21:55:19 +02:00
Daniel Roethlisberger
ee98c04b29
Add generic OCSP denial
2012-04-22 19:12:38 +02:00