Commit Graph

122 Commits

Author SHA1 Message Date
Daniel Roethlisberger
cdfaeedb80 Ignore all DH param files under extra/pki 2012-10-03 00:53:02 +02:00
Daniel Roethlisberger
ff6fbef91f Add 4096-bit Diffie-Hellman to dh target 2012-10-03 00:50:50 +02:00
Daniel Roethlisberger
35c3967eef Remove obsolete dhall target from .PHONY 2012-10-03 00:50:24 +02:00
Daniel Roethlisberger
bd77e6a228 Improve ssl_tmp_dh_callback() error messages 2012-10-01 14:55:55 +02:00
Daniel Roethlisberger
79c2c6e520 Add support for 2048 and 4096 bit Diffie-Hellman
Add group parameters for 2048 and 4096 bit Diffie-Hellman in addition to
the previous 512 and 1024 bit parameters.  Also add a meaningful error
message when a group size is requested which is not provided.
2012-10-01 14:49:24 +02:00
Daniel Roethlisberger
e19a97b21f Update NEWS and TODO 2012-10-01 14:49:24 +02:00
Daniel Roethlisberger
6b4b121da2 Fix address family check in netfilter NAT lookup
Use src_addr instead of the (yet to be set) dst_addr for determining the
address family.  Fixes issue #4.
2012-09-27 17:30:19 +02:00
Daniel Roethlisberger
6106940e0c Omit nat_getsockname_lookup_cb() unless it is used 2012-08-06 08:33:39 +02:00
Daniel Roethlisberger
1b20544333 Add temporary RSA keys to TODO 2012-08-06 08:33:17 +02:00
Daniel Roethlisberger
fda4f57aa7 Remove unused IPv6 code for netfilter NAT engine 2012-06-05 23:24:53 +02:00
Daniel Roethlisberger
fc8c0110c5 Do not generate ECC keys for unit tests 2012-06-05 23:24:53 +02:00
Daniel Roethlisberger
5ed3e5172b Make explanation of DEBUG_CFLAGS clearer 2012-06-05 23:12:08 +02:00
Daniel Roethlisberger
2266f07b4f Update TODO 2012-06-05 22:59:53 +02:00
Daniel Roethlisberger
a4040d8372 Suppress warnings for system headers with -isystem
Use -isystem instead of -I in CPPFLAGS to suppress compiler warnings for
system and library headers.
2012-05-23 19:09:52 +02:00
Daniel Roethlisberger
911e15763d Add opts->debug branch prediction test case 2012-05-14 22:50:20 +02:00
Daniel Roethlisberger
ef1330d69f Remove const from util_skipws() and add tests 2012-05-14 21:44:38 +02:00
Daniel Roethlisberger
5c048e3990 Remove unneeded include statements 2012-05-14 21:43:24 +02:00
Daniel Roethlisberger
6fe4c5bf01 Sign release tarball using GnuPG 2012-05-14 21:07:53 +02:00
Daniel Roethlisberger
62af96e413 Clarify when it is preferred to use SNI proxyspecs 2012-05-13 22:33:31 +02:00
Daniel Roethlisberger
11fdf52553 Add NEWS file, documenting release history 2012-05-13 21:07:43 +02:00
Daniel Roethlisberger
f75d1bc01b Use some more markdown syntax 2012-05-13 18:22:23 +02:00
Daniel Roethlisberger
457c2621b8 Fix warning when SSLv2 session cache is enabled 2012-05-13 15:29:39 +02:00
Daniel Roethlisberger
8eb5165760 Optimize debug branching using __builtin_expect() 2012-05-13 15:24:50 +02:00
Daniel Roethlisberger
e270fb127b Unconditionally define _GNU_SOURCE
Get rid of the fragile glibc auto-detection mechanism and define
_GNU_SOURCE unconditionally in order to fix the build on recent GNU libc
systems such as Debian and Ubuntu.  On non-GNU libc implementations,
_GNU_SOURCE should not have any effect.

Issue:          #2
Reported by:    Vincent Bernat
2012-05-13 14:28:22 +02:00
Daniel Roethlisberger
3742404fe9 Update ECDH default curve name in manual page 2012-05-11 18:19:07 +02:00
Daniel Roethlisberger
7ad1deb680 Document intended use of SSLsplit 2012-05-11 18:12:22 +02:00
Daniel Roethlisberger
a3b6d58df4 State why ECDH is disabled with OpenSSL < 1.0.0e 2012-05-11 18:03:07 +02:00
Daniel Roethlisberger
38d22415af Generic EC loading, new default curve 'secp160r2' 2012-05-11 17:39:12 +02:00
Daniel Roethlisberger
6d58824de2 Fix typo in manual page 2012-05-03 01:01:57 +02:00
Daniel Roethlisberger
759ce87ff9 Add some basic unit tests for dynbuf 2012-05-03 00:54:10 +02:00
Daniel Roethlisberger
707480a1dd Add file comments 2012-05-02 16:24:33 +02:00
Daniel Roethlisberger
a592f7149c Improve error handling for no origcrt situations 2012-05-02 15:37:47 +02:00
Daniel Roethlisberger
605c1ab6e6 Improve error recovery under low memory conditions 2012-05-02 15:02:59 +02:00
Daniel Roethlisberger
2d1ad219b9 Change default cipher suite to "ALL:-aNULL" 2012-05-02 14:59:47 +02:00
Daniel Roethlisberger
1bd2872b20 DH group parameters are also loaded from -c 2012-05-02 13:46:18 +02:00
Daniel Roethlisberger
0e19243307 Reorder wildcard rules and improve error messages 2012-05-02 13:35:36 +02:00
Daniel Roethlisberger
43df203914 Handle empty strings correctly in URL routines 2012-05-01 02:01:31 +02:00
Daniel Roethlisberger
b6a0ff0c76 Free proxyspecs if they (unexpectedly) parse okay 2012-05-01 01:47:01 +02:00
Daniel Roethlisberger
ddbb945406 Rename unit test sources to fix language detection 2012-05-01 01:42:59 +02:00
Daniel Roethlisberger
90351cda7f Handle SSL_ERROR_SSL quietly when shutting down 2012-04-30 23:27:51 +02:00
Daniel Roethlisberger
5861d786f5 Update TODO 2012-04-30 23:27:41 +02:00
Daniel Roethlisberger
982ad89f2f Add generation of a password protected RSA key 2012-04-30 22:48:19 +02:00
Daniel Roethlisberger
e6c7b2e3ca Mention PKG_CONFIG_PATH 2012-04-23 01:03:38 +02:00
Daniel Roethlisberger
fa425e08d4 Fix PURIFY and warn when not seeding the RNG 2012-04-23 00:51:02 +02:00
Daniel Roethlisberger
439e8a8267 Use WUNRES and MALLOC attribs and fix sloppy code 2012-04-23 00:35:17 +02:00
Daniel Roethlisberger
64cf874925 Header self-sufficience cleanup round 2012-04-23 00:33:33 +02:00
Daniel Roethlisberger
7aca81a7b7 Improve CA cert/key config code and docs
Make -c and -k functional twins by also loading DH params in -c and by
fixing certificate loading in -k.  Improve the documentation for both
switches and simplify the SYNOPSIS in sslsplit(1).
2012-04-22 22:59:00 +02:00
Daniel Roethlisberger
c5335afc3b Handle empty strings correctly in Base64 routines 2012-04-22 22:30:32 +02:00
Daniel Roethlisberger
3fd9084fe1 Quickly decide on GET URIs obviously not OCSP 2012-04-22 21:55:19 +02:00
Daniel Roethlisberger
ee98c04b29 Add generic OCSP denial 2012-04-22 19:12:38 +02:00