kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
39ebf53dd3
boringssl/ssl
History
David Benjamin 39ebf53dd3 Check the server did not use a TLS 1.2 cipher suite pre-TLS 1.2. 
This check got refactored in OpenSSL 1.0.2 and broke in the process. Fix this
and add a test. Otherwise things like client auth can get slightly confused; it
will try to sign the MD5/SHA-1 hash, but the TLS 1.2 cipher suite may not use
SSL_HANDSHAKE_MAC_DEFAULT, so those digests won't be available.

Based on upstream's 226751ae4a1f3e00021c43399d7bb51a99c22c17.

Change-Id: I5b864d3a696f3187b849c53b872c24fb7df27924
Reviewed-on: https://boringssl-review.googlesource.com/1696
Reviewed-by: Adam Langley <agl@google.com>
2014-09-02 23:41:34 +00:00
..
pqueue Add tests for pqueue 2014-09-02 20:09:23 +00:00
test Check the server did not use a TLS 1.2 cipher suite pre-TLS 1.2. 2014-09-02 23:41:34 +00:00
CMakeLists.txt Add visibility rules. 2014-07-31 22:03:11 +00:00
d1_both.c Fix minor issues found by Clang's analysis. 2014-09-02 22:39:41 +00:00
d1_clnt.c Client-side OCSP stapling support. 2014-08-29 00:39:33 +00:00
d1_enc.c Remove crypto/comp and SSL_COMP support code. 2014-06-24 17:22:06 +00:00
d1_lib.c Remove SSL_OP_CISCO_ANYCONNECT. 2014-08-18 17:57:01 +00:00
d1_meth.c Inital import. 2014-06-20 13:17:32 -07:00
d1_pkt.c Remove SSL_OP_CISCO_ANYCONNECT. 2014-08-18 17:57:01 +00:00
d1_srtp.c Fix the return values for most of SRTP. 2014-09-02 23:41:22 +00:00
d1_srvr.c Client-side OCSP stapling support. 2014-08-29 00:39:33 +00:00
s3_both.c unifdef a bunch of OPENSSL_NO_* ifdefs. 2014-08-28 00:41:34 +00:00
s3_cbc.c Remove remnants of EVP_CIPHER-based AES_GCM cipher. 2014-09-02 22:42:26 +00:00
s3_clnt.c Check the server did not use a TLS 1.2 cipher suite pre-TLS 1.2. 2014-09-02 23:41:34 +00:00
s3_enc.c unifdef a bunch of OPENSSL_NO_* ifdefs. 2014-08-28 00:41:34 +00:00
s3_lib.c Client-side OCSP stapling support. 2014-08-29 00:39:33 +00:00
s3_meth.c Inital import. 2014-06-20 13:17:32 -07:00
s3_pkt.c Remove remnants of EVP_CIPHER-based AES_GCM cipher. 2014-09-02 22:42:26 +00:00
s3_srvr.c Client-side OCSP stapling support. 2014-08-29 00:39:33 +00:00
s23_clnt.c unifdef a bunch of OPENSSL_NO_* ifdefs. 2014-08-28 00:41:34 +00:00
s23_lib.c Remove default_timeout hook. 2014-08-18 17:25:20 +00:00
s23_meth.c unifdef a bunch of OPENSSL_NO_* ifdefs. 2014-08-28 00:41:34 +00:00
s23_pkt.c Inital import. 2014-06-20 13:17:32 -07:00
s23_srvr.c Remove Suite B mode. 2014-08-14 22:00:16 +00:00
ssl_algs.c Inital import. 2014-06-20 13:17:32 -07:00
ssl_asn1.c Client-side OCSP stapling support. 2014-08-29 00:39:33 +00:00
ssl_cert.c unifdef a bunch of OPENSSL_NO_* ifdefs. 2014-08-28 00:41:34 +00:00
ssl_ciph.c Remove remnants of EVP_CIPHER-based AES_GCM cipher. 2014-09-02 22:42:26 +00:00
ssl_error.c Refactor server-side CertificateVerify handling. 2014-08-27 01:55:27 +00:00
ssl_lib.c Fix minor issues found by Clang's analysis. 2014-09-02 22:39:41 +00:00
ssl_locl.h Client-side OCSP stapling support. 2014-08-29 00:39:33 +00:00
ssl_rsa.c Prune removed key types from SSL_PKEY_*. 2014-08-20 02:15:32 +00:00
ssl_sess.c Client-side OCSP stapling support. 2014-08-29 00:39:33 +00:00
ssl_stat.c unifdef a bunch of OPENSSL_NO_* ifdefs. 2014-08-28 00:41:34 +00:00
ssl_test.c Convert all zero-argument functions to '(void)' 2014-08-21 01:06:07 +00:00
ssl_txt.c Remove SSL_OP_CISCO_ANYCONNECT. 2014-08-18 17:57:01 +00:00
t1_clnt.c Inital import. 2014-06-20 13:17:32 -07:00
t1_enc.c Remove remnants of EVP_CIPHER-based AES_GCM cipher. 2014-09-02 22:42:26 +00:00
t1_lib.c Fix the return values for most of SRTP. 2014-09-02 23:41:22 +00:00
t1_meth.c Inital import. 2014-06-20 13:17:32 -07:00
t1_reneg.c Port ssl3_get_client_hello to CBS. 2014-07-15 18:30:09 +00:00
t1_srvr.c Inital import. 2014-06-20 13:17:32 -07:00