WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
23,848 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

122 Commits (b4e8e57b59cddab0e8fc4106449f2948a049f1c6)

Author SHA1 Message Date
jordan b4e8e57b59 spelling: tiny cleanup. 2024-11-07 07:40:02 -06:00
Andras Fekete b8253ac4c5 Final set of spelling fixes 2024-11-01 12:59:01 -04:00
Anthony Hu 0de974c3a7 Quick fixup in API doc for wolfSSL_is_init_finished() 2024-06-05 16:40:06 -04:00
Eric Blankenhorn 314afc9e10 Fix doc for wolfSSL_CTX_EnableOCSP 2024-05-21 16:12:23 -05:00
Juliusz Sosinowicz 09de233fc0 Add dox for new API 2024-02-20 14:42:58 +01:00
Marco Oliverio c8f3a8f14b
fix: negotiate handshake until the end in wolfSSL_read/wolfSSL_write (#7237) 
* tls: negotiate until hs is complete in wolfSSL_read/wolfSSL_write

Don't rely on ssl->options.handShakeSate == HANDSHAKE_DONE to check if
negotiation is needed. wolfSSL_Connect() or wolfSSL_Accept() job may not yet be
completed and/or some messages may be waiting in the buffer because of
non-blocking I/O.

* tests: test case for handshake with wolfSSL_read()/wolfSSL_write()

* doc: clarify wolfSSL_write()

* internal.c: rename: need_negotiate -> ssl_in_handshake
 2024-02-15 13:48:19 -08:00
Marco Oliverio 7b0fefbceb doc: update new wolfSSL_read_early_data() behavior 2024-02-12 17:20:15 +01:00
David Garske 1c4d7285d3 Add documentation for HKDF functions. Improve param comments for devId. 2023-12-27 13:56:40 -08:00
Juliusz Sosinowicz fbe79d7317 Code review 2023-12-07 11:13:16 +01:00
Juliusz Sosinowicz 3edfcfe162 Jenkins fixes 2023-11-29 23:17:10 +01:00
Juliusz Sosinowicz 9337cfbb16 Add wolfSSL_get_sigalg_info 2023-11-29 23:04:19 +01:00
Juliusz Sosinowicz 7c2344c389 Add API to get information about ciphersuites 2023-11-29 23:04:19 +01:00
Brett 0244c2a254 Add support for new Apple trust APIs with WOLFSSL_SYS_CA_CERTS 2023-10-16 14:37:21 -06:00
Dimitri Papadopoulos f7d7006e87
More typos found by codespell 2023-09-22 11:38:24 +02:00
JacobBarthelmeh 6e9c73eb12 fix parameter typo in dox documentation 2023-09-06 15:38:49 -07:00
Hideki Miyazaki 827287000c
Merge pull request #6720 from TakayukiMatsuo/jp6506 
Apdate Japanese API comments to match them in PR6506
 2023-08-23 09:48:05 +09:00
TakayukiMatsuo 174f0b2ebc Apdate Japanese API comments to match them in PR6506 2023-08-20 15:25:33 +09:00
TakayukiMatsuo 3a5739a8fa Add support for raw-public-key 2023-08-11 11:29:15 +09:00
JacobBarthelmeh 1285ae7816
Merge pull request #6506 from DimitriPapadopoulos/codespell 
Fix typos found by codespell
 2023-07-24 10:34:29 -06:00
dell5060 56a34b0be2 Updated Documentation to Include support OS-dependant CA certfications stores it supports for the api: wolfSSL_CTX_load_system_CA_certs 2023-07-17 13:06:29 -06:00
Dimitri Papadopoulos 50752f5a2b
Fix typos found by codespell 2023-07-04 07:21:27 +02:00
Eric Blankenhorn 494febb3fb Documentation for wolfSSL_CertManagerFreeCRL 2023-05-16 09:44:00 -05:00
Anthony Hu 3e58e47856 Documentation fixup for wolfSSL_get_chain_cert(); 2023-04-05 15:12:43 -04:00
Juliusz Sosinowicz 027c8ed926 Add missing semicolon 2023-04-04 16:59:28 +02:00
Stefan Eissing 9726d1f6eb Allowing use of SSL/CTX_set_max_early_data() for client side. 
- updating english doc and test cases
 2022-10-18 10:40:18 +02:00
Hayden Roche b50a786cb2 Add support for wolfSSL_CTX_load_system_CA_certs on Windows and Mac. 
Additionally, fix CMake build to add WOLFSSL_X86_64_BUILD when building for
x86_64.
 2022-10-06 17:12:21 -07:00
Hayden Roche 8cae05348c Add a function to load system CA certs into a WOLFSSL_CTX. 
This new function, wolfSSL_CTX_load_system_CA_certs, currently only supports
Linux-based OS's. It searches through conventional CA directories and once it
finds one, attempts to load CA certs from it. After the first directory is
found, we don't check the others.

This commit also adds a function wolfSSL_get_system_CA_dirs, which returns a
pointer to an array of directories where wolfSSL_CTX_load_system_CA_certs will
look for CA certs. This is used in a unit test, where we only want to expect
success if one of these directories actually exists on the test system.

Finally, this commit adds support for SSL_CTX_set_default_verify_paths to the
compatibility layer. It doesn't model the exact behavior of its OpenSSL
counterpart; it's mostly a wrapper around wolfSSL_CTX_load_system_CA_certs,
manipulating the return value of that function to conform to OpenSSL's
conventions.
 2022-09-28 08:50:46 -07:00
Marco Oliverio edd723cc84 ssl: add new wolfSSL_disable_hrr_cookie() API to disable hrr cookie 
Add a way to disable hrr cookie so it can be enabled by default for DTLS
connections.
 2022-09-01 09:37:34 +02:00
Marco Oliverio cfbd061625 add initial support for ConnectionID DTLS extension 2022-08-23 16:58:24 +02:00
Juliusz Sosinowicz 8b2fcd0643 Add documentation explaining get_ex_new_index API limitations 2022-08-22 12:16:51 +02:00
Stefan Eissing 4431438fb2 add QUIC support. 2022-08-08 13:24:00 +02:00
David Garske c5e7ccca2c
Merge pull request #5380 from danielinux/typo-doc 
Fixed typo in dox_comments
 2022-07-21 11:52:56 -07:00
Daniele Lacamera a18b1939ac Fixed typo in dox_comments 2022-07-21 10:19:51 +02:00
David Garske b2d1bf96ed
Merge pull request #5276 from rizlik/dtls13_client_downgrade 
Dtls: improve version negotiation
 2022-07-06 11:57:53 -07:00
Marco Oliverio 3abffc3a3c doc: add documentation for wolfDTLS[v1_3]_*_method() 2022-07-06 16:18:44 +02:00
Juliusz Sosinowicz 9dc2c27e3d Expand wolfDTLS_SetChGoodCb() docs 2022-07-04 14:31:24 +02:00
David Garske 00391a5ace Rename callback to `wolfDTLS_SetChGoodCb` and add doxygen for it. Clarify `DTLS_CTX.connected`. Fix build errors for `./configure --enable-dtls --enable-dtls13 --disable-examples CFLAGS="-DNO_WOLFSSL_SERVER"`. 2022-07-04 11:08:39 +02:00
Juliusz Sosinowicz e605cfeccb Add docs for new features 2022-07-04 11:08:39 +02:00
Marco Oliverio ca05ad2dc0 dtls13: introduce wolfSSL_dtls_13_has_pending_msg() API 2022-06-15 10:46:43 -07:00
Marco Oliverio d1924928c0 dtls13: support retransmission 
Introduce ACK and retransmission logic, encapsulated in a Dtls13RtxFsm
object. The retransmission or the sending of an ACK is scheduled by setting the
appropriate flag inside the Dtls13RtxFSM object but the actual writing on the
socket is deferred and done in wolfSSL_Accept/Connect.

* Retransmission

Each sent message is encapsulated in a Dtl13RtxRecord and saved on a list. If we
receive an ACK for at record, we remove it from the list so it will be not
retransmitted further, then we will retransmit the remaining
ones. Retransmission is throttled: beside link congestion, this also avoid too
many sequence numbers bounded with a record.

* ACK

For each received record we save the record sequence number, so we can send an
ACK if needed. We send an ACK either if explicitly needed by the flight or if we
detect a disruption.

Co-authored-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
 2022-06-15 10:46:43 -07:00
David Garske afc63a3bfa
Merge pull request #5199 from embhorn/zd12999 
Add doc for wolfSSL_dtls_retransmit
 2022-06-10 10:57:17 -07:00
Eric Blankenhorn 2543970419 Add doc for wolfSSL_dtls_retransmit 2022-06-01 12:03:36 -05:00
Sean Parkinson be743b2204 TLS 1.3: send ticket 
Can send a new session ticket any time after handshake is complete with
TLS v1.3.
Added API for server application to do this.
Added tests.
 2022-06-01 10:36:01 +10:00
Eric Blankenhorn ab6dc8d669 Add ability to set ECC Sign userCTX using WOLFSSL_CTX 2022-04-11 08:41:27 -05:00
Andrew Hutchings 5ea9d11295 Minor documentation cleanup 
Fixes two things across all the Doxygen:

1. Remove WOLFSSL_API from each definition
2. Add missing parameter names from functions
 2022-04-06 16:17:36 +01:00
Eric Blankenhorn ea38e1aab5 Add wolfSSL_CTX_SetCertCbCtx to set user context for CB 2022-03-30 12:27:11 -05:00
Juliusz Sosinowicz 1fd090d094 Update `wolfSSL_get_session` docs 
Recommend using `wolfSSL_get1_session` and `NO_SESSION_CACHE_REF` for session resumption purposes. `wolfSSL_get_session` should not be used unless to inspect the current session object.
 2022-03-17 12:56:28 +01:00
Juliusz Sosinowicz 91b08fb691 Allocate `ssl->session` separately on the heap 
- Refactor session cache access into `AddSessionToCache` and `wolfSSL_GetSessionFromCache`
 2022-02-23 09:47:34 +01:00
Juliusz Sosinowicz 4f8ffc4586 wolfSSL_get_error may return SSL_ERROR_NONE on ret <= 0 
Fix docs mismatch reported in https://github.com/wolfSSL/wolfssl/issues/4854
 2022-02-11 12:37:12 +01:00
Anthony Hu b957a6e872 Purge Rabbit cipher 2022-01-28 13:13:53 -05:00