Permalink
Switch branches/tags
Commits on Dec 12, 2011
  1. Check OpenSSL library version at runtime

    Jamie Turner committed Dec 12, 2011
    This patch checks OpenSSL library version on stud startup
    and warns if stud was started on system with different
    library version.
    
    Conflicts:
    
    	stud.c
  2. Merge pull request #61 from vincentbernat/feature/ecdhe

    Jamie Turner committed Dec 12, 2011
    Add support for ECDHE cipher suites.
  3. Merge remote-tracking branch 'EmericBr/UpdateSHP'

    Jamie Turner committed Dec 12, 2011
    Conflicts:
    	stud.c
  4. Merge pull request #59 from EmericBr/FIXcoreonhugcache

    Jamie Turner committed Dec 12, 2011
    Fix segfault due to huge cache.
  5. Merge pull request #55 from EmericBr/FIXmemlk

    Jamie Turner committed Dec 12, 2011
    Fix memory leak using shared cache:
  6. Merge pull request #56 from AlekSi/master

    Jamie Turner committed Dec 12, 2011
    Fix TCP keepalive support: build on Mac OS X, cli flag parsing.
  7. Merge pull request #62 from jameslittle/master

    Jamie Turner committed Dec 12, 2011
    Build fails with new Makefile on Ubuntu 11.10
  8. Merge pull request #53 from blovett/master

    Jamie Turner committed Dec 12, 2011
    allow 'make install' to complete. doc directory doesn't exist.
Commits on Dec 5, 2011
Commits on Nov 30, 2011
  1. Add support for ECDHE cipher suites.

    vincentbernat committed Nov 30, 2011
    The elliptic curve to use is hard coded to NIST P-256. Most users
    won't care about this and therefore, this is not made configurable. If
    someone cares, he will submit a patch to make this configurable.
Commits on Nov 29, 2011
  1. Fix segfault dur to huge cache.

    Emeric committed Nov 29, 2011
Commits on Nov 14, 2011
  1. Fix cli flag parsing.

    AlekSi committed Nov 14, 2011
  2. Fix compilation on Mac OS X 10.6.

    AlekSi committed Nov 14, 2011
Commits on Nov 8, 2011
  1. Add multicast support for cache updates exchange

    emeric committed with Emeric Oct 29, 2011
  2. Send and receive cache updates to/from remotes hosts on udp.

    emeric committed with Emeric Oct 29, 2011
  3. Shared cache: add callback and function to receive/send cache updates

    emeric committed with Emeric Oct 29, 2011
    from/to a remote host
    Note: Send call back provide encoded session into an aligned buffer
          large enougth to add a footer and send it directly to a peer
          using a sendto
  4. Fix memory leak using shared cache:

    Emeric committed Nov 8, 2011
    Openssl online documentation is not up to date:
    "The new_session_cb() is called," ... "If the callback returns 0, the session will be immediately removed again."
    
    Checking source code and archive doc:
    "Return 1 if a 'copy' is required, otherwise, return 0.  This return value just causes the reference count to be incremented (on return of a 1), this means the application does not need to worry about incrementing the refernece count (and the locking that implies in a multi-threaded application)."
  5. there is no doc/ directory.

    blovett committed Nov 8, 2011
Commits on Nov 2, 2011
  1. Merge pull request #48 from EmericBr/b21242a3

    Jamie Turner committed Nov 2, 2011
    Some shctx optimz
  2. Merge pull request #47 from vincentbernat/feature/disablereneg

    Jamie Turner committed Nov 2, 2011
    Disable SSL renegotiation to fix CVE-2009-3555.
  3. Merge pull request #43 from dpaneda/master

    Jamie Turner committed Nov 2, 2011
    Patch to set SO_KEEPALIVE on client socket
Commits on Oct 29, 2011
  1. Compute openssl internal size from external cache size

    emeric committed Oct 29, 2011
    intsize = 123+extsize/8
    
    Bench results: perf don't decrease and less ram usage.
  2. Shared cache optimizations:

    emeric committed Oct 29, 2011
    Review code to do ASN1 stuff outside memory locks (increase performances arround 3%)
    Review algo to reuse the oldest deleted node or the less active one if none deleted
    Do not delete nodes from tree but only from active list.
    Review macros and add comments.
Commits on Oct 28, 2011
  1. Disable SSL renegotiation to fix CVE-2009-3555.

    vincentbernat committed Oct 28, 2011
    If OpenSSL is too old, it does not properly associate renegotiation
    handshakes with an existing connection, which allows man-in-the-middle
    attackers to insert data into HTTPS sessions, and possibly other types
    of sessions protected by TLS or SSL, by sending an unauthenticated
    request that is processed retroactively by a server in a
    post-renegotiation context, related to a "plaintext injection" attack,
    aka the "Project Mogul" issue.
    
    If OpenSSL is recent enough, it will use SSL secure renegotiation
    instead (RFC 5746). However, this feature allows an attacker to
    trigger easily a lot of handshake which would allow to DoS the server.
    
    At least, there seems to be no easy way to tell if OpenSSL is
    vulnerable to CVE-2009-3555 and therefore, in doubt, it may be better
    to disable renegotiation.
Commits on Oct 20, 2011
  1. Setting SO_KEEPALIVE on client socket and adding option to customize …

    dpaneda committed Oct 20, 2011
    …keepalive timer via TCP_KEEPIDLE setsockopt
Commits on Oct 13, 2011
  1. added https note

    Jamie Turner committed Oct 13, 2011
  2. Set TCP_NODELAY on backend socket.

    Jamie Turner committed Oct 13, 2011
Commits on Oct 12, 2011
  1. Merge remote-tracking branch 'vincentbernat/feature/engine'

    Jamie Turner committed Oct 12, 2011
    Conflicts:
    	stud.c
  2. Merge pull request #28 from vincentbernat/feature/man

    Jamie Turner committed Oct 12, 2011
    Manual page for stud
  3. Merge pull request #40 from Neopallium/master

    Jamie Turner committed Oct 12, 2011
    Fix crash from un-initialized ev_io struct.
  4. formatting (4 spaces)

    Jamie Turner committed Oct 12, 2011
  5. formatting (4 spaces)

    Jamie Turner committed Oct 12, 2011
  6. Merge remote-tracking branch 'gyepisam/master'

    Jamie Turner committed Oct 12, 2011
    Conflicts:
    	Makefile
    	stud.c