| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This also makes it available to clients that use libtls, including ftp(1)
and nc(1).
Note that this does not expose additional defines via public headers, which
means that any code conditioning on defines like TLS1_3_VERSION or
SSL_OP_NO_TLSv1_3 will not enable or use TLSv1.3. This approach is
necessary since too many pieces of software assume that if TLS1_3_VERSION
is available, other OpenSSL 1.1 API will also be available, which is not
necessarily the case.
ok beck@ tb@
|
| | |
|
| |
|
|
|
|
| |
been installed prior to building.
Requested by and ok tb@
|
| |
|
|
| |
ok tedu
|
| |
|
|
|
|
| |
reverts previous attempt which would have broken ports
ok jsing@
|
| |
|
|
| |
ok beck@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
| |
This will as yet not do anything, until we turn it on in the
lower level libraries.
ok jsing@
|
| |
|
|
| |
ok beck@
|
| |
|
|
| |
ok beck@ tb@
|
| |
|
|
|
|
|
|
| |
Finished message has been received, a change cipher spec may be received
and must be ignored. Add a flag to the record layer struct and set it at
the appropriate moments during the handshake so that we will ignore it.
ok jsing
|
| |
|
|
|
|
| |
peeks data before reading, compares to subsequent read.
ok jsing@
|
| |
|
|
|
|
|
| |
The legacy version field is capped at TLSv1.2, however it may be lower than
this if we are only choosing to use TLSv1.0 or TLSv1.1.
ok beck@ tb@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
|
|
| |
in the ClientHello where it may be set to TLS1_VERSION. Use
the minimal supported version to decide whether we choose to do
so or not. Use a sent hook to set it back TLS1_2_VERSION right
after the ClientHello message is on the wire.
ok beck jsing
|
| |
|
|
| |
Missed in an earlier commit.
|
| |
|
|
|
|
| |
We currently don't support sending a modified clienthello
ok jsing@ tb@
|
| |
|
|
| |
ok beck@ tb@
|
| |
|
|
| |
ok beck@ inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
| |
When falling back to the legacy TLS client, in the case where a server has
sent a TLS record that contains more than one handshake message, we also
need to stash the unprocessed record data for later processing. Otherwise
we end up with missing handshake data.
ok beck@ tb@
|
| |
|
|
| |
ok bcook@
|
| |
|
|
|
|
|
| |
This allows us to indicate that the cause of the failure is unknown, rather
than implying that it was an internal error when it was not.
ok beck@
|
| |
|
|
|
|
|
|
|
| |
SSL_{clear,free}(3). Make sure the handshake context is
cleaned up completely: the hs_tls13 reacharound is taken
care of by ssl3_{clear,free}(3). Add a missing
tls13_handshake_msg_free() call to tls13_ctx_free().
ok beck jsing
|
| |
|
|
|
|
|
| |
tls13 context, and emiting the alert at the upper layers when
the lower level code fails
ok jsing@, tb@
|
| |
|
|
| |
ok jsing@, inoguchi@, tb@
|
| |
|
|
|
|
|
| |
This is based on the libtls error handling code, but adds machine readable
codes and subcodes. We then map these codes back to libssl error codes.
ok beck@ inoguchi@
|
| | |
|
| |
|
|
|
|
|
| |
This makes tls_config_parse_protocols() recognise and handle "tlsv1.3".
If TLSv1.3 is enabled libtls will also request libssl to enable it.
ok beck@ tb@
|
| |
|
|
|
| |
ok bcook@
ok and "move it down two lines" jsing@
|
| |
|
|
|
| |
Use exit code 2 for setup failure and 1 for test fail. Unfortunately
this regress is still failing.
|
| | |
|
| |
|
|
|
| |
at the first non-option argument.
I had to read source code to figure it out.
|
| | |
|
| |
|
|
| |
printable error message when failing.
|
| | |
|
| |
|
|
| |
potential problems. Regress still failing on amd64.
|
| |
|
|
| |
ok jsing@ tb@
|
| |
|
|
|
| |
it is required by the RFC and some CAs require it (e.g. sectigo).
From daharmasterkor at gmail com, ok jca@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
|
|
| |
hash value on the nc(1) server command line, the netcat server must
use the TLS context of the accepted socket for verification. As
the listening socket was used instead, the verification was always
successful.
If the peer provides a certificate, there must be a hash. Make the
hash verification fail safe.
OK tb@
|
| |
|
|
|
|
|
| |
the file system as it has to connect to the UNIX domain client
socket. The path of the latter is determined dynamically. Instead
add a restrictive pledge(2) after connect(2).
OK tb@
|
| |
|
|
|
|
| |
path name of the socket. This avoids bad errors from getnameinfo(3).
Use the same error check for both calls to getnameinfo(3).
OK millert@ tb@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok jsing@ tb@
|
| |
|
|
|
|
|
|
| |
the new function SSL_CTX_get_extra_chain_certs_only(3) and changed
the semantics of the existing SSL_CTX_get_extra_chain_certs(3) API
from the former OpenSSL 1.0.1 behaviour to the new, incompatible
OpenSSL 1.0.2 behaviour. Adjust the documentation.
OK jsing@ beck@ inoguchi@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
In OpenSSL, SSL_CTX_get_extra_chain_certs() really means return extra
certs, unless there are none, in which case return the chain associated
with the certificate. If you really just want the extra certs, including
knowing if there are no extra certs, then you need to call
SSL_CTX_get_extra_chain_certs_only()! And to make this even more
entertaining, these functions are not documented in any OpenSSL release.
Reported by sephiroth-j on github, since the difference in behaviour
apparently breaks OCSP stapling with nginx.
ok beck@ inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
|
|
| |
OpenSSL decided to use their own names for two of the TLS 1.3 extensions,
rather than using the names given in the RFC. Provide aliases for these so
that code written to work with OpenSSL also works with LibreSSL (otherwise
everyone gets to provide their own workarounds).
Issue noted by d3x0r on github.
ok inoguchi@ tb@
|
| |
|
|
|
|
| |
From j@bitminer.ca with input from Andras Farkas, deraadt, joerg@netbsd
"fix however you feel best!" jmc
|
