| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | verify changes are major change | tedu | 2014-10-03 | 1 | -2/+2 |
| | | |||||
| * | Bump minor for ECHD auto and other recent changes. | jsing | 2014-10-03 | 1 | -1/+1 |
| | | |||||
| * | allow disabling hostname and cert verification separately. | tedu | 2014-10-03 | 4 | -11/+22 |
| | | | | | | | if you're careful, cert only verification can be useful. always enable both though, to avoid accidentally leaving one off. ok jsing | ||||
| * | Allow "auto" to be specified as an ECDH curve name and make this the | jsing | 2014-10-03 | 2 | -7/+13 |
| | | | | | | | default. This enables automatic handling of ephemeral EC keys. Discussed with reyk@ and tedu@ | ||||
| * | Move cipher configuration handling to the shared SSL configuration function | jsing | 2014-09-29 | 2 | -10/+13 |
| | | | | | so that applies to both the ressl client and server. | ||||
| * | Add an option that allows the enabled SSL protocols to be explicitly | jsing | 2014-09-29 | 6 | -9/+51 |
| | | | | | | | | | configured. Discussed with several. ok bcook@ | ||||
| * | When freeing the config, explicitly call ressl_config_clear_keys() rather | jsing | 2014-09-29 | 1 | -5/+6 |
| | | | | | | | than rerolling our own key clearing code. ok tedu@ | ||||
| * | Wrap long lines and add missing argument name. | jsing | 2014-09-28 | 1 | -4/+6 |
| | | |||||
| * | Provide a ressl config function that explicitly clears keys. | jsing | 2014-09-28 | 2 | -2/+10 |
| | | | | | | | | | | Now that ressl config takes copies of the keys passed to it, the keys need to be explicitly cleared. While this can be done by calling the appropriate functions with a NULL pointer, it is simpler and more obvious to call one function that does this for you. ok tedu@ | ||||
| * | Add a new API function SSL_CTX_use_certificate_chain() that allows to | reyk | 2014-09-28 | 1 | -16/+5 |
| | | | | | | | | | | | | read the PEM-encoded certificate chain from memory instead of a file. This idea is derived from an older implementation in relayd that was needed to use the function with a privep'ed process in a chroot. Now it is time to get it into LibreSSL to make the API more privsep- friendly and to make it available for other programs and the ressl library. ok jsing@ miod@ | ||||
| * | revamp the config interface to own memory. easier to use correctly without | tedu | 2014-09-28 | 3 | -49/+99 |
| | | | | | | | caller worrying about leaks or lifetimes. after feedback from jsing | ||||
| * | Add the API function ressl_config_set_ecdhcurve(config, name) to set a | reyk | 2014-08-27 | 4 | -9/+29 |
| | | | | | | | non-standard ECDH curve by name or to disable it by passing NULL. OK jsing@ | ||||
| * | use void * instead of char *. ok jsing | tedu | 2014-08-15 | 2 | -6/+6 |
| | | |||||
| * | Add support for loading the public/private key from memory, rather than | jsing | 2014-08-06 | 4 | -13/+97 |
| | | | | | directly from file. | ||||
| * | Add $OpenBSD$ tags. | jsing | 2014-08-05 | 8 | -0/+8 |
| | | |||||
| * | Implement ressl_accept_socket, which allocates a new server connection | jsing | 2014-08-04 | 2 | -4/+45 |
| | | | | | | context (if necessary) and handles the TLS/SSL handshake over the given socket. | ||||
| * | Return -1 on error (not 1). | jsing | 2014-08-04 | 1 | -3/+3 |
| | | |||||
| * | A ressl server needs different configuration from a ressl client - provide | jsing | 2014-08-04 | 3 | -0/+41 |
| | | | | | | a specific server configuration function and call this from ressl_configure. | ||||
| * | Provide a function that returns a server connection context. | jsing | 2014-08-04 | 2 | -0/+15 |
| | | |||||
| * | Provide a utility function for loading a private/public keypair. | jsing | 2014-08-04 | 2 | -0/+21 |
| | | |||||
| * | Improve ressl_{read,write} handling of non-blocking reads/writes. | jsing | 2014-08-04 | 2 | -16/+31 |
| | | |||||
| * | Free the SSL context first and let the reference counting do its thing. | jsing | 2014-08-04 | 1 | -5/+2 |
| | | |||||
| * | X509_NAME_get_text_by_NID() returns -1 on error so the type | jsg | 2014-08-03 | 1 | -1/+1 |
| | | | | | | | the return value is stored in must be signed. Fixes a test for error. ok jsing@ guenther@ | ||||
| * | Add configuration handling for certificate and key files. | jsing | 2014-07-13 | 3 | -7/+22 |
| | | |||||
| * | Add stubs for the proposed server API. | jsing | 2014-07-13 | 3 | -1/+72 |
| | | |||||
| * | Tabs, not spaces. | jsing | 2014-07-13 | 3 | -22/+22 |
| | | |||||
| * | Rename the context allocation from ressl_new to ressl_client, which makes | jsing | 2014-07-13 | 3 | -1/+30 |
| | | | | | | it completely obvious what the context is for. Ensure client functions are used on client contexts. | ||||
| * | Split the context allocation out from the configuration. This will allow | jsing | 2014-07-13 | 2 | -5/+14 |
| | | | | | | | us to properly report errors that occur during configuration processing. Discussed with tedu@ | ||||
| * | Move the client code into a separate file. | jsing | 2014-07-13 | 3 | -161/+185 |
| | | |||||
| * | Rename various configuration handling functions. | jsing | 2014-07-13 | 2 | -13/+14 |
| | | | | | Requested by and discussed with tedu@. | ||||
| * | Use a single ressl.h header file. | jsing | 2014-07-13 | 5 | -45/+18 |
| | | | | | Discussed with beck@ and tedu@. | ||||
| * | Initial version of libressl - a library that provides a clean, simple, | jsing | 2014-07-12 | 9 | -0/+847 |
| consistent and secure-by-default API for SSL clients (and soon servers). This is a long way from complete and the interface will likely change substantially - committing now so that further work can happen in the tree. Initiated by tedu@ and inspired by discussions with tedu@, beck@ and other developers. | |||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |