summaryrefslogtreecommitdiff
path: root/src/lib/libressl (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Rename libressl to libtls to avoid confusion and to make it easier tojsing2014-10-3111-1704/+0
| | | | | | distinguish between LibreSSL (the project) and libressl (the library). Discussed with many.
* use .fn here too. from Jean-Philippe Ouellettedu2014-10-161-3/+3
|
* Fuck it. No SSLv3; not now, not ever. The API of the future will onlytedu2014-10-153-8/+4
| | | | | | | support the protocols of the future. (Perhaps a bit late in burning this bridge entirely, but there's no time like the present, esp. with other players now leaning against back compat.)
* basic formatting fixes;jmc2014-10-151-4/+3
|
* Clear protocol options before optionally setting them.jsing2014-10-151-1/+6
|
* Set SSL_OP_SINGLE_ECDH_USE before calling SSL_CTX_set_tmp_ecdh() - thisjsing2014-10-151-2/+2
| | | | avoids generating an EC key pair that will never be used.
* seems like a good time to make the ressl default TLSv1 only.tedu2014-10-142-6/+5
| | | | ok guenther
* add an API version number. ok jsingtedu2014-10-091-1/+3
|
* historytedu2014-10-081-4/+10
|
* use preferred license form. can't trust that doug guy with anything...tedu2014-10-081-20/+11
|
* mlinks, and prune some functions from man page i'm not ready for yet.tedu2014-10-082-14/+33
|
* more bettertedu2014-10-081-3/+6
|
* reluctantly rename man page after a functiontedu2014-10-081-1/+1
|
* whack a few stray .Pp macrosschwarze2014-10-081-4/+1
|
* add a few more functions.tedu2014-10-081-5/+17
| | | | | (I also forgot to credit doug for much of the initial markup in the previous commit.)
* rough sketch of ressl documentationtedu2014-10-081-0/+318
|
* When verifying whether an IP address is in the commonName of ajca2014-10-061-1/+15
| | | | | | certificate, do not perform wildcard matching. Suggested by Richard Moore (rich@kde) ok tedu@
* If we have to match against a wildcard in a cert, verify that it containsjca2014-10-061-3/+23
| | | | | | at least a domain label before the tld, as in *.example.org. Suggested by Richard Moore (rich@kde) ok tedu@
* verify changes are major changetedu2014-10-031-2/+2
|
* Bump minor for ECHD auto and other recent changes.jsing2014-10-031-1/+1
|
* allow disabling hostname and cert verification separately.tedu2014-10-034-11/+22
| | | | | | if you're careful, cert only verification can be useful. always enable both though, to avoid accidentally leaving one off. ok jsing
* Allow "auto" to be specified as an ECDH curve name and make this thejsing2014-10-032-7/+13
| | | | | | default. This enables automatic handling of ephemeral EC keys. Discussed with reyk@ and tedu@
* Move cipher configuration handling to the shared SSL configuration functionjsing2014-09-292-10/+13
| | | | so that applies to both the ressl client and server.
* Add an option that allows the enabled SSL protocols to be explicitlyjsing2014-09-296-9/+51
| | | | | | | | configured. Discussed with several. ok bcook@
* When freeing the config, explicitly call ressl_config_clear_keys() ratherjsing2014-09-291-5/+6
| | | | | | than rerolling our own key clearing code. ok tedu@
* Wrap long lines and add missing argument name.jsing2014-09-281-4/+6
|
* Provide a ressl config function that explicitly clears keys.jsing2014-09-282-2/+10
| | | | | | | | | Now that ressl config takes copies of the keys passed to it, the keys need to be explicitly cleared. While this can be done by calling the appropriate functions with a NULL pointer, it is simpler and more obvious to call one function that does this for you. ok tedu@
* Add a new API function SSL_CTX_use_certificate_chain() that allows toreyk2014-09-281-16/+5
| | | | | | | | | | | read the PEM-encoded certificate chain from memory instead of a file. This idea is derived from an older implementation in relayd that was needed to use the function with a privep'ed process in a chroot. Now it is time to get it into LibreSSL to make the API more privsep- friendly and to make it available for other programs and the ressl library. ok jsing@ miod@
* revamp the config interface to own memory. easier to use correctly withouttedu2014-09-283-49/+99
| | | | | | caller worrying about leaks or lifetimes. after feedback from jsing
* Add the API function ressl_config_set_ecdhcurve(config, name) to set areyk2014-08-274-9/+29
| | | | | | non-standard ECDH curve by name or to disable it by passing NULL. OK jsing@
* use void * instead of char *. ok jsingtedu2014-08-152-6/+6
|
* Add support for loading the public/private key from memory, rather thanjsing2014-08-064-13/+97
| | | | directly from file.
* Add $OpenBSD$ tags.jsing2014-08-058-0/+8
|
* Implement ressl_accept_socket, which allocates a new server connectionjsing2014-08-042-4/+45
| | | | | context (if necessary) and handles the TLS/SSL handshake over the given socket.
* Return -1 on error (not 1).jsing2014-08-041-3/+3
|
* A ressl server needs different configuration from a ressl client - providejsing2014-08-043-0/+41
| | | | | a specific server configuration function and call this from ressl_configure.
* Provide a function that returns a server connection context.jsing2014-08-042-0/+15
|
* Provide a utility function for loading a private/public keypair.jsing2014-08-042-0/+21
|
* Improve ressl_{read,write} handling of non-blocking reads/writes.jsing2014-08-042-16/+31
|
* Free the SSL context first and let the reference counting do its thing.jsing2014-08-041-5/+2
|
* X509_NAME_get_text_by_NID() returns -1 on error so the typejsg2014-08-031-1/+1
| | | | | | the return value is stored in must be signed. Fixes a test for error. ok jsing@ guenther@
* Add configuration handling for certificate and key files.jsing2014-07-133-7/+22
|
* Add stubs for the proposed server API.jsing2014-07-133-1/+72
|
* Tabs, not spaces.jsing2014-07-133-22/+22
|
* Rename the context allocation from ressl_new to ressl_client, which makesjsing2014-07-133-1/+30
| | | | | it completely obvious what the context is for. Ensure client functions are used on client contexts.
* Split the context allocation out from the configuration. This will allowjsing2014-07-132-5/+14
| | | | | | us to properly report errors that occur during configuration processing. Discussed with tedu@
* Move the client code into a separate file.jsing2014-07-133-161/+185
|
* Rename various configuration handling functions.jsing2014-07-132-13/+14
| | | | Requested by and discussed with tedu@.
* Use a single ressl.h header file.jsing2014-07-135-45/+18
| | | | Discussed with beck@ and tedu@.
* Initial version of libressl - a library that provides a clean, simple,jsing2014-07-129-0/+847
consistent and secure-by-default API for SSL clients (and soon servers). This is a long way from complete and the interface will likely change substantially - committing now so that further work can happen in the tree. Initiated by tedu@ and inspired by discussions with tedu@, beck@ and other developers.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-19 21:07:15 +0000