summaryrefslogtreecommitdiff
path: root/src/lib/libtls/Makefile (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Add tls_peer_cert_notbefore and tls_peer_cert_notafter to expose peer ↵beck2015-10-071-1/+3
| | | | | | | certificate validity times for tls connections. ok jsing@
* Provide tls_config_insecure_noverifytime() in order to be able to disablejsing2015-09-141-1/+2
| | | | | | certificate validity checking. ok beck@
* some conn_version and conn_cipher bits;jmc2015-09-141-1/+3
|
* Move connection info into it's own private structure allocated and filled inbeck2015-09-121-1/+2
| | | | | | at handshake time. change accessors to return const char * to remove need for caller to free memory. ok jsing@
* typoderaadt2015-09-111-2/+2
|
* document tls_get_peer_subject, tls_get_peer_issuer, and tls_get_peer_hashbeck2015-09-111-1/+4
| | | | ok jsing@
* add tls_peer functions for checking names and issuers of peer certificates.beck2015-09-111-1/+3
| | | | ok jsing@
* Provide tls_peer_cert_hash() which returns a hash of the raw certificatejsing2015-09-111-1/+2
| | | | | | | | | | | | | that was presented by the peer. The hash used is currently SHA256, however since we prefix the result with the hash name, we can change this in the future as the need arises. The same output can be generated by using: h=$(openssl x509 -outform der -in mycert.crt | sha256) printf "SHA256:${h}\n" ok beck@
* sort MLINKS into the same order as the man page;jmc2015-09-111-4/+4
|
* document client side certificate verification functionality.beck2015-09-101-1/+3
| | | | ok jsing@
* mlink tls_handshake;jmc2015-09-101-1/+2
|
* add MLINKS for _prefer_ciphers_*jmc2015-09-101-1/+3
|
* Link ssl and crypto via BSDOBJDIR, works with native and cross buildstobiasu2015-06-051-3/+3
| | | | ok mpi@
* Record inter-library dependencies between libcrypto, libssl and libtlskettenis2015-05-171-1/+4
|
* Provide a tls_accept_fds() function, which allows a TLS connection to bejsing2015-03-311-1/+2
| | | | | | accepted via an existing pair of file descriptors. Based on a diff from Jan Klemkow.
* Rename tls_config_insecure_noverifyhost() tojsing2015-02-221-2/+2
| | | | | | | tls_config_insecure_noverifyname(), so that it is more accurate and keeps inline with the distinction between DNS hostname and server name. Requested by tedu@ during s2k15.
* Document tls_config_parse_protocols() and update documentation forjsing2015-02-151-1/+2
| | | | tls_config_set_protocols().
* Provide a tls_connect_servername() function that has the same behaviourjsing2015-02-111-1/+3
| | | | | | | | | as tls_connect(), however allows the name to use for verification to be explicitly provided, rather than being inferred from the host value. Requested by reyk@ ok reyk@ tedu@
* Add manpage bits for tls_load_file() and tls_accept_socket().reyk2015-02-071-1/+3
| | | | | | | | The tls_accept_socket() has been previously removed because the API is not fixed yet; but it is also already used by httpd(8) and spamd(8) so it is time to add it again and eventually change it later. OK tedu@
* Add tls_config_set_dheparams() to allow specification of the parameters tojsing2015-02-071-2/+3
| | | | | | | | | use for DHE. This enables the use of DHE cipher suites. Rename tls_config_set_ecdhcurve() to tls_config_set_ecdhecurve() since it is only used to specify the curve for ephemeral ECDH. Discussed with reyk@
* Add MLINK for tls_config_set_ca_mem()reyk2015-01-221-1/+2
|
* Rename libressl to libtls to avoid confusion and to make it easier tojsing2014-10-311-0/+58
distinguish between LibreSSL (the project) and libressl (the library). Discussed with many.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-29 20:37:46 +0000