summaryrefslogtreecommitdiff
path: root/src/lib/libtls/Makefile (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Use -Wshadow with clangtb2023-05-051-2/+2
| | | | ok jsing (a very long time ago)
* Introduce a signer interface intented to make TLS privsep simplereric2022-01-251-1/+2
| | | | | | | | | | | | | | | | to implement. Add a tls_config_set_sign_cb() function that allows to register a callback for the signing operation on a tls_config. When used, the context installs fake pivate keys internally, and the callback receives the hash of the public key. Add a tls_signer_*() set of functions to manage tls_signer objects. A tls_signer is an opaque structure on which keys are added. It is used to compute signatures with private keys identified by their associated public key hash. Discussed with and ok jsing@ tb@
* The check_includes step is incorrect dependency management model forderaadt2020-06-091-11/+1
| | | | | | how our tree gets built. If this was done in all the libraries (imagine sys/dev), it would disrupt the development process hugely. So it should not be done here either. use 'make includes' by hand instead.
* Correct includes check for libtls.jsing2020-01-221-2/+2
|
* Add checks to ensure that lib{crypto,ssl,tls} public headers have actuallyjsing2020-01-221-1/+11
| | | | | | been installed prior to building. Requested by and ok tb@
* Split keypair handling out into its own file - it had already appearedjsing2018-02-081-1/+2
| | | | | | in multiple locations. ok beck@
* Switch to -Werror with clang for libressl.doug2017-08-131-2/+2
| | | | | Discussed with beck@ and jsing@ ok beck@
* Only enable -Werror on libcrypto/libssl/libtls if we are building withjsing2017-04-301-2/+5
| | | | | | | gcc4. This should avoid failed builds while transitioning compilers. While here also make the CFLAGS blocks consistent across makefiles. Discussed with deraadt@, ok beck@
* split the tls_init(3) that had grown fat to allow healthy future growth;schwarze2017-01-251-3/+6
| | | | suggested by jsing@; "i would just chuck it in" jmc@
* Remove generated Symbols.map on make clean.jsing2016-11-051-1/+3
| | | | ok guenther@
* Build with WARNINGS=Yes.jsing2016-11-041-1/+3
|
* Add an explict list of exported symbols with just the functions declaredguenther2016-11-041-1/+9
| | | | | | | in <tls.h>, and use __{BEGIN,END}_HIDDEN_DECLS in tls_internal.h to optimize internal functions ok jsing@
* Add OCSP client side support to libtls.beck2016-11-021-1/+2
| | | | | | | | | | | | | - Provide access to certificate OCSP URL - Provide ability to check a raw OCSP reply against an established TLS ctx - Check and validate OCSP stapling info in the TLS handshake if a stapled OCSP response is provided.` Add example code to show OCSP URL and stapled info into netcat. ok jsing@
* Update ld search path for libssl/libcrypto, fixes cross-build after source ↵bcook2016-09-191-3/+3
| | | | | | moved. from Patrick Wildt
* Add callback-based interface to libtls.bcook2016-09-041-1/+2
| | | | | | | This allows working with buffers and callback functions instead of directly on sockets or file descriptors. Original patch from Tobias Pape <tobias_at_netshed.de>. ok beck@
* for some time now mandoc has not required MLINKS to functionjmc2016-03-301-52/+1
| | | | | | | | | | | | correctly - logically complete that now by removing MLINKS from base; authors need only to ensure there is an entry in NAME for any function/ util being added. MLINKS will still work, and remain for perl to ease upgrades; ok nicm (curses) bcook (ssl) ok schwarze, who provided a lot of feedback and assistance ok tb natano jung
* Add tls_peer_cert_notbefore and tls_peer_cert_notafter to expose peer ↵beck2015-10-071-1/+3
| | | | | | | certificate validity times for tls connections. ok jsing@
* Provide tls_config_insecure_noverifytime() in order to be able to disablejsing2015-09-141-1/+2
| | | | | | certificate validity checking. ok beck@
* some conn_version and conn_cipher bits;jmc2015-09-141-1/+3
|
* Move connection info into it's own private structure allocated and filled inbeck2015-09-121-1/+2
| | | | | | at handshake time. change accessors to return const char * to remove need for caller to free memory. ok jsing@
* typoderaadt2015-09-111-2/+2
|
* document tls_get_peer_subject, tls_get_peer_issuer, and tls_get_peer_hashbeck2015-09-111-1/+4
| | | | ok jsing@
* add tls_peer functions for checking names and issuers of peer certificates.beck2015-09-111-1/+3
| | | | ok jsing@
* Provide tls_peer_cert_hash() which returns a hash of the raw certificatejsing2015-09-111-1/+2
| | | | | | | | | | | | | that was presented by the peer. The hash used is currently SHA256, however since we prefix the result with the hash name, we can change this in the future as the need arises. The same output can be generated by using: h=$(openssl x509 -outform der -in mycert.crt | sha256) printf "SHA256:${h}\n" ok beck@
* sort MLINKS into the same order as the man page;jmc2015-09-111-4/+4
|
* document client side certificate verification functionality.beck2015-09-101-1/+3
| | | | ok jsing@
* mlink tls_handshake;jmc2015-09-101-1/+2
|
* add MLINKS for _prefer_ciphers_*jmc2015-09-101-1/+3
|
* Link ssl and crypto via BSDOBJDIR, works with native and cross buildstobiasu2015-06-051-3/+3
| | | | ok mpi@
* Record inter-library dependencies between libcrypto, libssl and libtlskettenis2015-05-171-1/+4
|
* Provide a tls_accept_fds() function, which allows a TLS connection to bejsing2015-03-311-1/+2
| | | | | | accepted via an existing pair of file descriptors. Based on a diff from Jan Klemkow.
* Rename tls_config_insecure_noverifyhost() tojsing2015-02-221-2/+2
| | | | | | | tls_config_insecure_noverifyname(), so that it is more accurate and keeps inline with the distinction between DNS hostname and server name. Requested by tedu@ during s2k15.
* Document tls_config_parse_protocols() and update documentation forjsing2015-02-151-1/+2
| | | | tls_config_set_protocols().
* Provide a tls_connect_servername() function that has the same behaviourjsing2015-02-111-1/+3
| | | | | | | | | as tls_connect(), however allows the name to use for verification to be explicitly provided, rather than being inferred from the host value. Requested by reyk@ ok reyk@ tedu@
* Add manpage bits for tls_load_file() and tls_accept_socket().reyk2015-02-071-1/+3
| | | | | | | | The tls_accept_socket() has been previously removed because the API is not fixed yet; but it is also already used by httpd(8) and spamd(8) so it is time to add it again and eventually change it later. OK tedu@
* Add tls_config_set_dheparams() to allow specification of the parameters tojsing2015-02-071-2/+3
| | | | | | | | | use for DHE. This enables the use of DHE cipher suites. Rename tls_config_set_ecdhcurve() to tls_config_set_ecdhecurve() since it is only used to specify the curve for ephemeral ECDH. Discussed with reyk@
* Add MLINK for tls_config_set_ca_mem()reyk2015-01-221-1/+2
|
* Rename libressl to libtls to avoid confusion and to make it easier tojsing2014-10-311-0/+58
distinguish between LibreSSL (the project) and libressl (the library). Discussed with many.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-17 02:56:49 +0000