summaryrefslogtreecommitdiff
path: root/src/lib/libtls/Symbols.list (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Provide tls_conn_cipher_strength().jsing2019-11-021-0/+1
| | | | | | | | | This returns the strength in bits of the symmetric cipher used for the connection. Diff from gilles@ ok tb@
* missed adding tls_default_ca_cert_file here. found by sthentedu2018-11-291-0/+1
|
* Add support to libtls for client-side TLS session resumption.jsing2018-02-101-0/+2
| | | | | | | | | | | | A libtls client can specify a session file descriptor (a regular file with appropriate ownership and permissions) and libtls will manage reading and writing of session data across TLS handshakes. Discussed at length with deraadt@ and tedu@. Rides previous minor bump. ok beck@
* Add a tls_config_set_ecdhecurves() function to libtls, which allows thejsing2017-08-101-0/+1
| | | | | | | | | | names of the elliptic curves that may be used during client and server key exchange to be specified. This deprecates tls_config_set_ecdhecurve(), which could only be used to specify a single supported curve. ok beck@
* Add support for providing CRLs to libtls - once a CRL is provided wejsing2017-07-061-0/+2
| | | | | | | | enable CRL checking for the full certificate chain. Based on a diff from Jack Burton <jack at saosce dot com dot au>, thanks! Discussed with beck@
* Provide a tls_unload_file() function, that frees the memory returned fromjsing2017-05-061-0/+1
| | | | | | | | a tls_load_file() call, ensuring that it the contents become inaccessible. This is specifically needed on platforms where the library allocators may be different from the application allocator. ok beck@
* Add tls_peer_cert_chain_pem - To retreive the peer certificate and chainbeck2017-04-051-0/+1
| | | | | | | as PEM format. This allows for it to be used or examined with tools external to libtls bump minor ok jsing@
* Internal changes to allow for relayd engine privsep. sends the hash of thebeck2017-04-051-0/+1
| | | | | | public key as an identifier to RSA, and adds an function for relayd to use to disable private key checking when doing engine privsep. ok jsing@
* Add tls_config_[add|set]keypair_ocsp functions so that ocsp staples may bebeck2017-01-311-0/+4
| | | | | | | | added associated to a keypair used for SNI, and are usable for more than just the "main" certificate. Modify httpd to use this. Bump libtls minor. ok jsing@
* Introduce ticket support. To enable them it is enough to set a positiveclaudio2017-01-241-0/+3
| | | | | | | | | | | | | | | | | | | | lifetime with tls_config_set_session_lifetime(). This enables tickets and uses an internal automatic rekeying mode for the ticket keys. If multiple processes are involved the following functions can be used to make tickets work accross all instances: - tls_config_set_session_id() sets the session identifier - tls_config_add_ticket_key() adds an encryption and authentication key For now only the last 4 keys added will be used (unless they are too old). If tls_config_add_ticket_key() is used the caller must ensure to add new keys regularly. It is best to do this 4 times per session lifetime (which is also the ticket key lifetime). Since tickets break PFS it is best to minimize the session lifetime according to needs. With a lot of help, input and OK beck@, jsing@
* Add support for server side OCSP stapling to libtls.beck2016-11-051-0/+2
| | | | Add support for server side OCSP stapling to netcat.
* Add an explict list of exported symbols with just the functions declaredguenther2016-11-041-0/+71
in <tls.h>, and use __{BEGIN,END}_HIDDEN_DECLS in tls_internal.h to optimize internal functions ok jsing@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 21:20:25 +0000