summaryrefslogtreecommitdiff
path: root/src/lib/libtls/tls.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Correctly handle an EOF that occurs prior to the TLS handshake completing.jsing2016-07-061-3/+6
| | | | | | Reported by Vasily Kolobkov, based on a diff from Marko Kreen. ok beck@
* Rename some of the internal error setting functions to more closely followjsing2016-05-271-8/+36
| | | | | | existing naming standards. Also provide functions for setting a struct tls_error * directly (rather than having to have a struct tls * or a struct tls_config *).
* Factor our the keypair handling in libtls. This results in more readablejsing2016-04-281-22/+23
| | | | | | | | | and self-contained code, while preparing for the ability to handle multiple keypairs. Also provide two additional functions that allow a public certificate and private key to be set with a single function call. ok beck@
* Rework the error handling in libtls so that we can associate errors withjsing2016-04-281-15/+44
| | | | | | | | | | | both configuration and contexts. This allows us to propagate errors that occur during configuration, rather than either just failing with no reason or delaying the failure until it can be propagated via the tls context. Also provide a tls_config_error() function for retrieving the last error from a tls_config *. ok bcook@
* Call BIO_sock_init() from tls_init() to ensure sockets are enabled on Windows.bcook2016-01-181-1/+4
| | | | This is of course a no-op on other platforms. Noted by equalsraf from github.
* Allow us to get cipher and version even if there is not a peer certificate.beck2015-10-071-5/+6
| | | | ok doug@
* clean some ugly intendation wartsderaadt2015-09-291-2/+2
|
* Provide tls_config_insecure_noverifytime() in order to be able to disablejsing2015-09-141-1/+6
| | | | | | certificate validity checking. ok beck@
* Expose EOF without close-notify via tls_close().jsing2015-09-141-4/+11
| | | | | | | | | | | Make tls_read(3)/tls_write(3) follow read(2)/write(2) like semantics and return 0 on EOF with and without close-notify. However, if we saw an EOF from the underlying file descriptors without getting a close-notify, save this and make it visible when tls_close(3) is called. This keeps the semantics we want, but makes it possible to detect truncation at higher layers, if necessary. ok beck@ guenther@
* Return an error if tls_handshake() or tls_close() is called on a contextjsing2015-09-141-2/+13
| | | | | | for which they are not valid operations. ok beck@
* work around the stupid semantics of SSL_read and SSL_write to make surebeck2015-09-131-3/+3
| | | | | we can indicate an EOF properly on tls_read and tls_write ok jsing@
* Don't leak conninfo - spotted by marko kreen.beck2015-09-131-2/+3
| | | | ok jsing@
* Move connection info into it's own private structure allocated and filled inbeck2015-09-121-4/+13
| | | | | | at handshake time. change accessors to return const char * to remove need for caller to free memory. ok jsing@
* Ensure that we clear the libssl error stack before we make a function calljsing2015-09-121-3/+6
| | | | | | | | | | that we will pass the result through tls_ssl_error() on failure. Otherwise we can end up reporting spurious errors due to their being unrelated errors already on the error stack. Spotted by Marko Kreen. ok beck@
* Store a reference to the peer certificate (if any) upon completion of thejsing2015-09-111-1/+6
| | | | | | handshake. Free the reference when we reset the TLS context. ok beck@
* Call tls_set_errorx() instead of tls_set_error() injsing2015-09-101-5/+5
| | | | tls_configure_ssl_verify(). Also tweak an error message and unwrap a line.
* comment for errno clobbering, to indicate why we do this.beck2015-09-101-1/+5
| | | | ok deraadt@ jsing@
* change TLS_READ_AGAIN to TLS_WANT_POLLIN and TLS_WRITE_AGAIN to TLS_WANT_POLLOUTbeck2015-09-101-4/+4
| | | | | | | to make it more clear to users of this api what needs to be done in these error cases. Discussed extensively with bluhm@ and jsing@ and others. ok jsing@
* Change tls_read and tls_write semantics to return an ssize_t to betterbeck2015-09-101-17/+11
| | | | | | | | match read() and write() semantics to make porting existing code using read/write easier.. requested by bluhm@ who convinced jsing and I to break the api ok jsing@ bluhm@
* Split tls_handshake() out from tls_accept/tls_connect. By doing this thejsing2015-09-101-5/+30
| | | | | | | | | | | | | | | tls_accept/tls_connect functions can be guaranteed to succeed or fail and will no longer return TLS_READ_AGAIN/TLS_WRITE_AGAIN. This also resolves the semantics of tls_accept_*. The tls_handshake() function now does I/O and can return TLS_READ_AGAIN/TLS_WRITE_AGAIN. Calls to tls_read() and tls_write() will trigger the handshake if it has not already completed, meaning that in many cases existing code will continue to work. Discussed over many coffees at l2k15. ok beck@ bluhm@
* Indent labels with a space so that diff -p is more friendly.jsing2015-09-091-4/+4
| | | | Requested by bluhm@
* Add client certificate support. Still needs a few tweaks but this willbeck2015-09-091-2/+40
| | | | | ride upcoming minor bump ok jsing@
* always clear errno when coming back from tls_read tls_write, and tls_close.beck2015-09-091-9/+20
| | | | | | | this avoids the problem of people checking for return values < 0 and then checking for errno before checking for TLS_READ_AGAIN TLS_WRITE_AGAIN - since we can not guarantee what errno will be set to from the underlying library calls
* nuke trailing whitespacebeck2015-09-091-4/+3
| | | | ok jsing@
* Improve libtls error messages.jsing2015-08-271-22/+65
| | | | | | | | | | | | The tls_set_error() function previously stored the errno but did nothing with it. Change tls_set_error() to append the strerror(3) of the stored errno so that we include useful information regarding failures. Provide a tls_set_errorx() function that does not store the errno or include strerror(3) in the error message. Call this function instead of tls_set_error() for errors where the errno value has no useful meaning. With feedback from and ok doug@
* Split the persistent/configuration flags from temporary state flags andjsing2015-08-271-1/+2
| | | | | | | | | | | ensure that the temporary state flags get cleared in tls_reset(). Fixes a bug spotted by Marko Kreen whereby TLS_CONNECTING could remain on reset. While here, also move the TLS_STATE_CONNECTING check to after the TLS_CLIENT check - if TLS_STATE_CONNECTING was ever set on any other context type it would allow a bypass. ok bluhm@
* Make tls_read()/tls_write always set outlen to zero on error - this gotjsing2015-08-221-5/+5
| | | | | | broken by r1.4. Spotted by Marko Kreen.
* Set SSL_MODE_ENABLE_PARTIAL_WRITE and SSL_MODE_ACCEPT_MOVING_WRITE_BUFFERbluhm2015-07-181-1/+4
| | | | | | | in libtls. This gives tls_write() a similar short write semantics as write(2). So implementing daemons with libevent buffers will be easier and workarounds in syslogd and httpd can be removed. OK tedu@ beck@ reyk@
* Treat SSL_ERROR_ZERO_RETURN as a success, rather than a failure. Alsojsing2015-04-151-5/+6
| | | | | | | ensure that outlen is set to zero so that tls_read() has read(2) like semantics for EOF. Spotted by doug@
* Make tls_close() more robust - do not rely on a close notify being receivedjsing2015-04-151-13/+17
| | | | | | | | | | | from the other side and only return TLS_READ_AGAIN/TLS_WRITE_AGAIN if we failed to send a close notify on a non-blocking socket. Otherwise be more forceful and always shutdown/close the socket regardless of other failures. Also do not consider ENOTCONN or ECONNRESET to be a shutdown failure, since there are various situations where this can occur. ok doug@ guenther@
* Handle the case where multiple calls to SSL_shutdown() are required tojsing2015-04-021-6/+9
| | | | | | close the connection. Also correctly handle the error on failure. Diff from cookieandscream via github.
* Store errors that occur during a tls_accept_socket() call on the contextjsing2015-03-311-5/+5
| | | | | | | for the server, rather than on the context for the connection. This makes more sense than the current behaviour does. Issue reported by Tim van der Molen.
* Convert tls_connect_fds() and tls_accept_socket() to the new OpenSSL errorjsing2015-02-071-2/+2
| | | | | | | dance handling code. This means that we get slightly useful messages when a TLS connection or accept fails. Requested by reyk@
* Attempt to implement the OpenSSL error dance so that TLS read/writejsing2015-02-071-29/+61
| | | | | | failures return something that is actually useful to the caller. ok reyk@
* Rename SSL_CTX_use_certificate_chain() to SSL_CTX_use_certificate_chain_mem().reyk2015-02-061-2/+2
| | | | | As discussed with beck@ jsing@ and others OK beck@
* Add size_t to int checks for SSL functions.doug2014-12-171-1/+22
| | | | | | | | | | libtls accepts size_t for lengths but libssl accepts int. This verifies that the input does not exceed INT_MAX. It also avoids truncating size_t when comparing with int and adds printf-style attributes for tls_set_error(). with input from deraadt@ and tedu@ ok tedu@
* revert previous change for now, adjusting based on comments from jsing@bcook2014-12-071-10/+3
|
* Allow specific libtls hostname validation errors to propagate.bcook2014-12-071-3/+10
| | | | | | | | | | | | | Remove direct calls to printf from the tls_check_hostname() path. This allows NUL byte error messages to bubble up to the caller, to be logged in a program-appropriate way. It also removes non-portable calls to getprogname(). The semantics of tls_error() are changed slightly: the last error message is not necessarily preserved between subsequent calls into the library. When the previous call to libtls succeeds, client programs should treat the return value of tls_error() as undefined. ok tedu@
* Rename libressl to libtls to avoid confusion and to make it easier tojsing2014-10-311-0/+300
distinguish between LibreSSL (the project) and libressl (the library). Discussed with many.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 22:17:38 +0000