| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
to make it more clear to users of this api what needs to be done in these error
cases.
Discussed extensively with bluhm@ and jsing@ and others.
ok jsing@
|
| |
|
|
|
|
|
|
| |
match read() and write() semantics to make porting existing code using
read/write easier.. requested by bluhm@ who convinced jsing and I to break
the api
ok jsing@ bluhm@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
tls_accept/tls_connect functions can be guaranteed to succeed or fail and
will no longer return TLS_READ_AGAIN/TLS_WRITE_AGAIN. This also resolves
the semantics of tls_accept_*.
The tls_handshake() function now does I/O and can return
TLS_READ_AGAIN/TLS_WRITE_AGAIN. Calls to tls_read() and tls_write() will
trigger the handshake if it has not already completed, meaning that in many
cases existing code will continue to work.
Discussed over many coffees at l2k15.
ok beck@ bluhm@
|
| |
|
|
|
|
|
|
| |
list. Prefer the server's cipher list by default.
Based on a diff from Kyle Thompson <jmp at giga dot moe>.
ok beck@ bcook@
|
| |
|
|
|
| |
ride upcoming minor bump
ok jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This makes using libtls easier to include by including dependent headers,
making something like this work as expected:
#include <iostream>
#include <tls.h>
int main()
{
std::cout << "tls_init: " << tls_init() << "\n";
}
This also makes building a standalone libtls-portable simpler.
ok doug@, jsing@
|
| |
|
|
|
|
| |
accepted via an existing pair of file descriptors.
Based on a diff from Jan Klemkow.
|
| |
|
|
|
|
| |
them guaranteed to not conflict per POSIX.
ok espie@ guenther@
|
| |
|
|
|
|
|
| |
tls_config_insecure_noverifyname(), so that it is more accurate and keeps
inline with the distinction between DNS hostname and server name.
Requested by tedu@ during s2k15.
|
| |
|
|
|
|
|
|
|
| |
to be converted into a libtls protocols value. This allows for things like:
"tlsv1.0,tlsv1.1" (TLSv1.0 and TLSv1.1)
"all,!tlsv1.0" (all protocols except TLSv1.0)
Discussed with tedu@ and reyk@
|
| |
|
|
|
|
|
|
| |
that includes all currently supported protocols (TLSv1.0, TLSv1.1 and
TLSv1.2). Change all users of libtls to use TLS_PROTOCOLS_ALL so that they
maintain existing behaviour.
Discussed with tedu@ and reyk@.
|
| |
|
|
|
|
|
|
|
| |
as tls_connect(), however allows the name to use for verification to be
explicitly provided, rather than being inferred from the host value.
Requested by reyk@
ok reyk@ tedu@
|
| |
|
|
|
|
|
|
|
|
| |
to an actual host and use "servername" when referring to the name of the
TLS server that we expect to be indentified in the server certificate.
Likewise, rename verify_host to verify_name and use the term "name"
throughout the verification code (rather than host or hostname).
Requested by and ok tedu@
|
| |
|
|
|
|
|
|
|
| |
into memory. This can be used for tls_config_set_ca_mem(),
tls_config_set_cert_mem() or tls_config_set_key_mem().
With input from jsing@, tedu@ and henning@
OK tedu@
|
| |
|
|
|
|
|
|
|
| |
use for DHE. This enables the use of DHE cipher suites.
Rename tls_config_set_ecdhcurve() to tls_config_set_ecdhecurve() since it
is only used to specify the curve for ephemeral ECDH.
Discussed with reyk@
|
| |
|
|
|
|
|
|
| |
specifying a file. This enables CA verification in privsep'ed
processes that are running chroot'ed without direct access to the
certificate files.
With feedback, tests, and OK from bluhm@
|
| |
|
|
|
|
|
|
|
|
| |
established using a pair of existing file descriptors.
Based on a diff/request from Jan Klemkow.
Rides previous libtls rename/library bump.
Discussed with tedu@.
|
|
|
distinguish between LibreSSL (the project) and libressl (the library).
Discussed with many.
|
