| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is currently no sane way of getting your hands on the common name or
subject alternative name of the peer certificate from libtls. It is possible
to extract it from the peer cert's PEM by hand, but that way lies madness.
While the common name is close to being deprecated in the webpki, it is
still the de facto standard to identify client certs. It would be nice to
have a way to access the subject alternative names as well, but this is a
lot more difficult to expose in a clean and sane C interface due to its
multivaluedness.
Initial diff from henning, with input from beck, jsing and myself
henning and bluhm have plans of using this in syslogd.
ok beck
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Redefining TLS_PROTOCOL_TLSv1_0 and TLS_PROTOCOL_TLSv1_1 to be the same
as TLS_PROTOCOL_TLSv1_2 had undesired side effects, as witnessed in the
accompanying regress tests. The protocol string all:tlsv1.0 would disable
TLSv1.2 (so only enable TLSv1.3) and tlsv1.2:!tlsv1.1 would disable all
protocols.
It makes more sense to ignore any setting of TLSv1.0 and TLSv1.1, so if
you request 'tlsv1.1' you get no protocol, but 'all:!tlsv1.1' will enable
the two supported protocols TLSv1.3 and TLSv1.2.
Restore the defines to their original values and adjust the parsing code
to set/unset them.
Issue reported by Kenjiro Nakayama
Fixes https://github.com/libressl/openbsd/issues/151
with/ok jsing
|
| |
|
|
|
|
|
| |
This is an initial pass, defining the error code and using it for
"too long"/length-related errors.
ok beck jsing
|
| |
|
|
| |
ok jsing@ beck@
|
| |
|
|
|
|
|
|
|
| |
This adds tls_config_error_code() and tls_error_code(), which will become
public API at a later date.
Additional error codes will be added in follow-up commits.
ok jsing@ beck@
|
| |
|
|
|
|
|
|
| |
With this change any requests from configurations to request
versions of tls before tls 1.2 will use tls 1.2. This prepares
us to deprecate tls 1.0 and tls 1.1 support from libssl.
ok tb@
|
| |
|
|
|
|
| |
should not be used. It will be revisited after release.
ok beck inoguchi jsing
|
| |
|
|
|
|
|
|
| |
Rather than leaking libcrypto defines through the tls_sign_cb and
tls_signer_sign() interfaces, provide and use our own TLS_PADDING_*
defines.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current design of tls_sign_cb provides a pointer to a buffer where the
signature needs to be copied, however it fails to provide a length which
could result in buffer overwrites. Furthermore, tls_signer_sign() is
designed such that it allocates and returns ownership to the caller.
Revise tls_sign_cb so that the called function is expected to allocate a
buffer, returning ownership of the buffer (along with its length) to the
caller of the callback. This makes it far easier (and safer) to implement
a tls_sign_cb callback, plus tls_signer_sign can be directly plugged in
(with an appropriate cast).
While here, rename and reorder some arguments - while we will normally
sign a digest, there is no requirement for this to be the case hence use
'input' and 'input_len'. Move padding (an input) before the outputs and
add some additional bounds/return value checks.
This is technically an API/ABI break that would need a libtls major bump,
however since nothing is using the signer interface (outside of regress),
we'll ride the original minor bump.
With input from tb@
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to implement.
Add a tls_config_set_sign_cb() function that allows to register
a callback for the signing operation on a tls_config. When used,
the context installs fake pivate keys internally, and the callback
receives the hash of the public key.
Add a tls_signer_*() set of functions to manage tls_signer objects.
A tls_signer is an opaque structure on which keys are added.
It is used to compute signatures with private keys identified by
their associated public key hash.
Discussed with and ok jsing@ tb@
|
| |
|
|
|
|
|
| |
This will as yet not do anything, until we turn it on in the
lower level libraries.
ok jsing@
|
| |
|
|
|
|
|
| |
This makes tls_config_parse_protocols() recognise and handle "tlsv1.3".
If TLSv1.3 is enabled libtls will also request libssl to enable it.
ok beck@ tb@
|
| |
|
|
|
|
|
|
|
| |
This returns the strength in bits of the symmetric cipher used for the
connection.
Diff from gilles@
ok tb@
|
| |
|
|
|
|
| |
an internal detail of the library, so the string should live inside it,
not in the application code.
ok jsing
|
| |
|
|
|
|
| |
own define for /etc/ssl/cert.pem.
ok beck@ bluhm@ tb@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
A libtls client can specify a session file descriptor (a regular file
with appropriate ownership and permissions) and libtls will manage reading
and writing of session data across TLS handshakes.
Discussed at length with deraadt@ and tedu@.
Rides previous minor bump.
ok beck@
|
| |
|
|
|
|
|
|
|
|
| |
names of the elliptic curves that may be used during client and server
key exchange to be specified.
This deprecates tls_config_set_ecdhecurve(), which could only be used to
specify a single supported curve.
ok beck@
|
| |
|
|
|
|
|
|
| |
enable CRL checking for the full certificate chain.
Based on a diff from Jack Burton <jack at saosce dot com dot au>, thanks!
Discussed with beck@
|
| |
|
|
|
|
|
|
| |
a tls_load_file() call, ensuring that it the contents become inaccessible.
This is specifically needed on platforms where the library allocators may
be different from the application allocator.
ok beck@
|
| |
|
|
|
|
|
| |
as PEM format. This allows for it to be used or examined with tools
external to libtls
bump minor
ok jsing@
|
| |
|
|
|
|
|
|
| |
added associated to a keypair used for SNI, and are usable for more than
just the "main" certificate. Modify httpd to use this.
Bump libtls minor.
ok jsing@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
lifetime with tls_config_set_session_lifetime(). This enables tickets
and uses an internal automatic rekeying mode for the ticket keys.
If multiple processes are involved the following functions can be used to make
tickets work accross all instances:
- tls_config_set_session_id() sets the session identifier
- tls_config_add_ticket_key() adds an encryption and authentication key
For now only the last 4 keys added will be used (unless they are too old).
If tls_config_add_ticket_key() is used the caller must ensure to add new keys
regularly. It is best to do this 4 times per session lifetime (which is also
the ticket key lifetime).
Since tickets break PFS it is best to minimize the session lifetime according
to needs.
With a lot of help, input and OK beck@, jsing@
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
tls_config_set_verify_depth() from void to int. This makes them consistent
with all other tls_config_set_* functions and will allow for call time
validation to be implemented.
Rides libtls major bump.
ok beck@
|
| |
|
|
| |
Add support for server side OCSP stapling to netcat.
|
| |
|
|
|
|
| |
to indicate that it requires the peer to provide a stapled OCSP response
with the handshake. Provide a "-T muststaple" for nc that uses it.
ok jsing@, guenther@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- Provide access to certificate OCSP URL
- Provide ability to check a raw OCSP reply against an
established TLS ctx
- Check and validate OCSP stapling info in the TLS handshake
if a stapled OCSP response is provided.`
Add example code to show OCSP URL and stapled info
into netcat.
ok jsing@
|
| |
|
|
| |
it's always a tls context.
|
| | |
|
| |
|
|
|
|
|
| |
This allows working with buffers and callback functions instead of directly on
sockets or file descriptors.
Original patch from Tobias Pape <tobias_at_netshed.de>.
ok beck@
|
| | |
|
| |
|
|
|
|
|
|
| |
provide additional keypairs (via tls_config_add_keypair_{file,mem}()) and
allow the server to determine what servername the client requested (via
tls_conn_servername()).
ok beck@
|
| |
|
|
| |
ok beck@ doug@
|
| |
|
|
| |
Requested by deraadt@
|
| | |
|
| |
|
|
| |
ok beck@ doug@
|
| | |
|
| |
|
|
|
|
|
|
|
| |
and self-contained code, while preparing for the ability to handle
multiple keypairs. Also provide two additional functions that allow
a public certificate and private key to be set with a single function
call.
ok beck@
|
| |
|
|
|
|
|
|
|
|
|
| |
both configuration and contexts. This allows us to propagate errors that
occur during configuration, rather than either just failing with no reason
or delaying the failure until it can be propagated via the tls context.
Also provide a tls_config_error() function for retrieving the last error
from a tls_config *.
ok bcook@
|
| |
|
|
|
|
|
| |
certificate
validity times for tls connections.
ok jsing@
|
| |
|
|
| |
ok jsing@, deraadt@
|
| |
|
|
|
|
| |
certificate validity checking.
ok beck@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
| |
at handshake time. change accessors to return const char * to remove need
for caller to free memory.
ok jsing@
|
| | |
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
that was presented by the peer. The hash used is currently SHA256, however
since we prefix the result with the hash name, we can change this in the
future as the need arises.
The same output can be generated by using:
h=$(openssl x509 -outform der -in mycert.crt | sha256)
printf "SHA256:${h}\n"
ok beck@
|
