summaryrefslogtreecommitdiff
path: root/src/lib/libtls/tls_conninfo.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Provide tls_peer_cert_common_name()tb2024-12-101-1/+13
| | | | | | | | | | | | | | | | There is currently no sane way of getting your hands on the common name or subject alternative name of the peer certificate from libtls. It is possible to extract it from the peer cert's PEM by hand, but that way lies madness. While the common name is close to being deprecated in the webpki, it is still the de facto standard to identify client certs. It would be nice to have a way to access the subject alternative names as well, but this is a lot more difficult to expose in a clean and sane C interface due to its multivaluedness. Initial diff from henning, with input from beck, jsing and myself henning and bluhm have plans of using this in syslogd. ok beck
* Fix previous commit.jsing2024-03-261-2/+2
|
* Add error code support to libtlsjoshua2024-03-261-3/+3
| | | | | | | | | This adds tls_config_error_code() and tls_error_code(), which will become public API at a later date. Additional error codes will be added in follow-up commits. ok jsing@ beck@
* Convert libressl to use the BoringSSL style time conversionsbeck2024-03-241-7/+19
| | | | | | | | This gets rid of our last uses of timegm and gmtime in the library and things that ship with it. It includes a bit of refactoring in ocsp_cl.c to remove some obvious ugly. ok tb@
* Remove ASN1_time_parse() dependency in tls_conninfo.ctb2023-11-131-3/+3
| | | | | | | | | | During r2k22 ported some of the missing OpenSSL ASN.1 time API. This is a step towards removing the dependency of libtls on ASN1_time_parse(). The latter grew a dependency on CBS/CBB, and thus the choice is to pull in all this code or to use a no longer maintained version of the API. Both options are unappealing. ok beck
* add missing #include <string.h>; ok tb@op2023-05-141-1/+2
|
* Remove memset that was made redundant with the ASN1_time_parse()tb2021-01-051-4/+1
| | | | | | fix in libcrypto/asn1/a_time_tm.c r1.16. Suggested by jsing
* Provide tls_conn_cipher_strength().jsing2019-11-021-1/+10
| | | | | | | | | This returns the strength in bits of the symmetric cipher used for the connection. Diff from gilles@ ok tb@
* Tidy/standardise some code.jsing2018-02-101-6/+3
|
* Remove NULL check from tls_conninfo_cert_pem() - all of the other conninfojsing2018-02-101-3/+1
| | | | functions require the conninfo passed in to be non-NULL.
* Add support to libtls for client-side TLS session resumption.jsing2018-02-101-1/+20
| | | | | | | | | | | | A libtls client can specify a session file descriptor (a regular file with appropriate ownership and permissions) and libtls will manage reading and writing of session data across TLS handshakes. Discussed at length with deraadt@ and tedu@. Rides previous minor bump. ok beck@
* Do not bother NULLing pointers in a struct that is about to be freed.jsing2018-02-081-10/+1
|
* Make the symbol for ASN1_time_tm_clamp_notafter visible so libtlsbeck2017-08-271-1/+5
| | | | | can get at it, so libtls can also deal with notafter's past the realm of 32 bit time in portable
* Add tls_peer_cert_chain_pem - To retreive the peer certificate and chainbeck2017-04-051-1/+51
| | | | | | | as PEM format. This allows for it to be used or examined with tools external to libtls bump minor ok jsing@
* Internal changes to allow for relayd engine privsep. sends the hash of thebeck2017-04-051-25/+7
| | | | | | public key as an identifier to RSA, and adds an function for relayd to use to disable private key checking when doing engine privsep. ok jsing@
* Avoid leaking conninfo servername.jsing2017-01-091-1/+3
| | | | Issue found by and fix from Shuo Chen <chenshuo at chenshuo dot com>.
* make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hiddenbeck2016-11-041-3/+3
| | | | | | functions.. document with a man page. bump majors on libtls, libssl, libcrypto ok jsing@ guenther@
* Various clean up and reorganisation of the connection info handling code.jsing2016-08-221-58/+89
| | | | | | | | | In particular, rename tls_free_conninfo() to tls_conninfo_free() and make it a real free function. Rename tls_get_conninfo() to tls_conninfo_populate() and have it allocate the struct tls_conninfo (after freeing any existing one). ok beck@
* Provide an API that enables server side SNI support - add the ability tojsing2016-08-221-1/+14
| | | | | | | | provide additional keypairs (via tls_config_add_keypair_{file,mem}()) and allow the server to determine what servername the client requested (via tls_conn_servername()). ok beck@
* Fix some style(9) issues.jsing2016-08-151-3/+6
|
* Add ALPN support to libtls.jsing2016-08-121-1/+34
| | | | ok beck@ doug@
* Revert previous since it adds new symbols.jsing2016-08-021-34/+1
| | | | Requested by deraadt@
* Add ALPN support to libtls.jsing2016-08-011-1/+34
| | | | ok beck@ doug@
* Add tls_peer_cert_notbefore and tls_peer_cert_notafter to expose peer ↵beck2015-10-071-1/+35
| | | | | | | certificate validity times for tls connections. ok jsing@
* Allow us to get cipher and version even if there is not a peer certificate.beck2015-10-071-10/+15
| | | | ok doug@
* Explicit NULL checks and style(9) tweaks.jsing2015-09-281-7/+7
|
* add visibility of ciper and connection version stringsbeck2015-09-131-1/+27
| | | | ok jsing@
* Move connection info into it's own private structure allocated and filled inbeck2015-09-121-0/+149
at handshake time. change accessors to return const char * to remove need for caller to free memory. ok jsing@