| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is currently no sane way of getting your hands on the common name or
subject alternative name of the peer certificate from libtls. It is possible
to extract it from the peer cert's PEM by hand, but that way lies madness.
While the common name is close to being deprecated in the webpki, it is
still the de facto standard to identify client certs. It would be nice to
have a way to access the subject alternative names as well, but this is a
lot more difficult to expose in a clean and sane C interface due to its
multivaluedness.
Initial diff from henning, with input from beck, jsing and myself
henning and bluhm have plans of using this in syslogd.
ok beck
|
| |
|
|
|
|
|
|
|
|
|
| |
This adds tls_config_error_code() and tls_error_code(), which will become
public API at a later date.
Additional error codes will be added in follow-up commits.
ok jsing@ beck@
|
|
|
|
|
|
|
|
| |
This gets rid of our last uses of timegm and gmtime in the
library and things that ship with it. It includes a bit
of refactoring in ocsp_cl.c to remove some obvious ugly.
ok tb@
|
|
|
|
|
|
|
|
|
|
| |
During r2k22 ported some of the missing OpenSSL ASN.1 time API. This is
a step towards removing the dependency of libtls on ASN1_time_parse().
The latter grew a dependency on CBS/CBB, and thus the choice is to pull
in all this code or to use a no longer maintained version of the API.
Both options are unappealing.
ok beck
|
| |
|
|
|
|
|
|
| |
fix in libcrypto/asn1/a_time_tm.c r1.16.
Suggested by jsing
|
|
|
|
|
|
|
|
|
| |
This returns the strength in bits of the symmetric cipher used for the
connection.
Diff from gilles@
ok tb@
|
| |
|
|
|
|
| |
functions require the conninfo passed in to be non-NULL.
|
|
|
|
|
|
|
|
|
|
|
|
| |
A libtls client can specify a session file descriptor (a regular file
with appropriate ownership and permissions) and libtls will manage reading
and writing of session data across TLS handshakes.
Discussed at length with deraadt@ and tedu@.
Rides previous minor bump.
ok beck@
|
| |
|
|
|
|
|
| |
can get at it, so libtls can also deal with notafter's past the
realm of 32 bit time in portable
|
|
|
|
|
|
|
| |
as PEM format. This allows for it to be used or examined with tools
external to libtls
bump minor
ok jsing@
|
|
|
|
|
|
| |
public key as an identifier to RSA, and adds an function for relayd to
use to disable private key checking when doing engine privsep.
ok jsing@
|
|
|
|
| |
Issue found by and fix from Shuo Chen <chenshuo at chenshuo dot com>.
|
|
|
|
|
|
| |
functions.. document with a man page.
bump majors on libtls, libssl, libcrypto
ok jsing@ guenther@
|
|
|
|
|
|
|
|
|
| |
In particular, rename tls_free_conninfo() to tls_conninfo_free() and make
it a real free function. Rename tls_get_conninfo() to
tls_conninfo_populate() and have it allocate the struct tls_conninfo (after
freeing any existing one).
ok beck@
|
|
|
|
|
|
|
|
| |
provide additional keypairs (via tls_config_add_keypair_{file,mem}()) and
allow the server to determine what servername the client requested (via
tls_conn_servername()).
ok beck@
|
| |
|
|
|
|
| |
ok beck@ doug@
|
|
|
|
| |
Requested by deraadt@
|
|
|
|
| |
ok beck@ doug@
|
|
|
|
|
|
|
| |
certificate
validity times for tls connections.
ok jsing@
|
|
|
|
| |
ok doug@
|
| |
|
|
|
|
| |
ok jsing@
|
|
at handshake time. change accessors to return const char * to remove need
for caller to free memory.
ok jsing@
|