| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | add a little more typing to the first callback argument. | tedu | 2016-09-13 | 1 | -4/+4 |
| | | | | | it's always a tls context. | ||||
| * | minor tweaks; | jmc | 2016-09-04 | 1 | -7/+7 |
| | | |||||
| * | New sentence, new line. Also wrap at 80 chars. | jsing | 2016-09-04 | 1 | -3/+7 |
| | | |||||
| * | Add callback-based interface to libtls. | bcook | 2016-09-04 | 1 | -1/+13 |
| | | | | | | | | This allows working with buffers and callback functions instead of directly on sockets or file descriptors. Original patch from Tobias Pape <tobias_at_netshed.de>. ok beck@ | ||||
| * | State that libtls functions apply to both clients and servers, unless | jsing | 2016-09-04 | 1 | -47/+16 |
| | | | | | | | | | | | noted otherwise. Remove all of the now redundant "client and server" notations and change the client and server notations to "client only" and "server only". With input from jmc@. ok beck@ jmc@ | ||||
| * | Provide an API that enables server side SNI support - add the ability to | jsing | 2016-08-22 | 1 | -2/+27 |
| | | | | | | | | | provide additional keypairs (via tls_config_add_keypair_{file,mem}()) and allow the server to determine what servername the client requested (via tls_conn_servername()). ok beck@ | ||||
| * | Rework parts of the libtls man page for clarity. Split out the connection | jsing | 2016-08-18 | 1 | -45/+35 |
| | | | | | | | | information related functions under their own heading and dedup the text relating to when these functions can be called. With input from and ok jmc@ | ||||
| * | Add ALPN support to libtls. | jsing | 2016-08-12 | 1 | -8/+28 |
| | | | | | ok beck@ doug@ | ||||
| * | Revert previous since it adds new symbols. | jsing | 2016-08-02 | 1 | -28/+8 |
| | | | | | Requested by deraadt@ | ||||
| * | Add ALPN support to libtls. | jsing | 2016-08-01 | 1 | -8/+28 |
| | | | | | ok beck@ doug@ | ||||
| * | Split the existing TLS cipher suite groups into four: | jsing | 2016-07-13 | 1 | -6/+11 |
| | | | | | | | | | | | | | "secure" (TLSv1.2+AEAD+PFS) "compat" (HIGH:!aNULL) "legacy" (HIGH:MEDIUM:!aNULL) "insecure" (ALL:!aNULL:!eNULL) This allows for flexibility and finer grained control, rather than having two extremes (an issue raised by Marko Kreen some time ago). ok beck@ tedu@ | ||||
| * | typo fixes; Anthony Coulter | sthen | 2016-05-27 | 1 | -3/+3 |
| | | |||||
| * | Fix mangled function signatures. | jsing | 2016-05-09 | 1 | -5/+5 |
| | | | | | From Carlin Bingham <cb at viennan dot net>, thanks! | ||||
| * | spelling fix; | jmc | 2016-04-28 | 1 | -2/+2 |
| | | |||||
| * | Factor our the keypair handling in libtls. This results in more readable | jsing | 2016-04-28 | 1 | -3/+17 |
| | | | | | | | | | | and self-contained code, while preparing for the ability to handle multiple keypairs. Also provide two additional functions that allow a public certificate and private key to be set with a single function call. ok beck@ | ||||
| * | Rework the error handling in libtls so that we can associate errors with | jsing | 2016-04-28 | 1 | -5/+10 |
| | | | | | | | | | | | | both configuration and contexts. This allows us to propagate errors that occur during configuration, rather than either just failing with no reason or delaying the failure until it can be propagated via the tls context. Also provide a tls_config_error() function for retrieving the last error from a tls_config *. ok bcook@ | ||||
| * | no more outlen; from remco | jmc | 2016-04-24 | 1 | -5/+3 |
| | | | | | ok bcook deraadt | ||||
| * | typos; | jmc | 2016-04-24 | 1 | -3/+3 |
| | | |||||
| * | update some client/server info; from jan klemkow | jmc | 2015-11-09 | 1 | -5/+5 |
| | | | | | ok jsing | ||||
| * | Put tls_config_verify_client_optional() in the right place. | jsing | 2015-10-16 | 1 | -6/+6 |
| | | |||||
| * | Fix tpyo. | jsing | 2015-10-16 | 1 | -3/+3 |
| | | |||||
| * | trailing whitespace; | jmc | 2015-10-08 | 1 | -6/+6 |
| | | |||||
| * | Add tls_peer_cert_notbefore and tls_peer_cert_notafter to expose peer ↵ | beck | 2015-10-07 | 1 | -4/+30 |
| | | | | | | | | certificate validity times for tls connections. ok jsing@ | ||||
| * | tweak previous; | jmc | 2015-09-14 | 1 | -2/+2 |
| | | |||||
| * | Provide tls_config_insecure_noverifytime() in order to be able to disable | jsing | 2015-09-14 | 1 | -1/+9 |
| | | | | | | | certificate validity checking. ok beck@ | ||||
| * | Remove useless quoting from .Fo and .Fn function names, to prevent | schwarze | 2015-09-14 | 1 | -4/+4 |
| | | | | | | | development of a cargo cult in case people look at existing files for examples. This achieves a consistent .Fo and .Fn quoting style across the whole tree. | ||||
| * | some conn_version and conn_cipher bits; | jmc | 2015-09-14 | 1 | -8/+7 |
| | | |||||
| * | add missing function return types | schwarze | 2015-09-14 | 1 | -2/+3 |
| | | |||||
| * | add visibility of ciper and connection version strings | beck | 2015-09-13 | 1 | -3/+23 |
| | | | | | ok jsing@ | ||||
| * | Move connection info into it's own private structure allocated and filled in | beck | 2015-09-12 | 1 | -20/+10 |
| | | | | | | | at handshake time. change accessors to return const char * to remove need for caller to free memory. ok jsing@ | ||||
| * | more for NAME; | jmc | 2015-09-11 | 1 | -1/+4 |
| | | |||||
| * | more cleanup; | jmc | 2015-09-11 | 1 | -16/+15 |
| | | |||||
| * | update NAME; various cleanup | jmc | 2015-09-11 | 1 | -20/+20 |
| | | |||||
| * | document tls_get_peer_subject, tls_get_peer_issuer, and tls_get_peer_hash | beck | 2015-09-11 | 1 | -2/+54 |
| | | | | | ok jsing@ | ||||
| * | add tls_peer functions for checking names and issuers of peer certificates. | beck | 2015-09-11 | 1 | -2/+29 |
| | | | | | ok jsing@ | ||||
| * | specify what is permitted as an argument to tls_config_set_ciphers() | beck | 2015-09-11 | 1 | -1/+11 |
| | | |||||
| * | - add some missing NAME entries | jmc | 2015-09-11 | 1 | -6/+8 |
| | | | | | | - zap trailing whitespace - avoid "can not" | ||||
| * | improve examples, | deraadt | 2015-09-10 | 1 | -8/+11 |
| | | | | | | | | 1. hoist pollfd fields which don't change upwards 2. show ret as ssize_t, it MUST BE, or there will be lots of crying 3. on first pass, must check for either POLLIN|POLLOUT ok millert beck | ||||
| * | document client side certificate verification functionality. | beck | 2015-09-10 | 1 | -2/+16 |
| | | | | | ok jsing@ | ||||
| * | document changed tls_read and tls_write semantics. | beck | 2015-09-10 | 1 | -15/+58 |
| | | | | | | | | document functions that clear errno. change examples to provide demonstration of both the blocking and non-blocking cases. ok jsing@, bluhm@ | ||||
| * | tweak previous; | jmc | 2015-09-10 | 1 | -3/+3 |
| | | |||||
| * | Correctly document the behaviour of tls_close() - the caller is responsible | jsing | 2015-09-10 | 1 | -5/+6 |
| | | | | | | | for closing the file descriptors unless libtls allocated them. ok beck@ | ||||
| * | Replace TLS_{READ,WRITE}_AGAIN with TLS_WANT_POLL{IN,OUT} and correctly | jsing | 2015-09-10 | 1 | -20/+13 |
| | | | | | | | document the calling requirements. ok beck@ | ||||
| * | Update libtls man page to reflect tls_handshake() related changes. | jsing | 2015-09-10 | 1 | -35/+37 |
| | | | | | ok beck@ | ||||
| * | revert accidental commit | beck | 2015-09-10 | 1 | -4/+4 |
| | | |||||
| * | comment for errno clobbering, to indicate why we do this. | beck | 2015-09-10 | 1 | -4/+4 |
| | | | | | ok deraadt@ jsing@ | ||||
| * | Add support for preferring the server's cipher list or the client's cipher | jsing | 2015-09-10 | 1 | -2/+19 |
| | | | | | | | | | list. Prefer the server's cipher list by default. Based on a diff from Kyle Thompson <jmp at giga dot moe>. ok beck@ bcook@ | ||||
| * | tweak previous; ok doug | jmc | 2015-07-19 | 1 | -4/+4 |
| | | |||||
| * | Add documentation on how to use TLS_{READ,WRITE}_AGAIN. | doug | 2015-07-19 | 1 | -2/+29 |
| | | | | | ok beck@ | ||||
| * | comma fix; | jmc | 2015-04-03 | 1 | -3/+3 |
| | | |||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |