| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
tls_config_set_verify_depth() from void to int. This makes them consistent
with all other tls_config_set_* functions and will allow for call time
validation to be implemented.
Rides libtls major bump.
ok beck@
|
| | |
|
| | |
|
| |
|
|
| |
Add support for server side OCSP stapling to netcat.
|
| |
|
|
|
|
| |
to indicate that it requires the peer to provide a stapled OCSP response
with the handshake. Provide a "-T muststaple" for nc that uses it.
ok jsing@, guenther@
|
| |
|
|
|
| |
or certificate validation.
ok jsing@
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- Provide access to certificate OCSP URL
- Provide ability to check a raw OCSP reply against an
established TLS ctx
- Check and validate OCSP stapling info in the TLS handshake
if a stapled OCSP response is provided.`
Add example code to show OCSP URL and stapled info
into netcat.
ok jsing@
|
| |
|
|
| |
it's always a tls context.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
This allows working with buffers and callback functions instead of directly on
sockets or file descriptors.
Original patch from Tobias Pape <tobias_at_netshed.de>.
ok beck@
|
| |
|
|
|
|
|
|
|
|
| |
noted otherwise. Remove all of the now redundant "client and server"
notations and change the client and server notations to "client only"
and "server only".
With input from jmc@.
ok beck@ jmc@
|
| |
|
|
|
|
|
|
| |
provide additional keypairs (via tls_config_add_keypair_{file,mem}()) and
allow the server to determine what servername the client requested (via
tls_conn_servername()).
ok beck@
|
| |
|
|
|
|
|
| |
information related functions under their own heading and dedup the text
relating to when these functions can be called.
With input from and ok jmc@
|
| |
|
|
| |
ok beck@ doug@
|
| |
|
|
| |
Requested by deraadt@
|
| |
|
|
| |
ok beck@ doug@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
"secure" (TLSv1.2+AEAD+PFS)
"compat" (HIGH:!aNULL)
"legacy" (HIGH:MEDIUM:!aNULL)
"insecure" (ALL:!aNULL:!eNULL)
This allows for flexibility and finer grained control, rather than having
two extremes (an issue raised by Marko Kreen some time ago).
ok beck@ tedu@
|
| | |
|
| |
|
|
| |
From Carlin Bingham <cb at viennan dot net>, thanks!
|
| | |
|
| |
|
|
|
|
|
|
|
| |
and self-contained code, while preparing for the ability to handle
multiple keypairs. Also provide two additional functions that allow
a public certificate and private key to be set with a single function
call.
ok beck@
|
| |
|
|
|
|
|
|
|
|
|
| |
both configuration and contexts. This allows us to propagate errors that
occur during configuration, rather than either just failing with no reason
or delaying the failure until it can be propagated via the tls context.
Also provide a tls_config_error() function for retrieving the last error
from a tls_config *.
ok bcook@
|
| |
|
|
| |
ok bcook deraadt
|
| | |
|
| |
|
|
| |
ok jsing
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
certificate
validity times for tls connections.
ok jsing@
|
| | |
|
| |
|
|
|
|
| |
certificate validity checking.
ok beck@
|
| |
|
|
|
|
| |
development of a cargo cult in case people look at existing files
for examples. This achieves a consistent .Fo and .Fn quoting style
across the whole tree.
|
| | |
|
| | |
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
| |
at handshake time. change accessors to return const char * to remove need
for caller to free memory.
ok jsing@
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok jsing@
|
| | |
|
| |
|
|
|
| |
- zap trailing whitespace
- avoid "can not"
|
| |
|
|
|
|
|
| |
1. hoist pollfd fields which don't change upwards
2. show ret as ssize_t, it MUST BE, or there will be lots of crying
3. on first pass, must check for either POLLIN|POLLOUT
ok millert beck
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
| |
document functions that clear errno.
change examples to provide demonstration of both the blocking and
non-blocking cases.
ok jsing@, bluhm@
|
| | |
|
