| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is currently no sane way of getting your hands on the common name or
subject alternative name of the peer certificate from libtls. It is possible
to extract it from the peer cert's PEM by hand, but that way lies madness.
While the common name is close to being deprecated in the webpki, it is
still the de facto standard to identify client certs. It would be nice to
have a way to access the subject alternative names as well, but this is a
lot more difficult to expose in a clean and sane C interface due to its
multivaluedness.
Initial diff from henning, with input from beck, jsing and myself
henning and bluhm have plans of using this in syslogd.
ok beck
|
| |
|
|
|
|
|
|
|
| |
This adds tls_config_error_code() and tls_error_code(), which will become
public API at a later date.
Additional error codes will be added in follow-up commits.
ok jsing@ beck@
|
| |
|
|
| |
ok beck@ jsing@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
smtpd and the bits it needs in libtls are the only consumer left of
ECDSA_METHOD, which is long deprecated. This paves the way for the
removal in libcrypto.
The diff is from gilles' work on OpenSMTPD-portable, libretls had a
similar diff.
ok tb@, jsing@
|
| |
|
|
|
|
|
|
|
| |
The TLS signer isn't exposed in public API (we should finally fix it...)
and it supports X9.31, a standard that has been retired and deprecated for
a very long time. libcrypto will stop supporting it soon, this step is
needed to prepare userland.
ok jsing
|
| |
|
|
|
|
| |
should not be used. It will be revisited after release.
ok beck inoguchi jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to implement.
Add a tls_config_set_sign_cb() function that allows to register
a callback for the signing operation on a tls_config. When used,
the context installs fake pivate keys internally, and the callback
receives the hash of the public key.
Add a tls_signer_*() set of functions to manage tls_signer objects.
A tls_signer is an opaque structure on which keys are added.
It is used to compute signatures with private keys identified by
their associated public key hash.
Discussed with and ok jsing@ tb@
|
| |
|
|
|
|
|
|
| |
key, and fake it internally with the certificate public key instead.
It makes it easier for privsep engines like relayd that don't have to
use bogus keys anymore.
ok beck@ tb@ jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok kinichiro@ jsing@
|
| |
|
|
|
|
|
|
|
| |
This returns the strength in bits of the symmetric cipher used for the
connection.
Diff from gilles@
ok tb@
|
| |
|
|
|
|
|
|
| |
This makes libtls more friendly for multithreaded use - otherwise we can
end up with incorrect refcounts and end up freeing when we should not be
(or not freeing when we should be).
ok beck@
|
| |
|
|
|
|
| |
own define for /etc/ssl/cert.pem.
ok beck@ bluhm@ tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Previously this incorrectly called tls_keypair_clear(), which results in
the private key being cleared, along with the certificate, OCSP staple and
pubkey hash. This breaks OCSP stapling if tls_config_clear_keys() is called
following tls_configure(), as is done by httpd.
Fix this by calling tls_keypair_clear_key() so that only the private key is
cleared, leaving the other public data untouched. While here, remove
tls_keypair_clear() and fold the necessary parts into tls_keypair_free().
ok beck@
|
| |
|
|
|
|
|
|
|
| |
Now that we have tls_init() under pthread_once(), automatically initialise
libtls from the entry point functions (tls_config(), tls_client() and
tls_server()) - this makes an explicit tls_init() call no longer a
requirement.
ok bcook@ beck@ inoguchi@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The keypair pubkey hash was being generated and set in the keypair when the
TLS context was being configured. This code should not be messing around
with the keypair contents, since it is part of the config (and not the
context).
Instead, generate the pubkey hash and store it in the keypair when the
certificate is configured. This means that we are guaranteed to have the
pubkey hash and as a side benefit, we identify bad certificate content
when it is provided, instead of during the context configuration.
ok beck@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
A libtls client can specify a session file descriptor (a regular file
with appropriate ownership and permissions) and libtls will manage reading
and writing of session data across TLS handshakes.
Discussed at length with deraadt@ and tedu@.
Rides previous minor bump.
ok beck@
|
| |
|
|
|
| |
rolling its own certificate loading. This also means we get better error
reporting on failure.
|
| | |
|
| |
|
|
|
|
| |
in multiple locations.
ok beck@
|
| |
|
|
|
|
|
|
|
|
| |
This fixes a bug where by a TLS server with SNI would always only return
the OCSP staple for the default keypair, rather than returning the OCSP
staple associated with the keypair that was selected via SNI.
Issue reported by William Graeber and confirmed by Andreas Bartelt.
Fix tested by William Graeber and Andreas Bartelt - thanks!
|
| |
|
|
|
|
|
|
|
|
| |
names of the elliptic curves that may be used during client and server
key exchange to be specified.
This deprecates tls_config_set_ecdhecurve(), which could only be used to
specify a single supported curve.
ok beck@
|
| |
|
|
|
|
|
|
| |
for the TLS privsep code. Instead use X509_pubkey_digest() because only the
key should be used as identifier. Relayd is rewriting certificates and then
the hash would change. Rename the hash is struct tls_keypair to pubkey_hash
to make clear what this hash is about.
With input and OK jsing@
|
| |
|
|
|
|
|
|
| |
enable CRL checking for the full certificate chain.
Based on a diff from Jack Burton <jack at saosce dot com dot au>, thanks!
Discussed with beck@
|
| |
|
|
|
|
|
| |
we can prevent libcrypto from going behind our back and trying to read
passwords from standard input (which we may not be permitted to do).
Found by jsg@ with httpd and password protected keys.
|
| |
|
|
| |
complete a TLS handshake.
|
| |
|
|
|
|
|
|
|
| |
be called as soon as it has been passed to the final tls_configure() call,
simplifying lifetime tracking for the application.
Requested some time ago by tedu@.
ok beck@
|
| |
|
|
|
|
| |
Even though this is not a real public interface we need the symbol in
the shared library so that relayd can use it (needed for TLS key privsep)
OK beck@
|
| |
|
|
|
|
|
|
|
|
| |
rather than return codes. More strictly follow RFC 6125, in particular only
check the CN if there are no SAN identifiers present in the certificate
(per section 6.4.4).
Previous behaviour questioned by Daniel Stenberg <daniel at haxx dot se>.
ok beck@ jca@
|
| |
|
|
|
|
| |
for portable.
From Raphael Hittich.
|
| |
|
|
|
|
|
| |
as PEM format. This allows for it to be used or examined with tools
external to libtls
bump minor
ok jsing@
|
| |
|
|
|
|
| |
public key as an identifier to RSA, and adds an function for relayd to
use to disable private key checking when doing engine privsep.
ok jsing@
|
| |
|
|
|
|
|
| |
so that it does not send back bogus staples when SNI is in use.
(Further change is required to be able to use staples on all keypairs
and not just the main one)
ok jsing@
|
| |
|
|
|
|
|
|
|
| |
issue where by calling tls_close() on a TLS context that has not attempted
a handshake, results in an unexpected failure.
Reported by Vinay Sajip.
ok beck@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
lifetime with tls_config_set_session_lifetime(). This enables tickets
and uses an internal automatic rekeying mode for the ticket keys.
If multiple processes are involved the following functions can be used to make
tickets work accross all instances:
- tls_config_set_session_id() sets the session identifier
- tls_config_add_ticket_key() adds an encryption and authentication key
For now only the last 4 keys added will be used (unless they are too old).
If tls_config_add_ticket_key() is used the caller must ensure to add new keys
regularly. It is best to do this 4 times per session lifetime (which is also
the ticket key lifetime).
Since tickets break PFS it is best to minimize the session lifetime according
to needs.
With a lot of help, input and OK beck@, jsing@
|
| |
|
|
| |
Add support for server side OCSP stapling to netcat.
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
| |
in <tls.h>, and use __{BEGIN,END}_HIDDEN_DECLS in tls_internal.h to
optimize internal functions
ok jsing@
|
| |
|
|
|
|
| |
functions.. document with a man page.
bump majors on libtls, libssl, libcrypto
ok jsing@ guenther@
|
| |
|
|
|
|
| |
to indicate that it requires the peer to provide a stapled OCSP response
with the handshake. Provide a "-T muststaple" for nc that uses it.
ok jsing@, guenther@
|
| |
|
|
|
|
|
|
| |
been set by libtls code. This avoids the situation where a libtls callback
has set an error, only to have it replaced by a less useful libssl based
error.
ok beck@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- Provide access to certificate OCSP URL
- Provide ability to check a raw OCSP reply against an
established TLS ctx
- Check and validate OCSP stapling info in the TLS handshake
if a stapled OCSP response is provided.`
Add example code to show OCSP URL and stapled info
into netcat.
ok jsing@
|
| |
|
|
|
|
|
| |
This allows working with buffers and callback functions instead of directly on
sockets or file descriptors.
Original patch from Tobias Pape <tobias_at_netshed.de>.
ok beck@
|
| |
|
|
|
|
|
|
|
| |
In particular, rename tls_free_conninfo() to tls_conninfo_free() and make
it a real free function. Rename tls_get_conninfo() to
tls_conninfo_populate() and have it allocate the struct tls_conninfo (after
freeing any existing one).
ok beck@
|
| |
|
|
|
|
|
|
| |
provide additional keypairs (via tls_config_add_keypair_{file,mem}()) and
allow the server to determine what servername the client requested (via
tls_conn_servername()).
ok beck@
|
| |
|
|
|
|
|
|
|
| |
that is required for certificate switching with libssl and the certificate
itself so that we can match against the subject and SANs. Hook up the
servername callback and switch to the appropriate SSL_CTX if we find a
matching certificate.
ok beck@
|
| | |
|
| |
|
|
| |
sort and remove unused fingerprint.
|
| |
|
|
|
|
|
|
|
|
|
| |
instead of assuming that they should use the one associated with the TLS
context. This allows these functions to be used with the additional
SSL contexts that are needed to support server-side SNI.
Also rename tls_configure_keypair() to tls_configure_ssl_keypair(), so that
these functions have a common prefix.
ok reyk@
|
