summaryrefslogtreecommitdiff
path: root/src/lib/libtls/tls_internal.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Provide tls_peer_cert_common_name()tb2024-12-101-1/+4
| | | | | | | | | | | | | | | | There is currently no sane way of getting your hands on the common name or subject alternative name of the peer certificate from libtls. It is possible to extract it from the peer cert's PEM by hand, but that way lies madness. While the common name is close to being deprecated in the webpki, it is still the de facto standard to identify client certs. It would be nice to have a way to access the subject alternative names as well, but this is a lot more difficult to expose in a clean and sane C interface due to its multivaluedness. Initial diff from henning, with input from beck, jsing and myself henning and bluhm have plans of using this in syslogd. ok beck
* Add error code support to libtlsjoshua2024-03-261-22/+23
| | | | | | | | | This adds tls_config_error_code() and tls_error_code(), which will become public API at a later date. Additional error codes will be added in follow-up commits. ok jsing@ beck@
* Use errno_value instead of num for readabilityjoshua2024-03-261-2/+2
| | | | ok beck@ jsing@
* Zap stray spacetb2023-06-271-2/+2
|
* libtls: switch ECDSA_METHOD usage to EC_KEY_METHODop2023-06-181-2/+2
| | | | | | | | | | | smtpd and the bits it needs in libtls are the only consumer left of ECDSA_METHOD, which is long deprecated. This paves the way for the removal in libcrypto. The diff is from gilles' work on OpenSMTPD-portable, libretls had a similar diff. ok tb@, jsing@
* Drop X9.31 support from libtlstb2023-04-091-2/+1
| | | | | | | | | The TLS signer isn't exposed in public API (we should finally fix it...) and it supports X9.31, a standard that has been retired and deprecated for a very long time. libcrypto will stop supporting it soon, this step is needed to prepare userland. ok jsing
* Hide the tls_signer from public visibility. It's not ready yet andtb2022-03-241-1/+23
| | | | | | should not be used. It will be revisited after release. ok beck inoguchi jsing
* Introduce a signer interface intented to make TLS privsep simplereric2022-01-251-1/+6
| | | | | | | | | | | | | | | | to implement. Add a tls_config_set_sign_cb() function that allows to register a callback for the signing operation on a tls_config. When used, the context installs fake pivate keys internally, and the callback receives the hash of the public key. Add a tls_signer_*() set of functions to manage tls_signer objects. A tls_signer is an opaque structure on which keys are added. It is used to compute signatures with private keys identified by their associated public key hash. Discussed with and ok jsing@ tb@
* Allow setting a keypair on a tls context without specifying the privateeric2021-01-211-1/+3
| | | | | | | | key, and fake it internally with the certificate public key instead. It makes it easier for privsep engines like relayd that don't have to use bogus keys anymore. ok beck@ tb@ jsing@
* Allow 1.3 ciphers in libtls.beck2019-11-161-2/+2
| | | | ok jsing@
* Allow portable to override the default CA bundle locationbeck2019-11-161-1/+5
| | | | ok kinichiro@ jsing@
* Provide tls_conn_cipher_strength().jsing2019-11-021-1/+2
| | | | | | | | | This returns the strength in bits of the symmetric cipher used for the connection. Diff from gilles@ ok tb@
* Add a mutex to guard reference counting for tls_config.jsing2019-04-011-1/+4
| | | | | | | | This makes libtls more friendly for multithreaded use - otherwise we can end up with incorrect refcounts and end up freeing when we should not be (or not freeing when we should be). ok beck@
* Define TLS_CA_CERT_FILE rather than having every application create theirjsing2018-11-061-3/+1
| | | | | | own define for /etc/ssl/cert.pem. ok beck@ bluhm@ tb@
* Correct tls_config_clear_keys() behaviour.jsing2018-04-071-2/+2
| | | | | | | | | | | | | Previously this incorrectly called tls_keypair_clear(), which results in the private key being cleared, along with the certificate, OCSP staple and pubkey hash. This breaks OCSP stapling if tls_config_clear_keys() is called following tls_configure(), as is done by httpd. Fix this by calling tls_keypair_clear_key() so that only the private key is cleared, leaving the other public data untouched. While here, remove tls_keypair_clear() and fold the necessary parts into tls_keypair_free(). ok beck@
* Automatically handle library initialisation for libtls.jsing2018-03-191-1/+3
| | | | | | | | | Now that we have tls_init() under pthread_once(), automatically initialise libtls from the entry point functions (tls_config(), tls_client() and tls_server()) - this makes an explicit tls_init() call no longer a requirement. ok bcook@ beck@ inoguchi@
* Move the keypair pubkey hash handling code to during config.jsing2018-02-101-11/+9
| | | | | | | | | | | | | | The keypair pubkey hash was being generated and set in the keypair when the TLS context was being configured. This code should not be messing around with the keypair contents, since it is part of the config (and not the context). Instead, generate the pubkey hash and store it in the keypair when the certificate is configured. This means that we are guaranteed to have the pubkey hash and as a side benefit, we identify bad certificate content when it is provided, instead of during the context configuration. ok beck@
* Add support to libtls for client-side TLS session resumption.jsing2018-02-101-1/+3
| | | | | | | | | | | | A libtls client can specify a session file descriptor (a regular file with appropriate ownership and permissions) and libtls will manage reading and writing of session data across TLS handshakes. Discussed at length with deraadt@ and tedu@. Rides previous minor bump. ok beck@
* Have tls_keypair_pubkey_hash() call tls_keypair_load_cert() instead ofjsing2018-02-081-2/+3
| | | | | rolling its own certificate loading. This also means we get better error reporting on failure.
* Move tls_keypair_pubkey_hash() to the keypair file.jsing2018-02-081-1/+2
|
* Split keypair handling out into its own file - it had already appearedjsing2018-02-081-1/+24
| | | | | | in multiple locations. ok beck@
* Keep track of which keypair is in use by a TLS context.jsing2017-09-201-1/+5
| | | | | | | | | | This fixes a bug where by a TLS server with SNI would always only return the OCSP staple for the default keypair, rather than returning the OCSP staple associated with the keypair that was selected via SNI. Issue reported by William Graeber and confirmed by Andreas Bartelt. Fix tested by William Graeber and Andreas Bartelt - thanks!
* Add a tls_config_set_ecdhecurves() function to libtls, which allows thejsing2017-08-101-2/+5
| | | | | | | | | | names of the elliptic curves that may be used during client and server key exchange to be specified. This deprecates tls_config_set_ecdhecurve(), which could only be used to specify a single supported curve. ok beck@
* Don't use tls_cert_hash for the hashing used by the engine offloading magicclaudio2017-08-091-2/+2
| | | | | | | | for the TLS privsep code. Instead use X509_pubkey_digest() because only the key should be used as identifier. Relayd is rewriting certificates and then the hash would change. Rename the hash is struct tls_keypair to pubkey_hash to make clear what this hash is about. With input and OK jsing@
* Add support for providing CRLs to libtls - once a CRL is provided wejsing2017-07-061-1/+3
| | | | | | | | enable CRL checking for the full certificate chain. Based on a diff from Jack Burton <jack at saosce dot com dot au>, thanks! Discussed with beck@
* Use the tls_password_cb() callback with all PEM_read_bio_*() calls, so thatjsing2017-06-221-1/+3
| | | | | | | we can prevent libcrypto from going behind our back and trying to read passwords from standard input (which we may not be permitted to do). Found by jsg@ with httpd and password protected keys.
* Ensure that a client context has been connected before attempting tojsing2017-05-071-3/+4
| | | | complete a TLS handshake.
* Perform reference counting for tls_config. This allows tls_config_free() tojsing2017-05-061-1/+3
| | | | | | | | | be called as soon as it has been passed to the final tls_configure() call, simplifying lifetime tracking for the application. Requested some time ago by tedu@. ok beck@
* Move tls_config_skip_private_key_check() out from under HIDDEN_DECLS.claudio2017-05-041-2/+4
| | | | | | Even though this is not a real public interface we need the symbol in the shared library so that relayd can use it (needed for TLS key privsep) OK beck@
* Rework name verification code so that a match is indicated via an argument,jsing2017-04-101-2/+3
| | | | | | | | | | rather than return codes. More strictly follow RFC 6125, in particular only check the CN if there are no SAN identifiers present in the certificate (per section 6.4.4). Previous behaviour questioned by Daniel Stenberg <daniel at haxx dot se>. ok beck@ jca@
* Use uint8_t instead of u_int8_t - for consistency and to make things easierjsing2017-04-071-2/+2
| | | | | | for portable. From Raphael Hittich.
* Add tls_peer_cert_chain_pem - To retreive the peer certificate and chainbeck2017-04-051-1/+6
| | | | | | | as PEM format. This allows for it to be used or examined with tools external to libtls bump minor ok jsing@
* Internal changes to allow for relayd engine privsep. sends the hash of thebeck2017-04-051-1/+6
| | | | | | public key as an identifier to RSA, and adds an function for relayd to use to disable private key checking when doing engine privsep. ok jsing@
* Move the ocsp staple to being part of the keypair structure internally,beck2017-01-291-3/+3
| | | | | | | so that it does not send back bogus staples when SNI is in use. (Further change is required to be able to use staples on all keypairs and not just the main one) ok jsing@
* Use a flag to track when we need to call SSL_shutdown(). This avoids anjsing2017-01-261-1/+2
| | | | | | | | | issue where by calling tls_close() on a TLS context that has not attempted a handshake, results in an unexpected failure. Reported by Vinay Sajip. ok beck@
* Introduce ticket support. To enable them it is enough to set a positiveclaudio2017-01-241-1/+23
| | | | | | | | | | | | | | | | | | | | lifetime with tls_config_set_session_lifetime(). This enables tickets and uses an internal automatic rekeying mode for the ticket keys. If multiple processes are involved the following functions can be used to make tickets work accross all instances: - tls_config_set_session_id() sets the session identifier - tls_config_add_ticket_key() adds an encryption and authentication key For now only the last 4 keys added will be used (unless they are too old). If tls_config_add_ticket_key() is used the caller must ensure to add new keys regularly. It is best to do this 4 times per session lifetime (which is also the ticket key lifetime). Since tickets break PFS it is best to minimize the session lifetime according to needs. With a lot of help, input and OK beck@, jsing@
* Add support for server side OCSP stapling to libtls.beck2016-11-051-5/+4
| | | | Add support for server side OCSP stapling to netcat.
* rename ocsp_ctx to ocspbeck2016-11-051-5/+5
| | | | ok jsing@
* Add an explict list of exported symbols with just the functions declaredguenther2016-11-041-1/+5
| | | | | | | in <tls.h>, and use __{BEGIN,END}_HIDDEN_DECLS in tls_internal.h to optimize internal functions ok jsing@
* make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hiddenbeck2016-11-041-3/+1
| | | | | | functions.. document with a man page. bump majors on libtls, libssl, libcrypto ok jsing@ guenther@
* Add ocsp_require_stapling config option for tls - allows a connectionbeck2016-11-041-1/+2
| | | | | | to indicate that it requires the peer to provide a stapled OCSP response with the handshake. Provide a "-T muststaple" for nc that uses it. ok jsing@, guenther@
* Only set an error from libssl related code, if an error has not alreadyjsing2016-11-031-1/+6
| | | | | | | | been set by libtls code. This avoids the situation where a libtls callback has set an error, only to have it replaced by a less useful libssl based error. ok beck@
* Add OCSP client side support to libtls.beck2016-11-021-1/+32
| | | | | | | | | | | | | - Provide access to certificate OCSP URL - Provide ability to check a raw OCSP reply against an established TLS ctx - Check and validate OCSP stapling info in the TLS handshake if a stapled OCSP response is provided.` Add example code to show OCSP URL and stapled info into netcat. ok jsing@
* Add callback-based interface to libtls.bcook2016-09-041-1/+8
| | | | | | | This allows working with buffers and callback functions instead of directly on sockets or file descriptors. Original patch from Tobias Pape <tobias_at_netshed.de>. ok beck@
* Various clean up and reorganisation of the connection info handling code.jsing2016-08-221-3/+3
| | | | | | | | | In particular, rename tls_free_conninfo() to tls_conninfo_free() and make it a real free function. Rename tls_get_conninfo() to tls_conninfo_populate() and have it allocate the struct tls_conninfo (after freeing any existing one). ok beck@
* Provide an API that enables server side SNI support - add the ability tojsing2016-08-221-1/+2
| | | | | | | | provide additional keypairs (via tls_config_add_keypair_{file,mem}()) and allow the server to determine what servername the client requested (via tls_conn_servername()). ok beck@
* Create contexts for server side SNI - these include the additional SSL_CTXjsing2016-08-221-1/+14
| | | | | | | | | that is required for certificate switching with libssl and the certificate itself so that we can match against the subject and SANs. Hook up the servername callback and switch to the appropriate SSL_CTX if we find a matching certificate. ok beck@
* The tls_conninfo serial is also unused.jsing2016-08-151-2/+1
|
* Group conninfo fields by connection and peer cert based information,jsing2016-08-151-5/+6
| | | | sort and remove unused fingerprint.
* Explicitly pass in an SSL_CTX * to the functions that operate on one,jsing2016-08-151-5/+6
| | | | | | | | | | | instead of assuming that they should use the one associated with the TLS context. This allows these functions to be used with the additional SSL contexts that are needed to support server-side SNI. Also rename tls_configure_keypair() to tls_configure_ssl_keypair(), so that these functions have a common prefix. ok reyk@