summaryrefslogtreecommitdiff
path: root/src/lib/libtls/tls_keypair.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Add error code support to libtlsjoshua2024-03-261-4/+7
| | | | | | | | | This adds tls_config_error_code() and tls_error_code(), which will become public API at a later date. Additional error codes will be added in follow-up commits. ok jsing@ beck@
* Fix indent.jsing2021-01-051-2/+2
|
* Fix return value variable type in tls_keypair_load_certinoguchi2020-12-151-2/+2
| | | | | | | ERR_peek_error() returns unsigned long. Reported by github issue by @rozhuk-im. ok bcook@ jsing@
* Correct tls_config_clear_keys() behaviour.jsing2018-04-071-23/+14
| | | | | | | | | | | | | Previously this incorrectly called tls_keypair_clear(), which results in the private key being cleared, along with the certificate, OCSP staple and pubkey hash. This breaks OCSP stapling if tls_config_clear_keys() is called following tls_configure(), as is done by httpd. Fix this by calling tls_keypair_clear_key() so that only the private key is cleared, leaving the other public data untouched. While here, remove tls_keypair_clear() and fold the necessary parts into tls_keypair_free(). ok beck@
* Move the keypair pubkey hash handling code to during config.jsing2018-02-101-47/+46
| | | | | | | | | | | | | | The keypair pubkey hash was being generated and set in the keypair when the TLS context was being configured. This code should not be messing around with the keypair contents, since it is part of the config (and not the context). Instead, generate the pubkey hash and store it in the keypair when the certificate is configured. This means that we are guaranteed to have the pubkey hash and as a side benefit, we identify bad certificate content when it is provided, instead of during the context configuration. ok beck@
* Have tls_keypair_pubkey_hash() call tls_keypair_load_cert() instead ofjsing2018-02-081-10/+5
| | | | | rolling its own certificate loading. This also means we get better error reporting on failure.
* Ensure that tls_keypair_clear() clears the OCSP staple and pubkey hash.jsing2018-02-081-6/+5
|
* Move tls_keypair_pubkey_hash() to the keypair file.jsing2018-02-081-1/+40
|
* Split keypair handling out into its own file - it had already appearedjsing2018-02-081-0/+146
in multiple locations. ok beck@