| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
that we will pass the result through tls_ssl_error() on failure. Otherwise
we can end up reporting spurious errors due to their being unrelated errors
already on the error stack.
Spotted by Marko Kreen.
ok beck@
|
| |
|
|
| |
ok jsing@ who wears the cone of shame.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
tls_accept/tls_connect functions can be guaranteed to succeed or fail and
will no longer return TLS_READ_AGAIN/TLS_WRITE_AGAIN. This also resolves
the semantics of tls_accept_*.
The tls_handshake() function now does I/O and can return
TLS_READ_AGAIN/TLS_WRITE_AGAIN. Calls to tls_read() and tls_write() will
trigger the handshake if it has not already completed, meaning that in many
cases existing code will continue to work.
Discussed over many coffees at l2k15.
ok beck@ bluhm@
|
| |
|
|
|
|
|
|
| |
list. Prefer the server's cipher list by default.
Based on a diff from Kyle Thompson <jmp at giga dot moe>.
ok beck@ bcook@
|
| |
|
|
| |
Requested by bluhm@
|
| |
|
|
|
| |
ride upcoming minor bump
ok jsing@
|
| |
|
|
|
|
| |
passed a socket then the caller is responsible for closing it.
ok bcook@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The tls_set_error() function previously stored the errno but did nothing
with it. Change tls_set_error() to append the strerror(3) of the stored
errno so that we include useful information regarding failures.
Provide a tls_set_errorx() function that does not store the errno or
include strerror(3) in the error message. Call this function instead of
tls_set_error() for errors where the errno value has no useful meaning.
With feedback from and ok doug@
|
| | |
|
| |
|
|
|
| |
around CRYPTO_set_ex_data(), which can fail. Since this is the case, check
the return value of CRYPTO_set_ex_data^WSSL_set_ex_data^WSSL_set_app_data.
|
| |
|
|
|
|
| |
accepted via an existing pair of file descriptors.
Based on a diff from Jan Klemkow.
|
| |
|
|
|
|
|
| |
for the server, rather than on the context for the connection. This makes
more sense than the current behaviour does.
Issue reported by Tim van der Molen.
|
| |
|
|
|
|
|
| |
dance handling code. This means that we get slightly useful messages when
a TLS connection or accept fails.
Requested by reyk@
|
| |
|
|
|
|
|
|
|
| |
use for DHE. This enables the use of DHE cipher suites.
Rename tls_config_set_ecdhcurve() to tls_config_set_ecdhecurve() since it
is only used to specify the curve for ephemeral ECDH.
Discussed with reyk@
|
| |
|
|
| |
OK jsing@
|
| |
|
|
|
|
|
|
| |
using the name of relayd relay or smtpd pki, use a 32 byte arc4random
buffer that should be unique for the context. This fixes an issue in
OpenSMTPD when a long pki name could break the configuration.
OK gilles@ benno@
|
|
|
distinguish between LibreSSL (the project) and libressl (the library).
Discussed with many.
|
