summaryrefslogtreecommitdiff
path: root/src/lib/libtls (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Fix mangled function signatures.jsing2016-05-091-5/+5
| | | | From Carlin Bingham <cb at viennan dot net>, thanks!
* spelling fix;jmc2016-04-281-2/+2
|
* Crank majors for lib{crypto,ssl,tls} due to symbol removals, symboljsing2016-04-281-1/+1
| | | | additions and functionality changes.
* Factor our the keypair handling in libtls. This results in more readablejsing2016-04-287-52/+164
| | | | | | | | | and self-contained code, while preparing for the ability to handle multiple keypairs. Also provide two additional functions that allow a public certificate and private key to be set with a single function call. ok beck@
* Rework the error handling in libtls so that we can associate errors withjsing2016-04-285-28/+90
| | | | | | | | | | | both configuration and contexts. This allows us to propagate errors that occur during configuration, rather than either just failing with no reason or delaying the failure until it can be propagated via the tls context. Also provide a tls_config_error() function for retrieving the last error from a tls_config *. ok bcook@
* no more outlen; from remcojmc2016-04-241-5/+3
| | | | ok bcook deraadt
* typos;jmc2016-04-241-3/+3
|
* for some time now mandoc has not required MLINKS to functionjmc2016-03-301-52/+1
| | | | | | | | | | | | correctly - logically complete that now by removing MLINKS from base; authors need only to ensure there is an entry in NAME for any function/ util being added. MLINKS will still work, and remain for perl to ease upgrades; ok nicm (curses) bcook (ssl) ok schwarze, who provided a lot of feedback and assistance ok tb natano jung
* Call BIO_sock_init() from tls_init() to ensure sockets are enabled on Windows.bcook2016-01-181-1/+4
| | | | This is of course a no-op on other platforms. Noted by equalsraf from github.
* bump the major for libcrypto/ssl/tls for a CRYPTO_chacha_20 ABI changebcook2015-12-091-2/+2
| | | | ok jsing@, deraadt@, beck@
* update some client/server info; from jan klemkowjmc2015-11-091-5/+5
| | | | ok jsing
* bump minors after adding EVP_aead_chacha20_poly1305_ietf()reyk2015-11-021-1/+1
| | | | OK jsing@
* Put tls_config_verify_client_optional() in the right place.jsing2015-10-161-6/+6
|
* Fix tpyo.jsing2015-10-161-3/+3
|
* fix a gotcha in the connect refactoring, that could result in droppingderaadt2015-10-091-1/+5
| | | | | through and trying to bind failed v6 connects. ok guenther
* If getaddrinfo() succeeds, then don't try look ups with other flags, evenguenther2015-10-081-41/+39
| | | | | | | | | | if the connect()s failed. In concert with some resolver fixes in libc, this lets ntpd be tame()ed problem isolated by theo, who had fun untangling the libc and libtls behaviors to place blame for not being able to tame ntpd ok beck@ deraadt@ jsing@
* trailing whitespace;jmc2015-10-081-6/+6
|
* Add tls_peer_cert_notbefore and tls_peer_cert_notafter to expose peer ↵beck2015-10-076-9/+98
| | | | | | | certificate validity times for tls connections. ok jsing@
* Allow us to get cipher and version even if there is not a peer certificate.beck2015-10-072-15/+21
| | | | ok doug@
* include <sys/types.h> for ssize_tbcook2015-10-011-1/+3
| | | | ok jsing@, deraadt@
* Instead of declaring a union in multiple places, move it to tls_internal.h.jsing2015-09-293-15/+14
| | | | ok deraadt@
* clean some ugly intendation wartsderaadt2015-09-295-12/+21
|
* Explicit NULL checks and style(9) tweaks.jsing2015-09-281-7/+7
|
* tweak previous;jmc2015-09-141-2/+2
|
* Provide tls_config_insecure_noverifytime() in order to be able to disablejsing2015-09-146-6/+29
| | | | | | certificate validity checking. ok beck@
* Remove useless quoting from .Fo and .Fn function names, to preventschwarze2015-09-141-4/+4
| | | | | | development of a cargo cult in case people look at existing files for examples. This achieves a consistent .Fo and .Fn quoting style across the whole tree.
* some conn_version and conn_cipher bits;jmc2015-09-142-9/+10
|
* Expose EOF without close-notify via tls_close().jsing2015-09-142-6/+14
| | | | | | | | | | | Make tls_read(3)/tls_write(3) follow read(2)/write(2) like semantics and return 0 on EOF with and without close-notify. However, if we saw an EOF from the underlying file descriptors without getting a close-notify, save this and make it visible when tls_close(3) is called. This keeps the semantics we want, but makes it possible to detect truncation at higher layers, if necessary. ok beck@ guenther@
* Return an error if tls_handshake() or tls_close() is called on a contextjsing2015-09-141-2/+13
| | | | | | for which they are not valid operations. ok beck@
* add missing function return typesschwarze2015-09-141-2/+3
|
* Crank major version due to removal of SHA-0 and MD4 from libcrypto.doug2015-09-131-2/+2
|
* work around the stupid semantics of SSL_read and SSL_write to make surebeck2015-09-131-3/+3
| | | | | we can indicate an EOF properly on tls_read and tls_write ok jsing@
* Don't leak conninfo - spotted by marko kreen.beck2015-09-131-2/+3
| | | | ok jsing@
* Mechanical minor bump to follow libcrypto.miod2015-09-131-1/+1
|
* add visibility of ciper and connection version stringsbeck2015-09-134-6/+56
| | | | ok jsing@
* Move connection info into it's own private structure allocated and filled inbeck2015-09-127-120/+208
| | | | | | at handshake time. change accessors to return const char * to remove need for caller to free memory. ok jsing@
* Ensure that we clear the libssl error stack before we make a function calljsing2015-09-123-5/+12
| | | | | | | | | | that we will pass the result through tls_ssl_error() on failure. Otherwise we can end up reporting spurious errors due to their being unrelated errors already on the error stack. Spotted by Marko Kreen. ok beck@
* Put tls_peer_cert* functions in the same place.jsing2015-09-121-6/+6
|
* typoderaadt2015-09-111-2/+2
|
* more for NAME;jmc2015-09-111-1/+4
|
* more cleanup;jmc2015-09-111-16/+15
|
* update NAME; various cleanupjmc2015-09-111-20/+20
|
* document tls_get_peer_subject, tls_get_peer_issuer, and tls_get_peer_hashbeck2015-09-112-3/+58
| | | | ok jsing@
* != -> == that I broke while bikesheddingbeck2015-09-111-2/+2
|
* Do not match a wildcard against a name with no host part.beck2015-09-111-1/+4
| | | | ok jsing@
* add tls_peer functions for checking names and issuers of peer certificates.beck2015-09-117-13/+95
| | | | ok jsing@
* Provide tls_peer_cert_hash() which returns a hash of the raw certificatejsing2015-09-113-2/+92
| | | | | | | | | | | | | that was presented by the peer. The hash used is currently SHA256, however since we prefix the result with the hash name, we can change this in the future as the need arises. The same output can be generated by using: h=$(openssl x509 -outform der -in mycert.crt | sha256) printf "SHA256:${h}\n" ok beck@
* Store a reference to the peer certificate (if any) upon completion of thejsing2015-09-112-2/+8
| | | | | | handshake. Free the reference when we reset the TLS context. ok beck@
* specify what is permitted as an argument to tls_config_set_ciphers()beck2015-09-111-1/+11
|
* actually set return value to 0 on success.beck2015-09-111-1/+2
| | | | ok jsing@ who wears the cone of shame.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 11:08:01 +0000