| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
| |
- zap trailing whitespace
- avoid "can not"
|
| | |
|
| |
|
|
| |
tls_configure_ssl_verify(). Also tweak an error message and unwrap a line.
|
| |
|
|
|
|
|
| |
1. hoist pollfd fields which don't change upwards
2. show ret as ssize_t, it MUST BE, or there will be lots of crying
3. on first pass, must check for either POLLIN|POLLOUT
ok millert beck
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
| |
document functions that clear errno.
change examples to provide demonstration of both the blocking and
non-blocking cases.
ok jsing@, bluhm@
|
| | |
|
| | |
|
| |
|
|
|
|
| |
for closing the file descriptors unless libtls allocated them.
ok beck@
|
| |
|
|
|
|
| |
document the calling requirements.
ok beck@
|
| |
|
|
| |
ok beck@
|
| | |
|
| |
|
|
| |
ok deraadt@ jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
| |
to make it more clear to users of this api what needs to be done in these error
cases.
Discussed extensively with bluhm@ and jsing@ and others.
ok jsing@
|
| |
|
|
|
|
|
|
| |
match read() and write() semantics to make porting existing code using
read/write easier.. requested by bluhm@ who convinced jsing and I to break
the api
ok jsing@ bluhm@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
tls_accept/tls_connect functions can be guaranteed to succeed or fail and
will no longer return TLS_READ_AGAIN/TLS_WRITE_AGAIN. This also resolves
the semantics of tls_accept_*.
The tls_handshake() function now does I/O and can return
TLS_READ_AGAIN/TLS_WRITE_AGAIN. Calls to tls_read() and tls_write() will
trigger the handshake if it has not already completed, meaning that in many
cases existing code will continue to work.
Discussed over many coffees at l2k15.
ok beck@ bluhm@
|
| | |
|
| |
|
|
|
|
|
|
| |
list. Prefer the server's cipher list by default.
Based on a diff from Kyle Thompson <jmp at giga dot moe>.
ok beck@ bcook@
|
| |
|
|
| |
Requested by bluhm@
|
| |
|
|
|
| |
ride upcoming minor bump
ok jsing@
|
| |
|
|
|
|
|
| |
this avoids the problem of people checking for return values < 0
and then checking for errno before checking for TLS_READ_AGAIN
TLS_WRITE_AGAIN - since we can not guarantee what errno will be
set to from the underlying library calls
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
| |
passed a socket then the caller is responsible for closing it.
ok bcook@
|
| |
|
|
|
|
| |
not a HTTPS library.
ok beck@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The tls_set_error() function previously stored the errno but did nothing
with it. Change tls_set_error() to append the strerror(3) of the stored
errno so that we include useful information regarding failures.
Provide a tls_set_errorx() function that does not store the errno or
include strerror(3) in the error message. Call this function instead of
tls_set_error() for errors where the errno value has no useful meaning.
With feedback from and ok doug@
|
| |
|
|
|
|
|
|
|
|
|
| |
ensure that the temporary state flags get cleared in tls_reset(). Fixes a
bug spotted by Marko Kreen whereby TLS_CONNECTING could remain on reset.
While here, also move the TLS_STATE_CONNECTING check to after the
TLS_CLIENT check - if TLS_STATE_CONNECTING was ever set on any other
context type it would allow a bypass.
ok bluhm@
|
| |
|
|
|
|
| |
Spotted by Marko Kreen.
Rides libtls major bump.
|
| | |
|
| | |
|
| |
|
|
|
| |
around CRYPTO_set_ex_data(), which can fail. Since this is the case, check
the return value of CRYPTO_set_ex_data^WSSL_set_ex_data^WSSL_set_app_data.
|
| |
|
|
|
|
| |
data (as is already done for server connections).
From Marko Kreen.
|
| |
|
|
|
|
| |
broken by r1.4.
Spotted by Marko Kreen.
|
| |
|
|
|
|
|
|
|
| |
OpenSSL stopped building it last year and removed it this year.
Based on OpenSSL commit c436e05bdc7f49985a750df64122c960240b3ae1.
Also cranked major version in libcrypto, libssl and libtls.
"fine with me" bcook@ miod@
|
| | |
|
| |
|
|
|
|
| |
changed in an incompatible way regarding partial writes.
OK miod@ deraadt@
|
| |
|
|
| |
ok beck@
|
| |
|
|
|
|
|
| |
in libtls. This gives tls_write() a similar short write semantics
as write(2). So implementing daemons with libevent buffers will
be easier and workarounds in syslogd and httpd can be removed.
OK tedu@ beck@ reyk@
|
| |
|
|
| |
ok miod@ jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This makes using libtls easier to include by including dependent headers,
making something like this work as expected:
#include <iostream>
#include <tls.h>
int main()
{
std::cout << "tls_init: " << tls_init() << "\n";
}
This also makes building a standalone libtls-portable simpler.
ok doug@, jsing@
|
| |
|
|
| |
ok mpi@
|
| | |
|
| |
|
|
|
|
| |
RFC 5280 says " " must not be used as a dNSName.
ok jsing@ jca@
|
| |
|
|
|
|
|
| |
ensure that outlen is set to zero so that tls_read() has read(2) like
semantics for EOF.
Spotted by doug@
|
| |
|
|
|
|
|
|
|
|
|
| |
from the other side and only return TLS_READ_AGAIN/TLS_WRITE_AGAIN if we
failed to send a close notify on a non-blocking socket.
Otherwise be more forceful and always shutdown/close the socket regardless
of other failures. Also do not consider ENOTCONN or ECONNRESET to be a
shutdown failure, since there are various situations where this can occur.
ok doug@ guenther@
|
| | |
|
| |
|
|
|
|
| |
close the connection. Also correctly handle the error on failure.
Diff from cookieandscream via github.
|
| |
|
|
|
|
| |
Diff from Tim van der Molen.
ok jmc@
|
| |
|
|
|
|
| |
TLS_READ_AGAIN and TLS_WRITE_AGAIN.
Based on a diff from Tim van der Molen.
|
| | |
|
