summaryrefslogtreecommitdiff
path: root/src/lib/libtls (follow)
Commit message (Collapse)AuthorAgeFilesLines
* The check_includes step is incorrect dependency management model forderaadt2020-06-091-11/+1
| | | | | | how our tree gets built. If this was done in all the libraries (imagine sys/dev), it would disrupt the development process hugely. So it should not be done here either. use 'make includes' by hand instead.
* Clear SSL_MODE_AUTO_RETRY in libtls, since we handle WANT_POLLIN correctly.jsing2020-05-241-1/+3
|
* Correct includes check for libtls.jsing2020-01-221-2/+2
|
* Add checks to ensure that lib{crypto,ssl,tls} public headers have actuallyjsing2020-01-221-1/+11
| | | | | | been installed prior to building. Requested by and ok tb@
* Note in the man page that the default protocols list includes 1.3beck2020-01-221-4/+4
| | | | ok jsing@
* Enable TLS version 1.3 in the default protocols for libtls.beck2020-01-221-2/+2
| | | | | | | This will as yet not do anything, until we turn it on in the lower level libraries. ok jsing@
* Add support for TLSv1.3 as a protocol to libtls.jsing2020-01-204-11/+20
| | | | | | | This makes tls_config_parse_protocols() recognise and handle "tlsv1.3". If TLSv1.3 is enabled libtls will also request libssl to enable it. ok beck@ tb@
* Add missing RCS tag.tb2019-12-031-0/+1
|
* Allow 1.3 ciphers in libtls.beck2019-11-161-2/+2
| | | | ok jsing@
* Allow portable to override the default CA bundle locationbeck2019-11-162-3/+7
| | | | ok kinichiro@ jsing@
* Bump libcrypto, libssl and libtls minors due to symbol additions.jsing2019-11-021-1/+1
|
* Document tls_conn_cipher_strength().jsing2019-11-021-2/+14
| | | | ok schwarze@
* Provide tls_conn_cipher_strength().jsing2019-11-024-3/+15
| | | | | | | | | This returns the strength in bits of the symmetric cipher used for the connection. Diff from gilles@ ok tb@
* Bump libcrypto, libssl and libtls majors due to changes in struct sizesjsing2019-10-241-2/+2
| | | | and symbol addition.
* Group tls_{handshake,read,write,close}() return values documentation.jsing2019-07-091-21/+21
| | | | | | | | | | Move the documentation for tls_error() down so that both the special return values for tls_{handshake,read,write,close}() directly follow the standard return values for the same functions. Prompted by deraadt@. ok deraadt@ schwarze@
* tls_read() & tls_write() return 4 possible values: TLS_WANT_POLLOUT,deraadt2019-06-201-4/+4
| | | | | | TLS_WANT_POLLIN, -1, or 0. After handling the first two, check for -1 rather than vaguely "< 0". ok jsing
* provide getters and setters for the RSA_METHOD interfacegilles2019-06-051-1/+1
| | | | ok tb@, jsing@, sthen@
* Acquire mutex before incrementing the refcount. Fixes COV-186144bcook2019-05-131-1/+3
| | | | ok tb@
* Null out pointers on asprintf() failure.tb2019-04-131-3/+7
| | | | | | | | These pointers will be passed to free. According to asprintf(3), "on OpenBSD, ret will be set to the null pointer, but this behavior should not be relied upon." ok jsing
* Only assign destlen when src is non-NULL.jsing2019-04-041-3/+4
| | | | This avoids ever having a non-zero len with a NULL pointer.
* Switch to pthread_mutex_init().jsing2019-04-041-3/+5
| | | | | | | While PTHREAD_MUTEX_INITIALIZER can be used on OpenBSD, some other platforms do not like it. Noted by bcook@
* Bump libssl/libtls minors due to symbol addition.jsing2019-04-041-1/+1
|
* Add a mutex to guard reference counting for tls_config.jsing2019-04-013-4/+16
| | | | | | | | This makes libtls more friendly for multithreaded use - otherwise we can end up with incorrect refcounts and end up freeing when we should not be (or not freeing when we should be). ok beck@
* remove duplicate set key file call. from alf.tedu2019-03-271-3/+1
| | | | ok jsing
* fix examples (libtls uses its own error reporting mechanism)espie2019-03-201-4/+4
| | | | okay tb@
* bump minors after symbol additiontb2019-03-171-1/+1
|
* bump minors after symbol additiontb2019-01-221-1/+1
|
* bump minors after symbol additiontb2019-01-191-1/+1
|
* Delete a note taken during the rev. 1.1 man page spliteschwarze2018-12-141-5/+2
| | | | | | that should have been deleted before commit. The cross reference is already present below SEE ALSO. Glitch noticed by jsing@.
* missed adding tls_default_ca_cert_file here. found by sthentedu2018-11-291-0/+1
|
* expose the default cert file as a function, not a define. it's reallytedu2018-11-295-10/+24
| | | | | | an internal detail of the library, so the string should live inside it, not in the application code. ok jsing
* bump minors after symbol addition.tb2018-11-111-1/+1
|
* Define TLS_CA_CERT_FILE rather than having every application create theirjsing2018-11-063-6/+6
| | | | | | own define for /etc/ssl/cert.pem. ok beck@ bluhm@ tb@
* Bump libcrypto/libssl/libtls majors due to symbol removals (libcrypto)jsing2018-10-241-2/+2
| | | | and changes to struct visibility/sizes (libssl).
* crank to follow minor crank in libcrypto; ok tb@ jsing@djm2018-09-121-1/+1
|
* crank majors after symbol addition/modification/removaltb2018-08-241-2/+2
|
* typo in argument type, from Mario dot Andres dot Campos at gmail dot comschwarze2018-08-211-3/+3
|
* Use the same order in NAME, SYNOPSIS, DESCRIPTION, and RETURN VALUES totb2018-07-241-27/+28
| | | | | | | improve readability and ease of maintenance. Positive feedback jmc Detailed suggestion & ok schwarze
* Document tls_peer_ocsp_result() and use it in place of the non-existenttb2018-07-231-6/+12
| | | | | | | tls_peer_ocsp_result_msg() in the documentation. input & ok jsing Reads fine to jmc and makes sense to schwarze
* Move a detail on tls_connect(3) to its documentation and be a bit moretb2018-07-091-5/+7
| | | | | | explicit about the servername argument of tls_connect_servername(3). input & ok jsing, input & ok schwarze on earlier version
* wording tweak for tls_init() from jsingtb2018-07-091-4/+4
| | | | ok jsing, schwarze
* Simplify and shorten the description of tls_init(3),schwarze2018-07-081-4/+4
| | | | | fixing an awkward wording noticed by tb@. OK tb@
* minor markup improvement: .Fa *cctx -> .Pf * Fa cctxschwarze2018-05-261-3/+3
|
* Quote .Fa arguments containing blanks.schwarze2018-05-261-4/+4
| | | | Diff from Jack Burton <jack at saosce dot com dot au>.
* Correct tls_config_clear_keys() behaviour.jsing2018-04-073-30/+18
| | | | | | | | | | | | | Previously this incorrectly called tls_keypair_clear(), which results in the private key being cleared, along with the certificate, OCSP staple and pubkey hash. This breaks OCSP stapling if tls_config_clear_keys() is called following tls_configure(), as is done by httpd. Fix this by calling tls_keypair_clear_key() so that only the private key is cleared, leaving the other public data untouched. While here, remove tls_keypair_clear() and fold the necessary parts into tls_keypair_free(). ok beck@
* Switch to OPENSSL_init_ssl() and prevent an openssl configuration file fromjsing2018-04-071-3/+2
| | | | | | being loaded behind our back, at a later point. ok beck@
* Avoid potentially calling strchr() on a NULL pointer injsing2018-03-201-7/+6
| | | | | | tls_config_set_ecdhecurve(). Spotted by Coverity.
* bump minors after symbol additiontb2018-03-201-1/+1
|
* Automatically handle library initialisation for libtls.jsing2018-03-196-11/+28
| | | | | | | | | Now that we have tls_init() under pthread_once(), automatically initialise libtls from the entry point functions (tls_config(), tls_client() and tls_server()) - this makes an explicit tls_init() call no longer a requirement. ok bcook@ beck@ inoguchi@
* crank majorstb2018-03-171-2/+2
| | | | req by deraadt
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-17 18:12:26 +0000