summaryrefslogtreecommitdiff
path: root/src/lib/libtls (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Remove generated Symbols.map on make clean.jsing2016-11-051-1/+3
| | | | ok guenther@
* Build with WARNINGS=Yes.jsing2016-11-041-1/+3
|
* Avoid shadowing the socket global.jsing2016-11-041-3/+3
| | | | ok miod@
* Make the tls_keypair_new() function a valid prototype.jsing2016-11-041-2/+2
|
* Avoid another signed vs unsigned comparison.jsing2016-11-041-2/+6
| | | | ok miod@
* Add an explict list of exported symbols with just the functions declaredguenther2016-11-043-2/+85
| | | | | | | in <tls.h>, and use __{BEGIN,END}_HIDDEN_DECLS in tls_internal.h to optimize internal functions ok jsing@
* make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hiddenbeck2016-11-044-10/+7
| | | | | | functions.. document with a man page. bump majors on libtls, libssl, libcrypto ok jsing@ guenther@
* Address some signed vs unsigned warnings and check that an integer valuejsing2016-11-041-4/+14
| | | | | | | | | is positive before passing it to several functions as a size_t. Additionally, in tls_load_file() there is not much point using calloc(), when we're immediately reading into the buffer (having an extra byte for NUL termination seems pointless given the API). ok beck@ miod@
* Assign and test, as is consistent with the rest of the libtls code.jsing2016-11-041-7/+4
|
* Use a consistent name for struct bio_cb * variables.jsing2016-11-041-6/+6
|
* Rename struct bio_cb_st to struct bio_cb.jsing2016-11-041-8/+8
|
* Do not cast a pointer to a struct, to a char * when assigning to a void *.jsing2016-11-041-2/+2
|
* Use a consistent name for a BIO *, rather than having four different namesjsing2016-11-041-49/+51
| | | | in the same file.
* Avoid signed vs unsigned comparisons.jsing2016-11-041-3/+4
| | | | ok miod@
* There's not much point having three static functions that do a cast andjsing2016-11-041-33/+6
| | | | | assign a pointer, when we can just inline the three and do one cast followed by three pointer assignments.
* Do not mix declarations and code.jsing2016-11-041-3/+7
|
* Rename the internal bio related functions so that they have a commonjsing2016-11-041-22/+22
| | | | prefix. Makes the code more readable and removes shadowing.
* There's not much point in casting a void * to a specific type just beforejsing2016-11-041-4/+2
| | | | | | calling free(). ok beck@ ingo@
* bump minor for ocsp_require_stapling additionbeck2016-11-041-1/+1
|
* Add ocsp_require_stapling config option for tls - allows a connectionbeck2016-11-045-6/+25
| | | | | | to indicate that it requires the peer to provide a stapled OCSP response with the handshake. Provide a "-T muststaple" for nc that uses it. ok jsing@, guenther@
* Don't do OCSP validation when we have disabled certificate verificationbeck2016-11-032-5/+8
| | | | | or certificate validation. ok jsing@
* Only set an error from libssl related code, if an error has not alreadyjsing2016-11-032-7/+47
| | | | | | | | been set by libtls code. This avoids the situation where a libtls callback has set an error, only to have it replaced by a less useful libssl based error. ok beck@
* Fix handshake failures:beck2016-11-031-20/+26
| | | | | split out internals of OCSP verification to allow callback to verify before TLS handshake is complete
* bit more cleanup;jmc2016-11-021-9/+9
|
* fix shadow declaration of time in parameter list.beck2016-11-021-2/+2
| | | | ok jsing@
* Ensure handshake is complete before processing an ocsp response for a ctxbeck2016-11-021-0/+3
| | | | ok jsing@
* tweak previous;jmc2016-11-021-32/+26
|
* bump minor for ocsp api additionsbeck2016-11-021-1/+1
|
* Add OCSP client side support to libtls.beck2016-11-027-8/+604
| | | | | | | | | | | | | - Provide access to certificate OCSP URL - Provide ability to check a raw OCSP reply against an established TLS ctx - Check and validate OCSP stapling info in the TLS handshake if a stapled OCSP response is provided.` Add example code to show OCSP URL and stapled info into netcat. ok jsing@
* use the same type for buf as the return type in tls_load_filebcook2016-10-031-2/+3
| | | | ok tedu@, noted by kinichiro
* Update ld search path for libssl/libcrypto, fixes cross-build after source ↵bcook2016-09-191-3/+3
| | | | | | moved. from Patrick Wildt
* Set callbacks on the right tls ctx on accept.bcook2016-09-141-2/+2
| | | | From Tobias Pape
* Handle the FLUSH BIO cntl, that happens at the end of SSL handshakes.bcook2016-09-141-1/+2
| | | | from Tobias Pape
* Allow callback read/write functions to set TLS_WANT_POLLOUT/POLLIN.bcook2016-09-141-3/+21
| | | | from Tobias Pape
* add a little more typing to the first callback argument.tedu2016-09-132-7/+7
| | | | it's always a tls context.
* minor tweaks;jmc2016-09-041-7/+7
|
* Bump TLS_API for addition of callbacks.jsing2016-09-041-2/+2
|
* Maintain consistency with function naming.jsing2016-09-042-8/+8
|
* Sort headers and use the installed tls.h, rather than the local one.jsing2016-09-041-5/+5
|
* $OpenBSD$ tagjsing2016-09-041-1/+1
|
* New sentence, new line. Also wrap at 80 chars.jsing2016-09-041-3/+7
|
* Add callback-based interface to libtls.bcook2016-09-0410-37/+371
| | | | | | | This allows working with buffers and callback functions instead of directly on sockets or file descriptors. Original patch from Tobias Pape <tobias_at_netshed.de>. ok beck@
* State that libtls functions apply to both clients and servers, unlessjsing2016-09-041-47/+16
| | | | | | | | | | noted otherwise. Remove all of the now redundant "client and server" notations and change the client and server notations to "client only" and "server only". With input from jmc@. ok beck@ jmc@
* Crank minor due to API additionbeck2016-08-311-1/+1
|
* Various clean up and reorganisation of the connection info handling code.jsing2016-08-223-69/+97
| | | | | | | | | In particular, rename tls_free_conninfo() to tls_conninfo_free() and make it a real free function. Rename tls_get_conninfo() to tls_conninfo_populate() and have it allocate the struct tls_conninfo (after freeing any existing one). ok beck@
* Stick with the usual 'if NULL return NULL' idiom.jsing2016-08-221-10/+10
| | | | ok beck@
* Bump TLS_API due to the addition of server side SNI functions.jsing2016-08-221-2/+2
|
* Bump libtls minor due to the addition of symbols.jsing2016-08-221-1/+1
|
* Provide an API that enables server side SNI support - add the ability tojsing2016-08-225-6/+107
| | | | | | | | provide additional keypairs (via tls_config_add_keypair_{file,mem}()) and allow the server to determine what servername the client requested (via tls_conn_servername()). ok beck@
* Create contexts for server side SNI - these include the additional SSL_CTXjsing2016-08-223-3/+174
| | | | | | | | | that is required for certificate switching with libssl and the certificate itself so that we can match against the subject and SANs. Hook up the servername callback and switch to the appropriate SSL_CTX if we find a matching certificate. ok beck@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 05:18:40 +0000