summaryrefslogtreecommitdiff
path: root/src/lib/libtls (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Delete a note taken during the rev. 1.1 man page spliteschwarze2018-12-141-5/+2
| | | | | | that should have been deleted before commit. The cross reference is already present below SEE ALSO. Glitch noticed by jsing@.
* missed adding tls_default_ca_cert_file here. found by sthentedu2018-11-291-0/+1
|
* expose the default cert file as a function, not a define. it's reallytedu2018-11-295-10/+24
| | | | | | an internal detail of the library, so the string should live inside it, not in the application code. ok jsing
* bump minors after symbol addition.tb2018-11-111-1/+1
|
* Define TLS_CA_CERT_FILE rather than having every application create theirjsing2018-11-063-6/+6
| | | | | | own define for /etc/ssl/cert.pem. ok beck@ bluhm@ tb@
* Bump libcrypto/libssl/libtls majors due to symbol removals (libcrypto)jsing2018-10-241-2/+2
| | | | and changes to struct visibility/sizes (libssl).
* crank to follow minor crank in libcrypto; ok tb@ jsing@djm2018-09-121-1/+1
|
* crank majors after symbol addition/modification/removaltb2018-08-241-2/+2
|
* typo in argument type, from Mario dot Andres dot Campos at gmail dot comschwarze2018-08-211-3/+3
|
* Use the same order in NAME, SYNOPSIS, DESCRIPTION, and RETURN VALUES totb2018-07-241-27/+28
| | | | | | | improve readability and ease of maintenance. Positive feedback jmc Detailed suggestion & ok schwarze
* Document tls_peer_ocsp_result() and use it in place of the non-existenttb2018-07-231-6/+12
| | | | | | | tls_peer_ocsp_result_msg() in the documentation. input & ok jsing Reads fine to jmc and makes sense to schwarze
* Move a detail on tls_connect(3) to its documentation and be a bit moretb2018-07-091-5/+7
| | | | | | explicit about the servername argument of tls_connect_servername(3). input & ok jsing, input & ok schwarze on earlier version
* wording tweak for tls_init() from jsingtb2018-07-091-4/+4
| | | | ok jsing, schwarze
* Simplify and shorten the description of tls_init(3),schwarze2018-07-081-4/+4
| | | | | fixing an awkward wording noticed by tb@. OK tb@
* minor markup improvement: .Fa *cctx -> .Pf * Fa cctxschwarze2018-05-261-3/+3
|
* Quote .Fa arguments containing blanks.schwarze2018-05-261-4/+4
| | | | Diff from Jack Burton <jack at saosce dot com dot au>.
* Correct tls_config_clear_keys() behaviour.jsing2018-04-073-30/+18
| | | | | | | | | | | | | Previously this incorrectly called tls_keypair_clear(), which results in the private key being cleared, along with the certificate, OCSP staple and pubkey hash. This breaks OCSP stapling if tls_config_clear_keys() is called following tls_configure(), as is done by httpd. Fix this by calling tls_keypair_clear_key() so that only the private key is cleared, leaving the other public data untouched. While here, remove tls_keypair_clear() and fold the necessary parts into tls_keypair_free(). ok beck@
* Switch to OPENSSL_init_ssl() and prevent an openssl configuration file fromjsing2018-04-071-3/+2
| | | | | | being loaded behind our back, at a later point. ok beck@
* Avoid potentially calling strchr() on a NULL pointer injsing2018-03-201-7/+6
| | | | | | tls_config_set_ecdhecurve(). Spotted by Coverity.
* bump minors after symbol additiontb2018-03-201-1/+1
|
* Automatically handle library initialisation for libtls.jsing2018-03-196-11/+28
| | | | | | | | | Now that we have tls_init() under pthread_once(), automatically initialise libtls from the entry point functions (tls_config(), tls_client() and tls_server()) - this makes an explicit tls_init() call no longer a requirement. ok bcook@ beck@ inoguchi@
* crank majorstb2018-03-171-2/+2
| | | | req by deraadt
* Bump minors after symbol additiontb2018-03-171-1/+1
|
* Also bump libtls minor after the addition of SSL_CTX_get_min/max_proto_versionjca2018-03-151-1/+1
| | | | cluebat tb@
* un-revert tls_init pthread_once change, now that stub is added so that ↵beck2018-03-082-15/+23
| | | | builds work
* backout. diff was not tested comprehensively, resulting in a broken tree.deraadt2018-03-072-22/+14
|
* Make tls_init() concurrently callable using pthread_once().beck2018-03-072-15/+23
| | | | | | | | | | | ok jsing@ This brings pthread_once usage into libressl, which will need to get dealt with correctly in portable. This sets us up to autoinit libtls, and we will also be using pthread_once to deal with autoinit stuff in libssl and libcrypto
* Bump lib{crypto,ssl,tls} minors due to symbol additions.jsing2018-02-221-1/+1
|
* Crank lib{crypto,ssl,tls} minors after symbol addition.tb2018-02-201-1/+1
|
* Bump minor due to symbol addition.tb2018-02-181-1/+1
|
* Bump libcrypto/libssl/libtls minors due to symbol additions.tb2018-02-181-1/+1
|
* Bump libcrypto/libssl/libtls minors due to symbol additions.jsing2018-02-171-1/+1
|
* Bump lib{crypto,ssl,tls} minors due to symbol additions.jsing2018-02-141-1/+1
|
* Be more specific about when the session file will be updated.jsing2018-02-101-2/+2
|
* Bump TLS API version since we've added more functionality.jsing2018-02-101-2/+2
|
* Move the keypair pubkey hash handling code to during config.jsing2018-02-104-69/+95
| | | | | | | | | | | | | | The keypair pubkey hash was being generated and set in the keypair when the TLS context was being configured. This code should not be messing around with the keypair contents, since it is part of the config (and not the context). Instead, generate the pubkey hash and store it in the keypair when the certificate is configured. This means that we are guaranteed to have the pubkey hash and as a side benefit, we identify bad certificate content when it is provided, instead of during the context configuration. ok beck@
* Tidy/standardise some code.jsing2018-02-101-6/+3
|
* Remove NULL check from tls_conninfo_cert_pem() - all of the other conninfojsing2018-02-101-3/+1
| | | | functions require the conninfo passed in to be non-NULL.
* Document functions for client-side TLS session support.jsing2018-02-102-9/+56
|
* Add support to libtls for client-side TLS session resumption.jsing2018-02-106-5/+195
| | | | | | | | | | | | A libtls client can specify a session file descriptor (a regular file with appropriate ownership and permissions) and libtls will manage reading and writing of session data across TLS handshakes. Discussed at length with deraadt@ and tedu@. Rides previous minor bump. ok beck@
* Bump lib{crypto,ssl,tls} minors due to symbol addition.jsing2018-02-101-1/+1
|
* Have tls_keypair_pubkey_hash() call tls_keypair_load_cert() instead ofjsing2018-02-083-14/+11
| | | | | rolling its own certificate loading. This also means we get better error reporting on failure.
* Ensure that tls_keypair_clear() clears the OCSP staple and pubkey hash.jsing2018-02-081-6/+5
|
* Do not bother NULLing pointers in a struct that is about to be freed.jsing2018-02-081-10/+1
|
* Move tls_keypair_pubkey_hash() to the keypair file.jsing2018-02-083-43/+43
|
* Avoid a memory leak that results when the same tls_config is reused.jsing2018-02-081-1/+4
| | | | Reported by and fix from Nate Bessette <openbsd at nate dot sh> - thanks.
* Assert tedu's copyright since some of the code moved here is his.jsing2018-02-081-1/+2
|
* Split keypair handling out into its own file - it had already appearedjsing2018-02-086-166/+215
| | | | | | in multiple locations. ok beck@
* Do not bother NULLing pointers in memory that is freed immediately after.jsing2018-02-051-3/+1
|
* Be consistent with the goto label names used in libtls code.jsing2018-02-054-51/+52
| | | | No change to generated assembly.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 10:18:40 +0000