| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | tweak previous; | jmc | 2016-11-05 | 1 | -6/+6 |
| | | |||||
| * | bump minors for symbol addition for ocsp and x25519 symbol additions | beck | 2016-11-05 | 1 | -1/+1 |
| | | |||||
| * | Add support for server side OCSP stapling to libtls. | beck | 2016-11-05 | 7 | -12/+79 |
| | | | | | Add support for server side OCSP stapling to netcat. | ||||
| * | rename ocsp_ctx to ocsp | beck | 2016-11-05 | 3 | -68/+68 |
| | | | | | ok jsing@ | ||||
| * | Remove generated Symbols.map on make clean. | jsing | 2016-11-05 | 1 | -1/+3 |
| | | | | | ok guenther@ | ||||
| * | Build with WARNINGS=Yes. | jsing | 2016-11-04 | 1 | -1/+3 |
| | | |||||
| * | Avoid shadowing the socket global. | jsing | 2016-11-04 | 1 | -3/+3 |
| | | | | | ok miod@ | ||||
| * | Make the tls_keypair_new() function a valid prototype. | jsing | 2016-11-04 | 1 | -2/+2 |
| | | |||||
| * | Avoid another signed vs unsigned comparison. | jsing | 2016-11-04 | 1 | -2/+6 |
| | | | | | ok miod@ | ||||
| * | Add an explict list of exported symbols with just the functions declared | guenther | 2016-11-04 | 3 | -2/+85 |
| | | | | | | | | in <tls.h>, and use __{BEGIN,END}_HIDDEN_DECLS in tls_internal.h to optimize internal functions ok jsing@ | ||||
| * | make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hidden | beck | 2016-11-04 | 4 | -10/+7 |
| | | | | | | | functions.. document with a man page. bump majors on libtls, libssl, libcrypto ok jsing@ guenther@ | ||||
| * | Address some signed vs unsigned warnings and check that an integer value | jsing | 2016-11-04 | 1 | -4/+14 |
| | | | | | | | | | | is positive before passing it to several functions as a size_t. Additionally, in tls_load_file() there is not much point using calloc(), when we're immediately reading into the buffer (having an extra byte for NUL termination seems pointless given the API). ok beck@ miod@ | ||||
| * | Assign and test, as is consistent with the rest of the libtls code. | jsing | 2016-11-04 | 1 | -7/+4 |
| | | |||||
| * | Use a consistent name for struct bio_cb * variables. | jsing | 2016-11-04 | 1 | -6/+6 |
| | | |||||
| * | Rename struct bio_cb_st to struct bio_cb. | jsing | 2016-11-04 | 1 | -8/+8 |
| | | |||||
| * | Do not cast a pointer to a struct, to a char * when assigning to a void *. | jsing | 2016-11-04 | 1 | -2/+2 |
| | | |||||
| * | Use a consistent name for a BIO *, rather than having four different names | jsing | 2016-11-04 | 1 | -49/+51 |
| | | | | | in the same file. | ||||
| * | Avoid signed vs unsigned comparisons. | jsing | 2016-11-04 | 1 | -3/+4 |
| | | | | | ok miod@ | ||||
| * | There's not much point having three static functions that do a cast and | jsing | 2016-11-04 | 1 | -33/+6 |
| | | | | | | assign a pointer, when we can just inline the three and do one cast followed by three pointer assignments. | ||||
| * | Do not mix declarations and code. | jsing | 2016-11-04 | 1 | -3/+7 |
| | | |||||
| * | Rename the internal bio related functions so that they have a common | jsing | 2016-11-04 | 1 | -22/+22 |
| | | | | | prefix. Makes the code more readable and removes shadowing. | ||||
| * | There's not much point in casting a void * to a specific type just before | jsing | 2016-11-04 | 1 | -4/+2 |
| | | | | | | | calling free(). ok beck@ ingo@ | ||||
| * | bump minor for ocsp_require_stapling addition | beck | 2016-11-04 | 1 | -1/+1 |
| | | |||||
| * | Add ocsp_require_stapling config option for tls - allows a connection | beck | 2016-11-04 | 5 | -6/+25 |
| | | | | | | | to indicate that it requires the peer to provide a stapled OCSP response with the handshake. Provide a "-T muststaple" for nc that uses it. ok jsing@, guenther@ | ||||
| * | Don't do OCSP validation when we have disabled certificate verification | beck | 2016-11-03 | 2 | -5/+8 |
| | | | | | | or certificate validation. ok jsing@ | ||||
| * | Only set an error from libssl related code, if an error has not already | jsing | 2016-11-03 | 2 | -7/+47 |
| | | | | | | | | | been set by libtls code. This avoids the situation where a libtls callback has set an error, only to have it replaced by a less useful libssl based error. ok beck@ | ||||
| * | Fix handshake failures: | beck | 2016-11-03 | 1 | -20/+26 |
| | | | | | | split out internals of OCSP verification to allow callback to verify before TLS handshake is complete | ||||
| * | bit more cleanup; | jmc | 2016-11-02 | 1 | -9/+9 |
| | | |||||
| * | fix shadow declaration of time in parameter list. | beck | 2016-11-02 | 1 | -2/+2 |
| | | | | | ok jsing@ | ||||
| * | Ensure handshake is complete before processing an ocsp response for a ctx | beck | 2016-11-02 | 1 | -0/+3 |
| | | | | | ok jsing@ | ||||
| * | tweak previous; | jmc | 2016-11-02 | 1 | -32/+26 |
| | | |||||
| * | bump minor for ocsp api additions | beck | 2016-11-02 | 1 | -1/+1 |
| | | |||||
| * | Add OCSP client side support to libtls. | beck | 2016-11-02 | 7 | -8/+604 |
| | | | | | | | | | | | | | | - Provide access to certificate OCSP URL - Provide ability to check a raw OCSP reply against an established TLS ctx - Check and validate OCSP stapling info in the TLS handshake if a stapled OCSP response is provided.` Add example code to show OCSP URL and stapled info into netcat. ok jsing@ | ||||
| * | use the same type for buf as the return type in tls_load_file | bcook | 2016-10-03 | 1 | -2/+3 |
| | | | | | ok tedu@, noted by kinichiro | ||||
| * | Update ld search path for libssl/libcrypto, fixes cross-build after source ↵ | bcook | 2016-09-19 | 1 | -3/+3 |
| | | | | | | | moved. from Patrick Wildt | ||||
| * | Set callbacks on the right tls ctx on accept. | bcook | 2016-09-14 | 1 | -2/+2 |
| | | | | | From Tobias Pape | ||||
| * | Handle the FLUSH BIO cntl, that happens at the end of SSL handshakes. | bcook | 2016-09-14 | 1 | -1/+2 |
| | | | | | from Tobias Pape | ||||
| * | Allow callback read/write functions to set TLS_WANT_POLLOUT/POLLIN. | bcook | 2016-09-14 | 1 | -3/+21 |
| | | | | | from Tobias Pape | ||||
| * | add a little more typing to the first callback argument. | tedu | 2016-09-13 | 2 | -7/+7 |
| | | | | | it's always a tls context. | ||||
| * | minor tweaks; | jmc | 2016-09-04 | 1 | -7/+7 |
| | | |||||
| * | Bump TLS_API for addition of callbacks. | jsing | 2016-09-04 | 1 | -2/+2 |
| | | |||||
| * | Maintain consistency with function naming. | jsing | 2016-09-04 | 2 | -8/+8 |
| | | |||||
| * | Sort headers and use the installed tls.h, rather than the local one. | jsing | 2016-09-04 | 1 | -5/+5 |
| | | |||||
| * | $OpenBSD$ tag | jsing | 2016-09-04 | 1 | -1/+1 |
| | | |||||
| * | New sentence, new line. Also wrap at 80 chars. | jsing | 2016-09-04 | 1 | -3/+7 |
| | | |||||
| * | Add callback-based interface to libtls. | bcook | 2016-09-04 | 10 | -37/+371 |
| | | | | | | | | This allows working with buffers and callback functions instead of directly on sockets or file descriptors. Original patch from Tobias Pape <tobias_at_netshed.de>. ok beck@ | ||||
| * | State that libtls functions apply to both clients and servers, unless | jsing | 2016-09-04 | 1 | -47/+16 |
| | | | | | | | | | | | noted otherwise. Remove all of the now redundant "client and server" notations and change the client and server notations to "client only" and "server only". With input from jmc@. ok beck@ jmc@ | ||||
| * | Crank minor due to API addition | beck | 2016-08-31 | 1 | -1/+1 |
| | | |||||
| * | Various clean up and reorganisation of the connection info handling code. | jsing | 2016-08-22 | 3 | -69/+97 |
| | | | | | | | | | | In particular, rename tls_free_conninfo() to tls_conninfo_free() and make it a real free function. Rename tls_get_conninfo() to tls_conninfo_populate() and have it allocate the struct tls_conninfo (after freeing any existing one). ok beck@ | ||||
| * | Stick with the usual 'if NULL return NULL' idiom. | jsing | 2016-08-22 | 1 | -10/+10 |
| | | | | | ok beck@ | ||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |