| Age | Commit message (Collapse) | Author |
|---|
|
because it is documented in the separate tls_client(3) manual page
|
|
With this change any requests from configurations to request
versions of tls before tls 1.2 will use tls 1.2. This prepares
us to deprecate tls 1.0 and tls 1.1 support from libssl.
ok tb@
|
|
|
|
|
|
tls_config_set_*_file(3) do not just set the file paths like
tls_config_set_*_path(3) do, they do load the given file(s) into memory
directly using tls_config_load_file().
This distinction is important because it means a later tls_connect(3)
will not do any file I/O (at least wrt. those files), which is relevant when
for example pleding without "[rwc]path" after loading files into memory and
before doing tls_connect(3).
The manual's current wording made me use the following due to above way of
pledging a program:
tls_load_file()
tls_config_set_ca_mem()
tls_unload_file()
While in fact a single tls_config_set_ca_file() call does the same.
tls_config.c r1.26 (Aug 2016) change the code but forgot to amend the manual
as noted by tb, thanks.
Feedback OK tb
|
|
* Do not abuse .Bl -tag for lists without bodies, use .Bl -item instead.
* In tagged lists, put bodies into bodies, not into heads.
* Add a few missing macros.
* Drop some useless quoting.
|
|
Follow the previous commit and complete the manual page for consistency;
better readable and tags for free.
OK tb
|
|
Manuals like httpd.conf(5) refer to this for valid protocol strings, but
elements inlined into sentences are hard find to spot.
Use a list as already done elsewhere in this manual.
OK jmc on earlier version
Feeback OK tb
|
|
ok jsing@
|
|
This makes tls_config_parse_protocols() recognise and handle "tlsv1.3".
If TLSv1.3 is enabled libtls will also request libssl to enable it.
ok beck@ tb@
|
|
ok schwarze@
|
|
Move the documentation for tls_error() down so that both the special return
values for tls_{handshake,read,write,close}() directly follow the standard
return values for the same functions.
Prompted by deraadt@.
ok deraadt@ schwarze@
|
|
TLS_WANT_POLLIN, -1, or 0. After handling the first two, check for -1
rather than vaguely "< 0".
ok jsing
|
|
okay tb@
|
|
that should have been deleted before commit.
The cross reference is already present below SEE ALSO.
Glitch noticed by jsing@.
|
|
an internal detail of the library, so the string should live inside it,
not in the application code.
ok jsing
|
|
|
|
improve readability and ease of maintenance.
Positive feedback jmc
Detailed suggestion & ok schwarze
|
|
tls_peer_ocsp_result_msg() in the documentation.
input & ok jsing
Reads fine to jmc and makes sense to schwarze
|
|
explicit about the servername argument of tls_connect_servername(3).
input & ok jsing, input & ok schwarze on earlier version
|
|
ok jsing, schwarze
|
|
fixing an awkward wording noticed by tb@.
OK tb@
|
|
|
|
Diff from Jack Burton <jack at saosce dot com dot au>.
|
|
Now that we have tls_init() under pthread_once(), automatically initialise
libtls from the entry point functions (tls_config(), tls_client() and
tls_server()) - this makes an explicit tls_init() call no longer a
requirement.
ok bcook@ beck@ inoguchi@
|
|
builds work
|
|
|
|
ok jsing@
This brings pthread_once usage into libressl, which will
need to get dealt with correctly in portable.
This sets us up to autoinit libtls, and we will also be
using pthread_once to deal with autoinit stuff in libssl
and libcrypto
|
|
|
|
|
|
|
|
ok beck@
|
|
|
|
|
|
|
|
names of the elliptic curves that may be used during client and server
key exchange to be specified.
This deprecates tls_config_set_ecdhecurve(), which could only be used to
specify a single supported curve.
ok beck@
|
|
from carlos cardenas
|
|
Based on a diff from Jack Burton <jack at saosce dot com dot au>, thanks!
|
|
Discussed with beck@
|
|
|
|
patch from Matthew Martin <phy1729 at gmail dot com>,
slightly tweaked by me
|
|
|
|
|
|
about tls_error(3), and warn about some traps;
OK jmc@
|
|
|
|
added associated to a keypair used for SNI, and are usable for more than
just the "main" certificate. Modify httpd to use this.
Bump libtls minor.
ok jsing@
|
|
|
|
|
|
|
|
|
