summaryrefslogtreecommitdiff
path: root/lib/libtls/tls.c
AgeCommit message (Expand)Author
2017-01-26Use a flag to track when we need to call SSL_shutdown(). This avoids anJoel Sing
2017-01-22Disable session cache and tickets by default.Claudio Jeker
2017-01-13whitespaceTheo de Raadt
2017-01-03If certificate verification has been disabled, do not attempt to load aJoel Sing
2017-01-03Revert previous - the original code was correct since X509_verify_cert()Joel Sing
2017-01-02fix cert verify. a cert with an alt chain may verify but leave an errorTed Unangst
2016-12-26Hook up a certificate verify callback so that we can set user friendlyJoel Sing
2016-11-05rename ocsp_ctx to ocspBob Beck
2016-11-03Only set an error from libssl related code, if an error has not alreadyJoel Sing
2016-11-02Add OCSP client side support to libtls.Bob Beck
2016-09-04Add callback-based interface to libtls.Brent Cook
2016-08-22Various clean up and reorganisation of the connection info handling code.Joel Sing
2016-08-22Create contexts for server side SNI - these include the additional SSL_CTXJoel Sing
2016-08-15Explicitly pass in an SSL_CTX * to the functions that operate on one,Joel Sing
2016-08-13Load CA, certificate and key files into memory when the appropriateJoel Sing
2016-08-12Add ALPN support to libtls.Joel Sing
2016-08-02Revert previous since it adds new symbols.Joel Sing
2016-08-01Add ALPN support to libtls.Joel Sing
2016-07-07Revert previous - it introduces problems with a common privsep use case.Joel Sing
2016-07-06Always load CA, key and certificate files at the time the configurationJoel Sing
2016-07-06Correctly handle an EOF that occurs prior to the TLS handshake completing.Joel Sing
2016-05-27Rename some of the internal error setting functions to more closely followJoel Sing
2016-04-28Factor our the keypair handling in libtls. This results in more readableJoel Sing
2016-04-28Rework the error handling in libtls so that we can associate errors withJoel Sing
2016-01-18Call BIO_sock_init() from tls_init() to ensure sockets are enabled on Windows.Brent Cook
2015-10-07Allow us to get cipher and version even if there is not a peer certificate.Bob Beck
2015-09-29clean some ugly intendation wartsTheo de Raadt
2015-09-14Provide tls_config_insecure_noverifytime() in order to be able to disableJoel Sing
2015-09-14Expose EOF without close-notify via tls_close().Joel Sing
2015-09-14Return an error if tls_handshake() or tls_close() is called on a contextJoel Sing
2015-09-13work around the stupid semantics of SSL_read and SSL_write to make sureBob Beck
2015-09-13Don't leak conninfo - spotted by marko kreen.Bob Beck
2015-09-12Move connection info into it's own private structure allocated and filled inBob Beck
2015-09-12Ensure that we clear the libssl error stack before we make a function callJoel Sing
2015-09-11Store a reference to the peer certificate (if any) upon completion of theJoel Sing
2015-09-10Call tls_set_errorx() instead of tls_set_error() inJoel Sing
2015-09-10comment for errno clobbering, to indicate why we do this.Bob Beck
2015-09-10change TLS_READ_AGAIN to TLS_WANT_POLLIN and TLS_WRITE_AGAIN to TLS_WANT_POLLOUTBob Beck
2015-09-10Change tls_read and tls_write semantics to return an ssize_t to betterBob Beck
2015-09-10Split tls_handshake() out from tls_accept/tls_connect. By doing this theJoel Sing
2015-09-09Indent labels with a space so that diff -p is more friendly.Joel Sing
2015-09-09Add client certificate support. Still needs a few tweaks but this willBob Beck
2015-09-09always clear errno when coming back from tls_read tls_write, and tls_close.Bob Beck
2015-09-09nuke trailing whitespaceBob Beck
2015-08-27Improve libtls error messages.Joel Sing
2015-08-27Split the persistent/configuration flags from temporary state flags andJoel Sing
2015-08-22Make tls_read()/tls_write always set outlen to zero on error - this gotJoel Sing
2015-07-18Set SSL_MODE_ENABLE_PARTIAL_WRITE and SSL_MODE_ACCEPT_MOVING_WRITE_BUFFERAlexander Bluhm
2015-04-15Treat SSL_ERROR_ZERO_RETURN as a success, rather than a failure. AlsoJoel Sing
2015-04-15Make tls_close() more robust - do not rely on a close notify being receivedJoel Sing