summaryrefslogtreecommitdiff
path: root/lib/libtls/tls.c
AgeCommit message (Expand)Author
2018-03-19Automatically handle library initialisation for libtls.Joel Sing
2018-03-08un-revert tls_init pthread_once change, now that stub is added so that builds...Bob Beck
2018-03-07backout. diff was not tested comprehensively, resulting in a broken tree.Theo de Raadt
2018-03-07Make tls_init() concurrently callable using pthread_once().Bob Beck
2018-02-10Move the keypair pubkey hash handling code to during config.Joel Sing
2018-02-08Have tls_keypair_pubkey_hash() call tls_keypair_load_cert() instead ofJoel Sing
2018-02-08Move tls_keypair_pubkey_hash() to the keypair file.Joel Sing
2018-02-08Avoid a memory leak that results when the same tls_config is reused.Joel Sing
2017-09-20Keep track of which keypair is in use by a TLS context.Joel Sing
2017-08-28Fix unchecked return nitBob Beck
2017-08-09Don't use tls_cert_hash for the hashing used by the engine offloading magicClaudio Jeker
2017-07-06Add support for providing CRLs to libtls - once a CRL is provided weJoel Sing
2017-06-22Use the tls_password_cb() callback with all PEM_read_bio_*() calls, so thatJoel Sing
2017-06-22Fix incorrect indentation.Joel Sing
2017-06-22Plug a memory leak in tls_keypair_cert_hash(), introduced in r1.60.Joel Sing
2017-06-22Remove dead code that has remained hiding since ressl.c r1.14!Joel Sing
2017-05-07Return an error if tls_handshake() is called on a TLS context that hasJoel Sing
2017-05-06Perform reference counting for tls_config. This allows tls_config_free() toJoel Sing
2017-04-05Add tls_peer_cert_chain_pem - To retreive the peer certificate and chainBob Beck
2017-04-05Internal changes to allow for relayd engine privsep. sends the hash of theBob Beck
2017-01-26Use a flag to track when we need to call SSL_shutdown(). This avoids anJoel Sing
2017-01-22Disable session cache and tickets by default.Claudio Jeker
2017-01-13whitespaceTheo de Raadt
2017-01-03If certificate verification has been disabled, do not attempt to load aJoel Sing
2017-01-03Revert previous - the original code was correct since X509_verify_cert()Joel Sing
2017-01-02fix cert verify. a cert with an alt chain may verify but leave an errorTed Unangst
2016-12-26Hook up a certificate verify callback so that we can set user friendlyJoel Sing
2016-11-05rename ocsp_ctx to ocspBob Beck
2016-11-03Only set an error from libssl related code, if an error has not alreadyJoel Sing
2016-11-02Add OCSP client side support to libtls.Bob Beck
2016-09-04Add callback-based interface to libtls.Brent Cook
2016-08-22Various clean up and reorganisation of the connection info handling code.Joel Sing
2016-08-22Create contexts for server side SNI - these include the additional SSL_CTXJoel Sing
2016-08-15Explicitly pass in an SSL_CTX * to the functions that operate on one,Joel Sing
2016-08-13Load CA, certificate and key files into memory when the appropriateJoel Sing
2016-08-12Add ALPN support to libtls.Joel Sing
2016-08-02Revert previous since it adds new symbols.Joel Sing
2016-08-01Add ALPN support to libtls.Joel Sing
2016-07-07Revert previous - it introduces problems with a common privsep use case.Joel Sing
2016-07-06Always load CA, key and certificate files at the time the configurationJoel Sing
2016-07-06Correctly handle an EOF that occurs prior to the TLS handshake completing.Joel Sing
2016-05-27Rename some of the internal error setting functions to more closely followJoel Sing
2016-04-28Factor our the keypair handling in libtls. This results in more readableJoel Sing
2016-04-28Rework the error handling in libtls so that we can associate errors withJoel Sing
2016-01-18Call BIO_sock_init() from tls_init() to ensure sockets are enabled on Windows.Brent Cook
2015-10-07Allow us to get cipher and version even if there is not a peer certificate.Bob Beck
2015-09-29clean some ugly intendation wartsTheo de Raadt
2015-09-14Provide tls_config_insecure_noverifytime() in order to be able to disableJoel Sing
2015-09-14Expose EOF without close-notify via tls_close().Joel Sing
2015-09-14Return an error if tls_handshake() or tls_close() is called on a contextJoel Sing