summaryrefslogtreecommitdiff
path: root/lib/libtls/tls_config.c
AgeCommit message (Expand)Author
2018-11-29expose the default cert file as a function, not a define. it's reallyTed Unangst
2018-04-07Correct tls_config_clear_keys() behaviour.Joel Sing
2018-03-20Avoid potentially calling strchr() on a NULL pointer inJoel Sing
2018-03-19Automatically handle library initialisation for libtls.Joel Sing
2018-02-10Move the keypair pubkey hash handling code to during config.Joel Sing
2018-02-10Add support to libtls for client-side TLS session resumption.Joel Sing
2018-02-08Split keypair handling out into its own file - it had already appearedJoel Sing
2018-02-05Be consistent with the goto label names used in libtls code.Joel Sing
2017-12-09Make tls_config_parse_protocols() work correctly when passed a NULL pointerJoel Sing
2017-09-25If tls_config_parse_protocols() is called with a NULL pointer, return theJoel Sing
2017-08-10Add a tls_config_set_ecdhecurves() function to libtls, which allows theJoel Sing
2017-08-09Don't use tls_cert_hash for the hashing used by the engine offloading magicClaudio Jeker
2017-07-06Add support for providing CRLs to libtls - once a CRL is provided weJoel Sing
2017-05-06Perform reference counting for tls_config. This allows tls_config_free() toJoel Sing
2017-05-02use freezero() instead of memset/explicit_bzero + free. SubstantiallyTheo de Raadt
2017-04-30Add a tls_keypair_clear_key() function that uses freezero() to make keyJoel Sing
2017-04-05Internal changes to allow for relayd engine privsep. sends the hash of theBob Beck
2017-01-31Add tls_config_[add|set]keypair_ocsp functions so that ocsp staples may beBob Beck
2017-01-29Move the ocsp staple to being part of the keypair structure internally,Bob Beck
2017-01-24Introduce ticket support. To enable them it is enough to set a positiveClaudio Jeker
2016-11-11Change the return value of tls_config_set_protocols() andJoel Sing
2016-11-05Add support for server side OCSP stapling to libtls.Bob Beck
2016-11-04Make the tls_keypair_new() function a valid prototype.Joel Sing
2016-11-04Avoid another signed vs unsigned comparison.Joel Sing
2016-11-04Add ocsp_require_stapling config option for tls - allows a connectionBob Beck
2016-08-22Provide an API that enables server side SNI support - add the ability toJoel Sing
2016-08-13Avoid leaking memory if tls_config_set_alpn() is called multiple timesJoel Sing
2016-08-13Load CA, certificate and key files into memory when the appropriateJoel Sing
2016-08-12Add ALPN support to libtls.Joel Sing
2016-08-02Revert previous since it adds new symbols.Joel Sing
2016-08-01Add ALPN support to libtls.Joel Sing
2016-07-13Split the existing TLS cipher suite groups into four:Joel Sing
2016-07-07Revert previous - it introduces problems with a common privsep use case.Joel Sing
2016-07-06Check that the given ciphers string is syntactically valid and results inJoel Sing
2016-07-06Always load CA, key and certificate files at the time the configurationJoel Sing
2016-05-27Rename some of the internal error setting functions to more closely followJoel Sing
2016-05-27Avoid leaking ca_mem when freeing a tls_config.Joel Sing
2016-04-28Factor our the keypair handling in libtls. This results in more readableJoel Sing
2016-04-28Rework the error handling in libtls so that we can associate errors withJoel Sing
2015-09-29clean some ugly intendation wartsTheo de Raadt
2015-09-14Provide tls_config_insecure_noverifytime() in order to be able to disableJoel Sing
2015-09-10Add support for preferring the server's cipher list or the client's cipherJoel Sing
2015-09-09Indent labels with a space so that diff -p is more friendly.Joel Sing
2015-09-09Add client certificate support. Still needs a few tweaks but this willBob Beck
2015-02-22Rename tls_config_insecure_noverifyhost() toJoel Sing
2015-02-22Check return values when setting dheparams and ecdhecurve for the defaultJoel Sing
2015-02-22In the interests of being secure by default, make the default TLS ciphersJoel Sing
2015-02-12Add a tls_config_parse_protocols() function that allows a protocols stringJoel Sing
2015-02-12Fix handling of "legacy" mode for tls_config_set_dheparams().Joel Sing
2015-02-11Be consistent with naming - only use "host" and "hostname" when referringJoel Sing