| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2016-08-22 | Provide an API that enables server side SNI support - add the ability to | Joel Sing | |
| provide additional keypairs (via tls_config_add_keypair_{file,mem}()) and allow the server to determine what servername the client requested (via tls_conn_servername()). ok beck@ | |||
| 2016-08-18 | Rework parts of the libtls man page for clarity. Split out the connection | Joel Sing | |
| information related functions under their own heading and dedup the text relating to when these functions can be called. With input from and ok jmc@ | |||
| 2016-08-12 | Add ALPN support to libtls. | Joel Sing | |
| ok beck@ doug@ | |||
| 2016-08-02 | Revert previous since it adds new symbols. | Joel Sing | |
| Requested by deraadt@ | |||
| 2016-08-01 | Add ALPN support to libtls. | Joel Sing | |
| ok beck@ doug@ | |||
| 2016-07-13 | Split the existing TLS cipher suite groups into four: | Joel Sing | |
| "secure" (TLSv1.2+AEAD+PFS) "compat" (HIGH:!aNULL) "legacy" (HIGH:MEDIUM:!aNULL) "insecure" (ALL:!aNULL:!eNULL) This allows for flexibility and finer grained control, rather than having two extremes (an issue raised by Marko Kreen some time ago). ok beck@ tedu@ | |||
| 2016-05-27 | typo fixes; Anthony Coulter | Stuart Henderson | |
| 2016-05-09 | Fix mangled function signatures. | Joel Sing | |
| From Carlin Bingham <cb at viennan dot net>, thanks! | |||
| 2016-04-28 | spelling fix; | Jason McIntyre | |
| 2016-04-28 | Factor our the keypair handling in libtls. This results in more readable | Joel Sing | |
| and self-contained code, while preparing for the ability to handle multiple keypairs. Also provide two additional functions that allow a public certificate and private key to be set with a single function call. ok beck@ | |||
| 2016-04-28 | Rework the error handling in libtls so that we can associate errors with | Joel Sing | |
| both configuration and contexts. This allows us to propagate errors that occur during configuration, rather than either just failing with no reason or delaying the failure until it can be propagated via the tls context. Also provide a tls_config_error() function for retrieving the last error from a tls_config *. ok bcook@ | |||
| 2016-04-24 | no more outlen; from remco | Jason McIntyre | |
| ok bcook deraadt | |||
| 2016-04-24 | typos; | Jason McIntyre | |
| 2015-11-09 | update some client/server info; from jan klemkow | Jason McIntyre | |
| ok jsing | |||
| 2015-10-16 | Put tls_config_verify_client_optional() in the right place. | Joel Sing | |
| 2015-10-16 | Fix tpyo. | Joel Sing | |
| 2015-10-08 | trailing whitespace; | Jason McIntyre | |
| 2015-10-07 | Add tls_peer_cert_notbefore and tls_peer_cert_notafter to expose peer ↵ | Bob Beck | |
| certificate validity times for tls connections. ok jsing@ | |||
| 2015-09-14 | tweak previous; | Jason McIntyre | |
| 2015-09-14 | Provide tls_config_insecure_noverifytime() in order to be able to disable | Joel Sing | |
| certificate validity checking. ok beck@ | |||
| 2015-09-14 | Remove useless quoting from .Fo and .Fn function names, to prevent | Ingo Schwarze | |
| development of a cargo cult in case people look at existing files for examples. This achieves a consistent .Fo and .Fn quoting style across the whole tree. | |||
| 2015-09-14 | some conn_version and conn_cipher bits; | Jason McIntyre | |
| 2015-09-14 | add missing function return types | Ingo Schwarze | |
| 2015-09-13 | add visibility of ciper and connection version strings | Bob Beck | |
| ok jsing@ | |||
| 2015-09-12 | Move connection info into it's own private structure allocated and filled in | Bob Beck | |
| at handshake time. change accessors to return const char * to remove need for caller to free memory. ok jsing@ | |||
| 2015-09-11 | more for NAME; | Jason McIntyre | |
| 2015-09-11 | more cleanup; | Jason McIntyre | |
| 2015-09-11 | update NAME; various cleanup | Jason McIntyre | |
| 2015-09-11 | document tls_get_peer_subject, tls_get_peer_issuer, and tls_get_peer_hash | Bob Beck | |
| ok jsing@ | |||
| 2015-09-11 | add tls_peer functions for checking names and issuers of peer certificates. | Bob Beck | |
| ok jsing@ | |||
| 2015-09-11 | specify what is permitted as an argument to tls_config_set_ciphers() | Bob Beck | |
| 2015-09-11 | - add some missing NAME entries | Jason McIntyre | |
| - zap trailing whitespace - avoid "can not" | |||
| 2015-09-10 | improve examples, | Theo de Raadt | |
| 1. hoist pollfd fields which don't change upwards 2. show ret as ssize_t, it MUST BE, or there will be lots of crying 3. on first pass, must check for either POLLIN|POLLOUT ok millert beck | |||
| 2015-09-10 | document client side certificate verification functionality. | Bob Beck | |
| ok jsing@ | |||
| 2015-09-10 | document changed tls_read and tls_write semantics. | Bob Beck | |
| document functions that clear errno. change examples to provide demonstration of both the blocking and non-blocking cases. ok jsing@, bluhm@ | |||
| 2015-09-10 | tweak previous; | Jason McIntyre | |
| 2015-09-10 | Correctly document the behaviour of tls_close() - the caller is responsible | Joel Sing | |
| for closing the file descriptors unless libtls allocated them. ok beck@ | |||
| 2015-09-10 | Replace TLS_{READ,WRITE}_AGAIN with TLS_WANT_POLL{IN,OUT} and correctly | Joel Sing | |
| document the calling requirements. ok beck@ | |||
| 2015-09-10 | Update libtls man page to reflect tls_handshake() related changes. | Joel Sing | |
| ok beck@ | |||
| 2015-09-10 | revert accidental commit | Bob Beck | |
| 2015-09-10 | comment for errno clobbering, to indicate why we do this. | Bob Beck | |
| ok deraadt@ jsing@ | |||
| 2015-09-10 | Add support for preferring the server's cipher list or the client's cipher | Joel Sing | |
| list. Prefer the server's cipher list by default. Based on a diff from Kyle Thompson <jmp at giga dot moe>. ok beck@ bcook@ | |||
| 2015-07-19 | tweak previous; ok doug | Jason McIntyre | |
| 2015-07-19 | Add documentation on how to use TLS_{READ,WRITE}_AGAIN. | Doug Hogan | |
| ok beck@ | |||
| 2015-04-03 | comma fix; | Jason McIntyre | |
| 2015-04-02 | Handle the case where multiple calls to SSL_shutdown() are required to | Joel Sing | |
| close the connection. Also correctly handle the error on failure. Diff from cookieandscream via github. | |||
| 2015-04-02 | Correct man page title. | Joel Sing | |
| Diff from Tim van der Molen. ok jmc@ | |||
| 2015-04-02 | Document the fact that the tls_accept_*() functions can return | Joel Sing | |
| TLS_READ_AGAIN and TLS_WRITE_AGAIN. Based on a diff from Tim van der Molen. | |||
| 2015-03-31 | Provide a tls_accept_fds() function, which allows a TLS connection to be | Joel Sing | |
| accepted via an existing pair of file descriptors. Based on a diff from Jan Klemkow. | |||
| 2015-02-22 | Rename tls_config_insecure_noverifyhost() to | Joel Sing | |
| tls_config_insecure_noverifyname(), so that it is more accurate and keeps inline with the distinction between DNS hostname and server name. Requested by tedu@ during s2k15. | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |