summaryrefslogtreecommitdiff
path: root/lib/libtls/tls_internal.h
AgeCommit message (Expand)Author
2017-09-20Keep track of which keypair is in use by a TLS context.Joel Sing
2017-08-10Add a tls_config_set_ecdhecurves() function to libtls, which allows theJoel Sing
2017-08-09Don't use tls_cert_hash for the hashing used by the engine offloading magicClaudio Jeker
2017-07-06Add support for providing CRLs to libtls - once a CRL is provided weJoel Sing
2017-06-22Use the tls_password_cb() callback with all PEM_read_bio_*() calls, so thatJoel Sing
2017-05-07Ensure that a client context has been connected before attempting toJoel Sing
2017-05-06Perform reference counting for tls_config. This allows tls_config_free() toJoel Sing
2017-05-04Move tls_config_skip_private_key_check() out from under HIDDEN_DECLS.Claudio Jeker
2017-04-10Rework name verification code so that a match is indicated via an argument,Joel Sing
2017-04-07Use uint8_t instead of u_int8_t - for consistency and to make things easierJoel Sing
2017-04-05Add tls_peer_cert_chain_pem - To retreive the peer certificate and chainBob Beck
2017-04-05Internal changes to allow for relayd engine privsep. sends the hash of theBob Beck
2017-01-29Move the ocsp staple to being part of the keypair structure internally,Bob Beck
2017-01-26Use a flag to track when we need to call SSL_shutdown(). This avoids anJoel Sing
2017-01-24Introduce ticket support. To enable them it is enough to set a positiveClaudio Jeker
2016-11-05Add support for server side OCSP stapling to libtls.Bob Beck
2016-11-05rename ocsp_ctx to ocspBob Beck
2016-11-04Add an explict list of exported symbols with just the functions declaredPhilip Guenther
2016-11-04make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hiddenBob Beck
2016-11-04Add ocsp_require_stapling config option for tls - allows a connectionBob Beck
2016-11-03Only set an error from libssl related code, if an error has not alreadyJoel Sing
2016-11-02Add OCSP client side support to libtls.Bob Beck
2016-09-04Add callback-based interface to libtls.Brent Cook
2016-08-22Various clean up and reorganisation of the connection info handling code.Joel Sing
2016-08-22Provide an API that enables server side SNI support - add the ability toJoel Sing
2016-08-22Create contexts for server side SNI - these include the additional SSL_CTXJoel Sing
2016-08-15The tls_conninfo serial is also unused.Joel Sing
2016-08-15Group conninfo fields by connection and peer cert based information,Joel Sing
2016-08-15Explicitly pass in an SSL_CTX * to the functions that operate on one,Joel Sing
2016-08-13Load CA, certificate and key files into memory when the appropriateJoel Sing
2016-08-12Add ALPN support to libtls.Joel Sing
2016-08-02Revert previous since it adds new symbols.Joel Sing
2016-08-01Add ALPN support to libtls.Joel Sing
2016-07-13Split the existing TLS cipher suite groups into four:Joel Sing
2016-07-07Revert previous - it introduces problems with a common privsep use case.Joel Sing
2016-07-06Always load CA, key and certificate files at the time the configurationJoel Sing
2016-05-27Rename some of the internal error setting functions to more closely followJoel Sing
2016-04-28Factor our the keypair handling in libtls. This results in more readableJoel Sing
2016-04-28Rework the error handling in libtls so that we can associate errors withJoel Sing
2015-10-07Add tls_peer_cert_notbefore and tls_peer_cert_notafter to expose peer certifi...Bob Beck
2015-09-29Instead of declaring a union in multiple places, move it to tls_internal.h.Joel Sing
2015-09-14Provide tls_config_insecure_noverifytime() in order to be able to disableJoel Sing
2015-09-14Expose EOF without close-notify via tls_close().Joel Sing
2015-09-13add visibility of ciper and connection version stringsBob Beck
2015-09-12Move connection info into it's own private structure allocated and filled inBob Beck
2015-09-11add tls_peer functions for checking names and issuers of peer certificates.Bob Beck
2015-09-11Store a reference to the peer certificate (if any) upon completion of theJoel Sing
2015-09-10Split tls_handshake() out from tls_accept/tls_connect. By doing this theJoel Sing
2015-09-10Add support for preferring the server's cipher list or the client's cipherJoel Sing
2015-09-09Add client certificate support. Still needs a few tweaks but this willBob Beck