| Age | Commit message (Collapse) | Author |
|---|
|
The keypair pubkey hash was being generated and set in the keypair when the
TLS context was being configured. This code should not be messing around
with the keypair contents, since it is part of the config (and not the
context).
Instead, generate the pubkey hash and store it in the keypair when the
certificate is configured. This means that we are guaranteed to have the
pubkey hash and as a side benefit, we identify bad certificate content
when it is provided, instead of during the context configuration.
ok beck@
|
|
A libtls client can specify a session file descriptor (a regular file
with appropriate ownership and permissions) and libtls will manage reading
and writing of session data across TLS handshakes.
Discussed at length with deraadt@ and tedu@.
Rides previous minor bump.
ok beck@
|
|
rolling its own certificate loading. This also means we get better error
reporting on failure.
|
|
|
|
in multiple locations.
ok beck@
|
|
This fixes a bug where by a TLS server with SNI would always only return
the OCSP staple for the default keypair, rather than returning the OCSP
staple associated with the keypair that was selected via SNI.
Issue reported by William Graeber and confirmed by Andreas Bartelt.
Fix tested by William Graeber and Andreas Bartelt - thanks!
|
|
names of the elliptic curves that may be used during client and server
key exchange to be specified.
This deprecates tls_config_set_ecdhecurve(), which could only be used to
specify a single supported curve.
ok beck@
|
|
for the TLS privsep code. Instead use X509_pubkey_digest() because only the
key should be used as identifier. Relayd is rewriting certificates and then
the hash would change. Rename the hash is struct tls_keypair to pubkey_hash
to make clear what this hash is about.
With input and OK jsing@
|
|
enable CRL checking for the full certificate chain.
Based on a diff from Jack Burton <jack at saosce dot com dot au>, thanks!
Discussed with beck@
|
|
we can prevent libcrypto from going behind our back and trying to read
passwords from standard input (which we may not be permitted to do).
Found by jsg@ with httpd and password protected keys.
|
|
complete a TLS handshake.
|
|
be called as soon as it has been passed to the final tls_configure() call,
simplifying lifetime tracking for the application.
Requested some time ago by tedu@.
ok beck@
|
|
Even though this is not a real public interface we need the symbol in
the shared library so that relayd can use it (needed for TLS key privsep)
OK beck@
|
|
rather than return codes. More strictly follow RFC 6125, in particular only
check the CN if there are no SAN identifiers present in the certificate
(per section 6.4.4).
Previous behaviour questioned by Daniel Stenberg <daniel at haxx dot se>.
ok beck@ jca@
|
|
for portable.
From Raphael Hittich.
|
|
as PEM format. This allows for it to be used or examined with tools
external to libtls
bump minor
ok jsing@
|
|
public key as an identifier to RSA, and adds an function for relayd to
use to disable private key checking when doing engine privsep.
ok jsing@
|
|
so that it does not send back bogus staples when SNI is in use.
(Further change is required to be able to use staples on all keypairs
and not just the main one)
ok jsing@
|
|
issue where by calling tls_close() on a TLS context that has not attempted
a handshake, results in an unexpected failure.
Reported by Vinay Sajip.
ok beck@
|
|
lifetime with tls_config_set_session_lifetime(). This enables tickets
and uses an internal automatic rekeying mode for the ticket keys.
If multiple processes are involved the following functions can be used to make
tickets work accross all instances:
- tls_config_set_session_id() sets the session identifier
- tls_config_add_ticket_key() adds an encryption and authentication key
For now only the last 4 keys added will be used (unless they are too old).
If tls_config_add_ticket_key() is used the caller must ensure to add new keys
regularly. It is best to do this 4 times per session lifetime (which is also
the ticket key lifetime).
Since tickets break PFS it is best to minimize the session lifetime according
to needs.
With a lot of help, input and OK beck@, jsing@
|
|
Add support for server side OCSP stapling to netcat.
|
|
ok jsing@
|
|
in <tls.h>, and use __{BEGIN,END}_HIDDEN_DECLS in tls_internal.h to
optimize internal functions
ok jsing@
|
|
functions.. document with a man page.
bump majors on libtls, libssl, libcrypto
ok jsing@ guenther@
|
|
to indicate that it requires the peer to provide a stapled OCSP response
with the handshake. Provide a "-T muststaple" for nc that uses it.
ok jsing@, guenther@
|
|
been set by libtls code. This avoids the situation where a libtls callback
has set an error, only to have it replaced by a less useful libssl based
error.
ok beck@
|
|
- Provide access to certificate OCSP URL
- Provide ability to check a raw OCSP reply against an
established TLS ctx
- Check and validate OCSP stapling info in the TLS handshake
if a stapled OCSP response is provided.`
Add example code to show OCSP URL and stapled info
into netcat.
ok jsing@
|
|
This allows working with buffers and callback functions instead of directly on
sockets or file descriptors.
Original patch from Tobias Pape <tobias_at_netshed.de>.
ok beck@
|
|
In particular, rename tls_free_conninfo() to tls_conninfo_free() and make
it a real free function. Rename tls_get_conninfo() to
tls_conninfo_populate() and have it allocate the struct tls_conninfo (after
freeing any existing one).
ok beck@
|
|
provide additional keypairs (via tls_config_add_keypair_{file,mem}()) and
allow the server to determine what servername the client requested (via
tls_conn_servername()).
ok beck@
|
|
that is required for certificate switching with libssl and the certificate
itself so that we can match against the subject and SANs. Hook up the
servername callback and switch to the appropriate SSL_CTX if we find a
matching certificate.
ok beck@
|
|
|
|
sort and remove unused fingerprint.
|
|
instead of assuming that they should use the one associated with the TLS
context. This allows these functions to be used with the additional
SSL contexts that are needed to support server-side SNI.
Also rename tls_configure_keypair() to tls_configure_ssl_keypair(), so that
these functions have a common prefix.
ok reyk@
|
|
tls_config_set_*_file() function is called. This allows us to immediately
propagate useful error messages, play more nicely with privsep/pledge and
have a single code path. Instead of always loading the default CA when
tls_config_new() is called, defer and only load the default CA when
tls_configure() is invoked, if a CA has not already been specified.
ok beck@ bluhm@
|
|
ok beck@ doug@
|
|
Requested by deraadt@
|
|
ok beck@ doug@
|
|
"secure" (TLSv1.2+AEAD+PFS)
"compat" (HIGH:!aNULL)
"legacy" (HIGH:MEDIUM:!aNULL)
"insecure" (ALL:!aNULL:!eNULL)
This allows for flexibility and finer grained control, rather than having
two extremes (an issue raised by Marko Kreen some time ago).
ok beck@ tedu@
|
|
|
|
function is called. This simplifies code and results in a single memory
based code path being used to provide data to libssl. Errors that occur
when accessing the specified file are now detected and propagated
immediately. Since the file access now occurs when the configuration
function is called, we now play nicely with privsep/pledge.
ok beck@ bluhm@ doug@
|
|
existing naming standards. Also provide functions for setting a struct
tls_error * directly (rather than having to have a struct tls * or a
struct tls_config *).
|
|
and self-contained code, while preparing for the ability to handle
multiple keypairs. Also provide two additional functions that allow
a public certificate and private key to be set with a single function
call.
ok beck@
|
|
both configuration and contexts. This allows us to propagate errors that
occur during configuration, rather than either just failing with no reason
or delaying the failure until it can be propagated via the tls context.
Also provide a tls_config_error() function for retrieving the last error
from a tls_config *.
ok bcook@
|
|
certificate
validity times for tls connections.
ok jsing@
|
|
ok deraadt@
|
|
certificate validity checking.
ok beck@
|
|
Make tls_read(3)/tls_write(3) follow read(2)/write(2) like semantics and
return 0 on EOF with and without close-notify. However, if we saw an EOF
from the underlying file descriptors without getting a close-notify, save
this and make it visible when tls_close(3) is called. This keeps the
semantics we want, but makes it possible to detect truncation at higher
layers, if necessary.
ok beck@ guenther@
|
|
ok jsing@
|
|
at handshake time. change accessors to return const char * to remove need
for caller to free memory.
ok jsing@
|
