| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2022-01-10 | Convert tls_bio_cb for opaque BIO | Theo Buehler | |
| joint with jsing | |||
| 2022-01-01 | contibutions -> contributions | Jonathan Gray | |
| 2021-10-31 | Bump majors after struct visibility changes, symbol removal and symbol | Theo Buehler | |
| addition. | |||
| 2021-10-31 | Simplify some code by using X509_STORE_CTX_get_obj_by_subject() | Theo Buehler | |
| ok beck jsing | |||
| 2021-10-21 | libtls: Don't reach into X509_STORE_CTX. | Theo Buehler | |
| ok jsing | |||
| 2021-10-21 | Switch from X509_VERIFY_PARAM_set_flags() to X509_STORE_set_flags(). | Theo Buehler | |
| This reduces the number of reacharounds into libcrypto internals. ok jsing | |||
| 2021-10-21 | Eliminate a dead assignment and a weird cast. Adjust a comment to | Theo Buehler | |
| reality while there. ok jsing | |||
| 2021-10-21 | Print uid with %u instead of %i. | Theo Buehler | |
| Prompted by a diff by Jonas Termansen, discussed with deraadt, millert ok jsing | |||
| 2021-10-21 | Use *printf %d instead of %i | Theo Buehler | |
| ok jsing | |||
| 2021-10-02 | Use SSL_CTX_get0_param() rather than reaching into the SSL_CTX. | Joel Sing | |
| 2021-09-10 | major bump (same type of crank as libssl) | Theo Buehler | |
| 2021-08-16 | typo in comment | Theo Buehler | |
| 2021-06-22 | zap wonky commas; | Jason McIntyre | |
| 2021-06-22 | Clarify tls_config_set_*_file() file I/O semantics | kn | |
| tls_config_set_*_file(3) do not just set the file paths like tls_config_set_*_path(3) do, they do load the given file(s) into memory directly using tls_config_load_file(). This distinction is important because it means a later tls_connect(3) will not do any file I/O (at least wrt. those files), which is relevant when for example pleding without "[rwc]path" after loading files into memory and before doing tls_connect(3). The manual's current wording made me use the following due to above way of pledging a program: tls_load_file() tls_config_set_ca_mem() tls_unload_file() While in fact a single tls_config_set_ca_file() call does the same. tls_config.c r1.26 (Aug 2016) change the code but forgot to amend the manual as noted by tb, thanks. Feedback OK tb | |||
| 2021-06-14 | Use SSL_AD_INTERNAL_ERROR | Theo Buehler | |
| One instance of TLS1_AD_* was missed and broke the tree in the recent switch to using only one version of alert defines internally. | |||
| 2021-06-01 | Update RFC reference. RFC 4366 was obsoleted by RFC 6066. | Theo Buehler | |
| 2021-06-01 | Avoid sending a trailing dot in SNI as a client | Theo Buehler | |
| While an FQDN includes a trailing dot for the zero-length label of the root, SNI explicitly does not contain it. Contrary to other TLS implementations, our tlsext_sni_is_valid_hostname() rejects a trailing dot. The result is that LibreSSL TLS servers encountering an SNI with trailing dot abort the connection with an illegal_parameter alert. This fixes an issue reported by danj in nc(1) and by sthen in ftp(1). DNS cluebat from florian. ok jsing | |||
| 2021-06-01 | Remove unnecessary cast in free. | Theo Buehler | |
| ok jsing | |||
| 2021-05-10 | give libtls the same bump as libssl | Theo Buehler | |
| 2021-03-31 | Bump minors after symbol addition | Theo Buehler | |
| 2021-03-23 | OCSP_basic_verify() doesn't set errno, so use tls_set_errorx() | Theo Buehler | |
| ok inoguchi | |||
| 2021-02-01 | Use "EC/RSA key setup failure" to align error with others | Theo Buehler | |
| ok eric jsing | |||
| 2021-01-26 | Move private key setup to a helper function with proper error | Eric Faurot | |
| checking. Only install the hash on the key if fake key is used, and do it for EC keys too. ok tb@ jsing@ | |||
| 2021-01-21 | when using fake keys, skip the private key check | Eric Faurot | |
| ok tb@ | |||
| 2021-01-21 | return -1 on error for consistency | Eric Faurot | |
| ok tb@ | |||
| 2021-01-21 | minor bump after symbol addition | Eric Faurot | |
| 2021-01-21 | Allow setting a keypair on a tls context without specifying the private | Eric Faurot | |
| key, and fake it internally with the certificate public key instead. It makes it easier for privsep engines like relayd that don't have to use bogus keys anymore. ok beck@ tb@ jsing@ | |||
| 2021-01-05 | Fix indent. | Joel Sing | |
| 2021-01-05 | Remove memset that was made redundant with the ASN1_time_parse() | Theo Buehler | |
| fix in libcrypto/asn1/a_time_tm.c r1.16. Suggested by jsing | |||
| 2021-01-02 | Tweak previous: | Ingo Schwarze | |
| * Do not abuse .Bl -tag for lists without bodies, use .Bl -item instead. * In tagged lists, put bodies into bodies, not into heads. * Add a few missing macros. * Drop some useless quoting. | |||
| 2021-01-02 | Make list of DHE parameters more prominent | kn | |
| Follow the previous commit and complete the manual page for consistency; better readable and tags for free. OK tb | |||
| 2020-12-30 | Make the list of supported protocols more prominent | kn | |
| Manuals like httpd.conf(5) refer to this for valid protocol strings, but elements inlined into sentences are hard find to spot. Use a list as already done elsewhere in this manual. OK jmc on earlier version Feeback OK tb | |||
| 2020-12-22 | Destroy the mutex in tls_config objects when tls_config_free is called. | Brent Cook | |
| Add a stub for pthread_mutex_destroy() for installers. ok tb@ | |||
| 2020-12-22 | Revert call to pthread_mutex_destroy until installers have a stub. | Brent Cook | |
| noted by deraadt@ | |||
| 2020-12-21 | Destroy the mutex in a tls_config object when tls_config_free is called. | Brent Cook | |
| ok inoguchi@ | |||
| 2020-12-15 | Fix return value variable type in tls_keypair_load_cert | Kinichiro Inoguchi | |
| ERR_peek_error() returns unsigned long. Reported by github issue by @rozhuk-im. ok bcook@ jsing@ | |||
| 2020-06-09 | The check_includes step is incorrect dependency management model for | Theo de Raadt | |
| how our tree gets built. If this was done in all the libraries (imagine sys/dev), it would disrupt the development process hugely. So it should not be done here either. use 'make includes' by hand instead. | |||
| 2020-05-24 | Clear SSL_MODE_AUTO_RETRY in libtls, since we handle WANT_POLLIN correctly. | Joel Sing | |
| 2020-01-22 | Correct includes check for libtls. | Joel Sing | |
| 2020-01-22 | Add checks to ensure that lib{crypto,ssl,tls} public headers have actually | Joel Sing | |
| been installed prior to building. Requested by and ok tb@ | |||
| 2020-01-22 | Note in the man page that the default protocols list includes 1.3 | Bob Beck | |
| ok jsing@ | |||
| 2020-01-22 | Enable TLS version 1.3 in the default protocols for libtls. | Bob Beck | |
| This will as yet not do anything, until we turn it on in the lower level libraries. ok jsing@ | |||
| 2020-01-20 | Add support for TLSv1.3 as a protocol to libtls. | Joel Sing | |
| This makes tls_config_parse_protocols() recognise and handle "tlsv1.3". If TLSv1.3 is enabled libtls will also request libssl to enable it. ok beck@ tb@ | |||
| 2019-12-03 | Add missing RCS tag. | Theo Buehler | |
| 2019-11-16 | Allow 1.3 ciphers in libtls. | Bob Beck | |
| ok jsing@ | |||
| 2019-11-16 | Allow portable to override the default CA bundle location | Bob Beck | |
| ok kinichiro@ jsing@ | |||
| 2019-11-02 | Bump libcrypto, libssl and libtls minors due to symbol additions. | Joel Sing | |
| 2019-11-02 | Document tls_conn_cipher_strength(). | Joel Sing | |
| ok schwarze@ | |||
| 2019-11-02 | Provide tls_conn_cipher_strength(). | Joel Sing | |
| This returns the strength in bits of the symmetric cipher used for the connection. Diff from gilles@ ok tb@ | |||
| 2019-10-24 | Bump libcrypto, libssl and libtls majors due to changes in struct sizes | Joel Sing | |
| and symbol addition. | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |