| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2019-01-22 | bump minors after symbol addition | Theo Buehler | |
| 2019-01-19 | bump minors after symbol addition | Theo Buehler | |
| 2018-12-14 | Delete a note taken during the rev. 1.1 man page splite | Ingo Schwarze | |
| that should have been deleted before commit. The cross reference is already present below SEE ALSO. Glitch noticed by jsing@. | |||
| 2018-11-29 | missed adding tls_default_ca_cert_file here. found by sthen | Ted Unangst | |
| 2018-11-29 | expose the default cert file as a function, not a define. it's really | Ted Unangst | |
| an internal detail of the library, so the string should live inside it, not in the application code. ok jsing | |||
| 2018-11-11 | bump minors after symbol addition. | Theo Buehler | |
| 2018-11-06 | Define TLS_CA_CERT_FILE rather than having every application create their | Joel Sing | |
| own define for /etc/ssl/cert.pem. ok beck@ bluhm@ tb@ | |||
| 2018-10-24 | Bump libcrypto/libssl/libtls majors due to symbol removals (libcrypto) | Joel Sing | |
| and changes to struct visibility/sizes (libssl). | |||
| 2018-09-12 | crank to follow minor crank in libcrypto; ok tb@ jsing@ | Damien Miller | |
| 2018-08-24 | crank majors after symbol addition/modification/removal | Theo Buehler | |
| 2018-08-21 | typo in argument type, from Mario dot Andres dot Campos at gmail dot com | Ingo Schwarze | |
| 2018-07-24 | Use the same order in NAME, SYNOPSIS, DESCRIPTION, and RETURN VALUES to | Theo Buehler | |
| improve readability and ease of maintenance. Positive feedback jmc Detailed suggestion & ok schwarze | |||
| 2018-07-23 | Document tls_peer_ocsp_result() and use it in place of the non-existent | Theo Buehler | |
| tls_peer_ocsp_result_msg() in the documentation. input & ok jsing Reads fine to jmc and makes sense to schwarze | |||
| 2018-07-09 | Move a detail on tls_connect(3) to its documentation and be a bit more | Theo Buehler | |
| explicit about the servername argument of tls_connect_servername(3). input & ok jsing, input & ok schwarze on earlier version | |||
| 2018-07-09 | wording tweak for tls_init() from jsing | Theo Buehler | |
| ok jsing, schwarze | |||
| 2018-07-08 | Simplify and shorten the description of tls_init(3), | Ingo Schwarze | |
| fixing an awkward wording noticed by tb@. OK tb@ | |||
| 2018-05-26 | minor markup improvement: .Fa *cctx -> .Pf * Fa cctx | Ingo Schwarze | |
| 2018-05-26 | Quote .Fa arguments containing blanks. | Ingo Schwarze | |
| Diff from Jack Burton <jack at saosce dot com dot au>. | |||
| 2018-04-07 | Correct tls_config_clear_keys() behaviour. | Joel Sing | |
| Previously this incorrectly called tls_keypair_clear(), which results in the private key being cleared, along with the certificate, OCSP staple and pubkey hash. This breaks OCSP stapling if tls_config_clear_keys() is called following tls_configure(), as is done by httpd. Fix this by calling tls_keypair_clear_key() so that only the private key is cleared, leaving the other public data untouched. While here, remove tls_keypair_clear() and fold the necessary parts into tls_keypair_free(). ok beck@ | |||
| 2018-04-07 | Switch to OPENSSL_init_ssl() and prevent an openssl configuration file from | Joel Sing | |
| being loaded behind our back, at a later point. ok beck@ | |||
| 2018-03-20 | Avoid potentially calling strchr() on a NULL pointer in | Joel Sing | |
| tls_config_set_ecdhecurve(). Spotted by Coverity. | |||
| 2018-03-20 | bump minors after symbol addition | Theo Buehler | |
| 2018-03-19 | Automatically handle library initialisation for libtls. | Joel Sing | |
| Now that we have tls_init() under pthread_once(), automatically initialise libtls from the entry point functions (tls_config(), tls_client() and tls_server()) - this makes an explicit tls_init() call no longer a requirement. ok bcook@ beck@ inoguchi@ | |||
| 2018-03-17 | crank majors | Theo Buehler | |
| req by deraadt | |||
| 2018-03-17 | Bump minors after symbol addition | Theo Buehler | |
| 2018-03-15 | Also bump libtls minor after the addition of SSL_CTX_get_min/max_proto_version | Jeremie Courreges-Anglas | |
| cluebat tb@ | |||
| 2018-03-08 | un-revert tls_init pthread_once change, now that stub is added so that ↵ | Bob Beck | |
| builds work | |||
| 2018-03-07 | backout. diff was not tested comprehensively, resulting in a broken tree. | Theo de Raadt | |
| 2018-03-07 | Make tls_init() concurrently callable using pthread_once(). | Bob Beck | |
| ok jsing@ This brings pthread_once usage into libressl, which will need to get dealt with correctly in portable. This sets us up to autoinit libtls, and we will also be using pthread_once to deal with autoinit stuff in libssl and libcrypto | |||
| 2018-02-22 | Bump lib{crypto,ssl,tls} minors due to symbol additions. | Joel Sing | |
| 2018-02-20 | Crank lib{crypto,ssl,tls} minors after symbol addition. | Theo Buehler | |
| 2018-02-18 | Bump minor due to symbol addition. | Theo Buehler | |
| 2018-02-18 | Bump libcrypto/libssl/libtls minors due to symbol additions. | Theo Buehler | |
| 2018-02-17 | Bump libcrypto/libssl/libtls minors due to symbol additions. | Joel Sing | |
| 2018-02-14 | Bump lib{crypto,ssl,tls} minors due to symbol additions. | Joel Sing | |
| 2018-02-10 | Be more specific about when the session file will be updated. | Joel Sing | |
| 2018-02-10 | Bump TLS API version since we've added more functionality. | Joel Sing | |
| 2018-02-10 | Move the keypair pubkey hash handling code to during config. | Joel Sing | |
| The keypair pubkey hash was being generated and set in the keypair when the TLS context was being configured. This code should not be messing around with the keypair contents, since it is part of the config (and not the context). Instead, generate the pubkey hash and store it in the keypair when the certificate is configured. This means that we are guaranteed to have the pubkey hash and as a side benefit, we identify bad certificate content when it is provided, instead of during the context configuration. ok beck@ | |||
| 2018-02-10 | Tidy/standardise some code. | Joel Sing | |
| 2018-02-10 | Remove NULL check from tls_conninfo_cert_pem() - all of the other conninfo | Joel Sing | |
| functions require the conninfo passed in to be non-NULL. | |||
| 2018-02-10 | Document functions for client-side TLS session support. | Joel Sing | |
| 2018-02-10 | Add support to libtls for client-side TLS session resumption. | Joel Sing | |
| A libtls client can specify a session file descriptor (a regular file with appropriate ownership and permissions) and libtls will manage reading and writing of session data across TLS handshakes. Discussed at length with deraadt@ and tedu@. Rides previous minor bump. ok beck@ | |||
| 2018-02-10 | Bump lib{crypto,ssl,tls} minors due to symbol addition. | Joel Sing | |
| 2018-02-08 | Have tls_keypair_pubkey_hash() call tls_keypair_load_cert() instead of | Joel Sing | |
| rolling its own certificate loading. This also means we get better error reporting on failure. | |||
| 2018-02-08 | Ensure that tls_keypair_clear() clears the OCSP staple and pubkey hash. | Joel Sing | |
| 2018-02-08 | Do not bother NULLing pointers in a struct that is about to be freed. | Joel Sing | |
| 2018-02-08 | Move tls_keypair_pubkey_hash() to the keypair file. | Joel Sing | |
| 2018-02-08 | Avoid a memory leak that results when the same tls_config is reused. | Joel Sing | |
| Reported by and fix from Nate Bessette <openbsd at nate dot sh> - thanks. | |||
| 2018-02-08 | Assert tedu's copyright since some of the code moved here is his. | Joel Sing | |
| 2018-02-08 | Split keypair handling out into its own file - it had already appeared | Joel Sing | |
| in multiple locations. ok beck@ | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |