| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2019-07-09 | Group tls_{handshake,read,write,close}() return values documentation. | Joel Sing | |
| Move the documentation for tls_error() down so that both the special return values for tls_{handshake,read,write,close}() directly follow the standard return values for the same functions. Prompted by deraadt@. ok deraadt@ schwarze@ | |||
| 2019-06-20 | tls_read() & tls_write() return 4 possible values: TLS_WANT_POLLOUT, | Theo de Raadt | |
| TLS_WANT_POLLIN, -1, or 0. After handling the first two, check for -1 rather than vaguely "< 0". ok jsing | |||
| 2019-06-05 | provide getters and setters for the RSA_METHOD interface | Gilles Chehade | |
| ok tb@, jsing@, sthen@ | |||
| 2019-05-13 | Acquire mutex before incrementing the refcount. Fixes COV-186144 | Brent Cook | |
| ok tb@ | |||
| 2019-04-13 | Null out pointers on asprintf() failure. | Theo Buehler | |
| These pointers will be passed to free. According to asprintf(3), "on OpenBSD, ret will be set to the null pointer, but this behavior should not be relied upon." ok jsing | |||
| 2019-04-04 | Only assign destlen when src is non-NULL. | Joel Sing | |
| This avoids ever having a non-zero len with a NULL pointer. | |||
| 2019-04-04 | Switch to pthread_mutex_init(). | Joel Sing | |
| While PTHREAD_MUTEX_INITIALIZER can be used on OpenBSD, some other platforms do not like it. Noted by bcook@ | |||
| 2019-04-04 | Bump libssl/libtls minors due to symbol addition. | Joel Sing | |
| 2019-04-01 | Add a mutex to guard reference counting for tls_config. | Joel Sing | |
| This makes libtls more friendly for multithreaded use - otherwise we can end up with incorrect refcounts and end up freeing when we should not be (or not freeing when we should be). ok beck@ | |||
| 2019-03-27 | remove duplicate set key file call. from alf. | Ted Unangst | |
| ok jsing | |||
| 2019-03-20 | fix examples (libtls uses its own error reporting mechanism) | Marc Espie | |
| okay tb@ | |||
| 2019-03-17 | bump minors after symbol addition | Theo Buehler | |
| 2019-01-22 | bump minors after symbol addition | Theo Buehler | |
| 2019-01-19 | bump minors after symbol addition | Theo Buehler | |
| 2018-12-14 | Delete a note taken during the rev. 1.1 man page splite | Ingo Schwarze | |
| that should have been deleted before commit. The cross reference is already present below SEE ALSO. Glitch noticed by jsing@. | |||
| 2018-11-29 | missed adding tls_default_ca_cert_file here. found by sthen | Ted Unangst | |
| 2018-11-29 | expose the default cert file as a function, not a define. it's really | Ted Unangst | |
| an internal detail of the library, so the string should live inside it, not in the application code. ok jsing | |||
| 2018-11-11 | bump minors after symbol addition. | Theo Buehler | |
| 2018-11-06 | Define TLS_CA_CERT_FILE rather than having every application create their | Joel Sing | |
| own define for /etc/ssl/cert.pem. ok beck@ bluhm@ tb@ | |||
| 2018-10-24 | Bump libcrypto/libssl/libtls majors due to symbol removals (libcrypto) | Joel Sing | |
| and changes to struct visibility/sizes (libssl). | |||
| 2018-09-12 | crank to follow minor crank in libcrypto; ok tb@ jsing@ | Damien Miller | |
| 2018-08-24 | crank majors after symbol addition/modification/removal | Theo Buehler | |
| 2018-08-21 | typo in argument type, from Mario dot Andres dot Campos at gmail dot com | Ingo Schwarze | |
| 2018-07-24 | Use the same order in NAME, SYNOPSIS, DESCRIPTION, and RETURN VALUES to | Theo Buehler | |
| improve readability and ease of maintenance. Positive feedback jmc Detailed suggestion & ok schwarze | |||
| 2018-07-23 | Document tls_peer_ocsp_result() and use it in place of the non-existent | Theo Buehler | |
| tls_peer_ocsp_result_msg() in the documentation. input & ok jsing Reads fine to jmc and makes sense to schwarze | |||
| 2018-07-09 | Move a detail on tls_connect(3) to its documentation and be a bit more | Theo Buehler | |
| explicit about the servername argument of tls_connect_servername(3). input & ok jsing, input & ok schwarze on earlier version | |||
| 2018-07-09 | wording tweak for tls_init() from jsing | Theo Buehler | |
| ok jsing, schwarze | |||
| 2018-07-08 | Simplify and shorten the description of tls_init(3), | Ingo Schwarze | |
| fixing an awkward wording noticed by tb@. OK tb@ | |||
| 2018-05-26 | minor markup improvement: .Fa *cctx -> .Pf * Fa cctx | Ingo Schwarze | |
| 2018-05-26 | Quote .Fa arguments containing blanks. | Ingo Schwarze | |
| Diff from Jack Burton <jack at saosce dot com dot au>. | |||
| 2018-04-07 | Correct tls_config_clear_keys() behaviour. | Joel Sing | |
| Previously this incorrectly called tls_keypair_clear(), which results in the private key being cleared, along with the certificate, OCSP staple and pubkey hash. This breaks OCSP stapling if tls_config_clear_keys() is called following tls_configure(), as is done by httpd. Fix this by calling tls_keypair_clear_key() so that only the private key is cleared, leaving the other public data untouched. While here, remove tls_keypair_clear() and fold the necessary parts into tls_keypair_free(). ok beck@ | |||
| 2018-04-07 | Switch to OPENSSL_init_ssl() and prevent an openssl configuration file from | Joel Sing | |
| being loaded behind our back, at a later point. ok beck@ | |||
| 2018-03-20 | Avoid potentially calling strchr() on a NULL pointer in | Joel Sing | |
| tls_config_set_ecdhecurve(). Spotted by Coverity. | |||
| 2018-03-20 | bump minors after symbol addition | Theo Buehler | |
| 2018-03-19 | Automatically handle library initialisation for libtls. | Joel Sing | |
| Now that we have tls_init() under pthread_once(), automatically initialise libtls from the entry point functions (tls_config(), tls_client() and tls_server()) - this makes an explicit tls_init() call no longer a requirement. ok bcook@ beck@ inoguchi@ | |||
| 2018-03-17 | crank majors | Theo Buehler | |
| req by deraadt | |||
| 2018-03-17 | Bump minors after symbol addition | Theo Buehler | |
| 2018-03-15 | Also bump libtls minor after the addition of SSL_CTX_get_min/max_proto_version | Jeremie Courreges-Anglas | |
| cluebat tb@ | |||
| 2018-03-08 | un-revert tls_init pthread_once change, now that stub is added so that ↵ | Bob Beck | |
| builds work | |||
| 2018-03-07 | backout. diff was not tested comprehensively, resulting in a broken tree. | Theo de Raadt | |
| 2018-03-07 | Make tls_init() concurrently callable using pthread_once(). | Bob Beck | |
| ok jsing@ This brings pthread_once usage into libressl, which will need to get dealt with correctly in portable. This sets us up to autoinit libtls, and we will also be using pthread_once to deal with autoinit stuff in libssl and libcrypto | |||
| 2018-02-22 | Bump lib{crypto,ssl,tls} minors due to symbol additions. | Joel Sing | |
| 2018-02-20 | Crank lib{crypto,ssl,tls} minors after symbol addition. | Theo Buehler | |
| 2018-02-18 | Bump minor due to symbol addition. | Theo Buehler | |
| 2018-02-18 | Bump libcrypto/libssl/libtls minors due to symbol additions. | Theo Buehler | |
| 2018-02-17 | Bump libcrypto/libssl/libtls minors due to symbol additions. | Joel Sing | |
| 2018-02-14 | Bump lib{crypto,ssl,tls} minors due to symbol additions. | Joel Sing | |
| 2018-02-10 | Be more specific about when the session file will be updated. | Joel Sing | |
| 2018-02-10 | Bump TLS API version since we've added more functionality. | Joel Sing | |
| 2018-02-10 | Move the keypair pubkey hash handling code to during config. | Joel Sing | |
| The keypair pubkey hash was being generated and set in the keypair when the TLS context was being configured. This code should not be messing around with the keypair contents, since it is part of the config (and not the context). Instead, generate the pubkey hash and store it in the keypair when the certificate is configured. This means that we are guaranteed to have the pubkey hash and as a side benefit, we identify bad certificate content when it is provided, instead of during the context configuration. ok beck@ | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |