summaryrefslogtreecommitdiff
path: root/lib/libtls
AgeCommit message (Expand)Author
2015-04-29Reject dNSName of " " for subjectAltName extension.Doug Hogan
2015-04-15Treat SSL_ERROR_ZERO_RETURN as a success, rather than a failure. AlsoJoel Sing
2015-04-15Make tls_close() more robust - do not rely on a close notify being receivedJoel Sing
2015-04-03comma fix;Jason McIntyre
2015-04-02Handle the case where multiple calls to SSL_shutdown() are required toJoel Sing
2015-04-02Correct man page title.Joel Sing
2015-04-02Document the fact that the tls_accept_*() functions can returnJoel Sing
2015-03-31Bump libtls minor due to API addition.Joel Sing
2015-03-31Provide a tls_accept_fds() function, which allows a TLS connection to beJoel Sing
2015-03-31Store errors that occur during a tls_accept_socket() call on the contextJoel Sing
2015-03-21free the server certificate in tls_connect_fds(); fixes a memory leak withStuart Henderson
2015-02-26Prefix function parameter names with underscores in tls.h, since this makesJoel Sing
2015-02-22Bump libtls major due to symbol removal.Joel Sing
2015-02-22Rename tls_config_insecure_noverifyhost() toJoel Sing
2015-02-22Check return values when setting dheparams and ecdhecurve for the defaultJoel Sing
2015-02-22In the interests of being secure by default, make the default TLS ciphersJoel Sing
2015-02-21explain how tls_accept_socket works.Ted Unangst
2015-02-21tls_config_set_protocols is really void. Greg Martin.Ted Unangst
2015-02-21fill out docs a bit more, notably the read/write again behaviors.Ted Unangst
2015-02-15s/tls_load_keys/tls_load_file/Joel Sing
2015-02-15Document tls_config_parse_protocols() and update documentation forJoel Sing
2015-02-12bump minor for TLS_PROTOCOLS_ALL. OK jsing@Reyk Floeter
2015-02-12Add a tls_config_parse_protocols() function that allows a protocols stringJoel Sing
2015-02-12Fix handling of "legacy" mode for tls_config_set_dheparams().Joel Sing
2015-02-12Change TLS_PROTOCOLS_DEFAULT to be TLSv1.2 only. Add a TLS_PROTOCOLS_ALLJoel Sing
2015-02-11Provide a tls_connect_servername() function that has the same behaviourJoel Sing
2015-02-11Be consistent with naming - only use "host" and "hostname" when referringJoel Sing
2015-02-09When parsing the host in tls_connect(), first check if it is a numericReyk Floeter
2015-02-08Use the AI_ADDRCONFIG flag in tls_connect(). This tells the resolverReyk Floeter
2015-02-07Added tls_load_file()Reyk Floeter
2015-02-07Add manpage bits for tls_load_file() and tls_accept_socket().Reyk Floeter
2015-02-07Add tls_load_file() as a helper to load certificates or encrypted keysReyk Floeter
2015-02-07Convert tls_connect_fds() and tls_accept_socket() to the new OpenSSL errorJoel Sing
2015-02-07Add tls_config_set_dheparams() to allow specification of the parameters toJoel Sing
2015-02-07Attempt to implement the OpenSSL error dance so that TLS read/writeJoel Sing
2015-02-06Rename SSL_CTX_use_certificate_chain() to SSL_CTX_use_certificate_chain_mem().Reyk Floeter
2015-01-30Make the TLS connect and accept error messages consistent.Alexander Bluhm
2015-01-22last entry in NAME should not have a trailing comma;Jason McIntyre
2015-01-22Add MLINK for tls_config_set_ca_mem()Reyk Floeter
2015-01-22Allow to to load the CA chain directly from memory instead ofReyk Floeter
2015-01-16The SSL/TLS session Id context is limited to 32 bytes. Instead ofReyk Floeter
2015-01-13For non-blocking sockets tls_connect_fds() could fail with EAGAIN.Alexander Bluhm
2015-01-02Rename the tls_connect_socket() parameter 'socket' to 's' to avoidAlexander Bluhm
2015-01-01Revert previous; tls_accept_socket() was intentionally undocumentedIngo Schwarze
2015-01-01minimally document tls_accept_socket();Ingo Schwarze
2014-12-27include netinet/in.h to define struct in6_addr.Brent Cook
2014-12-17Add size_t to int checks for SSL functions.Doug Hogan
2014-12-07Allow specific libtls hostname validation errors to propagate.Brent Cook
2014-12-07Fix a memory leak in tls_check_subject_altname() by callingJoel Sing
2014-12-07revert previous change for now, adjusting based on comments from jsing@Brent Cook