| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2021-02-01 | Use "EC/RSA key setup failure" to align error with others | Theo Buehler | |
| ok eric jsing | |||
| 2021-01-26 | Move private key setup to a helper function with proper error | Eric Faurot | |
| checking. Only install the hash on the key if fake key is used, and do it for EC keys too. ok tb@ jsing@ | |||
| 2021-01-21 | when using fake keys, skip the private key check | Eric Faurot | |
| ok tb@ | |||
| 2021-01-21 | return -1 on error for consistency | Eric Faurot | |
| ok tb@ | |||
| 2021-01-21 | minor bump after symbol addition | Eric Faurot | |
| 2021-01-21 | Allow setting a keypair on a tls context without specifying the private | Eric Faurot | |
| key, and fake it internally with the certificate public key instead. It makes it easier for privsep engines like relayd that don't have to use bogus keys anymore. ok beck@ tb@ jsing@ | |||
| 2021-01-05 | Fix indent. | Joel Sing | |
| 2021-01-05 | Remove memset that was made redundant with the ASN1_time_parse() | Theo Buehler | |
| fix in libcrypto/asn1/a_time_tm.c r1.16. Suggested by jsing | |||
| 2021-01-02 | Tweak previous: | Ingo Schwarze | |
| * Do not abuse .Bl -tag for lists without bodies, use .Bl -item instead. * In tagged lists, put bodies into bodies, not into heads. * Add a few missing macros. * Drop some useless quoting. | |||
| 2021-01-02 | Make list of DHE parameters more prominent | kn | |
| Follow the previous commit and complete the manual page for consistency; better readable and tags for free. OK tb | |||
| 2020-12-30 | Make the list of supported protocols more prominent | kn | |
| Manuals like httpd.conf(5) refer to this for valid protocol strings, but elements inlined into sentences are hard find to spot. Use a list as already done elsewhere in this manual. OK jmc on earlier version Feeback OK tb | |||
| 2020-12-22 | Destroy the mutex in tls_config objects when tls_config_free is called. | Brent Cook | |
| Add a stub for pthread_mutex_destroy() for installers. ok tb@ | |||
| 2020-12-22 | Revert call to pthread_mutex_destroy until installers have a stub. | Brent Cook | |
| noted by deraadt@ | |||
| 2020-12-21 | Destroy the mutex in a tls_config object when tls_config_free is called. | Brent Cook | |
| ok inoguchi@ | |||
| 2020-12-15 | Fix return value variable type in tls_keypair_load_cert | Kinichiro Inoguchi | |
| ERR_peek_error() returns unsigned long. Reported by github issue by @rozhuk-im. ok bcook@ jsing@ | |||
| 2020-06-09 | The check_includes step is incorrect dependency management model for | Theo de Raadt | |
| how our tree gets built. If this was done in all the libraries (imagine sys/dev), it would disrupt the development process hugely. So it should not be done here either. use 'make includes' by hand instead. | |||
| 2020-05-24 | Clear SSL_MODE_AUTO_RETRY in libtls, since we handle WANT_POLLIN correctly. | Joel Sing | |
| 2020-01-22 | Correct includes check for libtls. | Joel Sing | |
| 2020-01-22 | Add checks to ensure that lib{crypto,ssl,tls} public headers have actually | Joel Sing | |
| been installed prior to building. Requested by and ok tb@ | |||
| 2020-01-22 | Note in the man page that the default protocols list includes 1.3 | Bob Beck | |
| ok jsing@ | |||
| 2020-01-22 | Enable TLS version 1.3 in the default protocols for libtls. | Bob Beck | |
| This will as yet not do anything, until we turn it on in the lower level libraries. ok jsing@ | |||
| 2020-01-20 | Add support for TLSv1.3 as a protocol to libtls. | Joel Sing | |
| This makes tls_config_parse_protocols() recognise and handle "tlsv1.3". If TLSv1.3 is enabled libtls will also request libssl to enable it. ok beck@ tb@ | |||
| 2019-12-03 | Add missing RCS tag. | Theo Buehler | |
| 2019-11-16 | Allow 1.3 ciphers in libtls. | Bob Beck | |
| ok jsing@ | |||
| 2019-11-16 | Allow portable to override the default CA bundle location | Bob Beck | |
| ok kinichiro@ jsing@ | |||
| 2019-11-02 | Bump libcrypto, libssl and libtls minors due to symbol additions. | Joel Sing | |
| 2019-11-02 | Document tls_conn_cipher_strength(). | Joel Sing | |
| ok schwarze@ | |||
| 2019-11-02 | Provide tls_conn_cipher_strength(). | Joel Sing | |
| This returns the strength in bits of the symmetric cipher used for the connection. Diff from gilles@ ok tb@ | |||
| 2019-10-24 | Bump libcrypto, libssl and libtls majors due to changes in struct sizes | Joel Sing | |
| and symbol addition. | |||
| 2019-07-09 | Group tls_{handshake,read,write,close}() return values documentation. | Joel Sing | |
| Move the documentation for tls_error() down so that both the special return values for tls_{handshake,read,write,close}() directly follow the standard return values for the same functions. Prompted by deraadt@. ok deraadt@ schwarze@ | |||
| 2019-06-20 | tls_read() & tls_write() return 4 possible values: TLS_WANT_POLLOUT, | Theo de Raadt | |
| TLS_WANT_POLLIN, -1, or 0. After handling the first two, check for -1 rather than vaguely "< 0". ok jsing | |||
| 2019-06-05 | provide getters and setters for the RSA_METHOD interface | Gilles Chehade | |
| ok tb@, jsing@, sthen@ | |||
| 2019-05-13 | Acquire mutex before incrementing the refcount. Fixes COV-186144 | Brent Cook | |
| ok tb@ | |||
| 2019-04-13 | Null out pointers on asprintf() failure. | Theo Buehler | |
| These pointers will be passed to free. According to asprintf(3), "on OpenBSD, ret will be set to the null pointer, but this behavior should not be relied upon." ok jsing | |||
| 2019-04-04 | Only assign destlen when src is non-NULL. | Joel Sing | |
| This avoids ever having a non-zero len with a NULL pointer. | |||
| 2019-04-04 | Switch to pthread_mutex_init(). | Joel Sing | |
| While PTHREAD_MUTEX_INITIALIZER can be used on OpenBSD, some other platforms do not like it. Noted by bcook@ | |||
| 2019-04-04 | Bump libssl/libtls minors due to symbol addition. | Joel Sing | |
| 2019-04-01 | Add a mutex to guard reference counting for tls_config. | Joel Sing | |
| This makes libtls more friendly for multithreaded use - otherwise we can end up with incorrect refcounts and end up freeing when we should not be (or not freeing when we should be). ok beck@ | |||
| 2019-03-27 | remove duplicate set key file call. from alf. | Ted Unangst | |
| ok jsing | |||
| 2019-03-20 | fix examples (libtls uses its own error reporting mechanism) | Marc Espie | |
| okay tb@ | |||
| 2019-03-17 | bump minors after symbol addition | Theo Buehler | |
| 2019-01-22 | bump minors after symbol addition | Theo Buehler | |
| 2019-01-19 | bump minors after symbol addition | Theo Buehler | |
| 2018-12-14 | Delete a note taken during the rev. 1.1 man page splite | Ingo Schwarze | |
| that should have been deleted before commit. The cross reference is already present below SEE ALSO. Glitch noticed by jsing@. | |||
| 2018-11-29 | missed adding tls_default_ca_cert_file here. found by sthen | Ted Unangst | |
| 2018-11-29 | expose the default cert file as a function, not a define. it's really | Ted Unangst | |
| an internal detail of the library, so the string should live inside it, not in the application code. ok jsing | |||
| 2018-11-11 | bump minors after symbol addition. | Theo Buehler | |
| 2018-11-06 | Define TLS_CA_CERT_FILE rather than having every application create their | Joel Sing | |
| own define for /etc/ssl/cert.pem. ok beck@ bluhm@ tb@ | |||
| 2018-10-24 | Bump libcrypto/libssl/libtls majors due to symbol removals (libcrypto) | Joel Sing | |
| and changes to struct visibility/sizes (libssl). | |||
| 2018-09-12 | crank to follow minor crank in libcrypto; ok tb@ jsing@ | Damien Miller | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |