summaryrefslogtreecommitdiff
path: root/usr.sbin/relayd/ca.c
AgeCommit message (Expand)Author
2022-01-20catch poll() returning EINTR.Sebastian Benoit
2022-01-11Convert relayd for opaque RSA_METHODTheo Buehler
2021-12-08zap a stray spaceTheo Buehler
2021-03-23Timed out RSA key ops, may leave uncalled for responses in the imsg returnClaudio Jeker
2019-05-31Move the relay keys/certs into a separate global list and look them up by id.Reyk Floeter
2018-09-19Do not abort when the ca privenc runs into a timeout.Reyk Floeter
2018-01-24Log some more errors in the ca code, since there seems to be still a bugClaudio Jeker
2018-01-01RSA_private_{en,de}crypt() can fail and will return -1 in that case.Claudio Jeker
2017-11-28relay_load_fd() is no longer clobering errno in the error case so useClaudio Jeker
2017-11-27Make ca_launch error messages unique.Alexander Bluhm
2017-11-27Use file descriptor passing to load certificates into the relays. EspeciallyClaudio Jeker
2017-08-09Use X509_pubkey_digest() like libtls to hash the keys for the TLS privsepClaudio Jeker
2017-07-28Always calculate the hash value of the x509 cert in ssl_load_pkey().Alexander Bluhm
2017-05-28use __func__ in log messages. fix some whitespace while here.Sebastian Benoit
2017-05-27Migrate relayd to use libtls for TLS. Still does the TLS privsep via theClaudio Jeker
2017-04-06fix format string found by clang -Wformat-securityGleydson Soares
2016-09-28Add -Wcast-qual and cast away one false positive where we use a constReyk Floeter
2016-09-03Use the fork+exec privsep model in relayd; based on rzalamena@'s workReyk Floeter
2016-09-02Split "struct relayd" into two structs: "struct relayd" and "structReyk Floeter
2016-09-02proc_id has been replaced by ps->ps_instance.Reyk Floeter
2016-09-02As done in httpd, remove ps_ninstances and p_instance.Reyk Floeter
2016-09-02Terminate relayd using the socket status instead of watching SIGCHLDReyk Floeter
2016-09-01Do not busy loop in the rsa engine callback waiting for the ca. Instead useClaudio Jeker
2015-12-05EAGAIN handling for imsg_read. OK henning@ benno@Claudio Jeker
2015-12-02In most cases we don't need all arguments of proc_compose*_imsg(),Reyk Floeter
2015-10-10relayd's ca process pledges to only use stdio.Sebastian Benoit
2015-05-02Fix obvious problems with relayd config reload.Claudio Jeker
2015-01-22Clean up the relayd headers with help of include-what-you-use and someReyk Floeter
2015-01-16Adapt to <limits.h> universe.Theo de Raadt
2014-12-12Change the keyword "ssl" to "tls" to reflect reality since weReyk Floeter
2014-10-02no need to set the same field NULL twice ;-)Gilles Chehade
2014-05-04Create a new default RSA engine instead of patching the existing oneReyk Floeter
2014-04-22Support the CA key for SSL inspection in the ca process. Instead ofReyk Floeter
2014-04-21Use RSA_set_ex_data()/RSA_get_ex_data() directly instead ofReyk Floeter
2014-04-21The OpenSSL engine passes a "const u_char *" to the callback butReyk Floeter
2014-04-18spacingReyk Floeter
2014-04-18Fix SSL client-only mode when no RSA private key is needed.Reyk Floeter
2014-04-18The RSA_FLAG_SIGN_VER is not yet supported and the current code usesReyk Floeter
2014-04-18Introduce privsep for private keys:Reyk Floeter
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-03 02:31:06 +0000