summaryrefslogtreecommitdiff
path: root/usr.sbin/smtpd/ssl.c
AgeCommit message (Expand)Author
2015-03-13Missing free(3) in error pathGiovanni Bechis
2015-02-06Rename SSL_CTX_use_certificate_chain() to SSL_CTX_use_certificate_chain_mem().Reyk Floeter
2015-01-16SSL_CTX_use_certificate_chain() has been added to LibreSSL and thereReyk Floeter
2015-01-16The SSL/TLS session Id context is limited to 32 bytes. Instead ofReyk Floeter
2014-10-16disable SSLv3Gilles Chehade
2014-10-02avoid a double freeTheo de Raadt
2014-08-25Delete secret or secret-derived data with explicit_bzero.Doug Hogan
2014-07-10add additional includes required to build with -DOPENSSL_NO_DEPRECATEDJonathan Gray
2014-07-08zap trailing tabEric Faurot
2014-05-20Unify the SSL privsep key loading functions.Reyk Floeter
2014-05-20Deep down inside OpenSSL, err... LibreSSL, RSA_set_ex_data attempts toReyk Floeter
2014-05-10Fix SSL breakage that I accidentally introduced with my previous commit.Reyk Floeter
2014-05-06Fix two memory leaks: EVP_PKEY_get1_RSA() returns a referenced keyReyk Floeter
2014-04-29Implement RSA privilege separation for OpenSMTPD, based on my previousReyk Floeter
2014-04-29It is only required to load the keys and certs into the same SSLReyk Floeter
2014-04-19(void) cast a snprintf() call that can't possibly truncate unless weGilles Chehade
2014-02-17fix possible NULL-deref in error code pathEric Faurot
2014-02-04pki code cleanupEric Faurot
2013-12-26bcopy -> memmoveEric Faurot
2013-11-28fix loading of passphrase-protected keys.Eric Faurot
2013-11-06Much much improved config parser and related changes.Eric Faurot
2013-10-26%i -> %d in format stringsEric Faurot
2013-07-19tls perfect forward secrecy with ecdheEric Faurot
2013-05-24sync with OpenSMTPD 5.3.2Eric Faurot
2013-01-26Sync with our smtpd repo:Gilles Chehade
2012-11-23knfEric Faurot
2012-11-12Cleanups and improvements:Eric Faurot
2012-10-14enforce different permissions on different files in ssl_load_file()Alexander Hall
2012-10-09Reject ssl key/certs/CA/DH files if their ownership/permissions are notEric Faurot
2012-09-14Remove s_ssl from the smtp session since it is duplicated in the io struct.Eric Faurot
2012-08-19coding style: replace all occurences of u_int* with uint*Charles Longeau
2012-01-29Rewrite io code in smtp and mta using the iobuf/ioev interface to haveEric Faurot
2012-01-11enable back CA support, just don't verify client ...Gilles Chehade
2011-12-21disable temporarily CA support, it prevents some remote hosts fromCharles Longeau
2011-12-14add missing prototypeEric Faurot
2011-12-13*finally* make use of certificate authority file if available !Gilles Chehade
2011-10-27Don't offer or negotiate SSLv2 and, since we don't do SSL sessionPhilip Guenthe
2011-10-23add a missing DH_free() after ssl_set_ephemeral_key_exchange().Charles Longeau
2011-10-13Drop a reference to the client SSL_CTX after SSL_new(), so that it isEric Faurot
2011-09-01Introduce a small set of functions to manage stat counters in aEric Faurot
2011-05-21make the "no DH parameters" warning a log_info()Gilles Chehade
2011-05-17somehow a previous sync with relayd missed one line...Gilles Chehade
2011-05-14more clang warnings fixedGilles Chehade
2011-05-01the smtpd env is meant to be global, so do not pass it all around.Eric Faurot
2011-03-15let smtpd use user-provided Diffie-Hellman parameters for ephemeral keyGilles Chehade
2010-11-28a bit of .h cleanups, no functionnal changeGilles Chehade
2010-11-24add *maxactive statsTodd T. Fries
2010-10-09backout the "new" queue code commited 4 months ago. it has many good ideas,Gilles Chehade
2010-06-01new queue, again; gcc2 compile tested by deraadtJacek Masiulaniec
2010-06-01New queue doesn't compile on gcc2, back out. Spotted by deraadt@Jacek Masiulaniec