Age | Commit message (Expand) | Author |
2018-12-20 | change the format of ssl_to_text() to match that of io's, this only affect | Gilles Chehade |
2017-05-17 | Introduce more use of freezero(). Also, remove ptr conditionals before | Theo de Raadt |
2017-03-30 | Disable client-initiated renegotiation. | Joel Sing |
2016-09-02 | turn server preference for ciphers on by default | Gilles Chehade |
2016-04-21 | Use automatic DH parameters, instead of fixed ones. Also disable DHE by | Joel Sing |
2015-12-13 | refactor a bit to move the SNI handling away from smtp_session into smtp | Gilles Chehade |
2015-12-12 | remove CA from pki and no longer allow specifying a CA with 'pki' keyword. | Gilles Chehade |
2015-12-12 | do not prevent group from reading key, it prevents a certificate from | Gilles Chehade |
2015-12-12 | allow overriding the default cipher-suite | Gilles Chehade |
2015-12-12 | bump DH params to 2048, it's been part of smtpd releases for a long time | Gilles Chehade |
2015-12-05 | Remove a few NULL-checks before free(). | mmcc |
2015-11-05 | replace u_char and u_int* with standard stdint.h types to ease portable version | Joerg Jung |
2015-10-21 | Use SSL_CTX_set_ecdh_auto() instead of rolling our own version. | Joel Sing |
2015-10-16 | Use SSL_get_version() not SSL_get_cipher_version(); the former gives the TLS | Stuart Henderson |
2015-03-13 | Missing free(3) in error path | Giovanni Bechis |
2015-02-06 | Rename SSL_CTX_use_certificate_chain() to SSL_CTX_use_certificate_chain_mem(). | Reyk Floeter |
2015-01-16 | SSL_CTX_use_certificate_chain() has been added to LibreSSL and there | Reyk Floeter |
2015-01-16 | The SSL/TLS session Id context is limited to 32 bytes. Instead of | Reyk Floeter |
2014-10-16 | disable SSLv3 | Gilles Chehade |
2014-10-02 | avoid a double free | Theo de Raadt |
2014-08-25 | Delete secret or secret-derived data with explicit_bzero. | Doug Hogan |
2014-07-10 | add additional includes required to build with -DOPENSSL_NO_DEPRECATED | Jonathan Gray |
2014-07-08 | zap trailing tab | Eric Faurot |
2014-05-20 | Unify the SSL privsep key loading functions. | Reyk Floeter |
2014-05-20 | Deep down inside OpenSSL, err... LibreSSL, RSA_set_ex_data attempts to | Reyk Floeter |
2014-05-10 | Fix SSL breakage that I accidentally introduced with my previous commit. | Reyk Floeter |
2014-05-06 | Fix two memory leaks: EVP_PKEY_get1_RSA() returns a referenced key | Reyk Floeter |
2014-04-29 | Implement RSA privilege separation for OpenSMTPD, based on my previous | Reyk Floeter |
2014-04-29 | It is only required to load the keys and certs into the same SSL | Reyk Floeter |
2014-04-19 | (void) cast a snprintf() call that can't possibly truncate unless we | Gilles Chehade |
2014-02-17 | fix possible NULL-deref in error code path | Eric Faurot |
2014-02-04 | pki code cleanup | Eric Faurot |
2013-12-26 | bcopy -> memmove | Eric Faurot |
2013-11-28 | fix loading of passphrase-protected keys. | Eric Faurot |
2013-11-06 | Much much improved config parser and related changes. | Eric Faurot |
2013-10-26 | %i -> %d in format strings | Eric Faurot |
2013-07-19 | tls perfect forward secrecy with ecdhe | Eric Faurot |
2013-05-24 | sync with OpenSMTPD 5.3.2 | Eric Faurot |
2013-01-26 | Sync with our smtpd repo: | Gilles Chehade |
2012-11-23 | knf | Eric Faurot |
2012-11-12 | Cleanups and improvements: | Eric Faurot |
2012-10-14 | enforce different permissions on different files in ssl_load_file() | Alexander Hall |
2012-10-09 | Reject ssl key/certs/CA/DH files if their ownership/permissions are not | Eric Faurot |
2012-09-14 | Remove s_ssl from the smtp session since it is duplicated in the io struct. | Eric Faurot |
2012-08-19 | coding style: replace all occurences of u_int* with uint* | Charles Longeau |
2012-01-29 | Rewrite io code in smtp and mta using the iobuf/ioev interface to have | Eric Faurot |
2012-01-11 | enable back CA support, just don't verify client ... | Gilles Chehade |
2011-12-21 | disable temporarily CA support, it prevents some remote hosts from | Charles Longeau |
2011-12-14 | add missing prototype | Eric Faurot |
2011-12-13 | *finally* make use of certificate authority file if available ! | Gilles Chehade |