summaryrefslogtreecommitdiff
path: root/usr.sbin/smtpd/ssl.c
AgeCommit message (Expand)Author
2018-12-20change the format of ssl_to_text() to match that of io's, this only affectGilles Chehade
2017-05-17Introduce more use of freezero(). Also, remove ptr conditionals beforeTheo de Raadt
2017-03-30Disable client-initiated renegotiation.Joel Sing
2016-09-02turn server preference for ciphers on by defaultGilles Chehade
2016-04-21Use automatic DH parameters, instead of fixed ones. Also disable DHE byJoel Sing
2015-12-13refactor a bit to move the SNI handling away from smtp_session into smtpGilles Chehade
2015-12-12remove CA from pki and no longer allow specifying a CA with 'pki' keyword.Gilles Chehade
2015-12-12do not prevent group from reading key, it prevents a certificate fromGilles Chehade
2015-12-12allow overriding the default cipher-suiteGilles Chehade
2015-12-12bump DH params to 2048, it's been part of smtpd releases for a long timeGilles Chehade
2015-12-05Remove a few NULL-checks before free().mmcc
2015-11-05replace u_char and u_int* with standard stdint.h types to ease portable versionJoerg Jung
2015-10-21Use SSL_CTX_set_ecdh_auto() instead of rolling our own version.Joel Sing
2015-10-16Use SSL_get_version() not SSL_get_cipher_version(); the former gives the TLSStuart Henderson
2015-03-13Missing free(3) in error pathGiovanni Bechis
2015-02-06Rename SSL_CTX_use_certificate_chain() to SSL_CTX_use_certificate_chain_mem().Reyk Floeter
2015-01-16SSL_CTX_use_certificate_chain() has been added to LibreSSL and thereReyk Floeter
2015-01-16The SSL/TLS session Id context is limited to 32 bytes. Instead ofReyk Floeter
2014-10-16disable SSLv3Gilles Chehade
2014-10-02avoid a double freeTheo de Raadt
2014-08-25Delete secret or secret-derived data with explicit_bzero.Doug Hogan
2014-07-10add additional includes required to build with -DOPENSSL_NO_DEPRECATEDJonathan Gray
2014-07-08zap trailing tabEric Faurot
2014-05-20Unify the SSL privsep key loading functions.Reyk Floeter
2014-05-20Deep down inside OpenSSL, err... LibreSSL, RSA_set_ex_data attempts toReyk Floeter
2014-05-10Fix SSL breakage that I accidentally introduced with my previous commit.Reyk Floeter
2014-05-06Fix two memory leaks: EVP_PKEY_get1_RSA() returns a referenced keyReyk Floeter
2014-04-29Implement RSA privilege separation for OpenSMTPD, based on my previousReyk Floeter
2014-04-29It is only required to load the keys and certs into the same SSLReyk Floeter
2014-04-19(void) cast a snprintf() call that can't possibly truncate unless weGilles Chehade
2014-02-17fix possible NULL-deref in error code pathEric Faurot
2014-02-04pki code cleanupEric Faurot
2013-12-26bcopy -> memmoveEric Faurot
2013-11-28fix loading of passphrase-protected keys.Eric Faurot
2013-11-06Much much improved config parser and related changes.Eric Faurot
2013-10-26%i -> %d in format stringsEric Faurot
2013-07-19tls perfect forward secrecy with ecdheEric Faurot
2013-05-24sync with OpenSMTPD 5.3.2Eric Faurot
2013-01-26Sync with our smtpd repo:Gilles Chehade
2012-11-23knfEric Faurot
2012-11-12Cleanups and improvements:Eric Faurot
2012-10-14enforce different permissions on different files in ssl_load_file()Alexander Hall
2012-10-09Reject ssl key/certs/CA/DH files if their ownership/permissions are notEric Faurot
2012-09-14Remove s_ssl from the smtp session since it is duplicated in the io struct.Eric Faurot
2012-08-19coding style: replace all occurences of u_int* with uint*Charles Longeau
2012-01-29Rewrite io code in smtp and mta using the iobuf/ioev interface to haveEric Faurot
2012-01-11enable back CA support, just don't verify client ...Gilles Chehade
2011-12-21disable temporarily CA support, it prevents some remote hosts fromCharles Longeau
2011-12-14add missing prototypeEric Faurot
2011-12-13*finally* make use of certificate authority file if available !Gilles Chehade