Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Bump minors after symbol addition | tb | 2021-03-31 | 1 | -1/+1 |
| | |||||
* | OCSP_basic_verify() doesn't set errno, so use tls_set_errorx() | tb | 2021-03-23 | 1 | -2/+2 |
| | | | | ok inoguchi | ||||
* | Use "EC/RSA key setup failure" to align error with others | tb | 2021-02-01 | 1 | -3/+3 |
| | | | | ok eric jsing | ||||
* | Move private key setup to a helper function with proper error | eric | 2021-01-26 | 1 | -10/+47 |
| | | | | | | | checking. Only install the hash on the key if fake key is used, and do it for EC keys too. ok tb@ jsing@ | ||||
* | when using fake keys, skip the private key check | eric | 2021-01-21 | 1 | -1/+2 |
| | | | | ok tb@ | ||||
* | return -1 on error for consistency | eric | 2021-01-21 | 1 | -2/+2 |
| | | | | ok tb@ | ||||
* | minor bump after symbol addition | eric | 2021-01-21 | 1 | -1/+1 |
| | |||||
* | Allow setting a keypair on a tls context without specifying the private | eric | 2021-01-21 | 4 | -26/+77 |
| | | | | | | | | key, and fake it internally with the certificate public key instead. It makes it easier for privsep engines like relayd that don't have to use bogus keys anymore. ok beck@ tb@ jsing@ | ||||
* | Fix indent. | jsing | 2021-01-05 | 1 | -2/+2 |
| | |||||
* | Remove memset that was made redundant with the ASN1_time_parse() | tb | 2021-01-05 | 1 | -4/+1 |
| | | | | | | fix in libcrypto/asn1/a_time_tm.c r1.16. Suggested by jsing | ||||
* | Tweak previous: | schwarze | 2021-01-02 | 1 | -19/+34 |
| | | | | | | | * Do not abuse .Bl -tag for lists without bodies, use .Bl -item instead. * In tagged lists, put bodies into bodies, not into heads. * Add a few missing macros. * Drop some useless quoting. | ||||
* | Make list of DHE parameters more prominent | kn | 2021-01-02 | 1 | -6/+19 |
| | | | | | | | Follow the previous commit and complete the manual page for consistency; better readable and tags for free. OK tb | ||||
* | Make the list of supported protocols more prominent | kn | 2020-12-30 | 1 | -5/+15 |
| | | | | | | | | | | Manuals like httpd.conf(5) refer to this for valid protocol strings, but elements inlined into sentences are hard find to spot. Use a list as already done elsewhere in this manual. OK jmc on earlier version Feeback OK tb | ||||
* | Destroy the mutex in tls_config objects when tls_config_free is called. | bcook | 2020-12-22 | 1 | -1/+3 |
| | | | | | | Add a stub for pthread_mutex_destroy() for installers. ok tb@ | ||||
* | Revert call to pthread_mutex_destroy until installers have a stub. | bcook | 2020-12-22 | 1 | -3/+1 |
| | | | | noted by deraadt@ | ||||
* | Destroy the mutex in a tls_config object when tls_config_free is called. | bcook | 2020-12-21 | 1 | -1/+3 |
| | | | | ok inoguchi@ | ||||
* | Fix return value variable type in tls_keypair_load_cert | inoguchi | 2020-12-15 | 1 | -2/+2 |
| | | | | | | | ERR_peek_error() returns unsigned long. Reported by github issue by @rozhuk-im. ok bcook@ jsing@ | ||||
* | The check_includes step is incorrect dependency management model for | deraadt | 2020-06-09 | 1 | -11/+1 |
| | | | | | | how our tree gets built. If this was done in all the libraries (imagine sys/dev), it would disrupt the development process hugely. So it should not be done here either. use 'make includes' by hand instead. | ||||
* | Clear SSL_MODE_AUTO_RETRY in libtls, since we handle WANT_POLLIN correctly. | jsing | 2020-05-24 | 1 | -1/+3 |
| | |||||
* | Correct includes check for libtls. | jsing | 2020-01-22 | 1 | -2/+2 |
| | |||||
* | Add checks to ensure that lib{crypto,ssl,tls} public headers have actually | jsing | 2020-01-22 | 1 | -1/+11 |
| | | | | | | been installed prior to building. Requested by and ok tb@ | ||||
* | Note in the man page that the default protocols list includes 1.3 | beck | 2020-01-22 | 1 | -4/+4 |
| | | | | ok jsing@ | ||||
* | Enable TLS version 1.3 in the default protocols for libtls. | beck | 2020-01-22 | 1 | -2/+2 |
| | | | | | | | This will as yet not do anything, until we turn it on in the lower level libraries. ok jsing@ | ||||
* | Add support for TLSv1.3 as a protocol to libtls. | jsing | 2020-01-20 | 4 | -11/+20 |
| | | | | | | | This makes tls_config_parse_protocols() recognise and handle "tlsv1.3". If TLSv1.3 is enabled libtls will also request libssl to enable it. ok beck@ tb@ | ||||
* | Add missing RCS tag. | tb | 2019-12-03 | 1 | -0/+1 |
| | |||||
* | Allow 1.3 ciphers in libtls. | beck | 2019-11-16 | 1 | -2/+2 |
| | | | | ok jsing@ | ||||
* | Allow portable to override the default CA bundle location | beck | 2019-11-16 | 2 | -3/+7 |
| | | | | ok kinichiro@ jsing@ | ||||
* | Bump libcrypto, libssl and libtls minors due to symbol additions. | jsing | 2019-11-02 | 1 | -1/+1 |
| | |||||
* | Document tls_conn_cipher_strength(). | jsing | 2019-11-02 | 1 | -2/+14 |
| | | | | ok schwarze@ | ||||
* | Provide tls_conn_cipher_strength(). | jsing | 2019-11-02 | 4 | -3/+15 |
| | | | | | | | | | This returns the strength in bits of the symmetric cipher used for the connection. Diff from gilles@ ok tb@ | ||||
* | Bump libcrypto, libssl and libtls majors due to changes in struct sizes | jsing | 2019-10-24 | 1 | -2/+2 |
| | | | | and symbol addition. | ||||
* | Group tls_{handshake,read,write,close}() return values documentation. | jsing | 2019-07-09 | 1 | -21/+21 |
| | | | | | | | | | | Move the documentation for tls_error() down so that both the special return values for tls_{handshake,read,write,close}() directly follow the standard return values for the same functions. Prompted by deraadt@. ok deraadt@ schwarze@ | ||||
* | tls_read() & tls_write() return 4 possible values: TLS_WANT_POLLOUT, | deraadt | 2019-06-20 | 1 | -4/+4 |
| | | | | | | TLS_WANT_POLLIN, -1, or 0. After handling the first two, check for -1 rather than vaguely "< 0". ok jsing | ||||
* | provide getters and setters for the RSA_METHOD interface | gilles | 2019-06-05 | 1 | -1/+1 |
| | | | | ok tb@, jsing@, sthen@ | ||||
* | Acquire mutex before incrementing the refcount. Fixes COV-186144 | bcook | 2019-05-13 | 1 | -1/+3 |
| | | | | ok tb@ | ||||
* | Null out pointers on asprintf() failure. | tb | 2019-04-13 | 1 | -3/+7 |
| | | | | | | | | These pointers will be passed to free. According to asprintf(3), "on OpenBSD, ret will be set to the null pointer, but this behavior should not be relied upon." ok jsing | ||||
* | Only assign destlen when src is non-NULL. | jsing | 2019-04-04 | 1 | -3/+4 |
| | | | | This avoids ever having a non-zero len with a NULL pointer. | ||||
* | Switch to pthread_mutex_init(). | jsing | 2019-04-04 | 1 | -3/+5 |
| | | | | | | | While PTHREAD_MUTEX_INITIALIZER can be used on OpenBSD, some other platforms do not like it. Noted by bcook@ | ||||
* | Bump libssl/libtls minors due to symbol addition. | jsing | 2019-04-04 | 1 | -1/+1 |
| | |||||
* | Add a mutex to guard reference counting for tls_config. | jsing | 2019-04-01 | 3 | -4/+16 |
| | | | | | | | | This makes libtls more friendly for multithreaded use - otherwise we can end up with incorrect refcounts and end up freeing when we should not be (or not freeing when we should be). ok beck@ | ||||
* | remove duplicate set key file call. from alf. | tedu | 2019-03-27 | 1 | -3/+1 |
| | | | | ok jsing | ||||
* | fix examples (libtls uses its own error reporting mechanism) | espie | 2019-03-20 | 1 | -4/+4 |
| | | | | okay tb@ | ||||
* | bump minors after symbol addition | tb | 2019-03-17 | 1 | -1/+1 |
| | |||||
* | bump minors after symbol addition | tb | 2019-01-22 | 1 | -1/+1 |
| | |||||
* | bump minors after symbol addition | tb | 2019-01-19 | 1 | -1/+1 |
| | |||||
* | Delete a note taken during the rev. 1.1 man page splite | schwarze | 2018-12-14 | 1 | -5/+2 |
| | | | | | | that should have been deleted before commit. The cross reference is already present below SEE ALSO. Glitch noticed by jsing@. | ||||
* | missed adding tls_default_ca_cert_file here. found by sthen | tedu | 2018-11-29 | 1 | -0/+1 |
| | |||||
* | expose the default cert file as a function, not a define. it's really | tedu | 2018-11-29 | 5 | -10/+24 |
| | | | | | | an internal detail of the library, so the string should live inside it, not in the application code. ok jsing | ||||
* | bump minors after symbol addition. | tb | 2018-11-11 | 1 | -1/+1 |
| | |||||
* | Define TLS_CA_CERT_FILE rather than having every application create their | jsing | 2018-11-06 | 3 | -6/+6 |
| | | | | | | own define for /etc/ssl/cert.pem. ok beck@ bluhm@ tb@ |