![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / lib / libtls
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.87, Wed Jan 25 23:53:18 2017 UTC (7 years, 4 months ago) by schwarze
Branch: MAIN
CVS Tags: HEAD
Changes since 1.86: +1 -1 lines
FILE REMOVED
split the tls_init(3) that had grown fat to allow healthy future growth; suggested by jsing@; "i would just chuck it in" jmc@
Revision 1.86 / (download) - annotate - [select for diffs], Tue Jan 24 07:57:39 2017 UTC (7 years, 4 months ago) by jmc
Branch: MAIN
Changes since 1.85: +2 -2 lines
Diff to previous 1.85 (colored)
accross -> across;
Revision 1.85 / (download) - annotate - [select for diffs], Tue Jan 24 01:48:05 2017 UTC (7 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.84: +28 -1 lines
Diff to previous 1.84 (colored)
Introduce ticket support. To enable them it is enough to set a positive lifetime with tls_config_set_session_lifetime(). This enables tickets and uses an internal automatic rekeying mode for the ticket keys. If multiple processes are involved the following functions can be used to make tickets work accross all instances: - tls_config_set_session_id() sets the session identifier - tls_config_add_ticket_key() adds an encryption and authentication key For now only the last 4 keys added will be used (unless they are too old). If tls_config_add_ticket_key() is used the caller must ensure to add new keys regularly. It is best to do this 4 times per session lifetime (which is also the ticket key lifetime). Since tickets break PFS it is best to minimize the session lifetime according to needs. With a lot of help, input and OK beck@, jsing@
Revision 1.84 / (download) - annotate - [select for diffs], Tue Jan 24 01:16:26 2017 UTC (7 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.83: +5 -1 lines
Diff to previous 1.83 (colored)
Add missing documentation for tls_config_set_verify_depth Done together with jsing@
Revision 1.83 / (download) - annotate - [select for diffs], Tue Jan 24 00:28:31 2017 UTC (7 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.82: +10 -10 lines
Diff to previous 1.82 (colored)
Shuffle the deck chairs to bring them back in order.
Revision 1.82 / (download) - annotate - [select for diffs], Tue Jan 24 00:00:12 2017 UTC (7 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.81: +5 -5 lines
Diff to previous 1.81 (colored)
tls_config_add_keypair_mem is the function to add additional keypairs and ocsp_staple functions set the OCSP response they don't add them (which implies you can call them multiple times). Discussed with jsing@ beck@
Revision 1.81 / (download) - annotate - [select for diffs], Fri Nov 11 14:02:24 2016 UTC (7 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.80: +3 -3 lines
Diff to previous 1.80 (colored)
Change the return value of tls_config_set_protocols() and tls_config_set_verify_depth() from void to int. This makes them consistent with all other tls_config_set_* functions and will allow for call time validation to be implemented. Rides libtls major bump. ok beck@
Revision 1.80 / (download) - annotate - [select for diffs], Sat Nov 5 18:30:02 2016 UTC (7 years, 7 months ago) by bcook
Branch: MAIN
Changes since 1.79: +2 -2 lines
Diff to previous 1.79 (colored)
fix misplaced quote by tls_peer_ocsp_this_update
Revision 1.79 / (download) - annotate - [select for diffs], Sat Nov 5 15:45:41 2016 UTC (7 years, 7 months ago) by jmc
Branch: MAIN
Changes since 1.78: +7 -7 lines
Diff to previous 1.78 (colored)
tweak previous;
Revision 1.78 / (download) - annotate - [select for diffs], Sat Nov 5 15:13:26 2016 UTC (7 years, 7 months ago) by beck
Branch: MAIN
Changes since 1.77: +16 -2 lines
Diff to previous 1.77 (colored)
Add support for server side OCSP stapling to libtls. Add support for server side OCSP stapling to netcat.
Revision 1.77 / (download) - annotate - [select for diffs], Fri Nov 4 05:13:13 2016 UTC (7 years, 7 months ago) by beck
Branch: MAIN
Changes since 1.76: +8 -2 lines
Diff to previous 1.76 (colored)
Add ocsp_require_stapling config option for tls - allows a connection to indicate that it requires the peer to provide a stapled OCSP response with the handshake. Provide a "-T muststaple" for nc that uses it. ok jsing@, guenther@
Revision 1.76 / (download) - annotate - [select for diffs], Thu Nov 3 12:54:16 2016 UTC (7 years, 7 months ago) by beck
Branch: MAIN
Changes since 1.75: +3 -3 lines
Diff to previous 1.75 (colored)
Don't do OCSP validation when we have disabled certificate verification or certificate validation. ok jsing@
Revision 1.75 / (download) - annotate - [select for diffs], Wed Nov 2 18:26:14 2016 UTC (7 years, 7 months ago) by jmc
Branch: MAIN
Changes since 1.74: +9 -9 lines
Diff to previous 1.74 (colored)
bit more cleanup;
Revision 1.74 / (download) - annotate - [select for diffs], Wed Nov 2 17:32:42 2016 UTC (7 years, 7 months ago) by jmc
Branch: MAIN
Changes since 1.73: +27 -33 lines
Diff to previous 1.73 (colored)
tweak previous;
Revision 1.73 / (download) - annotate - [select for diffs], Wed Nov 2 15:18:42 2016 UTC (7 years, 7 months ago) by beck
Branch: MAIN
Changes since 1.72: +118 -3 lines
Diff to previous 1.72 (colored)
Add OCSP client side support to libtls.
- Provide access to certificate OCSP URL
- Provide ability to check a raw OCSP reply against an
established TLS ctx
- Check and validate OCSP stapling info in the TLS handshake
if a stapled OCSP response is provided.`
Add example code to show OCSP URL and stapled info
into netcat.
ok jsing@
Revision 1.72 / (download) - annotate - [select for diffs], Tue Sep 13 13:40:58 2016 UTC (7 years, 8 months ago) by tedu
Branch: MAIN
Changes since 1.71: +3 -3 lines
Diff to previous 1.71 (colored)
add a little more typing to the first callback argument. it's always a tls context.
Revision 1.71 / (download) - annotate - [select for diffs], Sun Sep 4 16:37:18 2016 UTC (7 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.70: +7 -7 lines
Diff to previous 1.70 (colored)
minor tweaks;
Revision 1.70 / (download) - annotate - [select for diffs], Sun Sep 4 12:48:50 2016 UTC (7 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.69: +7 -3 lines
Diff to previous 1.69 (colored)
New sentence, new line. Also wrap at 80 chars.
Revision 1.69 / (download) - annotate - [select for diffs], Sun Sep 4 12:26:43 2016 UTC (7 years, 9 months ago) by bcook
Branch: MAIN
Changes since 1.68: +14 -2 lines
Diff to previous 1.68 (colored)
Add callback-based interface to libtls. This allows working with buffers and callback functions instead of directly on sockets or file descriptors. Original patch from Tobias Pape <tobias_at_netshed.de>. ok beck@
Revision 1.68 / (download) - annotate - [select for diffs], Sun Sep 4 12:03:24 2016 UTC (7 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.67: +16 -47 lines
Diff to previous 1.67 (colored)
State that libtls functions apply to both clients and servers, unless noted otherwise. Remove all of the now redundant "client and server" notations and change the client and server notations to "client only" and "server only". With input from jmc@. ok beck@ jmc@
Revision 1.67 / (download) - annotate - [select for diffs], Mon Aug 22 14:55:59 2016 UTC (7 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.66: +27 -2 lines
Diff to previous 1.66 (colored)
Provide an API that enables server side SNI support - add the ability to
provide additional keypairs (via tls_config_add_keypair_{file,mem}()) and
allow the server to determine what servername the client requested (via
tls_conn_servername()).
ok beck@
Revision 1.66 / (download) - annotate - [select for diffs], Thu Aug 18 15:43:12 2016 UTC (7 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.65: +35 -45 lines
Diff to previous 1.65 (colored)
Rework parts of the libtls man page for clarity. Split out the connection information related functions under their own heading and dedup the text relating to when these functions can be called. With input from and ok jmc@
Revision 1.65 / (download) - annotate - [select for diffs], Fri Aug 12 15:10:59 2016 UTC (7 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.64: +28 -8 lines
Diff to previous 1.64 (colored)
Add ALPN support to libtls. ok beck@ doug@
Revision 1.64 / (download) - annotate - [select for diffs], Tue Aug 2 07:47:11 2016 UTC (7 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.63: +8 -28 lines
Diff to previous 1.63 (colored)
Revert previous since it adds new symbols. Requested by deraadt@
Revision 1.63 / (download) - annotate - [select for diffs], Mon Aug 1 17:32:19 2016 UTC (7 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.62: +28 -8 lines
Diff to previous 1.62 (colored)
Add ALPN support to libtls. ok beck@ doug@
Revision 1.62 / (download) - annotate - [select for diffs], Wed Jul 13 16:30:48 2016 UTC (7 years, 11 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0
Changes since 1.61: +11 -6 lines
Diff to previous 1.61 (colored)
Split the existing TLS cipher suite groups into four: "secure" (TLSv1.2+AEAD+PFS) "compat" (HIGH:!aNULL) "legacy" (HIGH:MEDIUM:!aNULL) "insecure" (ALL:!aNULL:!eNULL) This allows for flexibility and finer grained control, rather than having two extremes (an issue raised by Marko Kreen some time ago). ok beck@ tedu@
Revision 1.61 / (download) - annotate - [select for diffs], Fri May 27 11:25:57 2016 UTC (8 years ago) by sthen
Branch: MAIN
Changes since 1.60: +3 -3 lines
Diff to previous 1.60 (colored)
typo fixes; Anthony Coulter
Revision 1.60 / (download) - annotate - [select for diffs], Mon May 9 13:48:57 2016 UTC (8 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.59: +4 -4 lines
Diff to previous 1.59 (colored)
Fix mangled function signatures. From Carlin Bingham <cb at viennan dot net>, thanks!
Revision 1.59 / (download) - annotate - [select for diffs], Thu Apr 28 18:27:51 2016 UTC (8 years, 1 month ago) by jmc
Branch: MAIN
Changes since 1.58: +2 -2 lines
Diff to previous 1.58 (colored)
spelling fix;
Revision 1.58 / (download) - annotate - [select for diffs], Thu Apr 28 17:05:59 2016 UTC (8 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.57: +18 -4 lines
Diff to previous 1.57 (colored)
Factor our the keypair handling in libtls. This results in more readable and self-contained code, while preparing for the ability to handle multiple keypairs. Also provide two additional functions that allow a public certificate and private key to be set with a single function call. ok beck@
Revision 1.57 / (download) - annotate - [select for diffs], Thu Apr 28 16:48:44 2016 UTC (8 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.56: +9 -4 lines
Diff to previous 1.56 (colored)
Rework the error handling in libtls so that we can associate errors with both configuration and contexts. This allows us to propagate errors that occur during configuration, rather than either just failing with no reason or delaying the failure until it can be propagated via the tls context. Also provide a tls_config_error() function for retrieving the last error from a tls_config *. ok bcook@
Revision 1.56 / (download) - annotate - [select for diffs], Sun Apr 24 12:16:36 2016 UTC (8 years, 1 month ago) by jmc
Branch: MAIN
Changes since 1.55: +4 -6 lines
Diff to previous 1.55 (colored)
no more outlen; from remco ok bcook deraadt
Revision 1.55 / (download) - annotate - [select for diffs], Sun Apr 24 07:02:07 2016 UTC (8 years, 1 month ago) by jmc
Branch: MAIN
Changes since 1.54: +3 -3 lines
Diff to previous 1.54 (colored)
typos;
Revision 1.54 / (download) - annotate - [select for diffs], Mon Nov 9 17:52:07 2015 UTC (8 years, 7 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.53: +4 -4 lines
Diff to previous 1.53 (colored)
update some client/server info; from jan klemkow ok jsing
Revision 1.53 / (download) - annotate - [select for diffs], Fri Oct 16 13:49:53 2015 UTC (8 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.52: +7 -7 lines
Diff to previous 1.52 (colored)
Put tls_config_verify_client_optional() in the right place.
Revision 1.52 / (download) - annotate - [select for diffs], Fri Oct 16 13:48:44 2015 UTC (8 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.51: +3 -3 lines
Diff to previous 1.51 (colored)
Fix tpyo.
Revision 1.51 / (download) - annotate - [select for diffs], Thu Oct 8 07:22:02 2015 UTC (8 years, 8 months ago) by jmc
Branch: MAIN
Changes since 1.50: +6 -6 lines
Diff to previous 1.50 (colored)
trailing whitespace;
Revision 1.50 / (download) - annotate - [select for diffs], Wed Oct 7 23:33:38 2015 UTC (8 years, 8 months ago) by beck
Branch: MAIN
Changes since 1.49: +29 -3 lines
Diff to previous 1.49 (colored)
Add tls_peer_cert_notbefore and tls_peer_cert_notafter to expose peer certificate validity times for tls connections. ok jsing@
Revision 1.49 / (download) - annotate - [select for diffs], Mon Sep 14 21:23:00 2015 UTC (8 years, 8 months ago) by jmc
Branch: MAIN
Changes since 1.48: +2 -2 lines
Diff to previous 1.48 (colored)
tweak previous;
Revision 1.48 / (download) - annotate - [select for diffs], Mon Sep 14 16:16:38 2015 UTC (8 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.47: +9 -1 lines
Diff to previous 1.47 (colored)
Provide tls_config_insecure_noverifytime() in order to be able to disable certificate validity checking. ok beck@
Revision 1.47 / (download) - annotate - [select for diffs], Mon Sep 14 15:14:55 2015 UTC (8 years, 8 months ago) by schwarze
Branch: MAIN
Changes since 1.46: +4 -4 lines
Diff to previous 1.46 (colored)
Remove useless quoting from .Fo and .Fn function names, to prevent development of a cargo cult in case people look at existing files for examples. This achieves a consistent .Fo and .Fn quoting style across the whole tree.
Revision 1.46 / (download) - annotate - [select for diffs], Mon Sep 14 14:29:30 2015 UTC (8 years, 8 months ago) by jmc
Branch: MAIN
Changes since 1.45: +8 -9 lines
Diff to previous 1.45 (colored)
some conn_version and conn_cipher bits;
Revision 1.45 / (download) - annotate - [select for diffs], Mon Sep 14 12:05:33 2015 UTC (8 years, 8 months ago) by schwarze
Branch: MAIN
Changes since 1.44: +3 -2 lines
Diff to previous 1.44 (colored)
add missing function return types
Revision 1.44 / (download) - annotate - [select for diffs], Sun Sep 13 10:32:46 2015 UTC (8 years, 9 months ago) by beck
Branch: MAIN
Changes since 1.43: +23 -3 lines
Diff to previous 1.43 (colored)
add visibility of ciper and connection version strings ok jsing@
Revision 1.43 / (download) - annotate - [select for diffs], Sat Sep 12 21:00:38 2015 UTC (8 years, 9 months ago) by beck
Branch: MAIN
Changes since 1.42: +9 -19 lines
Diff to previous 1.42 (colored)
Move connection info into it's own private structure allocated and filled in at handshake time. change accessors to return const char * to remove need for caller to free memory. ok jsing@
Revision 1.42 / (download) - annotate - [select for diffs], Fri Sep 11 14:22:53 2015 UTC (8 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.41: +4 -1 lines
Diff to previous 1.41 (colored)
more for NAME;
Revision 1.41 / (download) - annotate - [select for diffs], Fri Sep 11 14:20:14 2015 UTC (8 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.40: +15 -16 lines
Diff to previous 1.40 (colored)
more cleanup;
Revision 1.40 / (download) - annotate - [select for diffs], Fri Sep 11 14:15:19 2015 UTC (8 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.39: +20 -20 lines
Diff to previous 1.39 (colored)
update NAME; various cleanup
Revision 1.39 / (download) - annotate - [select for diffs], Fri Sep 11 13:59:20 2015 UTC (8 years, 9 months ago) by beck
Branch: MAIN
Changes since 1.38: +54 -2 lines
Diff to previous 1.38 (colored)
document tls_get_peer_subject, tls_get_peer_issuer, and tls_get_peer_hash ok jsing@
Revision 1.38 / (download) - annotate - [select for diffs], Fri Sep 11 12:56:55 2015 UTC (8 years, 9 months ago) by beck
Branch: MAIN
Changes since 1.37: +29 -2 lines
Diff to previous 1.37 (colored)
add tls_peer functions for checking names and issuers of peer certificates. ok jsing@
Revision 1.37 / (download) - annotate - [select for diffs], Fri Sep 11 09:02:10 2015 UTC (8 years, 9 months ago) by beck
Branch: MAIN
Changes since 1.36: +12 -2 lines
Diff to previous 1.36 (colored)
specify what is permitted as an argument to tls_config_set_ciphers()
Revision 1.36 / (download) - annotate - [select for diffs], Fri Sep 11 07:09:05 2015 UTC (8 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.35: +7 -5 lines
Diff to previous 1.35 (colored)
- add some missing NAME entries - zap trailing whitespace - avoid "can not"
Revision 1.35 / (download) - annotate - [select for diffs], Thu Sep 10 16:59:00 2015 UTC (8 years, 9 months ago) by deraadt
Branch: MAIN
Changes since 1.34: +11 -8 lines
Diff to previous 1.34 (colored)
improve examples, 1. hoist pollfd fields which don't change upwards 2. show ret as ssize_t, it MUST BE, or there will be lots of crying 3. on first pass, must check for either POLLIN|POLLOUT ok millert beck
Revision 1.34 / (download) - annotate - [select for diffs], Thu Sep 10 15:47:25 2015 UTC (8 years, 9 months ago) by beck
Branch: MAIN
Changes since 1.33: +16 -2 lines
Diff to previous 1.33 (colored)
document client side certificate verification functionality. ok jsing@
Revision 1.33 / (download) - annotate - [select for diffs], Thu Sep 10 14:57:29 2015 UTC (8 years, 9 months ago) by beck
Branch: MAIN
Changes since 1.32: +58 -15 lines
Diff to previous 1.32 (colored)
document changed tls_read and tls_write semantics. document functions that clear errno. change examples to provide demonstration of both the blocking and non-blocking cases. ok jsing@, bluhm@
Revision 1.32 / (download) - annotate - [select for diffs], Thu Sep 10 14:17:22 2015 UTC (8 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.31: +3 -3 lines
Diff to previous 1.31 (colored)
tweak previous;
Revision 1.31 / (download) - annotate - [select for diffs], Thu Sep 10 13:29:53 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.30: +6 -5 lines
Diff to previous 1.30 (colored)
Correctly document the behaviour of tls_close() - the caller is responsible for closing the file descriptors unless libtls allocated them. ok beck@
Revision 1.30 / (download) - annotate - [select for diffs], Thu Sep 10 13:23:57 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.29: +13 -20 lines
Diff to previous 1.29 (colored)
Replace TLS_{READ,WRITE}_AGAIN with TLS_WANT_POLL{IN,OUT} and correctly
document the calling requirements.
ok beck@
Revision 1.29 / (download) - annotate - [select for diffs], Thu Sep 10 11:21:08 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.28: +37 -35 lines
Diff to previous 1.28 (colored)
Update libtls man page to reflect tls_handshake() related changes. ok beck@
Revision 1.28 / (download) - annotate - [select for diffs], Thu Sep 10 11:00:54 2015 UTC (8 years, 9 months ago) by beck
Branch: MAIN
Changes since 1.27: +3 -3 lines
Diff to previous 1.27 (colored)
revert accidental commit
Revision 1.27 / (download) - annotate - [select for diffs], Thu Sep 10 10:59:22 2015 UTC (8 years, 9 months ago) by beck
Branch: MAIN
Changes since 1.26: +5 -5 lines
Diff to previous 1.26 (colored)
comment for errno clobbering, to indicate why we do this. ok deraadt@ jsing@
Revision 1.26 / (download) - annotate - [select for diffs], Thu Sep 10 09:10:42 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.25: +18 -1 lines
Diff to previous 1.25 (colored)
Add support for preferring the server's cipher list or the client's cipher list. Prefer the server's cipher list by default. Based on a diff from Kyle Thompson <jmp at giga dot moe>. ok beck@ bcook@
Revision 1.25 / (download) - annotate - [select for diffs], Sun Jul 19 17:10:23 2015 UTC (8 years, 10 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.24: +5 -5 lines
Diff to previous 1.24 (colored)
tweak previous; ok doug
Revision 1.24 / (download) - annotate - [select for diffs], Sun Jul 19 05:49:27 2015 UTC (8 years, 10 months ago) by doug
Branch: MAIN
Changes since 1.23: +29 -2 lines
Diff to previous 1.23 (colored)
Add documentation on how to use TLS_{READ,WRITE}_AGAIN.
ok beck@
Revision 1.23 / (download) - annotate - [select for diffs], Fri Apr 3 22:33:43 2015 UTC (9 years, 2 months ago) by jmc
Branch: MAIN
Changes since 1.22: +2 -2 lines
Diff to previous 1.22 (colored)
comma fix;
Revision 1.22 / (download) - annotate - [select for diffs], Thu Apr 2 13:19:15 2015 UTC (9 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.21: +5 -2 lines
Diff to previous 1.21 (colored)
Handle the case where multiple calls to SSL_shutdown() are required to close the connection. Also correctly handle the error on failure. Diff from cookieandscream via github.
Revision 1.21 / (download) - annotate - [select for diffs], Thu Apr 2 05:54:22 2015 UTC (9 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.20: +3 -3 lines
Diff to previous 1.20 (colored)
Correct man page title. Diff from Tim van der Molen. ok jmc@
Revision 1.20 / (download) - annotate - [select for diffs], Thu Apr 2 05:53:08 2015 UTC (9 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.19: +11 -7 lines
Diff to previous 1.19 (colored)
Document the fact that the tls_accept_*() functions can return TLS_READ_AGAIN and TLS_WRITE_AGAIN. Based on a diff from Tim van der Molen.
Revision 1.19 / (download) - annotate - [select for diffs], Tue Mar 31 14:03:38 2015 UTC (9 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.18: +18 -2 lines
Diff to previous 1.18 (colored)
Provide a tls_accept_fds() function, which allows a TLS connection to be accepted via an existing pair of file descriptors. Based on a diff from Jan Klemkow.
Revision 1.18 / (download) - annotate - [select for diffs], Sun Feb 22 15:09:54 2015 UTC (9 years, 3 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.17: +10 -10 lines
Diff to previous 1.17 (colored)
Rename tls_config_insecure_noverifyhost() to tls_config_insecure_noverifyname(), so that it is more accurate and keeps inline with the distinction between DNS hostname and server name. Requested by tedu@ during s2k15.
Revision 1.17 / (download) - annotate - [select for diffs], Sat Feb 21 21:41:00 2015 UTC (9 years, 3 months ago) by tedu
Branch: MAIN
Changes since 1.16: +9 -2 lines
Diff to previous 1.16 (colored)
explain how tls_accept_socket works.
Revision 1.16 / (download) - annotate - [select for diffs], Sat Feb 21 19:58:39 2015 UTC (9 years, 3 months ago) by tedu
Branch: MAIN
Changes since 1.15: +4 -4 lines
Diff to previous 1.15 (colored)
tls_config_set_protocols is really void. Greg Martin.
Revision 1.15 / (download) - annotate - [select for diffs], Sat Feb 21 19:54:59 2015 UTC (9 years, 3 months ago) by tedu
Branch: MAIN
Changes since 1.14: +26 -2 lines
Diff to previous 1.14 (colored)
fill out docs a bit more, notably the read/write again behaviors. ok jsing
Revision 1.14 / (download) - annotate - [select for diffs], Sun Feb 15 13:36:06 2015 UTC (9 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.13: +3 -3 lines
Diff to previous 1.13 (colored)
s/tls_load_keys/tls_load_file/
Revision 1.13 / (download) - annotate - [select for diffs], Sun Feb 15 13:33:14 2015 UTC (9 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.12: +24 -3 lines
Diff to previous 1.12 (colored)
Document tls_config_parse_protocols() and update documentation for tls_config_set_protocols().
Revision 1.12 / (download) - annotate - [select for diffs], Wed Feb 11 07:01:10 2015 UTC (9 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.11: +10 -2 lines
Diff to previous 1.11 (colored)
Provide a tls_connect_servername() function that has the same behaviour as tls_connect(), however allows the name to use for verification to be explicitly provided, rather than being inferred from the host value. Requested by reyk@ ok reyk@ tedu@
Revision 1.11 / (download) - annotate - [select for diffs], Wed Feb 11 06:46:33 2015 UTC (9 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.10: +3 -3 lines
Diff to previous 1.10 (colored)
Be consistent with naming - only use "host" and "hostname" when referring to an actual host and use "servername" when referring to the name of the TLS server that we expect to be indentified in the server certificate. Likewise, rename verify_host to verify_name and use the term "name" throughout the verification code (rather than host or hostname). Requested by and ok tedu@
Revision 1.10 / (download) - annotate - [select for diffs], Sat Feb 7 23:45:06 2015 UTC (9 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.9: +26 -2 lines
Diff to previous 1.9 (colored)
Add manpage bits for tls_load_file() and tls_accept_socket(). The tls_accept_socket() has been previously removed because the API is not fixed yet; but it is also already used by httpd(8) and spamd(8) so it is time to add it again and eventually change it later. OK tedu@
Revision 1.9 / (download) - annotate - [select for diffs], Sat Feb 7 06:19:26 2015 UTC (9 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.8: +6 -3 lines
Diff to previous 1.8 (colored)
Add tls_config_set_dheparams() to allow specification of the parameters to use for DHE. This enables the use of DHE cipher suites. Rename tls_config_set_ecdhcurve() to tls_config_set_ecdhecurve() since it is only used to specify the curve for ephemeral ECDH. Discussed with reyk@
Revision 1.8 / (download) - annotate - [select for diffs], Thu Jan 22 11:08:54 2015 UTC (9 years, 4 months ago) by jmc
Branch: MAIN
Changes since 1.7: +3 -3 lines
Diff to previous 1.7 (colored)
last entry in NAME should not have a trailing comma;
Revision 1.7 / (download) - annotate - [select for diffs], Thu Jan 22 09:16:24 2015 UTC (9 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.6: +8 -1 lines
Diff to previous 1.6 (colored)
Allow to to load the CA chain directly from memory instead of specifying a file. This enables CA verification in privsep'ed processes that are running chroot'ed without direct access to the certificate files. With feedback, tests, and OK from bluhm@
Revision 1.6 / (download) - annotate - [select for diffs], Thu Jan 1 13:30:52 2015 UTC (9 years, 5 months ago) by schwarze
Branch: MAIN
Changes since 1.5: +2 -8 lines
Diff to previous 1.5 (colored)
Revert previous; tls_accept_socket() was intentionally undocumented because the API design isn't fully settled. Requested by jsing@ and tedu@.
Revision 1.5 / (download) - annotate - [select for diffs], Thu Jan 1 08:42:08 2015 UTC (9 years, 5 months ago) by schwarze
Branch: MAIN
Changes since 1.4: +8 -2 lines
Diff to previous 1.4 (colored)
minimally document tls_accept_socket(); patch from Sunil at Nimmagadda dot net
Revision 1.4 / (download) - annotate - [select for diffs], Tue Nov 11 04:17:34 2014 UTC (9 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.3: +3 -3 lines
Diff to previous 1.3 (colored)
delete extra word in Nd
Revision 1.3 / (download) - annotate - [select for diffs], Fri Nov 7 13:57:43 2014 UTC (9 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.2: +3 -3 lines
Diff to previous 1.2 (colored)
missing outlen in tls_write decl
Revision 1.2 / (download) - annotate - [select for diffs], Sun Nov 2 14:45:05 2014 UTC (9 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.1: +15 -2 lines
Diff to previous 1.1 (colored)
Add a tls_connect_fds() function that allows a secure connection to be established using a pair of existing file descriptors. Based on a diff/request from Jan Klemkow. Rides previous libtls rename/library bump. Discussed with tedu@.
Revision 1.1 / (download) - annotate - [select for diffs], Fri Oct 31 13:46:17 2014 UTC (9 years, 7 months ago) by jsing
Branch: MAIN
Rename libressl to libtls to avoid confusion and to make it easier to distinguish between LibreSSL (the project) and libressl (the library). Discussed with many.