![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / lib / libtls
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.8 / (download) - annotate - [select for diffs], Mon Apr 10 17:11:13 2017 UTC (7 years, 2 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2,
HEAD
Changes since 1.7: +7 -2 lines
Diff to previous 1.7 (colored)
Rework name verification code so that a match is indicated via an argument, rather than return codes. More strictly follow RFC 6125, in particular only check the CN if there are no SAN identifiers present in the certificate (per section 6.4.4). Previous behaviour questioned by Daniel Stenberg <daniel at haxx dot se>. ok beck@ jca@
Revision 1.7 / (download) - annotate - [select for diffs], Wed Apr 5 03:19:22 2017 UTC (7 years, 2 months ago) by beck
Branch: MAIN
Changes since 1.6: +12 -1 lines
Diff to previous 1.6 (colored)
Add tls_peer_cert_chain_pem - To retreive the peer certificate and chain as PEM format. This allows for it to be used or examined with tools external to libtls bump minor ok jsing@
Revision 1.6 / (download) - annotate - [select for diffs], Mon Aug 22 17:08:10 2016 UTC (7 years, 9 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.5: +10 -10 lines
Diff to previous 1.5 (colored)
Stick with the usual 'if NULL return NULL' idiom. ok beck@
Revision 1.5 / (download) - annotate - [select for diffs], Wed Oct 7 23:33:38 2015 UTC (8 years, 8 months ago) by beck
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.4: +21 -1 lines
Diff to previous 1.4 (colored)
Add tls_peer_cert_notbefore and tls_peer_cert_notafter to expose peer certificate validity times for tls connections. ok jsing@
Revision 1.4 / (download) - annotate - [select for diffs], Sat Sep 12 21:00:38 2015 UTC (8 years, 9 months ago) by beck
Branch: MAIN
Changes since 1.3: +18 -90 lines
Diff to previous 1.3 (colored)
Move connection info into it's own private structure allocated and filled in at handshake time. change accessors to return const char * to remove need for caller to free memory. ok jsing@
Revision 1.3 / (download) - annotate - [select for diffs], Fri Sep 11 13:22:39 2015 UTC (8 years, 9 months ago) by beck
Branch: MAIN
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored)
!= -> == that I broke while bikeshedding
Revision 1.2 / (download) - annotate - [select for diffs], Fri Sep 11 12:56:55 2015 UTC (8 years, 9 months ago) by beck
Branch: MAIN
Changes since 1.1: +49 -1 lines
Diff to previous 1.1 (colored)
add tls_peer functions for checking names and issuers of peer certificates. ok jsing@
Revision 1.1 / (download) - annotate - [select for diffs], Fri Sep 11 11:28:01 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Provide tls_peer_cert_hash() which returns a hash of the raw certificate
that was presented by the peer. The hash used is currently SHA256, however
since we prefix the result with the hash name, we can change this in the
future as the need arises.
The same output can be generated by using:
h=$(openssl x509 -outform der -in mycert.crt | sha256)
printf "SHA256:${h}\n"
ok beck@