summary refs log tree commit diff
Commit message (Collapse)AuthorAge
* build: Add ax_check_opensslJune McEnroe2020-07-31
|
* tls: Call SSL_CTX_set_default_verify_paths by defaultJune McEnroe2020-07-31
| | | | | | | | | | | | | | | | | | | | | | | This removes the hard dependency on a CA bundle file existing in the default path (which seems to not be the case on Debian, for example), but results in a subtle behaviour change: if the CA bundle file does not exist, the CA directory will be used instead, rather than failing hard. I believe the only reason libtls insists on loading a CA bundle file itself is so that it can be sandboxed afterwards, given that a file is loaded all at once while a directory is only loaded as needed. If the default CA bundle file exists, SSL_CTX_set_default_verify_paths will still immediately load it, so sandboxing will still work. If it doesn't exist, then the CA directory will be used, which will work well for unsandboxed applications, but will likely fail during verification as it tries to search the directory. Either way, if the CA bundle file does not exist, a sandboxed application will not work. Enabling the use of the CA directory, however, will allow more unsandboxed applications to work. Finally, to restore the original behaviour, an application can call tls_config_set_ca_file(3) with the path returned by tls_default_ca_cert_file(3).
* tls_config: Replace constant with X509_get_default_cert_file()June McEnroe2020-07-31
|
* tls_internal: Replace default ciphers with compatJune McEnroe2020-07-31
|
* tls: Implement load_verify_memJune McEnroe2020-07-31
| | | | Based on crypto/x509/by_mem.c
* tls: Implement use_certificate_chain_memJune McEnroe2020-07-31
| | | | Based on ssl/ssl_rsa.c.
* tls: Use SSL_CTX_get0_param and X509_STORE_get0_paramJune McEnroe2020-07-31
|
* tls_server: Remove SSL_OP_NO_CLIENT_RENEGOTIATIONJune McEnroe2020-07-31
| | | | This is a LibreSSL-specific option.
* tls_ocsp: Use X509_STORE_CTX_new and X509_OBJECT_newJune McEnroe2020-07-31
|
* tls_ocsp: Use ASN1_TIME_to_tmJune McEnroe2020-07-31
|
* tls_conninfo: Implement time_tm_clamp_notafterJune McEnroe2020-07-31
| | | | From crypto/asn1/a_time_tm.c
* tls_conninfo: Use ASN1_TIME_to_tmJune McEnroe2020-07-31
|
* tls_verify: Use ASN1_STRING_get0_dataJune McEnroe2020-07-31
|
* tls_bio_cb: Use public BIO interfacesJune McEnroe2020-07-31
|
* tls_server: #include <string.h>June McEnroe2020-07-30
|
* tls_client: #include <string.h>June McEnroe2020-07-30
|
* tls_util: #include <string.h>June McEnroe2020-07-30
|
* tls_config: #include <string.h>June McEnroe2020-07-30
|
* tls: #include <string.h>June McEnroe2020-07-30
|
* Import LibreSSL 3.2.0June McEnroe2020-07-30
|
* import: Add script to extract libtls from libressl-portableJune McEnroe2020-07-30
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-05 18:05:24 +0000
d=f6e92ca67f72999ae9b520c9008a4855a339620b&follow=1'>Use Z_FILTERED strategyJune McEnroe 2021-09-21Recalculate various lengths only as neededJune McEnroe This actually speeds things up quite a bit, saving roughly a second on a big PNG screenshot. Almost all the remaining time is spent in deflate. 2021-09-21Rewrite pngo, add explicit optionsJune McEnroe Interesting to see how my code habits have changed. 2021-09-16Fix /* **/ comment matchingJune McEnroe 2021-09-15Remove typer, add downgrade to READMEJune McEnroe 2021-09-15Set bot mode on downgradeJune McEnroe 2021-09-15Enter capsicum in downgradeJune McEnroe 2021-09-15Factor out common parts of downgrade messagesJune McEnroe Also bump the message cap to 1024 because that is ostensibly useful for replying to older messages. 2021-09-14Add downgrade IRC botJune McEnroe 2021-09-14Sort by title if authors matchJune McEnroe There are probably better things to sort by but title definitely always exists. 2021-09-13Swap-remove tags as they're foundJune McEnroe This makes it even faster. From ~1s on a sqlite3.c amalgamation to ~0.85s. 2021-09-12Replace htagml regex with strncmpJune McEnroe Since ctags only ever produces regular expressions of the form /^re$/ or /^re/ with no other special characters, instead unescape the pattern and simply use strncmp. Running on a sqlite3.c amalgamation, the regex version takes ~37s while the strncmp version takes ~1s, producing identical output. Big win! 2021-09-11Also defer printing comment for lone close-parensJune McEnroe 2021-09-10Publish "git-comment"June McEnroe 2021-09-10Add git comment --pretty optionJune McEnroe 2021-09-08Defer printing comment if line is blank or closing braceJune McEnroe This fixes badly indented comments. 2021-09-08Up default min-repeat to 30 linesJune McEnroe 2021-09-08Handle dirty lines in git-commentJune McEnroe 2021-09-08Document and install git-commentJune McEnroe 2021-09-08Add repeat and all options to git-commentJune McEnroe 2021-09-08Add group threshold to git-commentJune McEnroe