Commit message (Collapse) | Author | Age | ||
---|---|---|---|---|
... | ||||
* | | build: Strip down build | June McEnroe | 2020-08-02 | |
| | | ||||
* | | build: Add ax_check_openssl | June McEnroe | 2020-07-31 | |
| | | ||||
* | | tls: Call SSL_CTX_set_default_verify_paths by default | June McEnroe | 2020-07-31 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This removes the hard dependency on a CA bundle file existing in the default path (which seems to not be the case on Debian, for example), but results in a subtle behaviour change: if the CA bundle file does not exist, the CA directory will be used instead, rather than failing hard. I believe the only reason libtls insists on loading a CA bundle file itself is so that it can be sandboxed afterwards, given that a file is loaded all at once while a directory is only loaded as needed. If the default CA bundle file exists, SSL_CTX_set_default_verify_paths will still immediately load it, so sandboxing will still work. If it doesn't exist, then the CA directory will be used, which will work well for unsandboxed applications, but will likely fail during verification as it tries to search the directory. Either way, if the CA bundle file does not exist, a sandboxed application will not work. Enabling the use of the CA directory, however, will allow more unsandboxed applications to work. Finally, to restore the original behaviour, an application can call tls_config_set_ca_file(3) with the path returned by tls_default_ca_cert_file(3). | |||
* | | tls_config: Replace constant with X509_get_default_cert_file() | June McEnroe | 2020-07-31 | |
| | | ||||
* | | tls_internal: Replace default ciphers with compat | June McEnroe | 2020-07-31 | |
| | | ||||
* | | tls: Implement load_verify_mem | June McEnroe | 2020-07-31 | |
| | | | | | | | | Based on crypto/x509/by_mem.c | |||
* | | tls: Implement use_certificate_chain_mem | June McEnroe | 2020-07-31 | |
| | | | | | | | | Based on ssl/ssl_rsa.c. | |||
* | | tls: Use SSL_CTX_get0_param and X509_STORE_get0_param | June McEnroe | 2020-07-31 | |
| | | ||||
* | | tls_server: Remove SSL_OP_NO_CLIENT_RENEGOTIATION | June McEnroe | 2020-07-31 | |
| | | | | | | | | This is a LibreSSL-specific option. | |||
* | | tls_ocsp: Use X509_STORE_CTX_new and X509_OBJECT_new | June McEnroe | 2020-07-31 | |
| | | ||||
* | | tls_ocsp: Use ASN1_TIME_to_tm | June McEnroe | 2020-07-31 | |
| | | ||||
* | | tls_conninfo: Implement time_tm_clamp_notafter | June McEnroe | 2020-07-31 | |
| | | | | | | | | From crypto/asn1/a_time_tm.c | |||
* | | tls_conninfo: Use ASN1_TIME_to_tm | June McEnroe | 2020-07-31 | |
| | | ||||
* | | tls_verify: Use ASN1_STRING_get0_data | June McEnroe | 2020-07-31 | |
| | | ||||
* | | tls_bio_cb: Use public BIO interfaces | June McEnroe | 2020-07-31 | |
| | | ||||
* | | tls_server: #include <string.h> | June McEnroe | 2020-07-30 | |
| | | ||||
* | | tls_client: #include <string.h> | June McEnroe | 2020-07-30 | |
| | | ||||
* | | tls_util: #include <string.h> | June McEnroe | 2020-07-30 | |
| | | ||||
* | | tls_config: #include <string.h> | June McEnroe | 2020-07-30 | |
| | | ||||
* | | tls: #include <string.h> | June McEnroe | 2020-07-30 | |
|/ | ||||
* | Import LibreSSL 3.2.0 | June McEnroe | 2020-07-30 | |
| | ||||
* | import: Add script to extract libtls from libressl-portable | June McEnroe | 2020-07-30 | |