<feed xmlns='http://www.w3.org/2005/Atom'>
<title>s6-networking/src/stls/stls_client_init_and_handshake.c, branch 2.5.0.0</title>
<subtitle>UCSPI TCP implementation and other networking utilities</subtitle>
<id>https://git.skarnet.org/cgit/s6-networking/atom/src/stls/stls_client_init_and_handshake.c?h=2.5.0.0</id>
<link rel='self' href='https://git.skarnet.org/cgit/s6-networking/atom/src/stls/stls_client_init_and_handshake.c?h=2.5.0.0'/>
<link rel='alternate' type='text/html' href='https://git.skarnet.org/cgit/s6-networking/'/>
<updated>2021-08-10T00:26:41Z</updated>
<entry>
<title> Adapt to skalibs-2.11.0.0</title>
<updated>2021-08-10T00:26:41Z</updated>
<author>
<name>Laurent Bercot</name>
<email>ska-skaware@skarnet.org</email>
</author>
<published>2021-08-10T00:26:41Z</published>
<link rel='alternate' type='text/html' href='https://git.skarnet.org/cgit/s6-networking/commit/?id=fb68edd32df2e2d9b4e8eae813ce6c60d82b4204'/>
<id>urn:sha1:fb68edd32df2e2d9b4e8eae813ce6c60d82b4204</id>
<content type='text'>
Signed-off-by: Laurent Bercot &lt;ska@appnovation.com&gt;
</content>
</entry>
<entry>
<title> Implement handshake timeout for libtls backend</title>
<updated>2021-01-13T11:36:16Z</updated>
<author>
<name>Laurent Bercot</name>
<email>ska-skaware@skarnet.org</email>
</author>
<published>2021-01-13T11:36:16Z</published>
<link rel='alternate' type='text/html' href='https://git.skarnet.org/cgit/s6-networking/commit/?id=cc7dccb1858e73176814c3a8457ff6f94ff45662'/>
<id>urn:sha1:cc7dccb1858e73176814c3a8457ff6f94ff45662</id>
<content type='text'>
</content>
</entry>
<entry>
<title> stls client: prefer CAFILE, warn on CADIR use, because libtls is broken</title>
<updated>2020-11-23T15:39:17Z</updated>
<author>
<name>Laurent Bercot</name>
<email>ska-skaware@skarnet.org</email>
</author>
<published>2020-11-23T15:39:17Z</published>
<link rel='alternate' type='text/html' href='https://git.skarnet.org/cgit/s6-networking/commit/?id=030ba53485e9b8a2793e1f1c9c8f62f8b8987e95'/>
<id>urn:sha1:030ba53485e9b8a2793e1f1c9c8f62f8b8987e95</id>
<content type='text'>
</content>
</entry>
<entry>
<title> Fix more bugs; disable renegociation in bearssl client</title>
<updated>2020-11-23T14:25:24Z</updated>
<author>
<name>Laurent Bercot</name>
<email>ska-skaware@skarnet.org</email>
</author>
<published>2020-11-23T14:25:24Z</published>
<link rel='alternate' type='text/html' href='https://git.skarnet.org/cgit/s6-networking/commit/?id=564631637bcd238b4c9aad5496aa9e049f948dd9'/>
<id>urn:sha1:564631637bcd238b4c9aad5496aa9e049f948dd9</id>
<content type='text'>
</content>
</entry>
<entry>
<title> Fix a few bugs. sbearssl appears to be working.</title>
<updated>2020-11-22T21:49:58Z</updated>
<author>
<name>Laurent Bercot</name>
<email>ska-skaware@skarnet.org</email>
</author>
<published>2020-11-22T21:49:58Z</published>
<link rel='alternate' type='text/html' href='https://git.skarnet.org/cgit/s6-networking/commit/?id=bae11b88357db72b19413cd05c62ac9242b9b597'/>
<id>urn:sha1:bae11b88357db72b19413cd05c62ac9242b9b597</id>
<content type='text'>
</content>
</entry>
<entry>
<title> Privs can only be dropped after reading key files.</title>
<updated>2020-11-21T02:22:09Z</updated>
<author>
<name>Laurent Bercot</name>
<email>ska-skaware@skarnet.org</email>
</author>
<published>2020-11-21T02:22:09Z</published>
<link rel='alternate' type='text/html' href='https://git.skarnet.org/cgit/s6-networking/commit/?id=5c2880becc94141b8035b3488b6bd60696011308'/>
<id>urn:sha1:5c2880becc94141b8035b3488b6bd60696011308</id>
<content type='text'>
</content>
</entry>
<entry>
<title> Refactor tls code to support ucspi-tls</title>
<updated>2020-11-20T23:24:29Z</updated>
<author>
<name>Laurent Bercot</name>
<email>ska-skaware@skarnet.org</email>
</author>
<published>2020-11-20T23:24:29Z</published>
<link rel='alternate' type='text/html' href='https://git.skarnet.org/cgit/s6-networking/commit/?id=5715c21a077ee1c2fe8957cb4adcea14fd2eda6b'/>
<id>urn:sha1:5715c21a077ee1c2fe8957cb4adcea14fd2eda6b</id>
<content type='text'>
 That includes:
 - new architecture: the tls binary is now a child of the app
instead of the other way around
 - the sbearssl_run engine now takes a post-handshake callback.
This allows s6-tlsc and s6-tlsd to only exec into the app when
the handshake succeeds (which was already the case with libressl).
 - new binaries s6-tlsc-io and s6-tlsd-io encapsulate the crypto
code; they init and run the engine, connecting to 4 already open
fds (stdin/stdout = network, argv[1] and argv[2] = local)
 - s6-tlsc is now a simple wrapper around s6-tlsc-io
 - s6-tlsd is now a simple wrapper around s6-tlsd-io
 - new binary: s6-ucspitlsd, which is also a wrapper around
s6-tlsd-io, but differently: the parent execs the app which should
be ucspi-tls-aware, the child waits for a command from the parent
and execs into s6-tlsd-io if it receives it.
</content>
</entry>
</feed>
