<feed xmlns='http://www.w3.org/2005/Atom'>
<title>s6-networking/src/stls/stls_run.c, branch 2.5.0.0</title>
<subtitle>UCSPI TCP implementation and other networking utilities</subtitle>
<id>https://git.skarnet.org/cgit/s6-networking/atom/src/stls/stls_run.c?h=2.5.0.0</id>
<link rel='self' href='https://git.skarnet.org/cgit/s6-networking/atom/src/stls/stls_run.c?h=2.5.0.0'/>
<link rel='alternate' type='text/html' href='https://git.skarnet.org/cgit/s6-networking/'/>
<updated>2020-12-07T12:53:54Z</updated>
<entry>
<title> Change -K semantics: timeout *during handshake*, not afterwards</title>
<updated>2020-12-07T12:53:54Z</updated>
<author>
<name>Laurent Bercot</name>
<email>ska-skaware@skarnet.org</email>
</author>
<published>2020-12-07T12:53:54Z</published>
<link rel='alternate' type='text/html' href='https://git.skarnet.org/cgit/s6-networking/commit/?id=f7e676abdc799fcee5138807447b5e91ab05508f'/>
<id>urn:sha1:f7e676abdc799fcee5138807447b5e91ab05508f</id>
<content type='text'>
 - the TLS tunnel itself should be transparent so it has no business
shutting down the connection no matter how long the app takes
 - there's still an undetectable situation on some kernels where
EOF doesn't get transmitted from the network, and the engine is in
the handshake, and it can't do anything but wait forever. A timeout
is useful here: dawg, your peer is never going to send any more data,
you should just give up.
 - if the situation happens after the handshake, the *app* should
have a timeout and die. The tunnel will follow suit.
 - libtls has a blocking tls_handshake() blackbox, we cannot give it
a timeout. Too bad, use bearssl.
</content>
</entry>
<entry>
<title> Fix a few bugs. sbearssl appears to be working.</title>
<updated>2020-11-22T21:49:58Z</updated>
<author>
<name>Laurent Bercot</name>
<email>ska-skaware@skarnet.org</email>
</author>
<published>2020-11-22T21:49:58Z</published>
<link rel='alternate' type='text/html' href='https://git.skarnet.org/cgit/s6-networking/commit/?id=bae11b88357db72b19413cd05c62ac9242b9b597'/>
<id>urn:sha1:bae11b88357db72b19413cd05c62ac9242b9b597</id>
<content type='text'>
</content>
</entry>
<entry>
<title> Refactor tls code to support ucspi-tls</title>
<updated>2020-11-20T23:24:29Z</updated>
<author>
<name>Laurent Bercot</name>
<email>ska-skaware@skarnet.org</email>
</author>
<published>2020-11-20T23:24:29Z</published>
<link rel='alternate' type='text/html' href='https://git.skarnet.org/cgit/s6-networking/commit/?id=5715c21a077ee1c2fe8957cb4adcea14fd2eda6b'/>
<id>urn:sha1:5715c21a077ee1c2fe8957cb4adcea14fd2eda6b</id>
<content type='text'>
 That includes:
 - new architecture: the tls binary is now a child of the app
instead of the other way around
 - the sbearssl_run engine now takes a post-handshake callback.
This allows s6-tlsc and s6-tlsd to only exec into the app when
the handshake succeeds (which was already the case with libressl).
 - new binaries s6-tlsc-io and s6-tlsd-io encapsulate the crypto
code; they init and run the engine, connecting to 4 already open
fds (stdin/stdout = network, argv[1] and argv[2] = local)
 - s6-tlsc is now a simple wrapper around s6-tlsc-io
 - s6-tlsd is now a simple wrapper around s6-tlsd-io
 - new binary: s6-ucspitlsd, which is also a wrapper around
s6-tlsd-io, but differently: the parent execs the app which should
be ucspi-tls-aware, the child waits for a command from the parent
and execs into s6-tlsd-io if it receives it.
</content>
</entry>
<entry>
<title> Moderately big hammer: force kill on s6-tlsd when it has nothing to write to the network</title>
<updated>2017-08-28T21:10:03Z</updated>
<author>
<name>Laurent Bercot</name>
<email>ska-skaware@skarnet.org</email>
</author>
<published>2017-08-28T21:10:03Z</published>
<link rel='alternate' type='text/html' href='https://git.skarnet.org/cgit/s6-networking/commit/?id=5691bc64df8444cfbebe7a97480f49f79497b19b'/>
<id>urn:sha1:5691bc64df8444cfbebe7a97480f49f79497b19b</id>
<content type='text'>
</content>
</entry>
<entry>
<title> Revert big hammer. Data still needs to be flushed to the network even when the local app dies.</title>
<updated>2017-08-28T20:30:00Z</updated>
<author>
<name>Laurent Bercot</name>
<email>ska-skaware@skarnet.org</email>
</author>
<published>2017-08-28T20:30:00Z</published>
<link rel='alternate' type='text/html' href='https://git.skarnet.org/cgit/s6-networking/commit/?id=d594db1b68d6a2c890d385087799dd8cdf6dc966'/>
<id>urn:sha1:d594db1b68d6a2c890d385087799dd8cdf6dc966</id>
<content type='text'>
</content>
</entry>
<entry>
<title> Explicitly make s6-tls[cd] die when the app dies</title>
<updated>2017-05-11T16:29:01Z</updated>
<author>
<name>Laurent Bercot</name>
<email>ska-skaware@skarnet.org</email>
</author>
<published>2017-05-11T16:29:01Z</published>
<link rel='alternate' type='text/html' href='https://git.skarnet.org/cgit/s6-networking/commit/?id=4b632a08e4b58140b9946b644c7884d3f0294c09'/>
<id>urn:sha1:4b632a08e4b58140b9946b644c7884d3f0294c09</id>
<content type='text'>
 I have no explanation for the fact that they sometimes survive their app,
and I'm fed up with it, so it's time to use the big hammer.
</content>
</entry>
<entry>
<title> Fix case where s6-tls[cd] would sometimes not detect an application and remain there forever with its zombie, both condemned to err in limbo for all eternity, the living and the dead, hand in hand</title>
<updated>2017-03-22T21:37:30Z</updated>
<author>
<name>Laurent Bercot</name>
<email>ska-skaware@skarnet.org</email>
</author>
<published>2017-03-22T21:37:30Z</published>
<link rel='alternate' type='text/html' href='https://git.skarnet.org/cgit/s6-networking/commit/?id=dddbfab568d42e443f102d35c84432824cc59fee'/>
<id>urn:sha1:dddbfab568d42e443f102d35c84432824cc59fee</id>
<content type='text'>
</content>
</entry>
<entry>
<title> Cleanup superfluous includes</title>
<updated>2017-03-14T09:07:27Z</updated>
<author>
<name>Laurent Bercot</name>
<email>ska-skaware@skarnet.org</email>
</author>
<published>2017-03-14T09:07:27Z</published>
<link rel='alternate' type='text/html' href='https://git.skarnet.org/cgit/s6-networking/commit/?id=6126e9c49f01b315c82cae340caaa1d8f588c0e7'/>
<id>urn:sha1:6126e9c49f01b315c82cae340caaa1d8f588c0e7</id>
<content type='text'>
</content>
</entry>
<entry>
<title> Adapt to skalibs-2.5.0.0</title>
<updated>2017-03-12T19:39:01Z</updated>
<author>
<name>Laurent Bercot</name>
<email>ska-skaware@skarnet.org</email>
</author>
<published>2017-03-12T19:39:01Z</published>
<link rel='alternate' type='text/html' href='https://git.skarnet.org/cgit/s6-networking/commit/?id=53091e3bce487ee82e2805a0231e780551561717'/>
<id>urn:sha1:53091e3bce487ee82e2805a0231e780551561717</id>
<content type='text'>
</content>
</entry>
<entry>
<title> Types fix, first pass</title>
<updated>2017-01-10T02:17:16Z</updated>
<author>
<name>Laurent Bercot</name>
<email>ska-skaware@skarnet.org</email>
</author>
<published>2017-01-10T02:17:16Z</published>
<link rel='alternate' type='text/html' href='https://git.skarnet.org/cgit/s6-networking/commit/?id=334d807b924427434b42d4fbae745d3d1b38a218'/>
<id>urn:sha1:334d807b924427434b42d4fbae745d3d1b38a218</id>
<content type='text'>
 XXX marks what must change when skalibs changes.
 Also started writing functions for client certificate support
in sbearssl, but it's not working yet (need more high-level
support from BearSSL before it can work)
</content>
</entry>
</feed>
