aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* bugfix: tcpserver should unignore SIGPIPELaurent Bercot2021-05-222-2/+4
|
* Trivial syscall number optimizationLaurent Bercot2021-05-212-2/+2
|
* Debugging iterationLaurent Bercot2021-05-202-2/+1
|
* Add an x509 engine wrapping minimal. NOT FUNCTIONAL, FOR TESTING.Laurent Bercot2021-05-2013-70/+315
|
* Prepare for 2.4.2.0; implement client certificates with bearsslLaurent Bercot2021-05-1815-91/+225
| | | | Also send a bit more environment with libtls
* sbearssl cosmetic fixesLaurent Bercot2021-05-082-3/+5
|
* version: 2.4.1.1v2.4.1.1Laurent Bercot2021-04-151-0/+11
|
* Prepare for 2.4.1.1Laurent Bercot2021-04-135-17/+40
|
* Do not compile or link into /dev/nullLaurent Bercot2021-04-111-4/+6
|
* Real noexecstack fix: make strip less greedyLaurent Bercot2021-04-092-3/+2
|
* noexecstack only works in LDFLAGSLaurent Bercot2021-04-081-1/+1
|
* More doc fixesLaurent Bercot2021-02-163-8/+4
|
* version: 2.4.1.0v2.4.1.0Laurent Bercot2021-02-153-9/+11
|
* Add link to s6-networking man pagesLaurent Bercot2021-02-071-0/+8
|
* More doc fixesLaurent Bercot2021-02-042-3/+3
|
* Doc fixes, thanks flexibeastLaurent Bercot2021-02-0414-25/+25
|
* Remove SSL_TLS_SNI_SERVERNAME (instead of defined but empty) if no SNILaurent Bercot2021-01-286-21/+31
|
* Prepare for 2.4.1.0; add SSL_TLS_SNI_SERVERNAMELaurent Bercot2021-01-2811-16/+61
|
* Tiny code and doc fixesLaurent Bercot2021-01-184-8/+10
|
* Implement handshake timeout for libtls backendLaurent Bercot2021-01-1312-24/+60
|
* Accept --enable-ssl=libtls -_-Laurent Bercot2021-01-131-2/+2
|
* version: 2.4.0.0v2.4.0.0Laurent Bercot2021-01-102-2/+2
|
* Document optional execlineLaurent Bercot2021-01-032-2/+2
|
* configure should be executable >.>Laurent Bercot2020-12-291-0/+0
|
* Don't put -fno-stack-protector in default CFLAGSLaurent Bercot2020-12-281-1/+0
|
* configure fixLaurent Bercot2020-12-181-7/+7
|
* Get rid of webipc.hLaurent Bercot2020-12-094-10/+10
|
* Change -K semantics: timeout *during handshake*, not afterwardsLaurent Bercot2020-12-079-29/+38
| | | | | | | | | | | | | | - the TLS tunnel itself should be transparent so it has no business shutting down the connection no matter how long the app takes - there's still an undetectable situation on some kernels where EOF doesn't get transmitted from the network, and the engine is in the handshake, and it can't do anything but wait forever. A timeout is useful here: dawg, your peer is never going to send any more data, you should just give up. - if the situation happens after the handshake, the *app* should have a timeout and die. The tunnel will follow suit. - libtls has a blocking tls_handshake() blackbox, we cannot give it a timeout. Too bad, use bearssl.
* Fix build with skalibs 2.10.0.0; document dependenciesLaurent Bercot2020-11-306-42/+69
|
* Convert to new exec.h syntaxLaurent Bercot2020-11-2616-83/+106
|
* That exit condition is really hard to get right >.>Laurent Bercot2020-11-261-1/+1
|
* Fix engine exit condition for sbearsslLaurent Bercot2020-11-262-4/+6
|
* minidentd QoL fixLaurent Bercot2020-11-231-1/+3
|
* stls client: prefer CAFILE, warn on CADIR use, because libtls is brokenLaurent Bercot2020-11-231-6/+7
|
* Fix more bugs; disable renegociation in bearssl clientLaurent Bercot2020-11-234-44/+44
|
* Fix a few bugs. sbearssl appears to be working.Laurent Bercot2020-11-228-25/+27
|
* Add SSL_PROTOCOL and SSL_CIPHER support, fix some bugsLaurent Bercot2020-11-2217-56/+415
|
* Add documentation, fix tiny privdrop bugLaurent Bercot2020-11-2214-395/+1199
|
* Move all tls stuff into its own subdirLaurent Bercot2020-11-2123-35/+35
|
* Add s6-ucspitlscLaurent Bercot2020-11-2112-84/+212
|
* Prepare for 2.4.0.0Laurent Bercot2020-11-219-17/+74
|
* Privs can only be dropped after reading key files.Laurent Bercot2020-11-2116-21/+49
|
* Refactor tls code to support ucspi-tlsLaurent Bercot2020-11-2033-453/+851
| | | | | | | | | | | | | | | | | | That includes: - new architecture: the tls binary is now a child of the app instead of the other way around - the sbearssl_run engine now takes a post-handshake callback. This allows s6-tlsc and s6-tlsd to only exec into the app when the handshake succeeds (which was already the case with libressl). - new binaries s6-tlsc-io and s6-tlsd-io encapsulate the crypto code; they init and run the engine, connecting to 4 already open fds (stdin/stdout = network, argv[1] and argv[2] = local) - s6-tlsc is now a simple wrapper around s6-tlsc-io - s6-tlsd is now a simple wrapper around s6-tlsd-io - new binary: s6-ucspitlsd, which is also a wrapper around s6-tlsd-io, but differently: the parent execs the app which should be ucspi-tls-aware, the child waits for a command from the parent and execs into s6-tlsd-io if it receives it.
* version: 2.3.2.0v2.3.2.0Laurent Bercot2020-10-041-1/+1
|
* doc: fix URLsLaurent Bercot2020-10-0419-29/+29
|
* Bump dependenciesLaurent Bercot2020-10-023-13/+13
|
* LibreSSL needs -lpthreadLaurent Bercot2020-08-211-1/+1
|
* Add -e option to s6-tlsserverLaurent Bercot2020-05-064-8/+29
|
* Prepare for 2.3.2.0Laurent Bercot2020-05-066-8/+30
|
* s6-networking: fix html errorsColin Booth2020-03-303-3/+4
| | | | Signed-off-by: Colin Booth <colin@heliocat.net>