aboutsummaryrefslogtreecommitdiffstats
path: root/src/stls
Commit message (Collapse)AuthorAgeFilesLines
* Refactor tls code to support ucspi-tlsLaurent Bercot2020-11-205-173/+68
| | | | | | | | | | | | | | | | | | That includes: - new architecture: the tls binary is now a child of the app instead of the other way around - the sbearssl_run engine now takes a post-handshake callback. This allows s6-tlsc and s6-tlsd to only exec into the app when the handshake succeeds (which was already the case with libressl). - new binaries s6-tlsc-io and s6-tlsd-io encapsulate the crypto code; they init and run the engine, connecting to 4 already open fds (stdin/stdout = network, argv[1] and argv[2] = local) - s6-tlsc is now a simple wrapper around s6-tlsc-io - s6-tlsd is now a simple wrapper around s6-tlsd-io - new binary: s6-ucspitlsd, which is also a wrapper around s6-tlsd-io, but differently: the parent execs the app which should be ucspi-tls-aware, the child waits for a command from the parent and execs into s6-tlsd-io if it receives it.
* Moderately big hammer: force kill on s6-tlsd when it has nothing to write ↵Laurent Bercot2017-08-281-1/+5
| | | | to the network
* Revert big hammer. Data still needs to be flushed to the network even when ↵Laurent Bercot2017-08-281-5/+1
| | | | the local app dies.
* Fix error messages in stls_s6tls?.c when setting key fileLaurent Bercot2017-06-292-2/+2
|
* Explicitly make s6-tls[cd] die when the app diesLaurent Bercot2017-05-111-1/+5
| | | | | I have no explanation for the fact that they sometimes survive their app, and I'm fed up with it, so it's time to use the big hammer.
* Fix case where s6-tls[cd] would sometimes not detect an application and ↵Laurent Bercot2017-03-227-65/+97
| | | | remain there forever with its zombie, both condemned to err in limbo for all eternity, the living and the dead, hand in hand
* Cleanup superfluous includesLaurent Bercot2017-03-144-5/+0
|
* Adapt to skalibs-2.5.0.0Laurent Bercot2017-03-123-15/+12
|
* Types fix, first passLaurent Bercot2017-01-105-15/+26
| | | | | | | XXX marks what must change when skalibs changes. Also started writing functions for client certificate support in sbearssl, but it's not working yet (need more high-level support from BearSSL before it can work)
* Remove s6-tls* dependency to libs6net. Improve gen-deps to make dynlinking ↵Laurent Bercot2016-12-045-14/+36
| | | | easier.
* s6-tls*: small bugfixes. Add documentation.Laurent Bercot2016-12-032-4/+3
|
* Fix closing bugs in sbearssl_run and tls_runLaurent Bercot2016-12-021-25/+25
|
* Fix several bugs in stls, make the engine workLaurent Bercot2016-12-013-25/+41
|
* Small sbearssl bugfixes and usability messagesLaurent Bercot2016-11-282-2/+2
|
* Add -z option to s6-tlsc/s6-tlsd to clean TLS env vars before spawning ↵Laurent Bercot2016-11-263-2/+5
| | | | (default)
* stls_run: fix "read from peer" error messageLaurent Bercot2016-11-261-1/+1
|
* Fix warning messages in libtls engineLaurent Bercot2016-11-261-3/+3
|
* Usability fixes for TLSLaurent Bercot2016-11-261-1/+1
|
* SNI support for libtlsLaurent Bercot2016-11-251-8/+6
|
* Fix build bugs. It builds!Laurent Bercot2016-11-252-7/+7
| | | | | | Two things remain to do: - how to pass SNI information to libtls - how to detect cert issuer key type for ECC in bearssl
* Alpha version of the SSL work.Laurent Bercot2016-11-254-0/+465
Doesn't build yet, but I'm scared of losing it, so using git as storage. Will fix the stupid bugs now, the tricky bugs later.