Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-10-07 | Add workaround to bearssl regression with BR_FEATURE_X509_TIME_CALLBACK | Laurent Bercot | |
Signed-off-by: Laurent Bercot <ska@appnovation.com> | |||
2021-07-23 | Prepare for 2.5.0.0; remove minidentd | Laurent Bercot | |
Signed-off-by: Laurent Bercot <ska@appnovation.com> | |||
2021-06-02 | Correctly clean up the environment for -z | Laurent Bercot | |
2021-06-02 | Debug session. Now works. | Laurent Bercot | |
The environment given to the application still needs to be cleaned up of SNI variables. | |||
2021-06-01 | Add all the missing pieces for sni_policy | Laurent Bercot | |
sbearssl_server_init_and_run is yet unchanged, the next step is to rewrite it using the new primitives. | |||
2021-05-20 | Add an x509 engine wrapping minimal. NOT FUNCTIONAL, FOR TESTING. | Laurent Bercot | |
2021-05-18 | Prepare for 2.4.2.0; implement client certificates with bearssl | Laurent Bercot | |
Also send a bit more environment with libtls | |||
2021-01-13 | Implement handshake timeout for libtls backend | Laurent Bercot | |
2020-11-22 | Add SSL_PROTOCOL and SSL_CIPHER support, fix some bugs | Laurent Bercot | |
2020-11-21 | Move all tls stuff into its own subdir | Laurent Bercot | |
2020-11-21 | Add s6-ucspitlsc | Laurent Bercot | |
2020-11-21 | Privs can only be dropped after reading key files. | Laurent Bercot | |
2020-11-20 | Refactor tls code to support ucspi-tls | Laurent Bercot | |
That includes: - new architecture: the tls binary is now a child of the app instead of the other way around - the sbearssl_run engine now takes a post-handshake callback. This allows s6-tlsc and s6-tlsd to only exec into the app when the handshake succeeds (which was already the case with libressl). - new binaries s6-tlsc-io and s6-tlsd-io encapsulate the crypto code; they init and run the engine, connecting to 4 already open fds (stdin/stdout = network, argv[1] and argv[2] = local) - s6-tlsc is now a simple wrapper around s6-tlsc-io - s6-tlsd is now a simple wrapper around s6-tlsd-io - new binary: s6-ucspitlsd, which is also a wrapper around s6-tlsd-io, but differently: the parent execs the app which should be ucspi-tls-aware, the child waits for a command from the parent and execs into s6-tlsd-io if it receives it. | |||
2019-10-21 | Fix gen-deps.sh for cross-builds | Laurent Bercot | |
2019-09-21 | Remove tainnow.lib dependency | Laurent Bercot | |
2018-08-01 | Add nsss support | Laurent Bercot | |
2017-10-30 | Make all-pic a user option | Laurent Bercot | |
2017-03-22 | Fix case where s6-tls[cd] would sometimes not detect an application and ↵ | Laurent Bercot | |
remain there forever with its zombie, both condemned to err in limbo for all eternity, the living and the dead, hand in hand | |||
2017-01-10 | Update deps.mak | Laurent Bercot | |
2016-12-04 | Remove s6-tls* dependency to libs6net. Improve gen-deps to make dynlinking ↵ | Laurent Bercot | |
easier. | |||
2016-11-30 | sbearssl: allow DER-encoded certificates in TA directory | Laurent Bercot | |
2016-11-26 | Add -z option to s6-tlsc/s6-tlsd to clean TLS env vars before spawning ↵ | Laurent Bercot | |
(default) | |||
2016-11-25 | Add EC certificate issuer key type detection for sbearssl | Laurent Bercot | |
2016-11-25 | Fix build bugs. It builds! | Laurent Bercot | |
Two things remain to do: - how to pass SNI information to libtls - how to detect cert issuer key type for ECC in bearssl | |||
2016-11-25 | Alpha version of the SSL work. | Laurent Bercot | |
Doesn't build yet, but I'm scared of losing it, so using git as storage. Will fix the stupid bugs now, the tricky bugs later. | |||
2016-10-24 | Revert wrong shared lib fix | Laurent Bercot | |
2016-10-24 | Fix stupid shared lib dependencies | Laurent Bercot | |
2015-10-12 | Push back GNU make dependency to 3.81 | Laurent Bercot | |
2015-08-12 | Link shared libs against their -l deps, better libpath managementv2.1.0.2 | Laurent Bercot | |
2015-08-12 | xyzzy fix (fixes https://bugs.gentoo.org/show_bug.cgi?id=541092) | Laurent Bercot | |
2015-01-15 | Move Unix domain socket and access control stuff to s6. | Laurent Bercot | |
Move seekablepipe to s6-portable-utils. Version: 2.0.1.0, release candidate | |||
2015-01-14 | - Parallel build fixv2.0.1.0 | Laurent Bercot | |
- Version updated to 2.0.1.0, release candidate | |||
2015-01-07 | Experimental decoupling of socketbinders and daemons in ucspi servers. | Laurent Bercot | |
Rewrite of s6-ipcserver as a small wrapper. s6-tcpserver4 and s6-tcpserver6 will follow. | |||
2015-01-06 | - deps.mak fixv2.0.0.1 | Laurent Bercot | |
- version increase to 2.0.0.1 | |||
2014-12-16 | And s6-ioconnect, that pulls shutdown. </3 Solaris | Laurent Bercot | |
2014-12-16 | And s6-getservbyname, because Solaris ! | Laurent Bercot | |
2014-12-16 | Update dependencies to ${SOCKET_LIB}, because Solaris | Laurent Bercot | |
2014-12-16 | Update gen-deps.sh and deps.mak | Laurent Bercot | |
2014-12-15 | Initial commit | Laurent Bercot | |