Age | Commit message (Collapse) | Author |
|
That includes:
- new architecture: the tls binary is now a child of the app
instead of the other way around
- the sbearssl_run engine now takes a post-handshake callback.
This allows s6-tlsc and s6-tlsd to only exec into the app when
the handshake succeeds (which was already the case with libressl).
- new binaries s6-tlsc-io and s6-tlsd-io encapsulate the crypto
code; they init and run the engine, connecting to 4 already open
fds (stdin/stdout = network, argv[1] and argv[2] = local)
- s6-tlsc is now a simple wrapper around s6-tlsc-io
- s6-tlsd is now a simple wrapper around s6-tlsd-io
- new binary: s6-ucspitlsd, which is also a wrapper around
s6-tlsd-io, but differently: the parent execs the app which should
be ucspi-tls-aware, the child waits for a command from the parent
and execs into s6-tlsd-io if it receives it.
|
|
|
|
Two things remain to do:
- how to pass SNI information to libtls
- how to detect cert issuer key type for ECC in bearssl
|
|
Doesn't build yet, but I'm scared of losing it, so using git as
storage.
Will fix the stupid bugs now, the tricky bugs later.
|
|
|
|
|
|
Move seekablepipe to s6-portable-utils.
Version: 2.0.1.0, release candidate
|
|
- Version updated to 2.0.1.0, release candidate
|
|
Rewrite of s6-ipcserver as a small wrapper.
s6-tcpserver4 and s6-tcpserver6 will follow.
|
|
|
|
Add mgetuid.c to the list of cleaned targets.
|
|
|
|
|