Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-10-07 | Add workaround to bearssl regression with BR_FEATURE_X509_TIME_CALLBACK | Laurent Bercot | |
Signed-off-by: Laurent Bercot <ska@appnovation.com> | |||
2022-04-09 | Prepare for 2.5.1.1; adapt to skalibs-2.12.0.0 | Laurent Bercot | |
Signed-off-by: Laurent Bercot <ska@appnovation.com> | |||
2021-12-05 | Prepare for 2.5.1.0 | Laurent Bercot | |
Signed-off-by: Laurent Bercot <ska@appnovation.com> | |||
2021-07-23 | Prepare for 2.5.0.0; remove minidentd | Laurent Bercot | |
Signed-off-by: Laurent Bercot <ska@appnovation.com> | |||
2021-06-02 | Correctly clean up the environment for -z | Laurent Bercot | |
2021-06-02 | Debug session. Now works. | Laurent Bercot | |
The environment given to the application still needs to be cleaned up of SNI variables. | |||
2021-06-01 | Add all the missing pieces for sni_policy | Laurent Bercot | |
sbearssl_server_init_and_run is yet unchanged, the next step is to rewrite it using the new primitives. | |||
2021-05-20 | Add an x509 engine wrapping minimal. NOT FUNCTIONAL, FOR TESTING. | Laurent Bercot | |
2021-05-18 | Prepare for 2.4.2.0; implement client certificates with bearssl | Laurent Bercot | |
Also send a bit more environment with libtls | |||
2021-04-13 | Prepare for 2.4.1.1 | Laurent Bercot | |
2021-01-28 | Prepare for 2.4.1.0; add SSL_TLS_SNI_SERVERNAME | Laurent Bercot | |
2021-01-13 | Implement handshake timeout for libtls backend | Laurent Bercot | |
2020-11-22 | Add SSL_PROTOCOL and SSL_CIPHER support, fix some bugs | Laurent Bercot | |
2020-11-21 | Move all tls stuff into its own subdir | Laurent Bercot | |
2020-11-21 | Add s6-ucspitlsc | Laurent Bercot | |
2020-11-21 | Prepare for 2.4.0.0 | Laurent Bercot | |
2020-11-21 | Privs can only be dropped after reading key files. | Laurent Bercot | |
2020-11-20 | Refactor tls code to support ucspi-tls | Laurent Bercot | |
That includes: - new architecture: the tls binary is now a child of the app instead of the other way around - the sbearssl_run engine now takes a post-handshake callback. This allows s6-tlsc and s6-tlsd to only exec into the app when the handshake succeeds (which was already the case with libressl). - new binaries s6-tlsc-io and s6-tlsd-io encapsulate the crypto code; they init and run the engine, connecting to 4 already open fds (stdin/stdout = network, argv[1] and argv[2] = local) - s6-tlsc is now a simple wrapper around s6-tlsc-io - s6-tlsd is now a simple wrapper around s6-tlsd-io - new binary: s6-ucspitlsd, which is also a wrapper around s6-tlsd-io, but differently: the parent execs the app which should be ucspi-tls-aware, the child waits for a command from the parent and execs into s6-tlsd-io if it receives it. | |||
2020-08-21 | LibreSSL needs -lpthread | Laurent Bercot | |
2020-05-06 | Prepare for 2.3.2.0 | Laurent Bercot | |
2020-01-27 | Prepare for 2.3.1.2 | Laurent Bercot | |
2019-10-21 | Fix gen-deps.sh for cross-builds | Laurent Bercot | |
2019-10-21 | Prepare for 2.3.1.1 | Laurent Bercot | |
2019-09-21 | Remove tainnow.lib dependency | Laurent Bercot | |
2019-08-09 | Prepare for 2.3.1.0 | Laurent Bercot | |
2019-01-10 | Prepare for 2.3.0.4 | Laurent Bercot | |
2018-08-20 | Support conditional slashpackage builds | Laurent Bercot | |
2018-08-01 | Add nsss support | Laurent Bercot | |
2018-07-21 | Adapt to skalibs-2.7.0.0, prepare for 2.3.0.3 | Laurent Bercot | |
2017-10-30 | Make all-pic a user option | Laurent Bercot | |
2017-08-22 | Optimize to xpathexec ; prepare for 2.3.0.2 | Laurent Bercot | |
2017-05-21 | Prepare for version 2.3.0.1 | Laurent Bercot | |
2017-03-22 | Fix case where s6-tls[cd] would sometimes not detect an application and ↵ | Laurent Bercot | |
remain there forever with its zombie, both condemned to err in limbo for all eternity, the living and the dead, hand in hand | |||
2017-01-10 | Update deps.mak | Laurent Bercot | |
2017-01-10 | Types fix, first pass | Laurent Bercot | |
XXX marks what must change when skalibs changes. Also started writing functions for client certificate support in sbearssl, but it's not working yet (need more high-level support from BearSSL before it can work) | |||
2016-12-04 | Remove s6-tls* dependency to libs6net. Improve gen-deps to make dynlinking ↵ | Laurent Bercot | |
easier. | |||
2016-11-30 | sbearssl: allow DER-encoded certificates in TA directory | Laurent Bercot | |
2016-11-26 | Add -z option to s6-tlsc/s6-tlsd to clean TLS env vars before spawning ↵ | Laurent Bercot | |
(default) | |||
2016-11-25 | Add EC certificate issuer key type detection for sbearssl | Laurent Bercot | |
2016-11-25 | Fix build bugs. It builds! | Laurent Bercot | |
Two things remain to do: - how to pass SNI information to libtls - how to detect cert issuer key type for ECC in bearssl | |||
2016-11-25 | Alpha version of the SSL work. | Laurent Bercot | |
Doesn't build yet, but I'm scared of losing it, so using git as storage. Will fix the stupid bugs now, the tricky bugs later. | |||
2016-10-24 | Revert wrong shared lib fix | Laurent Bercot | |
2016-10-24 | Fix stupid shared lib dependencies | Laurent Bercot | |
2016-08-12 | Add spawn_lib support | Laurent Bercot | |
2016-04-14 | version: 2.1.1.0v2.1.1.0 | Laurent Bercot | |
2015-10-26 | Separate sections for smaller static binaries (thanks Denys Vlasenko) | Laurent Bercot | |
2015-10-15 | - update depsv2.1.0.4 | Laurent Bercot | |
- version: 2.1.0.4 | |||
2015-10-12 | Push back GNU make dependency to 3.81 | Laurent Bercot | |
2015-10-05 | Remove fucking -Bsymbolicv2.1.0.3 | Laurent Bercot | |
version: 2.1.0.3 | |||
2015-08-12 | Link shared libs against their -l deps, better libpath managementv2.1.0.2 | Laurent Bercot | |