summaryrefslogtreecommitdiff
path: root/package
AgeCommit message (Collapse)Author
2023-11-10 Prepare for 2.7.0.0. Better s6-tlsc-io interface.Laurent Bercot
Signed-off-by: Laurent Bercot <ska@appnovation.com>
2023-09-30 Great Tcpserver Unification. Prepare for 2.6.0.0.Laurent Bercot
Signed-off-by: Laurent Bercot <ska@appnovation.com>
2023-09-11 Remove s6-tcpserver?d dependency on libs6Laurent Bercot
Signed-off-by: Laurent Bercot <ska@appnovation.com>
2023-09-08 Fully defork s6-tlsc and s6-tlsdLaurent Bercot
Signed-off-by: Laurent Bercot <ska@appnovation.com>
2023-09-08 Refactor s6-tls[cd] so they're ready to port to posix_spawnLaurent Bercot
Signed-off-by: Laurent Bercot <ska@appnovation.com>
2023-09-08 New versions of s6-tcpserver4d and s6-tcpserver6dLaurent Bercot
- both now use posix_spawn when available - s6-tcpserver4d uses avltree for logarithmic lookups - s6-tcpserver6d still has the linear lookup - the point was to benchmark linear vs logarithmic, but the fork() overhead overshadowed everything - now with fork() out of the way, I'm going back to benchmarks Signed-off-by: Laurent Bercot <ska@appnovation.com>
2023-08-08 Prepare for 2.5.1.4; fix s6-tlsserver -Y|-yLaurent Bercot
Signed-off-by: Laurent Bercot <ska@appnovation.com>
2023-02-15 Autoset INTERNAL_LIBSLaurent Bercot
Signed-off-by: Laurent Bercot <ska@appnovation.com>
2023-02-09 Prepare for 2.5.1.3Laurent Bercot
Signed-off-by: Laurent Bercot <ska@appnovation.com>
2022-10-14 Prepare for 2.5.1.2Laurent Bercot
Signed-off-by: Laurent Bercot <ska@appnovation.com>
2022-10-07 Add workaround to bearssl regression with BR_FEATURE_X509_TIME_CALLBACKLaurent Bercot
Signed-off-by: Laurent Bercot <ska@appnovation.com>
2022-04-09 Prepare for 2.5.1.1; adapt to skalibs-2.12.0.0Laurent Bercot
Signed-off-by: Laurent Bercot <ska@appnovation.com>
2021-12-05 Prepare for 2.5.1.0Laurent Bercot
Signed-off-by: Laurent Bercot <ska@appnovation.com>
2021-07-23 Prepare for 2.5.0.0; remove minidentdLaurent Bercot
Signed-off-by: Laurent Bercot <ska@appnovation.com>
2021-06-02 Correctly clean up the environment for -zLaurent Bercot
2021-06-02 Debug session. Now works.Laurent Bercot
The environment given to the application still needs to be cleaned up of SNI variables.
2021-06-01 Add all the missing pieces for sni_policyLaurent Bercot
sbearssl_server_init_and_run is yet unchanged, the next step is to rewrite it using the new primitives.
2021-05-20 Add an x509 engine wrapping minimal. NOT FUNCTIONAL, FOR TESTING.Laurent Bercot
2021-05-18 Prepare for 2.4.2.0; implement client certificates with bearsslLaurent Bercot
Also send a bit more environment with libtls
2021-04-13 Prepare for 2.4.1.1Laurent Bercot
2021-01-28 Prepare for 2.4.1.0; add SSL_TLS_SNI_SERVERNAMELaurent Bercot
2021-01-13 Implement handshake timeout for libtls backendLaurent Bercot
2020-11-22 Add SSL_PROTOCOL and SSL_CIPHER support, fix some bugsLaurent Bercot
2020-11-21 Move all tls stuff into its own subdirLaurent Bercot
2020-11-21 Add s6-ucspitlscLaurent Bercot
2020-11-21 Prepare for 2.4.0.0Laurent Bercot
2020-11-21 Privs can only be dropped after reading key files.Laurent Bercot
2020-11-20 Refactor tls code to support ucspi-tlsLaurent Bercot
That includes: - new architecture: the tls binary is now a child of the app instead of the other way around - the sbearssl_run engine now takes a post-handshake callback. This allows s6-tlsc and s6-tlsd to only exec into the app when the handshake succeeds (which was already the case with libressl). - new binaries s6-tlsc-io and s6-tlsd-io encapsulate the crypto code; they init and run the engine, connecting to 4 already open fds (stdin/stdout = network, argv[1] and argv[2] = local) - s6-tlsc is now a simple wrapper around s6-tlsc-io - s6-tlsd is now a simple wrapper around s6-tlsd-io - new binary: s6-ucspitlsd, which is also a wrapper around s6-tlsd-io, but differently: the parent execs the app which should be ucspi-tls-aware, the child waits for a command from the parent and execs into s6-tlsd-io if it receives it.
2020-08-21 LibreSSL needs -lpthreadLaurent Bercot
2020-05-06 Prepare for 2.3.2.0Laurent Bercot
2020-01-27 Prepare for 2.3.1.2Laurent Bercot
2019-10-21 Fix gen-deps.sh for cross-buildsLaurent Bercot
2019-10-21 Prepare for 2.3.1.1Laurent Bercot
2019-09-21 Remove tainnow.lib dependencyLaurent Bercot
2019-08-09 Prepare for 2.3.1.0Laurent Bercot
2019-01-10 Prepare for 2.3.0.4Laurent Bercot
2018-08-20Support conditional slashpackage buildsLaurent Bercot
2018-08-01 Add nsss supportLaurent Bercot
2018-07-21 Adapt to skalibs-2.7.0.0, prepare for 2.3.0.3Laurent Bercot
2017-10-30 Make all-pic a user optionLaurent Bercot
2017-08-22 Optimize to xpathexec ; prepare for 2.3.0.2Laurent Bercot
2017-05-21 Prepare for version 2.3.0.1Laurent Bercot
2017-03-22 Fix case where s6-tls[cd] would sometimes not detect an application and ↵Laurent Bercot
remain there forever with its zombie, both condemned to err in limbo for all eternity, the living and the dead, hand in hand
2017-01-10 Update deps.makLaurent Bercot
2017-01-10 Types fix, first passLaurent Bercot
XXX marks what must change when skalibs changes. Also started writing functions for client certificate support in sbearssl, but it's not working yet (need more high-level support from BearSSL before it can work)
2016-12-04 Remove s6-tls* dependency to libs6net. Improve gen-deps to make dynlinking ↵Laurent Bercot
easier.
2016-11-30 sbearssl: allow DER-encoded certificates in TA directoryLaurent Bercot
2016-11-26 Add -z option to s6-tlsc/s6-tlsd to clean TLS env vars before spawning ↵Laurent Bercot
(default)
2016-11-25 Add EC certificate issuer key type detection for sbearsslLaurent Bercot
2016-11-25 Fix build bugs. It builds!Laurent Bercot
Two things remain to do: - how to pass SNI information to libtls - how to detect cert issuer key type for ECC in bearssl