summaryrefslogtreecommitdiff
path: root/src/conn-tools
AgeCommit message (Collapse)Author
2020-11-21 Privs can only be dropped after reading key files.Laurent Bercot
2020-11-20 Refactor tls code to support ucspi-tlsLaurent Bercot
That includes: - new architecture: the tls binary is now a child of the app instead of the other way around - the sbearssl_run engine now takes a post-handshake callback. This allows s6-tlsc and s6-tlsd to only exec into the app when the handshake succeeds (which was already the case with libressl). - new binaries s6-tlsc-io and s6-tlsd-io encapsulate the crypto code; they init and run the engine, connecting to 4 already open fds (stdin/stdout = network, argv[1] and argv[2] = local) - s6-tlsc is now a simple wrapper around s6-tlsc-io - s6-tlsd is now a simple wrapper around s6-tlsd-io - new binary: s6-ucspitlsd, which is also a wrapper around s6-tlsd-io, but differently: the parent execs the app which should be ucspi-tls-aware, the child waits for a command from the parent and execs into s6-tlsd-io if it receives it.
2020-05-06 Add -e option to s6-tlsserverLaurent Bercot
2019-09-21 Remove tainnow.lib dependencyLaurent Bercot
2019-09-06 Adapt to new stopwatch APILaurent Bercot
2019-09-04 Use stopwatches and wallclocks where appropriateLaurent Bercot
2019-05-14 Different code style for the maxconn spurious warning avoidanceLaurent Bercot
2018-10-06 bugfix: have s6-tcpserver?d write localport to stdout on notifLaurent Bercot
and not just a newline.
2018-04-11change localip is6 flag based on destination ipJohn Regan
By default, the localip flag is initialized with the is6 flag set to 0. The only time the flag is changed to 1 is when a user specifies a local IPv6 address to use. Because of this, socket_tcp46 always creates an IPv4 socket. This patch corrects that - if the user hasn't specified a local address, then the local 'is6' flag is updated to match the destination 'is6' flag. Signed-off-by: Laurent Bercot <ska-skaware@skarnet.org>
2018-04-11 Add -B (blocking) option to s6-tcpserver?-socketbinderLaurent Bercot
2017-09-13 bugfix: spurious error message in s6-tcpserver?d when maxed connectionsLaurent Bercot
2017-08-22 Optimize to xpathexec ; prepare for 2.3.0.2Laurent Bercot
2017-03-15 Fix memcpy size in s6-tcpserver6dLaurent Bercot
2017-03-14 Cleanup superfluous includesLaurent Bercot
2017-03-12 Adapt to skalibs-2.5.0.0Laurent Bercot
2017-01-10 Types fix, first passLaurent Bercot
XXX marks what must change when skalibs changes. Also started writing functions for client certificate support in sbearssl, but it's not working yet (need more high-level support from BearSSL before it can work)
2016-12-04 Remove s6-tls* dependency to libs6net. Improve gen-deps to make dynlinking ↵Laurent Bercot
easier.
2016-12-03 s6-tls*: small bugfixes. Add documentation.Laurent Bercot
2016-12-01 Fix several bugs in stls, make the engine workLaurent Bercot
2016-11-28 Small sbearssl bugfixes and usability messagesLaurent Bercot
2016-11-27 use S6_EXTBINPREFIX for s6-applyuidgid invocation in s6-tlsserverLaurent Bercot
2016-11-26 Add -z option to s6-tlsc/s6-tlsd to clean TLS env vars before spawning ↵Laurent Bercot
(default)
2016-11-26 Usability fixes for TLSLaurent Bercot
2016-11-25 Fix build bugs. It builds!Laurent Bercot
Two things remain to do: - how to pass SNI information to libtls - how to detect cert issuer key type for ECC in bearssl
2016-11-25 Alpha version of the SSL work.Laurent Bercot
Doesn't build yet, but I'm scared of losing it, so using git as storage. Will fix the stupid bugs now, the tricky bugs later.
2016-09-10 Add options to s6-tcpserver4-socketbinder and s6-tcpserver6-socketbinder to ↵Laurent Bercot
create UDP sockets; also to not listen(). (Suggested by Daniel Kahn Gillmor.)
2015-03-30 - Bugfix: s6-tcpclient and s6-tcpserver-access didn't s6dns_init()Laurent Bercot
- Version: rc for 2.1.0.1
2015-01-15 Move Unix domain socket and access control stuff to s6.Laurent Bercot
Move seekablepipe to s6-portable-utils. Version: 2.0.1.0, release candidate
2015-01-14 - Parallel build fixv2.0.1.0Laurent Bercot
- Version updated to 2.0.1.0, release candidate
2015-01-10 Bugfix: bad test in s6-ipcclient (for skalibs 2)Laurent Bercot
2015-01-07 Complete conversion of s6-ipcserver and s6-tcpserver (4 and 6)Laurent Bercot
to socketbinder + d model. With documentation (!)
2015-01-07 Experimental decoupling of socketbinders and daemons in ucspi servers.Laurent Bercot
Rewrite of s6-ipcserver as a small wrapper. s6-tcpserver4 and s6-tcpserver6 will follow.
2015-01-06 Prevent failure of -1 option in ucspi servers when stdout is closedLaurent Bercot
2014-12-21 Remove the shutdown() in s6-sudoc: the MSG_DONTWAIT support in skalibsv2.0.0.0Laurent Bercot
should fix the BSD problem in a better fashion.
2014-12-20 My instinctive attempt to fix s6-sudoc on the BSDs appears to be working...Laurent Bercot
BSD is easy: when in doubt, shutdown() the socket. wtfbsdseriously.
2014-12-20 s6-sudo PATH fixLaurent Bercot
2014-12-20 s6-ioconnect fixLaurent Bercot
2014-12-20 Test a shutdown in s6-sudoc, see if it helps the BSDsLaurent Bercot
2014-12-19 Real fix >.>Laurent Bercot
2014-12-19 Safewrap around iopause in UCSPI servers!Laurent Bercot
2014-12-19 Don't make UCSPI servers die if they can't write to stdoutLaurent Bercot
2014-12-18 Fix sudoc/sudod communicationLaurent Bercot
2014-12-16 And s6-ioconnect, that pulls shutdown. </3 SolarisLaurent Bercot
2014-12-16 And s6-getservbyname, because Solaris !Laurent Bercot
2014-12-16 Update dependencies to ${SOCKET_LIB}, because SolarisLaurent Bercot
2014-12-16 Because BSDs can't understand setgroups... -> nonposixLaurent Bercot
2014-12-15 Initial commitLaurent Bercot