summaryrefslogtreecommitdiff
path: root/src/sbearssl/sbearssl_run.c
AgeCommit message (Collapse)Author
2023-11-19 Small bugfixes, update deps, update docLaurent Bercot
Signed-off-by: Laurent Bercot <ska@appnovation.com>
2023-11-17 Small sbearssl_run pass, should work nowLaurent Bercot
Signed-off-by: Laurent Bercot <ska@appnovation.com>
2023-11-17 Fix stls_run; sbearssl_run needs a rewriteLaurent Bercot
Signed-off-by: Laurent Bercot <ska@appnovation.com>
2023-11-16 Add -J and -j to the TLS tools to check for peer close_notify.Laurent Bercot
Also, and more importantly, significantly rewrite stls_run() for better full-duplex support. This implementation isn't fully tested yet. Signed-off-by: Laurent Bercot <ska@appnovation.com>
2023-11-12 Fix sbearssl_run even moreLaurent Bercot
Signed-off-by: Laurent Bercot <ska@appnovation.com>
2023-11-11 New and fixed version of sbearssl_runLaurent Bercot
Signed-off-by: Laurent Bercot <ska@appnovation.com>
2022-11-29 Prepare for 2.5.1.2Laurent Bercot
Signed-off-by: Laurent Bercot <ska@appnovation.com>
2022-10-07 bugfix: sbearssl_run adapted to new allread() APILaurent Bercot
Signed-off-by: Laurent Bercot <ska@appnovation.com>
2022-07-18 Fix allread errno managementLaurent Bercot
Signed-off-by: Laurent Bercot <ska@appnovation.com>
2021-08-10 Adapt to skalibs-2.11.0.0Laurent Bercot
Signed-off-by: Laurent Bercot <ska@appnovation.com>
2021-06-03 CosmeticsLaurent Bercot
2021-05-27 All good, remove debug instructionsLaurent Bercot
2021-05-20 Add an x509 engine wrapping minimal. NOT FUNCTIONAL, FOR TESTING.Laurent Bercot
2021-01-13 Implement handshake timeout for libtls backendLaurent Bercot
2020-12-07 Change -K semantics: timeout *during handshake*, not afterwardsLaurent Bercot
- the TLS tunnel itself should be transparent so it has no business shutting down the connection no matter how long the app takes - there's still an undetectable situation on some kernels where EOF doesn't get transmitted from the network, and the engine is in the handshake, and it can't do anything but wait forever. A timeout is useful here: dawg, your peer is never going to send any more data, you should just give up. - if the situation happens after the handshake, the *app* should have a timeout and die. The tunnel will follow suit. - libtls has a blocking tls_handshake() blackbox, we cannot give it a timeout. Too bad, use bearssl.
2020-11-26 Convert to new exec.h syntaxLaurent Bercot
2020-11-26 That exit condition is really hard to get right >.>Laurent Bercot
2020-11-26 Fix engine exit condition for sbearsslLaurent Bercot
2020-11-22 Fix a few bugs. sbearssl appears to be working.Laurent Bercot
2020-11-20 Refactor tls code to support ucspi-tlsLaurent Bercot
That includes: - new architecture: the tls binary is now a child of the app instead of the other way around - the sbearssl_run engine now takes a post-handshake callback. This allows s6-tlsc and s6-tlsd to only exec into the app when the handshake succeeds (which was already the case with libressl). - new binaries s6-tlsc-io and s6-tlsd-io encapsulate the crypto code; they init and run the engine, connecting to 4 already open fds (stdin/stdout = network, argv[1] and argv[2] = local) - s6-tlsc is now a simple wrapper around s6-tlsc-io - s6-tlsd is now a simple wrapper around s6-tlsd-io - new binary: s6-ucspitlsd, which is also a wrapper around s6-tlsd-io, but differently: the parent execs the app which should be ucspi-tls-aware, the child waits for a command from the parent and execs into s6-tlsd-io if it receives it.
2017-08-28 Moderately big hammer: force kill on s6-tlsd when it has nothing to write ↵Laurent Bercot
to the network
2017-08-28 Revert big hammer. Data still needs to be flushed to the network even when ↵Laurent Bercot
the local app dies.
2017-05-11 Explicitly make s6-tls[cd] die when the app diesLaurent Bercot
I have no explanation for the fact that they sometimes survive their app, and I'm fed up with it, so it's time to use the big hammer.
2017-03-22 Fix case where s6-tls[cd] would sometimes not detect an application and ↵Laurent Bercot
remain there forever with its zombie, both condemned to err in limbo for all eternity, the living and the dead, hand in hand
2017-03-14 Cleanup superfluous includesLaurent Bercot
2017-01-10 Types fix, first passLaurent Bercot
XXX marks what must change when skalibs changes. Also started writing functions for client certificate support in sbearssl, but it's not working yet (need more high-level support from BearSSL before it can work)
2016-12-03 s6-tls*: small bugfixes. Add documentation.Laurent Bercot
2016-12-02 Fix closing bugs in sbearssl_run and tls_runLaurent Bercot
2016-12-01 Fix several bugs in stls, make the engine workLaurent Bercot
2016-11-30 sbearssl: allow DER-encoded certificates in TA directoryLaurent Bercot
2016-11-28 Small sbearssl bugfixes and usability messagesLaurent Bercot
2016-11-25 Fix build bugs. It builds!Laurent Bercot
Two things remain to do: - how to pass SNI information to libtls - how to detect cert issuer key type for ECC in bearssl
2016-11-25 Alpha version of the SSL work.Laurent Bercot
Doesn't build yet, but I'm scared of losing it, so using git as storage. Will fix the stupid bugs now, the tricky bugs later.