s6-networking - Mirror of git://git.skarnet.org/s6-networking

Age	Commit message (Collapse)	Author
2021-10-18	Fix error case in readbigpem	Laurent Bercot
	Signed-off-by: Laurent Bercot <ska@appnovation.com>
2021-09-24	Fix sbearssl send_environment protocol	Laurent Bercot
	Signed-off-by: Laurent Bercot <ska@appnovation.com>
2021-08-10	Adapt to skalibs-2.11.0.0	Laurent Bercot
	Signed-off-by: Laurent Bercot <ska@appnovation.com>
2021-06-03	Cosmetics	Laurent Bercot

2021-06-03	Inline functions	Laurent Bercot

2021-06-03	Don't hardcode ecdsa signature implementation in sni_policy	Laurent Bercot

2021-06-02	Debug session. Now works.	Laurent Bercot
	The environment given to the application still needs to be cleaned up of SNI variables.
2021-06-01	Add servername to storagedev	Laurent Bercot

2021-06-01	Make stuff build	Laurent Bercot
	Still not working: we need to add servername to the storage
2021-06-01	Add all the missing pieces for sni_policy	Laurent Bercot
	sbearssl_server_init_and_run is yet unchanged, the next step is to rewrite it using the new primitives.
2021-05-30	Start work on bearssl server-side sni	Laurent Bercot

2021-05-27	All good, remove debug instructions	Laurent Bercot

2021-05-27	Remove backtraces; add verification impls to server engines	Laurent Bercot

2021-05-27	Add backtrace invocation to debug spurious get_pkey call	Laurent Bercot

2021-05-25	More debug commands	Laurent Bercot

2021-05-20	Debugging iteration	Laurent Bercot

2021-05-20	Add an x509 engine wrapping minimal. NOT FUNCTIONAL, FOR TESTING.	Laurent Bercot

2021-05-18	Prepare for 2.4.2.0; implement client certificates with bearssl	Laurent Bercot
	Also send a bit more environment with libtls
2021-05-08	sbearssl cosmetic fixes	Laurent Bercot

2021-01-28	Remove SSL_TLS_SNI_SERVERNAME (instead of defined but empty) if no SNI	Laurent Bercot

2021-01-28	Prepare for 2.4.1.0; add SSL_TLS_SNI_SERVERNAME	Laurent Bercot

2021-01-13	Implement handshake timeout for libtls backend	Laurent Bercot

2020-12-07	Change -K semantics: timeout during handshake, not afterwards	Laurent Bercot
	- the TLS tunnel itself should be transparent so it has no business shutting down the connection no matter how long the app takes - there's still an undetectable situation on some kernels where EOF doesn't get transmitted from the network, and the engine is in the handshake, and it can't do anything but wait forever. A timeout is useful here: dawg, your peer is never going to send any more data, you should just give up. - if the situation happens after the handshake, the app should have a timeout and die. The tunnel will follow suit. - libtls has a blocking tls_handshake() blackbox, we cannot give it a timeout. Too bad, use bearssl.
2020-11-26	Convert to new exec.h syntax	Laurent Bercot

2020-11-26	That exit condition is really hard to get right >.>	Laurent Bercot

2020-11-26	Fix engine exit condition for sbearssl	Laurent Bercot

2020-11-23	Fix more bugs; disable renegociation in bearssl client	Laurent Bercot

2020-11-22	Fix a few bugs. sbearssl appears to be working.	Laurent Bercot

2020-11-22	Add SSL_PROTOCOL and SSL_CIPHER support, fix some bugs	Laurent Bercot

2020-11-22	Add documentation, fix tiny privdrop bug	Laurent Bercot

2020-11-21	Privs can only be dropped after reading key files.	Laurent Bercot

2020-11-20	Refactor tls code to support ucspi-tls	Laurent Bercot
	That includes: - new architecture: the tls binary is now a child of the app instead of the other way around - the sbearssl_run engine now takes a post-handshake callback. This allows s6-tlsc and s6-tlsd to only exec into the app when the handshake succeeds (which was already the case with libressl). - new binaries s6-tlsc-io and s6-tlsd-io encapsulate the crypto code; they init and run the engine, connecting to 4 already open fds (stdin/stdout = network, argv[1] and argv[2] = local) - s6-tlsc is now a simple wrapper around s6-tlsc-io - s6-tlsd is now a simple wrapper around s6-tlsd-io - new binary: s6-ucspitlsd, which is also a wrapper around s6-tlsd-io, but differently: the parent execs the app which should be ucspi-tls-aware, the child waits for a command from the parent and execs into s6-tlsd-io if it receives it.
2019-02-20	Adapt to skalibs/posixishard.h	Laurent Bercot

2018-07-21	Adapt to skalibs-2.7.0.0, prepare for 2.3.0.3	Laurent Bercot

2017-08-28	Moderately big hammer: force kill on s6-tlsd when it has nothing to write ↵	Laurent Bercot
	to the network
2017-08-28	Revert big hammer. Data still needs to be flushed to the network even when ↵	Laurent Bercot
	the local app dies.
2017-08-22	Optimize to xpathexec ; prepare for 2.3.0.2	Laurent Bercot

2017-05-11	Explicitly make s6-tls[cd] die when the app dies	Laurent Bercot
	I have no explanation for the fact that they sometimes survive their app, and I'm fed up with it, so it's time to use the big hammer.
2017-03-22	Fix case where s6-tls[cd] would sometimes not detect an application and ↵	Laurent Bercot
	remain there forever with its zombie, both condemned to err in limbo for all eternity, the living and the dead, hand in hand
2017-03-14	Cleanup superfluous includes	Laurent Bercot

2017-03-12	Adapt to skalibs-2.5.0.0	Laurent Bercot

2017-01-30	Delay client cert support, but make s6-networking build against bearssl-0.3	Laurent Bercot

2017-01-22	Fix variable scope in sbearssl_ta_certs	Laurent Bercot

2017-01-10	Types fix, first pass	Laurent Bercot
	XXX marks what must change when skalibs changes. Also started writing functions for client certificate support in sbearssl, but it's not working yet (need more high-level support from BearSSL before it can work)
2016-12-14	sbearssl: follow API change for br_x590_trust_anchor	Laurent Bercot

2016-12-04	Fix sbearssl build	Laurent Bercot

2016-12-04	Remove s6-tls* dependency to libs6net. Improve gen-deps to make dynlinking ↵	Laurent Bercot
	easier.
2016-12-03	s6-tls*: small bugfixes. Add documentation.	Laurent Bercot

2016-12-02	Fix closing bugs in sbearssl_run and tls_run	Laurent Bercot

2016-12-01	Fix several bugs in stls, make the engine work	Laurent Bercot