s6-networking - Mirror of git://git.skarnet.org/s6-networking

Age	Commit message (Collapse)	Author
2022-10-14	Bring libsbearssl doc up to date.	Laurent Bercot
	Also fix a typo in sbearssl.h Signed-off-by: Laurent Bercot <ska@appnovation.com>
2022-10-07	bugfix: sbearssl_run adapted to new allread() API	Laurent Bercot
	Signed-off-by: Laurent Bercot <ska@appnovation.com>
2022-10-07	Add workaround to bearssl regression with BR_FEATURE_X509_TIME_CALLBACK	Laurent Bercot
	Signed-off-by: Laurent Bercot <ska@appnovation.com>
2022-08-30	s6-tls[cd]: don't leak useless fd to the app	Laurent Bercot
	Signed-off-by: Laurent Bercot <ska@appnovation.com>
2022-08-12	sbearssl_sni_policy_vtable: use the COPY macro for ec as well	Laurent Bercot
	Signed-off-by: Laurent Bercot <ska@appnovation.com>
2022-07-18	Fix allread errno management	Laurent Bercot
	Signed-off-by: Laurent Bercot <ska@appnovation.com>
2022-04-09	Prepare for 2.5.1.1; adapt to skalibs-2.12.0.0	Laurent Bercot
	Signed-off-by: Laurent Bercot <ska@appnovation.com>
2021-11-19	Add sbearssl_*_set_tain(n)_g convenience macros	Laurent Bercot
	Signed-off-by: Laurent Bercot <ska@appnovation.com>
2021-11-18	Allow SNI wildcarding for *.example.com	Laurent Bercot
	Signed-off-by: Laurent Bercot <ska@appnovation.com>
2021-11-18	SNI matches are case-insensitive	Laurent Bercot
	Signed-off-by: Laurent Bercot <ska@appnovation.com>
2021-11-09	Fix error path in add_keypair_file for sbearssl SNI policy	Laurent Bercot
	Signed-off-by: Laurent Bercot <ska@appnovation.com>
2021-11-09	Fix error message in sbearssl server init	Laurent Bercot
	Signed-off-by: Laurent Bercot <ska@appnovation.com>
2021-11-08	No need for twice the workaround ^^'	Laurent Bercot
	Signed-off-by: Laurent Bercot <ska@appnovation.com>
2021-10-19	Workaround for a bearssl bug in do_sign	Laurent Bercot
	Credit to Erico Nogueira for reporting and helping find the bug. Signed-off-by: Laurent Bercot <ska@appnovation.com>
2021-10-18	Fix error case in readbigpem	Laurent Bercot
	Signed-off-by: Laurent Bercot <ska@appnovation.com>
2021-09-24	Fix sbearssl send_environment protocol	Laurent Bercot
	Signed-off-by: Laurent Bercot <ska@appnovation.com>
2021-09-24	Log client decision on s6-ucspitls[cd] -v2	Laurent Bercot
	Signed-off-by: Laurent Bercot <ska@appnovation.com>
2021-08-10	Adapt to skalibs-2.11.0.0	Laurent Bercot
	Signed-off-by: Laurent Bercot <ska@appnovation.com>
2021-07-23	Prepare for 2.5.0.0; remove minidentd	Laurent Bercot
	Signed-off-by: Laurent Bercot <ska@appnovation.com>
2021-06-03	Cosmetics	Laurent Bercot

2021-06-03	Inline functions	Laurent Bercot

2021-06-03	Don't hardcode ecdsa signature implementation in sni_policy	Laurent Bercot

2021-06-02	Work around incredible libtls stupidity	Laurent Bercot

2021-06-02	Correctly clean up the environment for -z	Laurent Bercot

2021-06-02	Debug session. Now works.	Laurent Bercot
	The environment given to the application still needs to be cleaned up of SNI variables.
2021-06-01	Merge branch 'dev'	Laurent Bercot
	This add full client certificate support, as well as tentative SNI functionality
2021-06-01	Add servername to storagedev	Laurent Bercot

2021-06-01	Make stuff build	Laurent Bercot
	Still not working: we need to add servername to the storage
2021-06-01	Add all the missing pieces for sni_policy	Laurent Bercot
	sbearssl_server_init_and_run is yet unchanged, the next step is to rewrite it using the new primitives.
2021-05-30	bugfix: -l option in s6-tlsserver takes an arg	Laurent Bercot

2021-05-30	Start work on bearssl server-side sni	Laurent Bercot

2021-05-28	Server-side SNI, libtls version	Laurent Bercot
	Implementation for bearssl coming soon.
2021-05-27	All good, remove debug instructions	Laurent Bercot

2021-05-27	Remove backtraces; add verification impls to server engines	Laurent Bercot

2021-05-27	Add backtrace invocation to debug spurious get_pkey call	Laurent Bercot

2021-05-25	More debug commands	Laurent Bercot

2021-05-22	bugfix: tcpserver should unignore SIGPIPE	Laurent Bercot

2021-05-21	Trivial syscall number optimization	Laurent Bercot

2021-05-20	Debugging iteration	Laurent Bercot

2021-05-20	Add an x509 engine wrapping minimal. NOT FUNCTIONAL, FOR TESTING.	Laurent Bercot

2021-05-18	Prepare for 2.4.2.0; implement client certificates with bearssl	Laurent Bercot
	Also send a bit more environment with libtls
2021-05-08	sbearssl cosmetic fixes	Laurent Bercot

2021-01-28	Remove SSL_TLS_SNI_SERVERNAME (instead of defined but empty) if no SNI	Laurent Bercot

2021-01-28	Prepare for 2.4.1.0; add SSL_TLS_SNI_SERVERNAME	Laurent Bercot

2021-01-18	Tiny code and doc fixes	Laurent Bercot

2021-01-13	Implement handshake timeout for libtls backend	Laurent Bercot

2020-12-09	Get rid of webipc.h	Laurent Bercot

2020-12-07	Change -K semantics: timeout during handshake, not afterwards	Laurent Bercot
	- the TLS tunnel itself should be transparent so it has no business shutting down the connection no matter how long the app takes - there's still an undetectable situation on some kernels where EOF doesn't get transmitted from the network, and the engine is in the handshake, and it can't do anything but wait forever. A timeout is useful here: dawg, your peer is never going to send any more data, you should just give up. - if the situation happens after the handshake, the app should have a timeout and die. The tunnel will follow suit. - libtls has a blocking tls_handshake() blackbox, we cannot give it a timeout. Too bad, use bearssl.
2020-11-30	Fix build with skalibs 2.10.0.0; document dependencies	Laurent Bercot

2020-11-26	Convert to new exec.h syntax	Laurent Bercot