From a027959a7fe49483acf86bd65d4266e3cbc4d0b0 Mon Sep 17 00:00:00 2001 From: Laurent Bercot Date: Thu, 28 Jan 2021 13:17:25 +0000 Subject: Prepare for 2.4.1.0; add SSL_TLS_SNI_SERVERNAME --- INSTALL | 8 ++++---- NEWS | 9 +++++++++ doc/index.html | 10 +++++----- doc/s6-tlsc-io.html | 7 +++++-- doc/s6-tlsc.html | 2 ++ doc/s6-tlsd-io.html | 7 +++++-- doc/s6-tlsd.html | 2 ++ doc/upgrade.html | 19 +++++++++++++++++++ package/info | 2 +- src/sbearssl/sbearssl_send_environment.c | 3 +++ src/stls/stls_send_environment.c | 8 ++++++-- 11 files changed, 61 insertions(+), 16 deletions(-) diff --git a/INSTALL b/INSTALL index 79a531a..07e2917 100644 --- a/INSTALL +++ b/INSTALL @@ -6,10 +6,10 @@ Build Instructions - A POSIX-compliant C development environment - GNU make version 3.81 or later - - skalibs version 2.10.0.0 or later: https://skarnet.org/software/skalibs/ - - Optional (but recommended): execline version 2.7.0.0 or later: https://skarnet.org/software/execline/ - - s6 version 2.10.0.0 or later: https://skarnet.org/software/s6/ - - s6-dns version 2.3.3.0 or later: https://skarnet.org/software/s6-dns/ + - skalibs version 2.10.0.1 or later: https://skarnet.org/software/skalibs/ + - Optional (but recommended): execline version 2.7.0.1 or later: https://skarnet.org/software/execline/ + - s6 version 2.10.0.1 or later: https://skarnet.org/software/s6/ + - s6-dns version 2.3.5.0 or later: https://skarnet.org/software/s6-dns/ - Depending on whether you build the SSL tools, bearssl version 0.6 or later: https://bearssl.org/ or libressl version 3.2.2 or later: https://libressl.org/ diff --git a/NEWS b/NEWS index 83f2c29..e9e34ec 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,14 @@ Changelog for s6-networking. +In 2.4.1.0 +---------- + + - Bugfixes. + - Handshake timeout now also works with the libtls backend. + - The SNI server name is now exported after the handshake in +the SSL_TLS_SNI_SERVERNAME variable. + + In 2.4.0.0 ---------- diff --git a/doc/index.html b/doc/index.html index 904fc85..7d39b4e 100644 --- a/doc/index.html +++ b/doc/index.html @@ -44,15 +44,15 @@ compiled with IPv6 support, s6-networking is IPv6-ready.
  • A POSIX-compliant system with a standard C development environment
  • GNU make, version 3.81 or later
  • skalibs version -2.10.0.0 or later. It's a build-time requirement. It's also a run-time +2.10.0.1 or later. It's a build-time requirement. It's also a run-time requirement if you link against the shared version of the skalibs library.
  • (Optional, but recommended) execline version -2.7.0.0 or later. It's a build-time and run-time requirement.
  • +2.7.0.1 or later. It's a build-time and run-time requirement.
  • s6 version -2.10.0.0 or later. It's a build-time and run-time requirement.
  • +2.10.0.1 or later. It's a build-time and run-time requirement.
  • s6-dns version -2.3.3.0 or later. It's a build-time requirement. It's also a run-time +2.3.5.0 or later. It's a build-time requirement. It's also a run-time requirement if you link against the shared version of the s6-dns libraries.
  • If you want to build the secure communication tools: @@ -80,7 +80,7 @@ run-time requirement if you link against its shared version.
  • diff --git a/doc/s6-tlsd-io.html b/doc/s6-tlsd-io.html index 8f84728..53b1282 100644 --- a/doc/s6-tlsd-io.html +++ b/doc/s6-tlsd-io.html @@ -200,8 +200,11 @@ TLS handshake has completed, some data (terminated by two null characters) will be sent to file descriptor notif. The data contains information about the TLS parameters of the connection; its exact contents are left unspecified, but there's at least -a SSL_PROTOCOL=protocol string -and a SSL_CIPHER=cipher string, both null-terminated. +a SSL_PROTOCOL=protocol string, +a SSL_CIPHER=cipher string, +and a SSL_TLS_SNI_SERVERNAME=servername string + all null-terminated. (servername is the empty string if +no SNI has been required.) Sending this data serves a dual purpose: telling the notif reader that the handshake has completed, and providing it with some basic information about the connection. If this option is not given, diff --git a/doc/s6-tlsd.html b/doc/s6-tlsd.html index 579c63c..83b70c1 100644 --- a/doc/s6-tlsd.html +++ b/doc/s6-tlsd.html @@ -104,6 +104,8 @@ environment variables: TLSv1, TLSv1.1, TLSv1.2...
  • SSL_CIPHER contains the name of the cipher used.
  • +
  • SSL_TLS_SNI_SERVERNAME contains the required SNI +server name, if any, or is empty otherwise.
  • More similar environment variables containing information about the connection may be added in the future.
  • diff --git a/doc/upgrade.html b/doc/upgrade.html index 4df1cb7..c285749 100644 --- a/doc/upgrade.html +++ b/doc/upgrade.html @@ -18,6 +18,25 @@

    What has changed in s6-networking

    +

    in 2.4.1.0

    + + +

    in 2.4.0.0