Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 1125d05abf424a65b8bedd8437d6a987e2843ea4 / src / ssl_sock.c
  1. 8b8d18f BUG/MINOR: ssl: Detect more 'ocsp-update' incompatibilities by Remi Tricot-Le Breton · Mon Mar 25 16:50:24 2024 +0100
  2. 60289bf BUG/MAJOR: ssl/ocsp: crash with ocsp when old process exit or using ocsp CLI by William Lallemand · Mon Feb 26 17:53:02 2024 +0100
  3. ad488ae BUG/MINOR: ssl: Reenable ocsp auto-update after an "add ssl crt-list" by Remi Tricot-Le Breton · Wed Feb 07 16:38:45 2024 +0100
  4. f5a90c4 BUG/MEDIUM: ocsp: Separate refcount per instance and per store by Remi Tricot-Le Breton · Wed Feb 07 16:38:43 2024 +0100
  5. 5e7e42d BUG/MINOR: ssl: Fix error message after ssl_sock_load_ocsp call by Remi Tricot-Le Breton · Thu Feb 01 11:58:14 2024 +0100
  6. a0b31bd BUG/MAJOR: ssl_sock: Always clear retry flags in read/write functions by Olivier Houchard · Sat Jan 27 22:58:29 2024 +0100
  7. 5e28c3a BUG/MINOR: quic: Missing call to TLS message callbacks by Frédéric Lécaille · Thu Dec 21 16:11:35 2023 +0100
  8. 57359b9 BUG/MINOR: ssl: Double free of OCSP Certificate ID by Frédéric Lécaille · Tue Dec 05 14:50:40 2023 +0100
  9. 40ff02b BUG/MEDIUM: ssl: segfault when cipher is NULL by William Lallemand · Mon Oct 30 18:08:16 2023 +0100
  10. 3f1e6f0 BUG/MINOR: ssl: suboptimal certificate selection with TLSv1.3 and dual ECDSA/RSA by William Lallemand · Tue Oct 24 23:58:02 2023 +0200
  11. ca1cedf BUG/MINOR: ssl: use a thread-safe sslconns increment by Amaury Denoyelle · Wed Oct 25 15:38:04 2023 +0200
  12. 36e1e8c MINOR: quic: Call the keylog callback for QUIC openssl wrapper from SSL_CTX_keylog() by Frédéric Lécaille · Wed Jun 07 11:25:35 2023 +0200
  13. 23937b7 MINOR: quic: Initialize TLS contexts for QUIC openssl wrapper by Frédéric Lécaille · Wed Jun 07 11:19:51 2023 +0200
  14. 94d7f8a BUG/MINOR: ssl_sock: fix possible memory leak on OOM by Willy Tarreau · Mon Aug 21 08:45:35 2023 +0200
  15. 5feb35d BUG/MINOR: ssl: OCSP callback only registered for first SSL_CTX by Remi Tricot-Le Breton · Fri Jul 21 17:21:15 2023 +0200
  16. 15c3d20 BUG/MINOR: ssl_sock: add check for ha_meth by eaglegai · Fri May 26 16:42:47 2023 +0800
  17. 930afdf BUILD: ssl: buggy -Werror=dangling-pointer since gcc 13.0 by William Lallemand · Tue May 09 14:15:57 2023 +0200
  18. b6ae2aa MINOR: ssl: allow to change the signature algorithm for client authentication by William Lallemand · Fri May 05 00:05:46 2023 +0200
  19. 1d3c822 MINOR: ssl: allow to change the server signature algorithm by William Lallemand · Thu May 04 15:33:55 2023 +0200
  20. 64a77e3 MINOR: ssl: disable CRL checks with WolfSSL when no CRL file by William Lallemand · Tue May 02 18:26:46 2023 +0200
  21. a2a0955 MINOR: ssl: do not set ALPN callback with the empty string by Willy Tarreau · Wed Apr 19 09:05:49 2023 +0200
  22. a21ca74 MINOR: ssl: remove OpenSSL 1.0.2 mention into certificate loading error by William Lallemand · Mon Apr 17 14:32:25 2023 +0200
  23. 2ca0158 CLEANUP: use "offsetof" where appropriate by Ilya Shipitsin · Sat Apr 15 23:39:43 2023 +0200
  24. 6d4c0c2 CLEANUP: ocsp: do no use strpcy() to copy a path! by Willy Tarreau · Fri Apr 07 17:49:37 2023 +0200
  25. 07be66d CLEANUP: assorted typo fixes in the code and comments by Ilya Shipitsin · Sat Apr 01 12:26:42 2023 +0200
  26. b39c24b BUG/MINOR: ssl: Stop leaking `err` in ssl_sock_load_ocsp() by Tim Duesterhus · Sun Mar 19 16:07:47 2023 +0100
  27. ac78c4f MINOR: ssl-sock: pass the CO_SFL_MSG_MORE info down the stack by Willy Tarreau · Fri Mar 17 16:13:05 2023 +0100
  28. 3a7b539 BUG/MEDIUM: connection: Preserve flags when a conn is removed from an idle list by Christopher Faulet · Thu Mar 16 11:43:05 2023 +0100
  29. f19c639 DEBUG: ssl-sock/show_fd: Display SSL error code by Christopher Faulet · Tue Mar 14 15:51:33 2023 +0100
  30. a6c0a59 MINOR: ssl: Use ocsp update task for "update ssl ocsp-response" command by Remi Tricot-Le Breton · Mon Mar 13 15:56:32 2023 +0100
  31. 86d1e0b BUG/MINOR: ssl: Fix ocsp-update when using "add ssl crt-list" by Remi Tricot-Le Breton · Thu Mar 02 15:49:53 2023 +0100
  32. 5843237 MINOR: ssl: Add global options to modify ocsp update min/max delay by Remi Tricot-Le Breton · Tue Feb 28 17:46:29 2023 +0100
  33. 0c96ee4 MINOR: ssl: Add certificate's path to certificate_ocsp structure by Remi Tricot-Le Breton · Wed Mar 01 16:11:50 2023 +0100
  34. af25a69 MEDIUM: quic: Remove qc_conn_finalize() from the ClientHello TLS callbacks by Frédéric Lécaille · Wed Feb 01 17:56:57 2023 +0100
  35. 222e5a2 BUG/MEDIUM: ssl: wrong eviction from the session cache tree by William Lallemand · Tue Jan 31 14:12:28 2023 +0100
  36. 6e1bbc4 REORG: channel: Rename CF_READ_NULL to CF_READ_EVENT by Christopher Faulet · Mon Dec 12 08:08:15 2022 +0100
  37. 648c83e MINOR: ssl: Limit ocsp_uri buffer size to minimum by Remi Tricot-Le Breton · Mon Jan 09 12:02:48 2023 +0100
  38. 2d1daa8 BUG/MINOR: ssl: Fix OCSP_CERTID leak when same certificate is used multiple times by Remi Tricot-Le Breton · Mon Jan 09 12:02:47 2023 +0100
  39. 112b16a MINOR: ssl: Only set ocsp->issuer if issuer not in cert chain by Remi Tricot-Le Breton · Mon Jan 09 12:02:44 2023 +0100
  40. c8d814e MINOR: ssl: Move OCSP code to a dedicated source file by Remi Tricot-Le Breton · Tue Dec 20 11:11:17 2022 +0100
  41. aff8277 MEDIUM: ssl: Start update task if at least one ocsp-update option is set to on by Remi Tricot-Le Breton · Tue Dec 20 11:11:14 2022 +0100
  42. 6477bbd MEDIUM: ssl: Add ocsp update task main function by Remi Tricot-Le Breton · Tue Dec 20 11:11:13 2022 +0100
  43. b55be8c MEDIUM: ssl: Insert ocsp responses in update tree when needed by Remi Tricot-Le Breton · Tue Dec 20 11:11:12 2022 +0100
  44. bdd3c79 MINOR: ssl: Add ocsp_update_tree and helper functions by Remi Tricot-Le Breton · Tue Dec 20 11:11:09 2022 +0100
  45. cc34667 MEDIUM: ssl: Add ocsp_certid in ckch structure and discard ocsp buffer early by Remi Tricot-Le Breton · Tue Dec 20 11:11:08 2022 +0100
  46. eeaa29b MINOR: ssl: Add "update ssl ocsp-response" cli command by Remi Tricot-Le Breton · Tue Dec 20 11:11:07 2022 +0100
  47. c0b4058 MINOR: ssl: Add helper function that checks the validity of an OCSP response by Remi Tricot-Le Breton · Tue Dec 20 11:11:06 2022 +0100
  48. e09d2ae MINOR: ssl: Add OCSP request helper function by Remi Tricot-Le Breton · Tue Dec 20 11:11:05 2022 +0100
  49. 47a4f12 MINOR: ssl: Add helper function that extracts an OCSP URI from a certificate by Remi Tricot-Le Breton · Tue Dec 20 11:11:04 2022 +0100
  50. 2b96364 MINOR: ssl: Add a lock to the OCSP response tree by Remi Tricot-Le Breton · Tue Dec 20 11:11:02 2022 +0100
  51. 4cf0d3f BUG/MINOR: ssl: Fix memory leak of find_chain in ssl_sock_load_cert_chain by Remi Tricot-Le Breton · Thu Dec 15 15:44:37 2022 +0100
  52. e3d5f9a MINOR: ssl: Remove unnecessary alloc'ed trash chunk in show ocsp-response by Remi Tricot-Le Breton · Thu Dec 15 15:44:36 2022 +0100
  53. 9334843 MINOR: ssl: Remove unneeded buffer allocation in show ocsp-response by Remi Tricot-Le Breton · Thu Dec 15 15:44:35 2022 +0100
  54. 04007cb CLEANUP: ssl: remove check on srv->proxy by William Lallemand · Wed Dec 14 10:34:36 2022 +0100
  55. 0adafb3 BUG/MINOR: startup: don't use internal proxies to compute the maxconn by William Lallemand · Tue Dec 13 18:17:44 2022 +0100
  56. 52ddd99 MEDIUM: ssl: rename the struct "cert_key_and_chain" to "ckch_data" by William Lallemand · Tue Nov 22 11:51:53 2022 +0100
  57. 3cbf09e MEDIUM: ssl: add minimal WolfSSL support with OpenSSL compatibility mode by Uriah Pollock · Wed Nov 23 16:41:25 2022 +0100
  58. 881cce9 BUILD: ssl-sock: Silent error about NULL deref in ssl_sock_bind_verifycbk() by Christopher Faulet · Wed Nov 23 09:27:13 2022 +0100
  59. b60a77b BUG/MINOR: ssl: don't initialize the keylog callback when not required by William Lallemand · Fri Nov 18 15:00:15 2022 +0100
  60. 45fed2c MINOR: ssl: ssl_sock_load_cert_chain() display error strings by William Lallemand · Tue Nov 15 16:56:03 2022 +0100
  61. a551f4f BUILD: ssl: use __fallthrough in cli_io_handler_tlskeys_files() by Willy Tarreau · Mon Nov 14 07:34:43 2022 +0100
  62. 4639689 BUG/MINOR: ssl: bind_conf is uncorrectly accessed when using QUIC by William Lallemand · Thu Nov 10 16:45:24 2022 +0100
  63. 9b25982 BUG/MEDIUM: ssl: Verify error codes can exceed 63 by Remi Tricot-Le Breton · Thu Nov 10 10:48:58 2022 +0100
  64. aa529f7 BUG/MINOR: ssl: ocsp structure not freed properly in case of error by Remi Tricot-Le Breton · Thu Nov 03 15:16:49 2022 +0100
  65. 1621dc1 BUG/MINOR: ssl: Memory leak of AUTHORITY_KEYID struct when loading issuer by Remi Tricot-Le Breton · Thu Nov 03 15:16:48 2022 +0100
  66. a2c21db BUG/MINOR: ssl: Memory leak of DH BIGNUM fields by Remi Tricot-Le Breton · Thu Nov 03 15:16:47 2022 +0100
  67. 5de4951 MINOR: ssl: dump the SSL string error when SSL_CTX_use_PrivateKey() failed. by William Lallemand · Thu Oct 27 14:41:07 2022 +0200
  68. ba303de BUILD: ssl_sock: fix null dereference for QUIC build by Amaury Denoyelle · Mon Oct 17 18:46:49 2022 +0200
  69. 48e46f9 BUILD: ssl_sock: bind_conf uninitialized in ssl_sock_bind_verifycbk() by Frédéric Lécaille · Fri Oct 14 09:34:00 2022 +0200
  70. 92fa63f CLEANUP: quic: create a dedicated quic_conn module by Amaury Denoyelle · Fri Sep 30 18:11:13 2022 +0200
  71. 8522348 BUG/MAJOR: conn-idle: fix hash indexing issues on idle conns by Willy Tarreau · Thu Sep 29 20:32:43 2022 +0200
  72. a94bedc CLEANUP: quic,ssl: fix tiny typos in C comments by cui fliter · Mon Aug 29 14:42:57 2022 +0800
  73. 70a6e63 MINOR: quic: add QUIC support when no client_hello_cb by William Lallemand · Wed Sep 07 11:21:34 2022 +0200
  74. 4b7938d BUILD: ssl: fix the ifdef mess in ssl_sock_initial_ctx by William Lallemand · Wed Sep 07 10:54:17 2022 +0200
  75. 844009d BUILD: ssl: fix ssl_sock_switchtx_cbk when no client_hello_cb by William Lallemand · Fri Sep 02 15:27:32 2022 +0200
  76. 2be0ac5 BUG/MINOR: quic: Possible crash when verifying certificates by Frédéric Lécaille · Tue Sep 06 19:37:08 2022 +0200
  77. 6aec1f3 BUG/MINOR: quic: Possible crash with "tls-ticket-keys" on QUIC bind lines by Frédéric Lécaille · Tue Sep 06 17:04:55 2022 +0200
  78. 52f2ff5 BUG/MEDIUM: fix DH length when EC key is used by Ilya Shipitsin · Sat Jul 23 23:55:19 2022 +0500
  79. 27a3245 MEDIUM: fd: make fd_insert() take local thread masks by Willy Tarreau · Thu Jul 07 08:29:00 2022 +0200
  80. 9464bb1 MEDIUM: fd: add the tgid to the fd and pass it to fd_insert() by Willy Tarreau · Tue Jul 05 05:16:13 2022 +0200
  81. 7d392a5 BUG/MEDIUM: ssl/fd: unexpected fd close using async engine by Emeric Brun · Fri Jul 01 17:36:50 2022 +0200
  82. b8dec4a CLEANUP: pool/tree-wide: remove suffix "_pool" from certain pool names by Willy Tarreau · Thu Jun 23 11:02:08 2022 +0200
  83. 301425b MEDIUM: quic: Compatible version negotiation implementation (draft-08) by Frédéric Lécaille · Tue Jun 14 17:40:39 2022 +0200
  84. 748ece6 MINOR: quic: QUIC transport parameters split. by Frédéric Lécaille · Sat May 21 23:58:40 2022 +0200
  85. b52d4d2 CLEANUP: sslsock: remove only occurrence of local variable "cs" by Willy Tarreau · Fri May 27 10:44:39 2022 +0200
  86. cb086c6 REORG: stconn: rename conn_stream.{c,h} to stconn.{c,h} by Willy Tarreau · Fri May 27 09:47:12 2022 +0200
  87. 5edca2f REORG: rename cs_utils.h to sc_strm.h by Willy Tarreau · Fri May 27 09:25:10 2022 +0200
  88. d0a06d5 CLEANUP: applet: use applet_put*() everywhere possible by Willy Tarreau · Wed May 18 15:07:19 2022 +0200
  89. 7cb9e6c CLEANUP: stream: rename "csf" and "csb" to "scf" and "scb" by Willy Tarreau · Tue May 17 19:40:40 2022 +0200
  90. 4596fe2 CLEANUP: conn_stream: tree-wide rename to stconn (stream connector) by Willy Tarreau · Tue May 17 19:07:51 2022 +0200
  91. b605c42 CLEANUP: conn_stream: rename the stream endpoint flags CS_EP_* to SE_FL_* by Willy Tarreau · Tue May 17 17:04:55 2022 +0200
  92. 0cfcc40 CLEANUP: conn_stream: apply cs_endp_flags.cocci tree-wide by Willy Tarreau · Tue May 17 16:10:17 2022 +0200
  93. 1ea6e6a CLEANUP: listener: replace bind_conf->generate_cers with BC_O_GENERATE_CERTS by Willy Tarreau · Fri May 20 16:03:18 2022 +0200
  94. 11ba404 CLEANUP: listener: replace all uses of bind_conf->is_ssl with BC_O_USE_SSL by Willy Tarreau · Fri May 20 15:56:32 2022 +0200
  95. 1746a38 MINOR: ssl: Add 'ssl-provider' global option by Remi Tricot-Le Breton · Mon May 16 16:24:33 2022 +0200
  96. 0698c80 CLEANUP: applet: remove the unneeded appctx->owner by Willy Tarreau · Wed May 11 14:09:57 2022 +0200
  97. 170b35b CLEANUP: ssl/cli: make "show ssl ocsp-response" not use cli.p0 anymore by Willy Tarreau · Thu May 05 09:09:15 2022 +0200
  98. 9c5a38c CLEANUP: ssl/cli: make "show tlskeys" not use appctx->st2 anymore by Willy Tarreau · Thu May 05 09:03:44 2022 +0200
  99. bd33864 CLEANUP: ssl/cli: add a new "dump_entries" field to "show_keys_ref" by Willy Tarreau · Thu May 05 08:59:17 2022 +0200
  100. a938052 CLEANUP: ssl/cli: stop using ctx.cli.i0/i1/p0 for "show tls-keys" by Willy Tarreau · Thu May 05 08:50:17 2022 +0200