Gitiles
Code Review
Sign In
git01.mediatek.com
/
haproxy
/
28c4b309c6ad69dfb7aa39f6af44491a58d74103
/
src
/
ssl_sock.c
05bf68b
BUG/MEDIUM: ssl: segfault when cipher is NULL
by William Lallemand
· Mon Oct 30 18:08:16 2023 +0100
539bfaa
BUG/MINOR: ssl: suboptimal certificate selection with TLSv1.3 and dual ECDSA/RSA
by William Lallemand
· Tue Oct 24 23:58:02 2023 +0200
1ffc378
BUILD: ssl: buggy -Werror=dangling-pointer since gcc 13.0
by William Lallemand
· Tue May 09 14:15:57 2023 +0200
90f3cd2
BUG/MINOR: ssl_sock: fix possible memory leak on OOM
by Willy Tarreau
· Mon Aug 21 08:45:35 2023 +0200
c5fd15d
BUG/MEDIUM: connection: Preserve flags when a conn is removed from an idle list
by Christopher Faulet
· Thu Mar 16 11:43:05 2023 +0100
c5eaae9
BUG/MINOR: ssl: Use 'date' instead of 'now' in ocsp stapling callback
by Remi Tricot-Le Breton
· Thu Mar 02 15:49:55 2023 +0100
52a61cc
BUG/MEDIUM: ssl: wrong eviction from the session cache tree
by William Lallemand
· Tue Jan 31 14:12:28 2023 +0100
d417c25
BUG/MINOR: ssl: Fix memory leak of find_chain in ssl_sock_load_cert_chain
by Remi Tricot-Le Breton
· Thu Dec 15 15:44:37 2022 +0100
99e4526
BUG/MEDIUM: ssl: Verify error codes can exceed 63
by Remi Tricot-Le Breton
· Thu Nov 10 10:48:58 2022 +0100
2cb86e7
BUG/MINOR: ssl: don't initialize the keylog callback when not required
by William Lallemand
· Fri Nov 18 15:00:15 2022 +0100
1583897
BUG/MINOR: ssl: ocsp structure not freed properly in case of error
by Remi Tricot-Le Breton
· Thu Nov 03 15:16:49 2022 +0100
172da59
BUG/MINOR: ssl: Memory leak of AUTHORITY_KEYID struct when loading issuer
by Remi Tricot-Le Breton
· Thu Nov 03 15:16:48 2022 +0100
64ff81b
BUG/MEDIUM: ssl/fd: unexpected fd close using async engine
by Emeric Brun
· Fri Jul 01 17:36:50 2022 +0200
17d0caa
BUG/MINOR: server/ssl: free the SNI sample expression
by William Lallemand
· Wed Mar 16 17:48:19 2022 +0100
e8a8aa4
BUILD: fix compilation for OpenSSL-3.0.0-alpha17
by William Lallemand
· Wed Jun 02 16:09:11 2021 +0200
f518644
BUG/MEDIUM: server: avoid changing healthcheck ctx with set server ssl
by William Dauchy
· Thu Jan 06 16:57:15 2022 +0100
ec3d2d6
BUG/MEDIUM: ssl: free the ckch instance linked to a server
by William Lallemand
· Thu Dec 30 14:45:19 2021 +0100
9d11868
BUG/MINOR: ssl: free the fields in srv->ssl_ctx
by William Lallemand
· Thu Dec 30 11:25:43 2021 +0100
6338b7d
BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server
by William Lallemand
· Tue Dec 28 18:47:17 2021 +0100
41736ab
BUG/MINOR: ssl: make SSL counters atomic
by Willy Tarreau
· Mon Nov 22 17:46:13 2021 +0100
0f2291b
BUG/MEDIUM: ssl: abort with the correct SSL error when SNI not found
by William Lallemand
· Thu Nov 18 17:46:26 2021 +0100
0faf526
CLEANUP: ssl: fix wrong #else commentary
by William Lallemand
· Thu Nov 18 15:25:16 2021 +0100
c78ac5a
BUG/MEDIUM: ssl: backend TLS resumption with sni and TLSv1.3
by William Lallemand
· Wed Nov 17 02:59:21 2021 +0100
37d6939
BUG/MINOR: ssl: use atomic ops to update global shctx stats
by Willy Tarreau
· Tue Jun 15 16:39:22 2021 +0200
1adb439
BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the future
by Remi Tricot-Le Breton
· Wed Jun 09 17:16:18 2021 +0200
ca5cf0a
BUILD: make tune.ssl.keylog available again
by William Lallemand
· Wed Jun 09 16:46:12 2021 +0200
46697c8
BUG/MINOR: ssl: Missing calloc return value check in ssl_init_single_engine
by Remi Tricot-Le Breton
· Wed May 12 17:45:21 2021 +0200
832e242
DEBUG: ssl: export ssl_sock_close() to see its symbol resolved in profiling
by Willy Tarreau
· Thu May 13 10:11:03 2021 +0200
b205bfd
CLEANUP: cli/tree-wide: properly re-align the CLI commands' help messages
by Willy Tarreau
· Fri May 07 11:38:37 2021 +0200
2b71810
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion
by Willy Tarreau
· Wed Apr 21 07:32:39 2021 +0200
ff88270
MINOR: pool: move pool declarations to read_mostly
by Willy Tarreau
· Sat Apr 10 17:23:00 2021 +0200
4781b15
CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec
by Willy Tarreau
· Tue Apr 06 13:53:36 2021 +0200
1db4273
CLEANUP: atomic: add an explicit _FETCH variant for add/sub/and/or
by Willy Tarreau
· Tue Apr 06 11:44:07 2021 +0200
8218aed
BUG/MINOR: ssl: Fix update of default certificate
by Remi Tricot-Le Breton
· Wed Mar 17 14:56:54 2021 +0100
fb00f31
BUG/MINOR: ssl: Prevent disk access when using "add ssl crt-list"
by Remi Tricot-Le Breton
· Tue Mar 23 16:41:53 2021 +0100
f208ac0
CLEANUP: ssl: use pool_zalloc() in ssl_init_keylog()
by Willy Tarreau
· Mon Mar 22 21:10:12 2021 +0100
b454e90
MINOR: ssl: use pool_alloc(), not pool_alloc_dirty()
by Willy Tarreau
· Mon Mar 22 15:09:41 2021 +0100
bc5ce92
MEDIUM: connections: Implement a start() method in ssl_sock.
by Olivier Houchard
· Fri Mar 05 23:47:00 2021 +0100
1b3c931
MEDIUM: connections: Introduce a new XPRT method, start().
by Olivier Houchard
· Fri Mar 05 23:37:48 2021 +0100
7416314
CLEANUP: task: make sure tasklet handlers always indicate their statuses
by Willy Tarreau
· Sat Mar 13 11:30:19 2021 +0100
4c48edb
BUG/MEDIUM: ssl: properly remove the TASK_HEAVY flag at end of handshake
by Willy Tarreau
· Tue Mar 09 17:58:02 2021 +0100
430bf4a
MINOR: server: allocate a per-thread struct for the per-thread connections stuff
by Willy Tarreau
· Thu Mar 04 09:45:32 2021 +0100
4149168
MEDIUM: ssl: implement xprt_set_used and xprt_set_idle to relax context checks
by Willy Tarreau
· Tue Mar 02 17:29:56 2021 +0100
144f84a
MEDIUM: task: extend the state field to 32 bits
by Willy Tarreau
· Tue Mar 02 16:09:26 2021 +0100
566cebc
BUG/MINOR: ssl: don't truncate the file descriptor to 16 bits in debug mode
by Willy Tarreau
· Tue Mar 02 19:32:39 2021 +0100
3bda3f4
CLEANUP: ssl: use realloc() instead of free()+malloc()
by Willy Tarreau
· Fri Feb 26 21:05:08 2021 +0100
e709e82
CLEANUP: ssl: make ssl_sock_free_srv_ctx() zero the pointers after free
by Willy Tarreau
· Fri Feb 26 21:06:32 2021 +0100
01acf56
CLEANUP: ssl: remove a useless "if" before freeing an error message
by Willy Tarreau
· Fri Feb 26 21:12:15 2021 +0100
61cfdf4
CLEANUP: tree-wide: replace free(x);x=NULL with ha_free(&x)
by Willy Tarreau
· Sat Feb 20 10:46:51 2021 +0100
9205ab3
MINOR: ssl: mark the SSL handshake tasklet as heavy
by Willy Tarreau
· Thu Feb 25 15:31:00 2021 +0100
8990b01
MINOR: connection: allocate dynamically hash node for backend conns
by Amaury Denoyelle
· Fri Feb 19 15:29:16 2021 +0100
f232cb3
MEDIUM: connection: replace idle conn lists by eb trees
by Amaury Denoyelle
· Wed Jan 06 16:14:12 2021 +0100
5c7086f
MEDIUM: connection: protect idle conn lists with locks
by Amaury Denoyelle
· Mon Jan 11 09:21:52 2021 +0100
3ce6eed
MEDIUM: ssl: add a rwlock for SSL server session cache
by William Lallemand
· Mon Feb 08 10:43:44 2021 +0100
7ff7747
BUILD: ssl: guard SSL_CTX_set_msg_callback with SSL_CTRL_SET_MSG_CALLBACK macro
by Ilya Shipitsin
· Mon Feb 08 16:55:06 2021 +0500
f00cdb1
BUILD: ssl: guard SSL_CTX_add_server_custom_ext with special macro
by Ilya Shipitsin
· Sat Feb 06 18:59:22 2021 +0500
7bbf586
BUILD: ssl: fix typo in HAVE_SSL_CTX_ADD_SERVER_CUSTOM_EXT macro
by Ilya Shipitsin
· Sat Feb 06 18:55:27 2021 +0500
a84986a
BUG/MINOR: ssl: do not try to use early data if not configured
by Willy Tarreau
· Wed Feb 03 11:21:38 2021 +0100
0630038
BUG/MEDIUM: ssl: check a connection's status before computing a handshake
by Willy Tarreau
· Tue Feb 02 15:42:25 2021 +0100
b886849
CLEANUP: ssl: remove dead code in ckch_inst_new_load_srv_store()
by William Lallemand
· Wed Jan 27 14:42:40 2021 +0100
db26e2b
CLEANUP: ssl: make load_srv_{ckchs,cert} match their bind counterpart
by William Lallemand
· Tue Jan 26 12:01:46 2021 +0100
795bd9b
CLEANUP: ssl: remove SSL_CTX function parameter
by William Lallemand
· Tue Jan 26 11:27:42 2021 +0100
f3eedfe
MEDIUM: ssl: Enable backend certificate hot update
by Remi Tricot-Le Breton
· Mon Jan 25 17:19:44 2021 +0100
d817dc7
MEDIUM: ssl: Load client certificates in a ckch for backend servers
by Remi Tricot-Le Breton
· Mon Jan 25 17:19:43 2021 +0100
ec805a3
MINOR: ssl: Certificate chain loading refactorization
by Remi Tricot-Le Breton
· Mon Jan 25 17:19:42 2021 +0100
442b7f2
MINOR: ssl: Server ssl context prepare function refactoring
by Remi Tricot-Le Breton
· Mon Jan 25 17:19:41 2021 +0100
1fc44d4
BUILD: ssl: guard Client Hello callbacks with HAVE_SSL_CLIENT_HELLO_CB macro instead of openssl version
by Ilya Shipitsin
· Sat Jan 23 00:09:14 2021 +0500
4bd5d63
MINOR: ssl/show_fd: report some FDs as suspicious when possible
by Willy Tarreau
· Thu Jan 21 08:53:50 2021 +0100
8050efe
MINOR: cli: give the show_fd helpers the ability to report a suspicious entry
by Willy Tarreau
· Thu Jan 21 08:26:06 2021 +0100
691d503
MINOR: xprt/mux: export all *_io_cb functions so that "show fd" resolves them
by Willy Tarreau
· Wed Jan 20 14:55:01 2021 +0100
de5675a
MINOR: ssl: provide a "show fd" helper to report important SSL information
by Willy Tarreau
· Wed Jan 20 14:41:29 2021 +0100
761d64c
BUILD: ssl: guard openssl specific with SSL_READ_EARLY_DATA_SUCCESS
by Ilya Shipitsin
· Thu Jan 07 11:59:58 2021 +0500
ec36c91
BUILD: ssl: guard EVP_PKEY_get_default_digest_nid with ASN1_PKEY_CTRL_DEFAULT_MD_NID
by Ilya Shipitsin
· Thu Jan 07 11:57:42 2021 +0500
1e9a666
CLEANUP: assorted typo fixes in the code and comments
by Ilya Shipitsin
· Tue Jan 05 22:10:46 2021 +0500
b6fc524
MINOR: ssl: make tlskeys_list_get_next() take a list element
by Willy Tarreau
· Tue Jan 05 10:44:30 2021 +0100
cb8b281
CLEANUP: ssl: Remove useless local variable in tlskeys_list_get_next()
by Tim Duesterhus
· Sun Jan 03 01:29:56 2021 +0100
2c7bb33
CLEANUP: ssl: Remove useless loop in tlskeys_list_get_next()
by Tim Duesterhus
· Sun Jan 03 01:29:55 2021 +0100
e5ff141
CLEANUP: Compare the return value of `XXXcmp()` functions with zero
by Tim Duesterhus
· Sat Jan 02 22:31:53 2021 +0100
e9473c7
MINOR: ssl: QUIC transport parameters parsing.
by Frédéric Lécaille
· Mon Nov 23 15:37:11 2020 +0100
ec21652
MINOR: ssl: SSL CTX initialization modifications for QUIC.
by Frédéric Lécaille
· Mon Nov 23 14:33:30 2020 +0100
901ee2f
MINOR: ssl: Export definitions required by QUIC.
by Frédéric Lécaille
· Mon Nov 23 11:19:04 2020 +0100
5aa9241
MINOR: ssl_sock: Initialize BIO and SSL objects outside of ssl_sock_init()
by Frédéric Lécaille
· Mon Nov 09 15:59:23 2020 +0100
967e7e7
MEDIUM: xxhash: use the XXH3 functions to generate 64-bit hashes
by Dragan Dosen
· Tue Dec 22 13:22:34 2020 +0100
af20488
BUILD: ssl: fine guard for SSL_CTX_get0_privatekey call
by Ilya Shipitsin
· Sat Dec 19 03:12:12 2020 +0500
ec60909
BUILD: SSL: fine guard for SSL_CTX_add_server_custom_ext call
by Ilya Shipitsin
· Fri Nov 27 02:39:48 2020 +0500
2ded48d
MINOR: connection: make conn_sock_drain() use the control layer's ->drain()
by Willy Tarreau
· Fri Dec 11 16:20:34 2020 +0100
b7fdfdf
MEDIUM: ssl: fatal error with bundle + openssl < 1.1.1
by William Lallemand
· Fri Dec 04 15:45:02 2020 +0100
f34ed0b
BUILD: SSL: guard TLS13 ciphersuites with HAVE_SSL_CTX_SET_CIPHERSUITES
by Ilya Shipitsin
· Sat Nov 21 14:37:34 2020 +0500
06ce84a
BUG/MEDIUM: ssl: error when no certificate are found
by William Lallemand
· Fri Nov 20 15:36:13 2020 +0100
bdec3ba
BUILD: ssl: use SSL_MODE_ASYNC macro instead of OPENSSL_VERSION
by Ilya Shipitsin
· Sat Nov 14 01:56:34 2020 +0500
f69cd68
BUG/MINOR: ssl: segv on startup when AKID but no keyid
by William Lallemand
· Thu Nov 19 16:24:13 2020 +0100
f637044
MEDIUM: cli/ssl: configure ssl on server at runtime
by William Dauchy
· Sat Nov 14 19:25:33 2020 +0100
034c162
MEDIUM: stats: add counters for failed handshake
by Amaury Denoyelle
· Fri Nov 13 16:05:00 2020 +0100
f70b7db
MINOR: ssl: remove client hello counters
by Amaury Denoyelle
· Fri Nov 13 16:04:59 2020 +0100
fc633b6
CLEANUP: config: Return ERR_NONE from config callbacks instead of 0
by Christopher Faulet
· Fri Nov 06 15:24:23 2020 +0100
4299528
BUILD: ssl: silence build warning on uninitialised counters
by Willy Tarreau
· Fri Nov 06 13:19:18 2020 +0100
d0447a7
MINOR: ssl: add counters for ssl sessions
by Amaury Denoyelle
· Tue Nov 03 17:10:02 2020 +0100
fbc3377
MINOR: ssl: count client hello for stats
by Amaury Denoyelle
· Tue Nov 03 17:10:01 2020 +0100
9963fa7
MINOR: ssl: instantiate stats module
by Amaury Denoyelle
· Tue Nov 03 17:10:00 2020 +0100
6d27a92
BUG/MINOR: ssl: don't report 1024 bits DH param load error when it's higher
by Willy Tarreau
· Thu Nov 05 19:38:05 2020 +0100
Next »