- 3ce6eed MEDIUM: ssl: add a rwlock for SSL server session cache by William Lallemand · Mon Feb 08 10:43:44 2021 +0100
- 7ff7747 BUILD: ssl: guard SSL_CTX_set_msg_callback with SSL_CTRL_SET_MSG_CALLBACK macro by Ilya Shipitsin · Mon Feb 08 16:55:06 2021 +0500
- f00cdb1 BUILD: ssl: guard SSL_CTX_add_server_custom_ext with special macro by Ilya Shipitsin · Sat Feb 06 18:59:22 2021 +0500
- 7bbf586 BUILD: ssl: fix typo in HAVE_SSL_CTX_ADD_SERVER_CUSTOM_EXT macro by Ilya Shipitsin · Sat Feb 06 18:55:27 2021 +0500
- a84986a BUG/MINOR: ssl: do not try to use early data if not configured by Willy Tarreau · Wed Feb 03 11:21:38 2021 +0100
- 0630038 BUG/MEDIUM: ssl: check a connection's status before computing a handshake by Willy Tarreau · Tue Feb 02 15:42:25 2021 +0100
- b886849 CLEANUP: ssl: remove dead code in ckch_inst_new_load_srv_store() by William Lallemand · Wed Jan 27 14:42:40 2021 +0100
- db26e2b CLEANUP: ssl: make load_srv_{ckchs,cert} match their bind counterpart by William Lallemand · Tue Jan 26 12:01:46 2021 +0100
- 795bd9b CLEANUP: ssl: remove SSL_CTX function parameter by William Lallemand · Tue Jan 26 11:27:42 2021 +0100
- f3eedfe MEDIUM: ssl: Enable backend certificate hot update by Remi Tricot-Le Breton · Mon Jan 25 17:19:44 2021 +0100
- d817dc7 MEDIUM: ssl: Load client certificates in a ckch for backend servers by Remi Tricot-Le Breton · Mon Jan 25 17:19:43 2021 +0100
- ec805a3 MINOR: ssl: Certificate chain loading refactorization by Remi Tricot-Le Breton · Mon Jan 25 17:19:42 2021 +0100
- 442b7f2 MINOR: ssl: Server ssl context prepare function refactoring by Remi Tricot-Le Breton · Mon Jan 25 17:19:41 2021 +0100
- 1fc44d4 BUILD: ssl: guard Client Hello callbacks with HAVE_SSL_CLIENT_HELLO_CB macro instead of openssl version by Ilya Shipitsin · Sat Jan 23 00:09:14 2021 +0500
- 4bd5d63 MINOR: ssl/show_fd: report some FDs as suspicious when possible by Willy Tarreau · Thu Jan 21 08:53:50 2021 +0100
- 8050efe MINOR: cli: give the show_fd helpers the ability to report a suspicious entry by Willy Tarreau · Thu Jan 21 08:26:06 2021 +0100
- 691d503 MINOR: xprt/mux: export all *_io_cb functions so that "show fd" resolves them by Willy Tarreau · Wed Jan 20 14:55:01 2021 +0100
- de5675a MINOR: ssl: provide a "show fd" helper to report important SSL information by Willy Tarreau · Wed Jan 20 14:41:29 2021 +0100
- 761d64c BUILD: ssl: guard openssl specific with SSL_READ_EARLY_DATA_SUCCESS by Ilya Shipitsin · Thu Jan 07 11:59:58 2021 +0500
- ec36c91 BUILD: ssl: guard EVP_PKEY_get_default_digest_nid with ASN1_PKEY_CTRL_DEFAULT_MD_NID by Ilya Shipitsin · Thu Jan 07 11:57:42 2021 +0500
- 1e9a666 CLEANUP: assorted typo fixes in the code and comments by Ilya Shipitsin · Tue Jan 05 22:10:46 2021 +0500
- b6fc524 MINOR: ssl: make tlskeys_list_get_next() take a list element by Willy Tarreau · Tue Jan 05 10:44:30 2021 +0100
- cb8b281 CLEANUP: ssl: Remove useless local variable in tlskeys_list_get_next() by Tim Duesterhus · Sun Jan 03 01:29:56 2021 +0100
- 2c7bb33 CLEANUP: ssl: Remove useless loop in tlskeys_list_get_next() by Tim Duesterhus · Sun Jan 03 01:29:55 2021 +0100
- e5ff141 CLEANUP: Compare the return value of `XXXcmp()` functions with zero by Tim Duesterhus · Sat Jan 02 22:31:53 2021 +0100
- e9473c7 MINOR: ssl: QUIC transport parameters parsing. by Frédéric Lécaille · Mon Nov 23 15:37:11 2020 +0100
- ec21652 MINOR: ssl: SSL CTX initialization modifications for QUIC. by Frédéric Lécaille · Mon Nov 23 14:33:30 2020 +0100
- 901ee2f MINOR: ssl: Export definitions required by QUIC. by Frédéric Lécaille · Mon Nov 23 11:19:04 2020 +0100
- 5aa9241 MINOR: ssl_sock: Initialize BIO and SSL objects outside of ssl_sock_init() by Frédéric Lécaille · Mon Nov 09 15:59:23 2020 +0100
- 967e7e7 MEDIUM: xxhash: use the XXH3 functions to generate 64-bit hashes by Dragan Dosen · Tue Dec 22 13:22:34 2020 +0100
- af20488 BUILD: ssl: fine guard for SSL_CTX_get0_privatekey call by Ilya Shipitsin · Sat Dec 19 03:12:12 2020 +0500
- ec60909 BUILD: SSL: fine guard for SSL_CTX_add_server_custom_ext call by Ilya Shipitsin · Fri Nov 27 02:39:48 2020 +0500
- 2ded48d MINOR: connection: make conn_sock_drain() use the control layer's ->drain() by Willy Tarreau · Fri Dec 11 16:20:34 2020 +0100
- b7fdfdf MEDIUM: ssl: fatal error with bundle + openssl < 1.1.1 by William Lallemand · Fri Dec 04 15:45:02 2020 +0100
- f34ed0b BUILD: SSL: guard TLS13 ciphersuites with HAVE_SSL_CTX_SET_CIPHERSUITES by Ilya Shipitsin · Sat Nov 21 14:37:34 2020 +0500
- 06ce84a BUG/MEDIUM: ssl: error when no certificate are found by William Lallemand · Fri Nov 20 15:36:13 2020 +0100
- bdec3ba BUILD: ssl: use SSL_MODE_ASYNC macro instead of OPENSSL_VERSION by Ilya Shipitsin · Sat Nov 14 01:56:34 2020 +0500
- f69cd68 BUG/MINOR: ssl: segv on startup when AKID but no keyid by William Lallemand · Thu Nov 19 16:24:13 2020 +0100
- f637044 MEDIUM: cli/ssl: configure ssl on server at runtime by William Dauchy · Sat Nov 14 19:25:33 2020 +0100
- 034c162 MEDIUM: stats: add counters for failed handshake by Amaury Denoyelle · Fri Nov 13 16:05:00 2020 +0100
- f70b7db MINOR: ssl: remove client hello counters by Amaury Denoyelle · Fri Nov 13 16:04:59 2020 +0100
- fc633b6 CLEANUP: config: Return ERR_NONE from config callbacks instead of 0 by Christopher Faulet · Fri Nov 06 15:24:23 2020 +0100
- 4299528 BUILD: ssl: silence build warning on uninitialised counters by Willy Tarreau · Fri Nov 06 13:19:18 2020 +0100
- d0447a7 MINOR: ssl: add counters for ssl sessions by Amaury Denoyelle · Tue Nov 03 17:10:02 2020 +0100
- fbc3377 MINOR: ssl: count client hello for stats by Amaury Denoyelle · Tue Nov 03 17:10:01 2020 +0100
- 9963fa7 MINOR: ssl: instantiate stats module by Amaury Denoyelle · Tue Nov 03 17:10:00 2020 +0100
- 6d27a92 BUG/MINOR: ssl: don't report 1024 bits DH param load error when it's higher by Willy Tarreau · Thu Nov 05 19:38:05 2020 +0100
- 0aa8c29 BUILD: ssl: use feature macros for detecting ec curves manipulation support by Ilya Shipitsin · Wed Nov 04 00:39:07 2020 +0500
- 04a5a44 BUILD: ssl: use HAVE_OPENSSL_KEYLOG instead of OpenSSL versions by Ilya Shipitsin · Tue Nov 03 14:15:38 2020 +0500
- b9b84a4 BUILD: ssl: more elegant OpenSSL early data support check by Ilya Shipitsin · Sat Oct 24 23:42:30 2020 +0500
- a73a222 BUG/MEDIUM: ssl: OCSP must work with BoringSSL by Emmanuel Hocdet · Mon Oct 26 13:55:30 2020 +0100
- 8e8581e MINOR: ssl: 'ssl-load-extra-del-ext' removes the certificate extension by William Lallemand · Tue Oct 20 17:36:46 2020 +0200
- b3201a3 BUG/MINOR: disable dynamic OCSP load with BoringSSL by Ilya Shipitsin · Sun Oct 18 09:11:50 2020 +0500
- 58feb49 CLEANUP: ssl: Release cached SSL sessions on deinit by Christopher Faulet · Wed Oct 07 13:20:23 2020 +0200
- 70bf06e BUILD: fix build with openssl < 1.0.2 since bundle removal by William Lallemand · Wed Sep 16 18:08:14 2020 +0200
- e7eb1fe CLEANUP: ssl: remove utility functions for bundle by William Lallemand · Wed Sep 16 16:17:51 2020 +0200
- bd8e6ed CLEANUP: ssl: remove test on "multi" variable in ckch functions by William Lallemand · Wed Sep 16 16:08:08 2020 +0200
- dfa93be MEDIUM: ssl: emulate multi-cert bundles loading in standard loading by William Lallemand · Wed Sep 16 14:48:52 2020 +0200
- a459826 BUG/MEDIUM: ssl: Don't call ssl_sock_io_cb() directly. by Olivier Houchard · Tue Sep 15 22:16:02 2020 +0200
- 2d6fd0a BUG/MINOR: ssl: verifyhost is case sensitive by William Lallemand · Mon Sep 14 15:20:10 2020 +0200
- e52b6e5 CLEANUP: Do not use a fixed type for 'sizeof' in 'calloc' by Tim Duesterhus · Sat Sep 12 20:26:43 2020 +0200
- 6767245 MEDIUM: fd: replace usages of fd_remove() with fd_stop_both() by Willy Tarreau · Wed Aug 26 11:44:17 2020 +0200
- a78f3f0 BUG/MEDIUM: ssl: fix ssl_bind_conf double free w/ wildcards by William Lallemand · Wed Aug 26 17:34:44 2020 +0200
- adabbfe MINOR: ssl: Support SAN extension for certificate generation by Shimi Gersner · Sun Aug 23 13:58:13 2020 +0300
- 5846c49 MEDIUM: ssl: Support certificate chaining for certificate generation by Shimi Gersner · Sun Aug 23 13:58:12 2020 +0300
- 30f9e09 BUG/MEDIUM: ssl: crt-list negative filters don't work by William Lallemand · Mon Aug 17 14:31:19 2020 +0200
- 5b1d1f6 CLEANUP: ssl: remove poorly readable nested ternary by William Lallemand · Fri Aug 14 15:30:13 2020 +0200
- 94bd319 BUG/MEDIUM: ssl: does not look for all SNIs before chosing a certificate by William Lallemand · Fri Aug 14 14:43:35 2020 +0200
- 935d829 BUG/MEDIUM: ssl: never generates the chain from the verify store by William Lallemand · Wed Aug 12 20:02:10 2020 +0200
- 9a1d839 BUG/MINOR: ssl: ssl-skip-self-issued-ca requires >= 1.0.2 by William Lallemand · Mon Aug 10 17:28:23 2020 +0200
- bf298af BUG/MEDIUM: ssl: fix the ssl-skip-self-issued-ca option by William Lallemand · Mon Aug 10 16:18:45 2020 +0200
- 76b4a12 BUG/MEDIUM: ssl: memory leak of ocsp data at SSL_CTX_free() by William Lallemand · Tue Aug 04 17:41:39 2020 +0200
- 86e4d63 BUG/MINOR: ssl: fix memory leak at OCSP loading by William Lallemand · Fri Aug 07 00:44:32 2020 +0200
- a560c06 BUG/MEDIUM: ssl: check OCSP calloc in ssl_sock_load_ocsp() by William Lallemand · Fri Jul 31 11:43:20 2020 +0200
- a9d7b76 MINOR: connection: use MT_LIST_ADDQ() to add connections to idle lists by Willy Tarreau · Fri Jul 10 08:28:20 2020 +0200
- de4db17 MINOR: lists: rename some MT_LIST operations to clarify them by Willy Tarreau · Fri Jul 10 08:10:29 2020 +0200
- 7d42ef5 WIP/MINOR: ssl: add sample fetches for keylog in frontend by William Lallemand · Mon Jul 06 11:41:30 2020 +0200
- f278eec BUILD: tree-wide: cast arguments to tolower/toupper to unsigned char by Willy Tarreau · Sun Jul 05 21:46:32 2020 +0200
- a74bb7e BUG/MEDIUM: connections: Let the xprt layer know a takeover happened. by Olivier Houchard · Fri Jul 03 14:01:21 2020 +0200
- b240869 MINOR: ssl: move the ckch/crtlist deinit to ssl_sock.c by William Lallemand · Wed Jun 24 09:54:29 2020 +0200
- 7df5c2d BUG/MEDIUM: ssl: fix ssl_bind_conf double free by William Lallemand · Tue Jun 23 11:02:17 2020 +0200
- d0712f3 BUG/MINOR: ssl: fix ssl-{min,max}-ver with openssl < 1.1.0 by William Lallemand · Thu Jun 11 17:34:00 2020 +0200
- b255105 CLEANUP: include: tree-wide alphabetical sort of include files by Willy Tarreau · Tue Jun 09 09:07:15 2020 +0200
- dfd3de8 REORG: include: move stream.h to haproxy/stream{,-t}.h by Willy Tarreau · Thu Jun 04 23:46:14 2020 +0200
- 1e56f92 REORG: include: move server.h to haproxy/server{,-t}.h by Willy Tarreau · Thu Jun 04 23:20:13 2020 +0200
- a264d96 REORG: include: move proxy.h to haproxy/proxy{,-t}.h by Willy Tarreau · Thu Jun 04 22:29:18 2020 +0200
- aeed4a8 REORG: include: move log.h to haproxy/log{,-t}.h by Willy Tarreau · Thu Jun 04 22:01:04 2020 +0200
- c2b1ff0 REORG: include: move http_ana.h to haproxy/http_ana{,-t}.h by Willy Tarreau · Thu Jun 04 21:21:03 2020 +0200
- f1d32c4 REORG: include: move channel.h to haproxy/channel{,-t}.h by Willy Tarreau · Thu Jun 04 21:07:02 2020 +0200
- 5e539c9 REORG: include: move stream_interface.h to haproxy/stream_interface{,-t}.h by Willy Tarreau · Thu Jun 04 20:45:39 2020 +0200
- 209108d REORG: include: move ssl_sock.h to haproxy/ssl_sock{,-t}.h by Willy Tarreau · Thu Jun 04 20:30:20 2020 +0200
- 83487a8 REORG: include: move cli.h to haproxy/cli{,-t}.h by Willy Tarreau · Thu Jun 04 20:19:54 2020 +0200
- 2eec9b5 REORG: include: move stats.h to haproxy/stats{,-t}.h by Willy Tarreau · Thu Jun 04 19:58:55 2020 +0200
- 3f0f82e REORG: move applet.h to haproxy/applet{,-t}.h by Willy Tarreau · Thu Jun 04 19:42:41 2020 +0200
- dcc048a REORG: include: move acl.h to haproxy/acl.h{,-t}.h by Willy Tarreau · Thu Jun 04 19:11:43 2020 +0200
- 7ea393d REORG: include: move connection.h to haproxy/connection{,-t}.h by Willy Tarreau · Thu Jun 04 18:02:10 2020 +0200
- fc77454 REORG: include: move proto_tcp.h to haproxy/proto_tcp.h by Willy Tarreau · Thu Jun 04 17:31:04 2020 +0200
- cea0e1b REORG: include: move task.h to haproxy/task{,-t}.h by Willy Tarreau · Thu Jun 04 17:25:40 2020 +0200
- f268ee8 REORG: include: split global.h into haproxy/global{,-t}.h by Willy Tarreau · Thu Jun 04 17:05:57 2020 +0200
- a171892 REORG: include: move vars.h to haproxy/vars{,-t}.h by Willy Tarreau · Thu Jun 04 16:25:31 2020 +0200