1. 908628c MEDIUM: tree-wide: Use CS util functions instead of SI ones by Christopher Faulet · Fri Mar 25 16:43:49 2022 +0100
  2. e9e4820 MINOR: conn-stream: Move some CS flags to the endpoint by Christopher Faulet · Tue Mar 22 18:13:29 2022 +0100
  3. 3a0a0d6 BUILD: ssl: add an unchecked version of __conn_get_ssl_sock_ctx() by Willy Tarreau · Tue Apr 12 07:31:06 2022 +0200
  4. 99ade09 BUILD: ssl: fix build warning with previous changes to ssl_sock_ctx by Willy Tarreau · Mon Apr 11 19:47:31 2022 +0200
  5. 939b0bf MEDIUM: ssl: stop using conn->xprt_ctx to access the ssl_sock_ctx by Willy Tarreau · Mon Apr 11 11:29:11 2022 +0200
  6. de82795 MEDIUM: ssl: improve retrieval of ssl_sock_ctx and SSL detection by Willy Tarreau · Mon Apr 11 10:43:28 2022 +0200
  7. 07ecfc5 MEDIUM: connection: panic when calling FD-specific functions on FD-less conns by Willy Tarreau · Mon Apr 11 18:07:03 2022 +0200
  8. 0e9c264 MINOR: connection: use conn_fd() when displaying connection errors by Willy Tarreau · Mon Apr 11 18:01:28 2022 +0200
  9. d7bfbe2 BUILD: ssl: add USE_ENGINE and disable the openssl engine by default by William Lallemand · Mon Apr 11 18:41:24 2022 +0200
  10. 43c2ce4 BUG/MINOR: server/ssl: free the SNI sample expression by William Lallemand · Wed Mar 16 17:48:19 2022 +0100
  11. 95a61e8 MINOR: stream: Add pointer to front/back conn-streams into stream struct by Christopher Faulet · Wed Dec 22 14:22:03 2021 +0100
  12. 86e1c33 MEDIUM: applet: Set the conn-stream as appctx owner instead of the stream-int by Christopher Faulet · Mon Dec 20 17:09:39 2021 +0100
  13. 13a35e5 MAJOR: conn_stream/stream-int: move the appctx to the conn-stream by Christopher Faulet · Mon Dec 20 15:34:16 2021 +0100
  14. 1b01b7f BUG/MINOR: ssl: Missing return value check in ssl_ocsp_response_print by Remi Tricot-Le Breton · Wed Feb 16 15:17:09 2022 +0100
  15. 8081b67 BUG/MINOR: ssl: Fix leak in "show ssl ocsp-response" CLI command by Remi Tricot-Le Breton · Wed Feb 16 15:03:51 2022 +0100
  16. a9a591a BUG/MINOR: ssl: Add missing return value check in ssl_ocsp_response_print by Remi Tricot-Le Breton · Wed Feb 16 14:42:22 2022 +0100
  17. 88c5695 MINOR: ssl: Remove calls to SSL_CTX_set_tmp_dh_callback on OpenSSLv3 by Remi Tricot-Le Breton · Fri Feb 11 12:04:56 2022 +0100
  18. c76c3c4 MEDIUM: ssl: Replace all DH objects by EVP_PKEY on OpenSSLv3 (via HASSL_DH type) by Remi Tricot-Le Breton · Fri Feb 11 12:04:55 2022 +0100
  19. 55d7e78 MINOR: ssl: Set default dh size to 2048 by Remi Tricot-Le Breton · Fri Feb 11 12:04:54 2022 +0100
  20. bed7263 MINOR: ssl: Build local DH of right size when needed by Remi Tricot-Le Breton · Fri Feb 11 12:04:53 2022 +0100
  21. 7f6425a MINOR: ssl: Add ssl_new_dh_fromdata helper function by Remi Tricot-Le Breton · Fri Feb 11 12:04:52 2022 +0100
  22. 5f17930 MINOR: ssl: Add ssl_sock_set_tmp_dh_from_pkey helper function by Remi Tricot-Le Breton · Fri Feb 11 12:04:51 2022 +0100
  23. 846eda9 MINOR: ssl: Add ssl_sock_set_tmp_dh helper function by Remi Tricot-Le Breton · Fri Feb 11 12:04:50 2022 +0100
  24. 292a88c MINOR: ssl: Factorize ssl_get_tmp_dh and append a cbk to its name by Remi Tricot-Le Breton · Fri Feb 11 12:04:49 2022 +0100
  25. 09ebb33 MINOR: ssl: Add ssl_sock_get_dh_from_bio helper function by Remi Tricot-Le Breton · Fri Feb 11 12:04:48 2022 +0100
  26. 78a36e3 MINOR: ssl: Remove call to ERR_load_SSL_strings with OpenSSLv3 by Remi Tricot-Le Breton · Fri Feb 11 12:04:45 2022 +0100
  27. 1effd9a MINOR: ssl: Remove call to ERR_func_error_string with OpenSSLv3 by Remi Tricot-Le Breton · Fri Feb 11 12:04:44 2022 +0100
  28. c9414e2 MINOR: ssl: Remove call to HMAC_Init_ex with OpenSSLv3 by Remi Tricot-Le Breton · Tue Feb 08 17:45:59 2022 +0100
  29. 8ea1f5f MINOR: ssl: Remove call to SSL_CTX_set_tlsext_ticket_key_cb with OpenSSLv3 by Remi Tricot-Le Breton · Tue Feb 08 17:45:58 2022 +0100
  30. c11e7e1 MINOR: ssl: Remove EC_KEY related calls when creating a certificate by Remi Tricot-Le Breton · Tue Feb 08 17:45:56 2022 +0100
  31. ff4c3c4 MINOR: ssl: Remove EC_KEY related calls when preparing SSL context by Remi Tricot-Le Breton · Tue Feb 08 17:45:54 2022 +0100
  32. 36f80f6 CLEANUP: ssl: Remove unused ssl_sock_create_cert function by Remi Tricot-Le Breton · Tue Feb 08 17:45:52 2022 +0100
  33. 2e7d1eb BUG/MINOR: ssl: Remove empty lines from "show ssl ocsp-response <id>" output by Remi Tricot-Le Breton · Tue Jan 11 10:11:10 2022 +0100
  34. cfa2d56 MAJOR: quic: implement accept queue by Amaury Denoyelle · Wed Jan 19 16:01:05 2022 +0100
  35. 7c564bf MINOR: ssl: fix build in release mode by Amaury Denoyelle · Mon Jan 24 11:04:05 2022 +0100
  36. 9320dd5 MEDIUM: quic/ssl: add new ex data for quic_conn by Amaury Denoyelle · Wed Jan 19 10:03:30 2022 +0100
  37. a996763 BUG/MINOR: ssl: Store client SNI in SSL context in case of ClientHello error by Remi Tricot-Le Breton · Fri Jan 07 17:12:01 2022 +0100
  38. e69563f BUG/MEDIUM: ssl: free the ckch instance linked to a server by William Lallemand · Thu Dec 30 14:45:19 2021 +0100
  39. 231610a BUG/MINOR: ssl: free the fields in srv->ssl_ctx by William Lallemand · Thu Dec 30 11:25:43 2021 +0100
  40. 2c776f1 BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server by William Lallemand · Tue Dec 28 18:47:17 2021 +0100
  41. 77bfa66 DEBUG: ssl: make sure we never change a servername on established connections by Willy Tarreau · Thu Dec 23 11:12:13 2021 +0100
  42. cc750ef MINOR: ssl: Remove empty lines from "show ssl ocsp-response" output by Remi Tricot-Le Breton · Fri Dec 17 18:53:23 2021 +0100
  43. 1761fdf MINOR: ssl_sock: Set the QUIC application from ssl_sock_advertise_alpn_protos. by Frédéric Lécaille · Tue Dec 14 19:40:04 2021 +0100
  44. b5b5247 MINOR: quic: Immediately close if no transport parameters extension found by Frédéric Lécaille · Mon Nov 22 15:55:16 2021 +0100
  45. 067a82b MINOR: quic: Set "no_application_protocol" alert by Frédéric Lécaille · Fri Nov 19 17:02:20 2021 +0100
  46. c5e7cf9 BUG/MINOR: ssl: make SSL counters atomic by Willy Tarreau · Mon Nov 22 17:46:13 2021 +0100
  47. a956d15 MINOR: quic: Support transport parameters draft TLS extension by Frédéric Lécaille · Wed Nov 10 09:24:22 2021 +0100
  48. 7980dff BUG/MEDIUM: ssl: abort with the correct SSL error when SNI not found by William Lallemand · Thu Nov 18 17:46:26 2021 +0100
  49. e18d4e8 BUG/MEDIUM: ssl: backend TLS resumption with sni and TLSv1.3 by William Lallemand · Wed Nov 17 02:59:21 2021 +0100
  50. 002e206 CLEANUP: ssl: fix wrong #else commentary by William Lallemand · Thu Nov 18 15:25:16 2021 +0100
  51. 71e588c MEDIUM: quic: inspect ALPN to install app_ops by Amaury Denoyelle · Fri Nov 12 11:23:29 2021 +0100
  52. 82531f6 REORG: ssl-sock: move the sslconns/totalsslconns counters to global by Willy Tarreau · Wed Oct 06 12:15:18 2021 +0200
  53. a8a72c6 CLEANUP: ssl/server: move ssl_sock_set_srv() to srv_set_ssl() in server.c by Willy Tarreau · Wed Oct 06 11:48:34 2021 +0200
  54. 1057bee REORG: ssl: move ssl_sock_is_ssl() to connection.h and rename it by Willy Tarreau · Wed Oct 06 11:38:44 2021 +0200
  55. 9543d5a MINOR: ssl: Store the last SSL error code in case of read or write failure by Remi Tricot-Le Breton · Wed Sep 29 18:56:53 2021 +0200
  56. 1fe0fad MINOR: ssl: Rename ssl_bc_hsk_err to ssl_bc_err by Remi Tricot-Le Breton · Wed Sep 29 18:56:52 2021 +0200
  57. 61944f7 MINOR: ssl: Set connection error code in case of SSL read or write fatal failure by Remi Tricot-Le Breton · Wed Sep 29 18:56:51 2021 +0200
  58. 0faf807 MINOR: quic: Update the streams transport parameters. by Frédéric Lécaille · Thu Mar 18 15:05:18 2021 +0100
  59. d5fc8fc CLEANUP: Add haproxy/xxhash.h to avoid modifying import/xxhash.h by Tim Duesterhus · Sat Sep 11 17:51:13 2021 +0200
  60. 310a260 MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size by Marcin Deranek · Tue Jul 13 19:04:24 2021 +0200
  61. 769fd2e MEDIUM: ssl: Capture more info from Client Hello by Marcin Deranek · Mon Jul 12 14:16:55 2021 +0200
  62. f95c295 BUILD/MINOR: ssl: Fix compilation with OpenSSL 1.0.2 by Remi Tricot-Le Breton · Fri Aug 20 09:51:23 2021 +0200
  63. 74f6ab6 MEDIUM: ssl: Keep a reference to the client's certificate for use in logs by Remi Tricot-Le Breton · Thu Aug 19 18:06:30 2021 +0200
  64. 7c6898e MINOR: ssl: Add new ssl_fc_hsk_err sample fetch by Remi Tricot-Le Breton · Thu Jul 29 09:45:51 2021 +0200
  65. 2bf5d41 MINOR: ssl: use __objt_* variant when retrieving counters by Amaury Denoyelle · Mon Jul 26 09:59:06 2021 +0200
  66. 36aa451 MINOR: ssl: render file-access optional on server crt loading by Amaury Denoyelle · Fri May 21 16:22:11 2021 +0200
  67. c593bcd MINOR: ssl: always initialize random generator by Amaury Denoyelle · Wed May 19 15:35:29 2021 +0200
  68. 9135859 CLEANUP: global: remove the nbproc field from the global structure by Willy Tarreau · Tue Jun 15 08:08:04 2021 +0200
  69. 4c19e99 BUG/MINOR: ssl: use atomic ops to update global shctx stats by Willy Tarreau · Tue Jun 15 16:39:22 2021 +0200
  70. 6916493 MINOR: ssl: Use OpenSSL's ASN1_TIME convertor when available by Remi Tricot-Le Breton · Fri Jun 11 10:28:09 2021 +0200
  71. 3faf0cb BUILD: ssl: Fix compilation with BoringSSL by Remi Tricot-Le Breton · Thu Jun 10 18:10:32 2021 +0200
  72. d92fd11 MINOR: ssl: Add new "show ssl ocsp-response" CLI command by Remi Tricot-Le Breton · Thu Jun 10 13:51:13 2021 +0200
  73. 5aa1dce MINOR: ssl: Keep the actual key length in the certificate_ocsp structure by Remi Tricot-Le Breton · Thu Jun 10 13:51:12 2021 +0200
  74. a3a0cce BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the future by Remi Tricot-Le Breton · Wed Jun 09 17:16:18 2021 +0200
  75. 722180a BUILD: make tune.ssl.keylog available again by William Lallemand · Wed Jun 09 16:46:12 2021 +0200
  76. e74cbc3 REORG: config: use parsing ctx for server config check by Amaury Denoyelle · Fri May 28 10:34:01 2021 +0200
  77. 1112430 MINOR: errors: specify prefix "config" for parsing output by Amaury Denoyelle · Fri Jun 04 18:22:08 2021 +0200
  78. f22b032 BUILD: fix compilation for OpenSSL-3.0.0-alpha17 by William Lallemand · Wed Jun 02 16:09:11 2021 +0200
  79. 612b2c3 BUG/MINOR: ssl: Missing calloc return value check in ssl_init_single_engine by Remi Tricot-Le Breton · Wed May 12 17:45:21 2021 +0200
  80. d75b99e BUILD/MINOR: ssl: Fix compilation with SSL enabled by Remi Tricot-Le Breton · Mon May 17 11:45:55 2021 +0200
  81. 40ddea8 MINOR: ssl: Add reference to default ckch instance in bind_conf by Remi Tricot-Le Breton · Tue Apr 13 16:07:29 2021 +0200
  82. 4458b97 MEDIUM: ssl: Chain ckch instances in ca-file entries by Remi Tricot-Le Breton · Fri Feb 19 17:41:55 2021 +0100
  83. af8820a CLEANUP: ssl: Move ssl_store related code to ssl_ckch.c by Remi Tricot-Le Breton · Tue Apr 13 10:10:37 2021 +0200
  84. 832e242 DEBUG: ssl: export ssl_sock_close() to see its symbol resolved in profiling by Willy Tarreau · Thu May 13 10:11:03 2021 +0200
  85. b205bfd CLEANUP: cli/tree-wide: properly re-align the CLI commands' help messages by Willy Tarreau · Fri May 07 11:38:37 2021 +0200
  86. 2b71810 CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion by Willy Tarreau · Wed Apr 21 07:32:39 2021 +0200
  87. ff88270 MINOR: pool: move pool declarations to read_mostly by Willy Tarreau · Sat Apr 10 17:23:00 2021 +0200
  88. 4781b15 CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec by Willy Tarreau · Tue Apr 06 13:53:36 2021 +0200
  89. 1db4273 CLEANUP: atomic: add an explicit _FETCH variant for add/sub/and/or by Willy Tarreau · Tue Apr 06 11:44:07 2021 +0200
  90. 8218aed BUG/MINOR: ssl: Fix update of default certificate by Remi Tricot-Le Breton · Wed Mar 17 14:56:54 2021 +0100
  91. fb00f31 BUG/MINOR: ssl: Prevent disk access when using "add ssl crt-list" by Remi Tricot-Le Breton · Tue Mar 23 16:41:53 2021 +0100
  92. f208ac0 CLEANUP: ssl: use pool_zalloc() in ssl_init_keylog() by Willy Tarreau · Mon Mar 22 21:10:12 2021 +0100
  93. b454e90 MINOR: ssl: use pool_alloc(), not pool_alloc_dirty() by Willy Tarreau · Mon Mar 22 15:09:41 2021 +0100
  94. bc5ce92 MEDIUM: connections: Implement a start() method in ssl_sock. by Olivier Houchard · Fri Mar 05 23:47:00 2021 +0100
  95. 1b3c931 MEDIUM: connections: Introduce a new XPRT method, start(). by Olivier Houchard · Fri Mar 05 23:37:48 2021 +0100
  96. 7416314 CLEANUP: task: make sure tasklet handlers always indicate their statuses by Willy Tarreau · Sat Mar 13 11:30:19 2021 +0100
  97. 4c48edb BUG/MEDIUM: ssl: properly remove the TASK_HEAVY flag at end of handshake by Willy Tarreau · Tue Mar 09 17:58:02 2021 +0100
  98. 430bf4a MINOR: server: allocate a per-thread struct for the per-thread connections stuff by Willy Tarreau · Thu Mar 04 09:45:32 2021 +0100
  99. 4149168 MEDIUM: ssl: implement xprt_set_used and xprt_set_idle to relax context checks by Willy Tarreau · Tue Mar 02 17:29:56 2021 +0100
  100. 144f84a MEDIUM: task: extend the state field to 32 bits by Willy Tarreau · Tue Mar 02 16:09:26 2021 +0100