Gitiles
Code Review
Sign In
git01.mediatek.com
/
haproxy
/
3704663e5f9490398bfea46cb458b4ed9f30fd9f
/
src
/
ssl_sock.c
908628c
MEDIUM: tree-wide: Use CS util functions instead of SI ones
by Christopher Faulet
· Fri Mar 25 16:43:49 2022 +0100
e9e4820
MINOR: conn-stream: Move some CS flags to the endpoint
by Christopher Faulet
· Tue Mar 22 18:13:29 2022 +0100
3a0a0d6
BUILD: ssl: add an unchecked version of __conn_get_ssl_sock_ctx()
by Willy Tarreau
· Tue Apr 12 07:31:06 2022 +0200
99ade09
BUILD: ssl: fix build warning with previous changes to ssl_sock_ctx
by Willy Tarreau
· Mon Apr 11 19:47:31 2022 +0200
939b0bf
MEDIUM: ssl: stop using conn->xprt_ctx to access the ssl_sock_ctx
by Willy Tarreau
· Mon Apr 11 11:29:11 2022 +0200
de82795
MEDIUM: ssl: improve retrieval of ssl_sock_ctx and SSL detection
by Willy Tarreau
· Mon Apr 11 10:43:28 2022 +0200
07ecfc5
MEDIUM: connection: panic when calling FD-specific functions on FD-less conns
by Willy Tarreau
· Mon Apr 11 18:07:03 2022 +0200
0e9c264
MINOR: connection: use conn_fd() when displaying connection errors
by Willy Tarreau
· Mon Apr 11 18:01:28 2022 +0200
d7bfbe2
BUILD: ssl: add USE_ENGINE and disable the openssl engine by default
by William Lallemand
· Mon Apr 11 18:41:24 2022 +0200
43c2ce4
BUG/MINOR: server/ssl: free the SNI sample expression
by William Lallemand
· Wed Mar 16 17:48:19 2022 +0100
95a61e8
MINOR: stream: Add pointer to front/back conn-streams into stream struct
by Christopher Faulet
· Wed Dec 22 14:22:03 2021 +0100
86e1c33
MEDIUM: applet: Set the conn-stream as appctx owner instead of the stream-int
by Christopher Faulet
· Mon Dec 20 17:09:39 2021 +0100
13a35e5
MAJOR: conn_stream/stream-int: move the appctx to the conn-stream
by Christopher Faulet
· Mon Dec 20 15:34:16 2021 +0100
1b01b7f
BUG/MINOR: ssl: Missing return value check in ssl_ocsp_response_print
by Remi Tricot-Le Breton
· Wed Feb 16 15:17:09 2022 +0100
8081b67
BUG/MINOR: ssl: Fix leak in "show ssl ocsp-response" CLI command
by Remi Tricot-Le Breton
· Wed Feb 16 15:03:51 2022 +0100
a9a591a
BUG/MINOR: ssl: Add missing return value check in ssl_ocsp_response_print
by Remi Tricot-Le Breton
· Wed Feb 16 14:42:22 2022 +0100
88c5695
MINOR: ssl: Remove calls to SSL_CTX_set_tmp_dh_callback on OpenSSLv3
by Remi Tricot-Le Breton
· Fri Feb 11 12:04:56 2022 +0100
c76c3c4
MEDIUM: ssl: Replace all DH objects by EVP_PKEY on OpenSSLv3 (via HASSL_DH type)
by Remi Tricot-Le Breton
· Fri Feb 11 12:04:55 2022 +0100
55d7e78
MINOR: ssl: Set default dh size to 2048
by Remi Tricot-Le Breton
· Fri Feb 11 12:04:54 2022 +0100
bed7263
MINOR: ssl: Build local DH of right size when needed
by Remi Tricot-Le Breton
· Fri Feb 11 12:04:53 2022 +0100
7f6425a
MINOR: ssl: Add ssl_new_dh_fromdata helper function
by Remi Tricot-Le Breton
· Fri Feb 11 12:04:52 2022 +0100
5f17930
MINOR: ssl: Add ssl_sock_set_tmp_dh_from_pkey helper function
by Remi Tricot-Le Breton
· Fri Feb 11 12:04:51 2022 +0100
846eda9
MINOR: ssl: Add ssl_sock_set_tmp_dh helper function
by Remi Tricot-Le Breton
· Fri Feb 11 12:04:50 2022 +0100
292a88c
MINOR: ssl: Factorize ssl_get_tmp_dh and append a cbk to its name
by Remi Tricot-Le Breton
· Fri Feb 11 12:04:49 2022 +0100
09ebb33
MINOR: ssl: Add ssl_sock_get_dh_from_bio helper function
by Remi Tricot-Le Breton
· Fri Feb 11 12:04:48 2022 +0100
78a36e3
MINOR: ssl: Remove call to ERR_load_SSL_strings with OpenSSLv3
by Remi Tricot-Le Breton
· Fri Feb 11 12:04:45 2022 +0100
1effd9a
MINOR: ssl: Remove call to ERR_func_error_string with OpenSSLv3
by Remi Tricot-Le Breton
· Fri Feb 11 12:04:44 2022 +0100
c9414e2
MINOR: ssl: Remove call to HMAC_Init_ex with OpenSSLv3
by Remi Tricot-Le Breton
· Tue Feb 08 17:45:59 2022 +0100
8ea1f5f
MINOR: ssl: Remove call to SSL_CTX_set_tlsext_ticket_key_cb with OpenSSLv3
by Remi Tricot-Le Breton
· Tue Feb 08 17:45:58 2022 +0100
c11e7e1
MINOR: ssl: Remove EC_KEY related calls when creating a certificate
by Remi Tricot-Le Breton
· Tue Feb 08 17:45:56 2022 +0100
ff4c3c4
MINOR: ssl: Remove EC_KEY related calls when preparing SSL context
by Remi Tricot-Le Breton
· Tue Feb 08 17:45:54 2022 +0100
36f80f6
CLEANUP: ssl: Remove unused ssl_sock_create_cert function
by Remi Tricot-Le Breton
· Tue Feb 08 17:45:52 2022 +0100
2e7d1eb
BUG/MINOR: ssl: Remove empty lines from "show ssl ocsp-response <id>" output
by Remi Tricot-Le Breton
· Tue Jan 11 10:11:10 2022 +0100
cfa2d56
MAJOR: quic: implement accept queue
by Amaury Denoyelle
· Wed Jan 19 16:01:05 2022 +0100
7c564bf
MINOR: ssl: fix build in release mode
by Amaury Denoyelle
· Mon Jan 24 11:04:05 2022 +0100
9320dd5
MEDIUM: quic/ssl: add new ex data for quic_conn
by Amaury Denoyelle
· Wed Jan 19 10:03:30 2022 +0100
a996763
BUG/MINOR: ssl: Store client SNI in SSL context in case of ClientHello error
by Remi Tricot-Le Breton
· Fri Jan 07 17:12:01 2022 +0100
e69563f
BUG/MEDIUM: ssl: free the ckch instance linked to a server
by William Lallemand
· Thu Dec 30 14:45:19 2021 +0100
231610a
BUG/MINOR: ssl: free the fields in srv->ssl_ctx
by William Lallemand
· Thu Dec 30 11:25:43 2021 +0100
2c776f1
BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server
by William Lallemand
· Tue Dec 28 18:47:17 2021 +0100
77bfa66
DEBUG: ssl: make sure we never change a servername on established connections
by Willy Tarreau
· Thu Dec 23 11:12:13 2021 +0100
cc750ef
MINOR: ssl: Remove empty lines from "show ssl ocsp-response" output
by Remi Tricot-Le Breton
· Fri Dec 17 18:53:23 2021 +0100
1761fdf
MINOR: ssl_sock: Set the QUIC application from ssl_sock_advertise_alpn_protos.
by Frédéric Lécaille
· Tue Dec 14 19:40:04 2021 +0100
b5b5247
MINOR: quic: Immediately close if no transport parameters extension found
by Frédéric Lécaille
· Mon Nov 22 15:55:16 2021 +0100
067a82b
MINOR: quic: Set "no_application_protocol" alert
by Frédéric Lécaille
· Fri Nov 19 17:02:20 2021 +0100
c5e7cf9
BUG/MINOR: ssl: make SSL counters atomic
by Willy Tarreau
· Mon Nov 22 17:46:13 2021 +0100
a956d15
MINOR: quic: Support transport parameters draft TLS extension
by Frédéric Lécaille
· Wed Nov 10 09:24:22 2021 +0100
7980dff
BUG/MEDIUM: ssl: abort with the correct SSL error when SNI not found
by William Lallemand
· Thu Nov 18 17:46:26 2021 +0100
e18d4e8
BUG/MEDIUM: ssl: backend TLS resumption with sni and TLSv1.3
by William Lallemand
· Wed Nov 17 02:59:21 2021 +0100
002e206
CLEANUP: ssl: fix wrong #else commentary
by William Lallemand
· Thu Nov 18 15:25:16 2021 +0100
71e588c
MEDIUM: quic: inspect ALPN to install app_ops
by Amaury Denoyelle
· Fri Nov 12 11:23:29 2021 +0100
82531f6
REORG: ssl-sock: move the sslconns/totalsslconns counters to global
by Willy Tarreau
· Wed Oct 06 12:15:18 2021 +0200
a8a72c6
CLEANUP: ssl/server: move ssl_sock_set_srv() to srv_set_ssl() in server.c
by Willy Tarreau
· Wed Oct 06 11:48:34 2021 +0200
1057bee
REORG: ssl: move ssl_sock_is_ssl() to connection.h and rename it
by Willy Tarreau
· Wed Oct 06 11:38:44 2021 +0200
9543d5a
MINOR: ssl: Store the last SSL error code in case of read or write failure
by Remi Tricot-Le Breton
· Wed Sep 29 18:56:53 2021 +0200
1fe0fad
MINOR: ssl: Rename ssl_bc_hsk_err to ssl_bc_err
by Remi Tricot-Le Breton
· Wed Sep 29 18:56:52 2021 +0200
61944f7
MINOR: ssl: Set connection error code in case of SSL read or write fatal failure
by Remi Tricot-Le Breton
· Wed Sep 29 18:56:51 2021 +0200
0faf807
MINOR: quic: Update the streams transport parameters.
by Frédéric Lécaille
· Thu Mar 18 15:05:18 2021 +0100
d5fc8fc
CLEANUP: Add haproxy/xxhash.h to avoid modifying import/xxhash.h
by Tim Duesterhus
· Sat Sep 11 17:51:13 2021 +0200
310a260
MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size
by Marcin Deranek
· Tue Jul 13 19:04:24 2021 +0200
769fd2e
MEDIUM: ssl: Capture more info from Client Hello
by Marcin Deranek
· Mon Jul 12 14:16:55 2021 +0200
f95c295
BUILD/MINOR: ssl: Fix compilation with OpenSSL 1.0.2
by Remi Tricot-Le Breton
· Fri Aug 20 09:51:23 2021 +0200
74f6ab6
MEDIUM: ssl: Keep a reference to the client's certificate for use in logs
by Remi Tricot-Le Breton
· Thu Aug 19 18:06:30 2021 +0200
7c6898e
MINOR: ssl: Add new ssl_fc_hsk_err sample fetch
by Remi Tricot-Le Breton
· Thu Jul 29 09:45:51 2021 +0200
2bf5d41
MINOR: ssl: use __objt_* variant when retrieving counters
by Amaury Denoyelle
· Mon Jul 26 09:59:06 2021 +0200
36aa451
MINOR: ssl: render file-access optional on server crt loading
by Amaury Denoyelle
· Fri May 21 16:22:11 2021 +0200
c593bcd
MINOR: ssl: always initialize random generator
by Amaury Denoyelle
· Wed May 19 15:35:29 2021 +0200
9135859
CLEANUP: global: remove the nbproc field from the global structure
by Willy Tarreau
· Tue Jun 15 08:08:04 2021 +0200
4c19e99
BUG/MINOR: ssl: use atomic ops to update global shctx stats
by Willy Tarreau
· Tue Jun 15 16:39:22 2021 +0200
6916493
MINOR: ssl: Use OpenSSL's ASN1_TIME convertor when available
by Remi Tricot-Le Breton
· Fri Jun 11 10:28:09 2021 +0200
3faf0cb
BUILD: ssl: Fix compilation with BoringSSL
by Remi Tricot-Le Breton
· Thu Jun 10 18:10:32 2021 +0200
d92fd11
MINOR: ssl: Add new "show ssl ocsp-response" CLI command
by Remi Tricot-Le Breton
· Thu Jun 10 13:51:13 2021 +0200
5aa1dce
MINOR: ssl: Keep the actual key length in the certificate_ocsp structure
by Remi Tricot-Le Breton
· Thu Jun 10 13:51:12 2021 +0200
a3a0cce
BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the future
by Remi Tricot-Le Breton
· Wed Jun 09 17:16:18 2021 +0200
722180a
BUILD: make tune.ssl.keylog available again
by William Lallemand
· Wed Jun 09 16:46:12 2021 +0200
e74cbc3
REORG: config: use parsing ctx for server config check
by Amaury Denoyelle
· Fri May 28 10:34:01 2021 +0200
1112430
MINOR: errors: specify prefix "config" for parsing output
by Amaury Denoyelle
· Fri Jun 04 18:22:08 2021 +0200
f22b032
BUILD: fix compilation for OpenSSL-3.0.0-alpha17
by William Lallemand
· Wed Jun 02 16:09:11 2021 +0200
612b2c3
BUG/MINOR: ssl: Missing calloc return value check in ssl_init_single_engine
by Remi Tricot-Le Breton
· Wed May 12 17:45:21 2021 +0200
d75b99e
BUILD/MINOR: ssl: Fix compilation with SSL enabled
by Remi Tricot-Le Breton
· Mon May 17 11:45:55 2021 +0200
40ddea8
MINOR: ssl: Add reference to default ckch instance in bind_conf
by Remi Tricot-Le Breton
· Tue Apr 13 16:07:29 2021 +0200
4458b97
MEDIUM: ssl: Chain ckch instances in ca-file entries
by Remi Tricot-Le Breton
· Fri Feb 19 17:41:55 2021 +0100
af8820a
CLEANUP: ssl: Move ssl_store related code to ssl_ckch.c
by Remi Tricot-Le Breton
· Tue Apr 13 10:10:37 2021 +0200
832e242
DEBUG: ssl: export ssl_sock_close() to see its symbol resolved in profiling
by Willy Tarreau
· Thu May 13 10:11:03 2021 +0200
b205bfd
CLEANUP: cli/tree-wide: properly re-align the CLI commands' help messages
by Willy Tarreau
· Fri May 07 11:38:37 2021 +0200
2b71810
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion
by Willy Tarreau
· Wed Apr 21 07:32:39 2021 +0200
ff88270
MINOR: pool: move pool declarations to read_mostly
by Willy Tarreau
· Sat Apr 10 17:23:00 2021 +0200
4781b15
CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec
by Willy Tarreau
· Tue Apr 06 13:53:36 2021 +0200
1db4273
CLEANUP: atomic: add an explicit _FETCH variant for add/sub/and/or
by Willy Tarreau
· Tue Apr 06 11:44:07 2021 +0200
8218aed
BUG/MINOR: ssl: Fix update of default certificate
by Remi Tricot-Le Breton
· Wed Mar 17 14:56:54 2021 +0100
fb00f31
BUG/MINOR: ssl: Prevent disk access when using "add ssl crt-list"
by Remi Tricot-Le Breton
· Tue Mar 23 16:41:53 2021 +0100
f208ac0
CLEANUP: ssl: use pool_zalloc() in ssl_init_keylog()
by Willy Tarreau
· Mon Mar 22 21:10:12 2021 +0100
b454e90
MINOR: ssl: use pool_alloc(), not pool_alloc_dirty()
by Willy Tarreau
· Mon Mar 22 15:09:41 2021 +0100
bc5ce92
MEDIUM: connections: Implement a start() method in ssl_sock.
by Olivier Houchard
· Fri Mar 05 23:47:00 2021 +0100
1b3c931
MEDIUM: connections: Introduce a new XPRT method, start().
by Olivier Houchard
· Fri Mar 05 23:37:48 2021 +0100
7416314
CLEANUP: task: make sure tasklet handlers always indicate their statuses
by Willy Tarreau
· Sat Mar 13 11:30:19 2021 +0100
4c48edb
BUG/MEDIUM: ssl: properly remove the TASK_HEAVY flag at end of handshake
by Willy Tarreau
· Tue Mar 09 17:58:02 2021 +0100
430bf4a
MINOR: server: allocate a per-thread struct for the per-thread connections stuff
by Willy Tarreau
· Thu Mar 04 09:45:32 2021 +0100
4149168
MEDIUM: ssl: implement xprt_set_used and xprt_set_idle to relax context checks
by Willy Tarreau
· Tue Mar 02 17:29:56 2021 +0100
144f84a
MEDIUM: task: extend the state field to 32 bits
by Willy Tarreau
· Tue Mar 02 16:09:26 2021 +0100
Next »