Gitiles
Code Review
Sign In
git01.mediatek.com
/
haproxy
/
4377dbd756efa1645106b0e53d3ddaba9a6f0702
/
src
/
ssl_sock.c
86d1e0b
BUG/MINOR: ssl: Fix ocsp-update when using "add ssl crt-list"
by Remi Tricot-Le Breton
· Thu Mar 02 15:49:53 2023 +0100
5843237
MINOR: ssl: Add global options to modify ocsp update min/max delay
by Remi Tricot-Le Breton
· Tue Feb 28 17:46:29 2023 +0100
0c96ee4
MINOR: ssl: Add certificate's path to certificate_ocsp structure
by Remi Tricot-Le Breton
· Wed Mar 01 16:11:50 2023 +0100
af25a69
MEDIUM: quic: Remove qc_conn_finalize() from the ClientHello TLS callbacks
by Frédéric Lécaille
· Wed Feb 01 17:56:57 2023 +0100
222e5a2
BUG/MEDIUM: ssl: wrong eviction from the session cache tree
by William Lallemand
· Tue Jan 31 14:12:28 2023 +0100
6e1bbc4
REORG: channel: Rename CF_READ_NULL to CF_READ_EVENT
by Christopher Faulet
· Mon Dec 12 08:08:15 2022 +0100
648c83e
MINOR: ssl: Limit ocsp_uri buffer size to minimum
by Remi Tricot-Le Breton
· Mon Jan 09 12:02:48 2023 +0100
2d1daa8
BUG/MINOR: ssl: Fix OCSP_CERTID leak when same certificate is used multiple times
by Remi Tricot-Le Breton
· Mon Jan 09 12:02:47 2023 +0100
112b16a
MINOR: ssl: Only set ocsp->issuer if issuer not in cert chain
by Remi Tricot-Le Breton
· Mon Jan 09 12:02:44 2023 +0100
c8d814e
MINOR: ssl: Move OCSP code to a dedicated source file
by Remi Tricot-Le Breton
· Tue Dec 20 11:11:17 2022 +0100
aff8277
MEDIUM: ssl: Start update task if at least one ocsp-update option is set to on
by Remi Tricot-Le Breton
· Tue Dec 20 11:11:14 2022 +0100
6477bbd
MEDIUM: ssl: Add ocsp update task main function
by Remi Tricot-Le Breton
· Tue Dec 20 11:11:13 2022 +0100
b55be8c
MEDIUM: ssl: Insert ocsp responses in update tree when needed
by Remi Tricot-Le Breton
· Tue Dec 20 11:11:12 2022 +0100
bdd3c79
MINOR: ssl: Add ocsp_update_tree and helper functions
by Remi Tricot-Le Breton
· Tue Dec 20 11:11:09 2022 +0100
cc34667
MEDIUM: ssl: Add ocsp_certid in ckch structure and discard ocsp buffer early
by Remi Tricot-Le Breton
· Tue Dec 20 11:11:08 2022 +0100
eeaa29b
MINOR: ssl: Add "update ssl ocsp-response" cli command
by Remi Tricot-Le Breton
· Tue Dec 20 11:11:07 2022 +0100
c0b4058
MINOR: ssl: Add helper function that checks the validity of an OCSP response
by Remi Tricot-Le Breton
· Tue Dec 20 11:11:06 2022 +0100
e09d2ae
MINOR: ssl: Add OCSP request helper function
by Remi Tricot-Le Breton
· Tue Dec 20 11:11:05 2022 +0100
47a4f12
MINOR: ssl: Add helper function that extracts an OCSP URI from a certificate
by Remi Tricot-Le Breton
· Tue Dec 20 11:11:04 2022 +0100
2b96364
MINOR: ssl: Add a lock to the OCSP response tree
by Remi Tricot-Le Breton
· Tue Dec 20 11:11:02 2022 +0100
4cf0d3f
BUG/MINOR: ssl: Fix memory leak of find_chain in ssl_sock_load_cert_chain
by Remi Tricot-Le Breton
· Thu Dec 15 15:44:37 2022 +0100
e3d5f9a
MINOR: ssl: Remove unnecessary alloc'ed trash chunk in show ocsp-response
by Remi Tricot-Le Breton
· Thu Dec 15 15:44:36 2022 +0100
9334843
MINOR: ssl: Remove unneeded buffer allocation in show ocsp-response
by Remi Tricot-Le Breton
· Thu Dec 15 15:44:35 2022 +0100
04007cb
CLEANUP: ssl: remove check on srv->proxy
by William Lallemand
· Wed Dec 14 10:34:36 2022 +0100
0adafb3
BUG/MINOR: startup: don't use internal proxies to compute the maxconn
by William Lallemand
· Tue Dec 13 18:17:44 2022 +0100
52ddd99
MEDIUM: ssl: rename the struct "cert_key_and_chain" to "ckch_data"
by William Lallemand
· Tue Nov 22 11:51:53 2022 +0100
3cbf09e
MEDIUM: ssl: add minimal WolfSSL support with OpenSSL compatibility mode
by Uriah Pollock
· Wed Nov 23 16:41:25 2022 +0100
881cce9
BUILD: ssl-sock: Silent error about NULL deref in ssl_sock_bind_verifycbk()
by Christopher Faulet
· Wed Nov 23 09:27:13 2022 +0100
b60a77b
BUG/MINOR: ssl: don't initialize the keylog callback when not required
by William Lallemand
· Fri Nov 18 15:00:15 2022 +0100
45fed2c
MINOR: ssl: ssl_sock_load_cert_chain() display error strings
by William Lallemand
· Tue Nov 15 16:56:03 2022 +0100
a551f4f
BUILD: ssl: use __fallthrough in cli_io_handler_tlskeys_files()
by Willy Tarreau
· Mon Nov 14 07:34:43 2022 +0100
4639689
BUG/MINOR: ssl: bind_conf is uncorrectly accessed when using QUIC
by William Lallemand
· Thu Nov 10 16:45:24 2022 +0100
9b25982
BUG/MEDIUM: ssl: Verify error codes can exceed 63
by Remi Tricot-Le Breton
· Thu Nov 10 10:48:58 2022 +0100
aa529f7
BUG/MINOR: ssl: ocsp structure not freed properly in case of error
by Remi Tricot-Le Breton
· Thu Nov 03 15:16:49 2022 +0100
1621dc1
BUG/MINOR: ssl: Memory leak of AUTHORITY_KEYID struct when loading issuer
by Remi Tricot-Le Breton
· Thu Nov 03 15:16:48 2022 +0100
a2c21db
BUG/MINOR: ssl: Memory leak of DH BIGNUM fields
by Remi Tricot-Le Breton
· Thu Nov 03 15:16:47 2022 +0100
5de4951
MINOR: ssl: dump the SSL string error when SSL_CTX_use_PrivateKey() failed.
by William Lallemand
· Thu Oct 27 14:41:07 2022 +0200
ba303de
BUILD: ssl_sock: fix null dereference for QUIC build
by Amaury Denoyelle
· Mon Oct 17 18:46:49 2022 +0200
48e46f9
BUILD: ssl_sock: bind_conf uninitialized in ssl_sock_bind_verifycbk()
by Frédéric Lécaille
· Fri Oct 14 09:34:00 2022 +0200
92fa63f
CLEANUP: quic: create a dedicated quic_conn module
by Amaury Denoyelle
· Fri Sep 30 18:11:13 2022 +0200
8522348
BUG/MAJOR: conn-idle: fix hash indexing issues on idle conns
by Willy Tarreau
· Thu Sep 29 20:32:43 2022 +0200
a94bedc
CLEANUP: quic,ssl: fix tiny typos in C comments
by cui fliter
· Mon Aug 29 14:42:57 2022 +0800
70a6e63
MINOR: quic: add QUIC support when no client_hello_cb
by William Lallemand
· Wed Sep 07 11:21:34 2022 +0200
4b7938d
BUILD: ssl: fix the ifdef mess in ssl_sock_initial_ctx
by William Lallemand
· Wed Sep 07 10:54:17 2022 +0200
844009d
BUILD: ssl: fix ssl_sock_switchtx_cbk when no client_hello_cb
by William Lallemand
· Fri Sep 02 15:27:32 2022 +0200
2be0ac5
BUG/MINOR: quic: Possible crash when verifying certificates
by Frédéric Lécaille
· Tue Sep 06 19:37:08 2022 +0200
6aec1f3
BUG/MINOR: quic: Possible crash with "tls-ticket-keys" on QUIC bind lines
by Frédéric Lécaille
· Tue Sep 06 17:04:55 2022 +0200
52f2ff5
BUG/MEDIUM: fix DH length when EC key is used
by Ilya Shipitsin
· Sat Jul 23 23:55:19 2022 +0500
27a3245
MEDIUM: fd: make fd_insert() take local thread masks
by Willy Tarreau
· Thu Jul 07 08:29:00 2022 +0200
9464bb1
MEDIUM: fd: add the tgid to the fd and pass it to fd_insert()
by Willy Tarreau
· Tue Jul 05 05:16:13 2022 +0200
7d392a5
BUG/MEDIUM: ssl/fd: unexpected fd close using async engine
by Emeric Brun
· Fri Jul 01 17:36:50 2022 +0200
b8dec4a
CLEANUP: pool/tree-wide: remove suffix "_pool" from certain pool names
by Willy Tarreau
· Thu Jun 23 11:02:08 2022 +0200
301425b
MEDIUM: quic: Compatible version negotiation implementation (draft-08)
by Frédéric Lécaille
· Tue Jun 14 17:40:39 2022 +0200
748ece6
MINOR: quic: QUIC transport parameters split.
by Frédéric Lécaille
· Sat May 21 23:58:40 2022 +0200
b52d4d2
CLEANUP: sslsock: remove only occurrence of local variable "cs"
by Willy Tarreau
· Fri May 27 10:44:39 2022 +0200
cb086c6
REORG: stconn: rename conn_stream.{c,h} to stconn.{c,h}
by Willy Tarreau
· Fri May 27 09:47:12 2022 +0200
5edca2f
REORG: rename cs_utils.h to sc_strm.h
by Willy Tarreau
· Fri May 27 09:25:10 2022 +0200
d0a06d5
CLEANUP: applet: use applet_put*() everywhere possible
by Willy Tarreau
· Wed May 18 15:07:19 2022 +0200
7cb9e6c
CLEANUP: stream: rename "csf" and "csb" to "scf" and "scb"
by Willy Tarreau
· Tue May 17 19:40:40 2022 +0200
4596fe2
CLEANUP: conn_stream: tree-wide rename to stconn (stream connector)
by Willy Tarreau
· Tue May 17 19:07:51 2022 +0200
b605c42
CLEANUP: conn_stream: rename the stream endpoint flags CS_EP_* to SE_FL_*
by Willy Tarreau
· Tue May 17 17:04:55 2022 +0200
0cfcc40
CLEANUP: conn_stream: apply cs_endp_flags.cocci tree-wide
by Willy Tarreau
· Tue May 17 16:10:17 2022 +0200
1ea6e6a
CLEANUP: listener: replace bind_conf->generate_cers with BC_O_GENERATE_CERTS
by Willy Tarreau
· Fri May 20 16:03:18 2022 +0200
11ba404
CLEANUP: listener: replace all uses of bind_conf->is_ssl with BC_O_USE_SSL
by Willy Tarreau
· Fri May 20 15:56:32 2022 +0200
1746a38
MINOR: ssl: Add 'ssl-provider' global option
by Remi Tricot-Le Breton
· Mon May 16 16:24:33 2022 +0200
0698c80
CLEANUP: applet: remove the unneeded appctx->owner
by Willy Tarreau
· Wed May 11 14:09:57 2022 +0200
170b35b
CLEANUP: ssl/cli: make "show ssl ocsp-response" not use cli.p0 anymore
by Willy Tarreau
· Thu May 05 09:09:15 2022 +0200
9c5a38c
CLEANUP: ssl/cli: make "show tlskeys" not use appctx->st2 anymore
by Willy Tarreau
· Thu May 05 09:03:44 2022 +0200
bd33864
CLEANUP: ssl/cli: add a new "dump_entries" field to "show_keys_ref"
by Willy Tarreau
· Thu May 05 08:59:17 2022 +0200
a938052
CLEANUP: ssl/cli: stop using ctx.cli.i0/i1/p0 for "show tls-keys"
by Willy Tarreau
· Thu May 05 08:50:17 2022 +0200
1024393
MINOR: ssl: add a new global option "tune.ssl.hard-maxrecord"
by Thomas Prückl
· Wed Apr 27 13:04:54 2022 +0200
7e2e4f8
CLEANUP: tree-wide: remove 25 occurrences of unneeded fcntl.h
by Willy Tarreau
· Tue Apr 26 10:30:35 2022 +0200
acef5e2
MINOR: tree-wide: always consider EWOULDBLOCK in addition to EAGAIN
by Willy Tarreau
· Mon Apr 25 20:32:15 2022 +0200
79367f9
BUILD: xprt: use an initcall to register the transport layers
by Willy Tarreau
· Mon Apr 25 19:18:24 2022 +0200
f87c67e
MINOR: ssl: Add 'show ssl providers' cli command and providers list in -vv option
by Remi Tricot-Le Breton
· Thu Apr 21 12:06:41 2022 +0200
c69be7c
BUILD: ssl: Fix compilation with OpenSSL 1.0.2
by Remi Tricot-Le Breton
· Wed Apr 20 18:30:17 2022 +0200
1d6338e
MEDIUM: ssl: Disable DHE ciphers by default
by Remi Tricot-Le Breton
· Tue Apr 12 11:31:55 2022 +0200
528b3fd
MINOR: ssl: Use DH parameters defined in RFC7919 instead of hard coded ones
by Remi Tricot-Le Breton
· Tue Apr 12 11:31:54 2022 +0200
6b0a0fb
CLEANUP: tree-wide: Remove any ref to stream-interfaces
by Christopher Faulet
· Mon Apr 04 11:29:28 2022 +0200
a0bdec3
MEDIUM: stream-int/conn-stream: Move blocking flags from SI to CS
by Christopher Faulet
· Mon Apr 04 07:51:21 2022 +0200
908628c
MEDIUM: tree-wide: Use CS util functions instead of SI ones
by Christopher Faulet
· Fri Mar 25 16:43:49 2022 +0100
e9e4820
MINOR: conn-stream: Move some CS flags to the endpoint
by Christopher Faulet
· Tue Mar 22 18:13:29 2022 +0100
3a0a0d6
BUILD: ssl: add an unchecked version of __conn_get_ssl_sock_ctx()
by Willy Tarreau
· Tue Apr 12 07:31:06 2022 +0200
99ade09
BUILD: ssl: fix build warning with previous changes to ssl_sock_ctx
by Willy Tarreau
· Mon Apr 11 19:47:31 2022 +0200
939b0bf
MEDIUM: ssl: stop using conn->xprt_ctx to access the ssl_sock_ctx
by Willy Tarreau
· Mon Apr 11 11:29:11 2022 +0200
de82795
MEDIUM: ssl: improve retrieval of ssl_sock_ctx and SSL detection
by Willy Tarreau
· Mon Apr 11 10:43:28 2022 +0200
07ecfc5
MEDIUM: connection: panic when calling FD-specific functions on FD-less conns
by Willy Tarreau
· Mon Apr 11 18:07:03 2022 +0200
0e9c264
MINOR: connection: use conn_fd() when displaying connection errors
by Willy Tarreau
· Mon Apr 11 18:01:28 2022 +0200
d7bfbe2
BUILD: ssl: add USE_ENGINE and disable the openssl engine by default
by William Lallemand
· Mon Apr 11 18:41:24 2022 +0200
43c2ce4
BUG/MINOR: server/ssl: free the SNI sample expression
by William Lallemand
· Wed Mar 16 17:48:19 2022 +0100
95a61e8
MINOR: stream: Add pointer to front/back conn-streams into stream struct
by Christopher Faulet
· Wed Dec 22 14:22:03 2021 +0100
86e1c33
MEDIUM: applet: Set the conn-stream as appctx owner instead of the stream-int
by Christopher Faulet
· Mon Dec 20 17:09:39 2021 +0100
13a35e5
MAJOR: conn_stream/stream-int: move the appctx to the conn-stream
by Christopher Faulet
· Mon Dec 20 15:34:16 2021 +0100
1b01b7f
BUG/MINOR: ssl: Missing return value check in ssl_ocsp_response_print
by Remi Tricot-Le Breton
· Wed Feb 16 15:17:09 2022 +0100
8081b67
BUG/MINOR: ssl: Fix leak in "show ssl ocsp-response" CLI command
by Remi Tricot-Le Breton
· Wed Feb 16 15:03:51 2022 +0100
a9a591a
BUG/MINOR: ssl: Add missing return value check in ssl_ocsp_response_print
by Remi Tricot-Le Breton
· Wed Feb 16 14:42:22 2022 +0100
88c5695
MINOR: ssl: Remove calls to SSL_CTX_set_tmp_dh_callback on OpenSSLv3
by Remi Tricot-Le Breton
· Fri Feb 11 12:04:56 2022 +0100
c76c3c4
MEDIUM: ssl: Replace all DH objects by EVP_PKEY on OpenSSLv3 (via HASSL_DH type)
by Remi Tricot-Le Breton
· Fri Feb 11 12:04:55 2022 +0100
55d7e78
MINOR: ssl: Set default dh size to 2048
by Remi Tricot-Le Breton
· Fri Feb 11 12:04:54 2022 +0100
bed7263
MINOR: ssl: Build local DH of right size when needed
by Remi Tricot-Le Breton
· Fri Feb 11 12:04:53 2022 +0100
Next »