Gitiles
Code Review
Sign In
git01.mediatek.com
/
haproxy
/
49efa267a15fdea781e5e78d2496c1130d186c54
/
src
/
ssl_sock.c
37dc94c
BUG/MINOR: ssl: Display correct filename in error message
by Alexander Rigbo
· 10 years ago
62043c9
MINOR: ssl: load certificates in alphabetical order
by Cyril Bonté
· 10 years ago
1f96a87
BUG/MEDIUM: checks: fix conflicts between agent checks and ssl healthchecks
by Cyril Bonté
· 10 years ago
9bcc01a
BUG/MEDIUM: ssl: force a full GC in case of memory shortage
by Willy Tarreau
· 10 years ago
9095149
BUG/MEDIUM: ssl: fix bad ssl context init can cause segfault in case of OOM.
by Emeric Brun
· 10 years ago
8068b03
BUG/MINOR: ssl: correctly initialize ssl ctx for invalid certificates
by Emeric Brun
· 10 years ago
42a3e20
MINOR: ssl: add statement to force some ssl options in global.
by Emeric Brun
· 10 years ago
b3cc425
MINOR: ssl: add fetchs 'ssl_c_der' and 'ssl_f_der' to return DER formatted certs
by Emeric Brun
· 10 years ago
d6ec605
MEDIUM: connection: add new bit in Proxy Protocol V2
by Dave McCowan
· 10 years ago
60d7aeb
BUG/MEDIUM: ssl: Fix a memory leak in DHE key exchange
by Remi Gacogne
· 10 years ago
4910098
BUG/MINOR: ssl: Fix external function in order not to return a pointer on an internal trash buffer.
by Emeric Brun
· 10 years ago
8d914d1
BUG/MINOR: ssl: Fix OCSP resp update fails with the same certificate configured twice.
by Emeric Brun
· 10 years ago
5848437
BUG/MEDIUM: ssl: Fix to not serve expired OCSP responses.
by Emeric Brun
· 10 years ago
1135ea4
BUG/MINOR: ssl: rejects OCSP response without nextupdate.
by Emeric Brun
· 10 years ago
c8b27b6
MEDIUM: ssl: add 300s supported time skew on OCSP response update.
by Emeric Brun
· 10 years ago
4147b2e
MEDIUM: ssl: basic OCSP stapling support.
by Emeric Brun
· 10 years ago
2aab722
MEDIUM: ssl: ignored file names ending as '.issuer' or '.ocsp'.
by Emeric Brun
· 10 years ago
c1eab8c
MEDIUM: ssl: fix detection of ephemeral diffie-hellman key exchange by using the cipher description.
by Remi Gacogne
· 10 years ago
f46cd6e
MEDIUM: ssl: Add the option to use standardized DH parameters >= 1024 bits
by Remi Gacogne
· 10 years ago
0c9c272
MINOR: stats: report SSL key computations per second
by Willy Tarreau
· 10 years ago
af5c3da
MINOR: ssl: SSL_CTX_set_options() and SSL_CTX_set_mode() take a long, not an int
by Remi Gacogne
· 10 years ago
afb7683
MEDIUM: connection: Implement and extented PROXY Protocol V2
by David S
· 11 years ago
5cbe4ef
BUILD: ssl: SSL_CTX_set_msg_callback() needs openssl >= 0.9.7
by Willy Tarreau
· 11 years ago
b73a9b0
MINOR: ssl: convert to binary ssl_fc_unique_id and ssl_bc_unique_id.
by Emeric Brun
· 11 years ago
55f4fa8
MINOR: ssl: adds ssl_f_sha1 fetch to return frontend's certificate fingerprint
by Emeric Brun
· 11 years ago
ba841a1
MINOR: ssl: merge client's and frontend's certificate functions.
by Emeric Brun
· 11 years ago
645ae79
MINOR: ssl: adds fetchs and ACLs for ssl back connection.
by Emeric Brun
· 11 years ago
5bd99b4
MINOR: ssl: clean unused ACLs declarations
by Emeric Brun
· 11 years ago
aeed672
MINOR: ssl: finally catch the heartbeats missing the padding
by Willy Tarreau
· 11 years ago
3b2fdb6
BUG/MINOR: ssl: really block OpenSSL's response to heartbleed attack
by Willy Tarreau
· 11 years ago
8481500
BUILD: ssl: avoid a warning about conn not used with OpenSSL < 1.0.1
by Willy Tarreau
· 11 years ago
6e774b4
BUG/MEDIUM: Revert "MEDIUM: ssl: Add standardized DH parameters >= 1024 bits"
by Willy Tarreau
· 11 years ago
f51c698
MEDIUM: ssl: implement a workaround for the OpenSSL heartbleed attack
by Willy Tarreau
· 11 years ago
29f037d
MEDIUM: ssl: explicitly log failed handshakes after a heartbeat
by Emeric Brun
· 11 years ago
b75d692
BUILD/MINOR: ssl: remove one call to sprintf()
by Willy Tarreau
· 11 years ago
9ece05f
MEDIUM: ssl: Add standardized DH parameters >= 1024 bits
by Remi Gacogne
· 11 years ago
073edf3
BUILD: ssl: previous patch failed
by Willy Tarreau
· 11 years ago
c1ad52e
MINOR: ssl: add ssl_fc_unique_id to fetch TLS Unique ID
by David S
· 11 years ago
c5a4e98
MEDIUM: acl: Change the acl register struct
by Thierry FOURNIER
· 11 years ago
e369ca2
MEDIUM: pattern_find_smp: functions find_smp uses the pat_ref_elt to find the element to be removed
by Thierry FOURNIER
· 11 years ago
7acca4b
MEDIUM: pattern: delete() function uses the pat_ref_elt to find the element to be removed
by Thierry FOURNIER
· 11 years ago
55d0b10
MEDIUM: pattern: add sample lookup function.
by Thierry FOURNIER
· 11 years ago
6f7203d
MEDIUM: pattern: add prune function
by Thierry FOURNIER
· 11 years ago
b113650
MEDIUM: pattern: add delete functions
by Thierry FOURNIER
· 11 years ago
7654c9f
MEDIUM: sample: Remove types SMP_T_CSTR and SMP_T_CBIN, replace it by SMP_F_CONST flags
by Thierry FOURNIER
· 11 years ago
b9b0846
MEDIUM: pattern: add indexation function.
by Thierry FOURNIER
· 11 years ago
518cedd
BUG/MEDIUM: ssl: always send a full buffer after EAGAIN
by Willy Tarreau
· 11 years ago
48f1c4e
MEDIUM: ssl: Use ALPN support as it will be available in OpenSSL 1.0.2
by Dirkjan Bussink
· 11 years ago
07ba08b
BUG/MINOR: ssl: fix syntax in config error message
by Willy Tarreau
· 11 years ago
610f04b
MINOR: config: add global directives to set default SSL ciphers
by Willy Tarreau
· 11 years ago
7bed945
OPTIM: ssl: implement dynamic record size adjustment
by Willy Tarreau
· 11 years ago
1049b1f
MEDIUM: connection: don't use real send() flags in snd_buf()
by Willy Tarreau
· 11 years ago
d8b2bb5
MINOR: ssl: handshake optim for long certificate chains.
by Emeric Brun
· 11 years ago
850efd5
MEDIUM: ssl: Set verify 'required' as global default for servers side.
by Emeric Brun
· 11 years ago
71b734c
MINOR: cli: add more information to the "show info" output
by Willy Tarreau
· 11 years ago
3c72872
CLEANUP: connection: use conn_ctrl_ready() instead of checking the flag
by Willy Tarreau
· 11 years ago
e1f50c4
MEDIUM: connection: remove conn_{data,sock}_poll_{recv,send}
by Willy Tarreau
· 11 years ago
46be2e5
MEDIUM: connection: update callers of ctrl->drain() to use conn_drain()
by Willy Tarreau
· 11 years ago
00b0fb9
BUG/MAJOR: ssl: fix breakage caused by recent fix abf08d9
by Willy Tarreau
· 11 years ago
abf08d9
BUG/MAJOR: connection: fix mismatch between rcv_buf's API and usage
by Willy Tarreau
· 11 years ago
f79c817
MAJOR: connection: add two new flags to indicate readiness of control/transport
by Willy Tarreau
· 11 years ago
b363a1f
MAJOR: stream-int: stop using si->conn and use si->end instead
by Willy Tarreau
· 11 years ago
a65b343
MEDIUM: pattern: rename "acl" prefix to "pat"
by Thierry FOURNIER
· 11 years ago
ed66c29
REORG: acl/pattern: extract pattern matching from the acl file and create pattern.c
by Thierry FOURNIER
· 11 years ago
6618300
MEDIUM: Split up struct server's check element
by Simon Horman
· 12 years ago
369da85
BUG/MINOR: ssl: verifyhost does not match empty strings on wildcard.
by Emeric Brun
· 11 years ago
a848dae
MINOR: ssl: optimization of verifyhost on wildcard certificates.
by Emeric Brun
· 11 years ago
9bf3ba2
BUG/MINOR: ssl: potential memory leaks using ssl_c_key_alg or ssl_c_sig_alg.
by Emeric Brun
· 11 years ago
a33410c
BUILD: ssl: compilation issue with openssl v0.9.6.
by Emeric Brun
· 11 years ago
4ad50a4
BUG/MEDIUM: ssl: potential memory leak using verifyhost
by Emeric Brun
· 11 years ago
be55431
MINOR: ssl: Add statement 'verifyhost' to "server" statements
by Evan Broder
· 11 years ago
3801103
MINOR: ssl: use MAXPATHLEN instead of PATH_MAX
by Willy Tarreau
· 11 years ago
ef38c39
MEDIUM: sample: systematically pass the keyword pointer to the keyword
by Willy Tarreau
· 11 years ago
dc13c11
BUG/MEDIUM: prevent gcc from moving empty keywords lists into BSS
by Willy Tarreau
· 11 years ago
6d4e4e8
MEDIUM: acl: remove a lot of useless ACLs that are equivalent to their fetches
by Willy Tarreau
· 11 years ago
2b57cb8
MEDIUM: protocol: implement a "drain" function in protocol layers
by Willy Tarreau
· 11 years ago
79274e2
BUG: ssl: fix crt-list for clients not supporting SNI
by Emmanuel Hocdet
· 11 years ago
cad8234
BUG: ssl: send payload gets corrupted if tune.ssl.maxrecord is used
by Kevin Hester
· 11 years ago
a051b4a
MINOR: ssl: add pattern fetch 'ssl_c_sha1'
by James Voth
· 11 years ago
7c41a1b
MEDIUM: ssl: improve crt-list format to support negation
by Emmanuel Hocdet
· 12 years ago
41fdb3c
BUG/MEDIUM: ssl: EDH ciphers are not usable if no DH parameters present in pem file.
by Emeric Brun
· 12 years ago
50bcecc
BUG/MEDIUM: Fix crt-list file parsing error: filtered name was ignored.
by Emeric Brun
· 12 years ago
ab861d3
MINOR: ssl: add support for the "alpn" bind keyword
by Willy Tarreau
· 12 years ago
d86e29d
CLEANUP: acl: remove unused references to ACL_USE_*
by Willy Tarreau
· 12 years ago
c48c90d
MAJOR: acl: remove the arg_mask from the ACL definition and use the sample fetch's
by Willy Tarreau
· 12 years ago
8ed669b
MAJOR: acl: make all ACLs reference the fetch function via a sample.
by Willy Tarreau
· 12 years ago
80aca90
MEDIUM: samples: use new flags to describe compatibility between fetches and their usages
by Willy Tarreau
· 12 years ago
e0db1e8
MEDIUM: acl: remove flag ACL_MAY_LOOKUP which is improperly used
by Willy Tarreau
· 12 years ago
ad1731d
BUG/MEDIUM: ssl: improve error processing and reporting in ssl_sock_load_cert_list_file()
by Willy Tarreau
· 12 years ago
fe61656
MEDIUM: ssl: add mapping from SNI to cert file using "crt-list"
by Emmanuel Hocdet
· 12 years ago
49f74d0
BUG/MINOR: acl: ssl_c_used, ssl_fc{,_has_crt,_has_sni} take no pattern
by Willy Tarreau
· 12 years ago
e5b4f9d
BUG/MINOR: acl: ssl_fc_{alg,use}_keysize must parse integers, not strings
by Willy Tarreau
· 12 years ago
6924ef8
BUG/MEDIUM: ssl: ECDHE ciphers not usable without named curve configured.
by Emeric Brun
· 12 years ago
bfd5946
MINOR: ssl: add a global tunable for the max SSL/TLS record size
by Willy Tarreau
· 12 years ago
383085f
BUG/MEDIUM: ssl: openssl 0.9.8 doesn't open /dev/random before chroot
by Thierry Fournier
· 12 years ago
6562337
MEDIUM: ssl: add bind-option "strict-sni"
by Emmanuel Hocdet
· 12 years ago
47ca545
MINOR: chunks: centralize the trash chunk allocation
by Willy Tarreau
· 12 years ago
9143d37
MINOR: ssl: add fetch and acl "ssl_c_used" to check if current SSL session uses a client certificate.
by Emeric Brun
· 12 years ago
5fb3803
CLEANUP: buffer: use buffer_empty() instead of buffer_len()==0
by Willy Tarreau
· 12 years ago
1c64686
BUG/MINOR: ssl: error is not reported if it occurs simultaneously with peer close detection.
by Emeric Brun
· 12 years ago
Next »