Gitiles
Code Review
Sign In
git01.mediatek.com
/
haproxy
/
4ba494ca1bee297dde82f0fde546621bb5e1ce30
/
src
/
ssl_sock.c
« Previous
926594f
MINOR: ssl: set SSL_OP_PRIORITIZE_CHACHA
by Lukas Tribus
· 6 years ago
03f4ec4
BUG/MEDIUM: ssl: properly protect SSL cert generation
by Willy Tarreau
· 6 years ago
e027547
MINOR: ssl: add fetch 'ssl_fc_session_key' and 'ssl_bc_session_key'
by Patrick Hemmer
· 7 years ago
4196677
MINOR: ssl: disable SSL sample fetches when unsupported
by Patrick Hemmer
· 7 years ago
1e0867c
MINOR: ssl: Add payload support to "set ssl ocsp-response"
by Aurélien Nephtali
· 7 years ago
abbf607
MEDIUM: cli: Add payload support
by Aurélien Nephtali
· 7 years ago
9a4da68
MINOR: cli: Ensure the CLI always outputs an error when it should
by Aurélien Nephtali
· 7 years ago
13c53f8
BUILD: ssl: Fix build with OpenSSL without NPN capability
by Bernard Spil
· 7 years ago
6e8a41d
BUG/MINOR: cli: Ensure all command outputs end with a LF
by Aurélien Nephtali
· 7 years ago
76de95a
CLEANUP: ssl: Remove a duplicated #include
by Aurélien Nephtali
· 7 years ago
253c3b7
MINOR: connection: add proxy-v2-options authority
by Emmanuel Hocdet
· 7 years ago
283e004
MINOR: ssl: add ssl_sock_get_cert_sig function
by Emmanuel Hocdet
· 7 years ago
96b7834
MINOR: ssl: add ssl_sock_get_pkey_algo function
by Emmanuel Hocdet
· 7 years ago
ddc090b
MINOR: ssl: extract full pkey info in load_certificate
by Emmanuel Hocdet
· 7 years ago
74f7ffa
MINOR: ssl/sample: adds ssl_bc_is_resumed fetch keyword.
by Emeric Brun
· 7 years ago
eb8def9
BUG/MEDIUM: ssl/sample: ssl_bc_* fetch keywords are broken.
by Emeric Brun
· 7 years ago
4ac77a9
BUG/MEDIUM: ssl: Shutdown the connection for reading on SSL_ERROR_SYSCALL
by Christopher Faulet
· 7 years ago
16f45c8
BUG/MINOR: ssl/threads: Make management of the TLS ticket keys files thread-safe
by Christopher Faulet
· 7 years ago
7e2e505
BUG/MEDIUM: ssl: Don't always treat SSL_ERROR_SYSCALL as unrecovarable.
by Olivier Houchard
· 7 years ago
25ae45a
MINOR: early data: Never remove the CO_FL_EARLY_DATA flag.
by Olivier Houchard
· 7 years ago
6fa63d9
MINOR: early data: Don't rely on CO_FL_EARLY_DATA to wake up streams.
by Olivier Houchard
· 7 years ago
a9786b6
MINOR: fd: pass the iocb and owner to fd_insert()
by Willy Tarreau
· 7 years ago
99b90af
BUG/MEDIUM: ssl: cache doesn't release shctx blocks
by William Lallemand
· 7 years ago
5d4cafb
BUILD: ssl: silence a warning when building without NPN nor ALPN support
by Willy Tarreau
· 7 years ago
ece0c33
BUG/MEDIUM: ssl engines: Fix async engines fds were not considered to fix fd limit automatically.
by Emeric Brun
· 7 years ago
c61c0b3
BUG/MINOR: ssl: support tune.ssl.cachesize 0 again
by William Lallemand
· 7 years ago
cebd796
BUG/MINOR: ssl: CO_FL_EARLY_DATA removal is managed by stream
by Emmanuel Hocdet
· 7 years ago
c3cd35f
BUG/MEDIUM: ssl: don't allocate shctx several time
by William Lallemand
· 7 years ago
bafbe01
CLEANUP: pools: rename all pool functions and pointers to remove this "2"
by Willy Tarreau
· 7 years ago
767a84b
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
by Christopher Faulet
· 7 years ago
ca6a957
MINOR: ssl: Handle early data with BoringSSL
by Emmanuel Hocdet
· 7 years ago
90084a1
MINOR: ssl: Handle reading early data after writing better.
by Olivier Houchard
· 7 years ago
ff3a41e
BUG/MINOR: Use crt_base instead of ca_base when crt is parsed on a server line
by Christopher Faulet
· 7 years ago
424ecfb
MINOR: ssl: Don't disable early data handling if we could not write.
by Olivier Houchard
· 7 years ago
777e4b9
BUG/MINOR: ssl: Always start the handshake if we can't send early data.
by Olivier Houchard
· 7 years ago
e9bed53
MINOR: ssl: Make sure we don't shutw the connection before the handshake.
by Olivier Houchard
· 7 years ago
e6060c5
MINOR: SSL: Store the ASN1 representation of client sessions.
by Olivier Houchard
· 7 years ago
9dcf9b6
MINOR: threads: Use __decl_hathreads to declare locks
by Christopher Faulet
· 7 years ago
522eea7
MINOR: ssl: Handle sending early data to server.
by Olivier Houchard
· 7 years ago
cfdef2e
MINOR: ssl: Spell 0x10101000L correctly.
by Olivier Houchard
· 7 years ago
bd84ac8
MINOR: ssl: Handle session resumption with TLS 1.3
by Olivier Houchard
· 7 years ago
35a63cc
BUG/MINOR; ssl: Don't assume we have a ssl_bind_conf because a SNI is matched.
by Olivier Houchard
· 7 years ago
2a944ee
BUILD: threads: Rename SPIN/RWLOCK macros using HA_ prefix
by Christopher Faulet
· 7 years ago
79a481d
MINOR: ssl: Remove the global allow-0rtt option.
by Olivier Houchard
· 7 years ago
821bb9b
MAJOR: threads/ssl: Make SSL part thread-safe
by Emeric Brun
· 7 years ago
8d8aa0d
MEDIUM: threads/listeners: Make listeners thread-safe
by Christopher Faulet
· 7 years ago
36716a7
MEDIUM: threads/fd: Initialize the process mask during the call to fd_insert
by Christopher Faulet
· 7 years ago
b349e48
MEDIUM: threads/pool: Make pool thread-safe by locking all access to a pool
by Christopher Faulet
· 7 years ago
a3c77cf
MINOR: shctx: rename lock functions
by William Lallemand
· 7 years ago
4f45bb9
MEDIUM: shctx: separate ssl and shctx
by William Lallemand
· 7 years ago
ed0b5ad
REORG: shctx: move ssl functions to ssl_sock.c
by William Lallemand
· 7 years ago
3f85c9a
MEDIUM: shctx: allow the use of multiple shctx
by William Lallemand
· 7 years ago
01da571
MINOR: merge ssl_sock_get calls for log and ppv2
by Emmanuel Hocdet
· 7 years ago
9679ac9
MINOR: ssl: Don't abuse ssl_options.
by Olivier Houchard
· 7 years ago
ccaa7de
MINOR: ssl/proto_http: Add keywords to take care of early data.
by Olivier Houchard
· 7 years ago
c2aae74
MEDIUM: ssl: Handle early data with OpenSSL 1.1.1
by Olivier Houchard
· 7 years ago
253c62b
MINOR: ssl: generated certificate is missing in switchctx early callback
by Emmanuel Hocdet
· 7 years ago
84e417d
MINOR: ssl: support Openssl 1.1.1 early callback for switchctx
by Emmanuel Hocdet
· 7 years ago
48e8755
MEDIUM: ssl: convert CBS (BoringSSL api) usage to neutral code
by Emmanuel Hocdet
· 7 years ago
31d4dbe
MINOR: ssl_sock: make use of CO_FL_WILL_UPDATE
by Willy Tarreau
· 7 years ago
8de70bc
MINOR: ssl: don't abort after sending 16kB
by Willy Tarreau
· 7 years ago
8c6a364
CLEANUP: cli: remove undocumented "set ssl tls-keys" command
by Lukas Tribus
· 7 years ago
f4bbc43
BUG/MINOR: cli: restore "set ssl tls-key" command
by Lukas Tribus
· 7 years ago
ef60705
BUG/MINOR: ssl: OCSP_single_get0_status can return -1
by Emmanuel Hocdet
· 7 years ago
019f9b1
MINOR: ssl: build with recent BoringSSL library
by Emmanuel Hocdet
· 7 years ago
e966e4e
BUILD: ssl: support OPENSSL_NO_ASYNC #define
by Emmanuel Hocdet
· 7 years ago
872085c
BUG/MINOR: ssl: ocsp response with 'revoked' status is correct
by Emmanuel Hocdet
· 7 years ago
06d80a9
REORG: channel: finally rename the last bi_* / bo_* functions
by Willy Tarreau
· 7 years ago
9130a96
MINOR: checks: Add a new keyword to specify a SNI when doing SSL checks.
by Olivier Houchard
· 7 years ago
953917a
BUG/MEDIUM: ssl: fix OCSP expiry calculation
by Frederik Deweerdt
· 7 years ago
f8bb0ce
MINOR: ssl: Remove useless checks on bind_conf or bind_conf->is_ssl
by Christopher Faulet
· 7 years ago
c3680ec
MINOR: add severity information to cli feedback messages
by Andjelko Iharos
· 7 years ago
ddcde19
MINOR: ssl: rework smp_fetch_ssl_fc_cl_str without internal ssl use
by Emmanuel Hocdet
· 7 years ago
4366476
MINOR: ssl: remove duplicate ssl_methods in struct bind_conf
by Emmanuel Hocdet
· 7 years ago
585744b
REORG/MEDIUM: connection: introduce the notion of connection handle
by Willy Tarreau
· 7 years ago
1596929
BUILD: ssl: replace SSL_CTX_get0_privatekey for openssl < 1.0.2
by Emmanuel Hocdet
· 7 years ago
aa0d637
MINOR: ssl: allow to start without certificate if strict-sni is set
by Emmanuel Hocdet
· 7 years ago
48a8332
BUG/MEDIUM: ssl: Fix regression about certificates generation
by Christopher Faulet
· 7 years ago
174dfe5
MINOR: ssl: add "no-ca-names" parameter for bind
by Emmanuel Hocdet
· 7 years ago
71d058c
MINOR: ssl: add a new error codes for wrong server certificates
by Willy Tarreau
· 7 years ago
ad92a9a
BUG/MINOR: ssl: make use of the name in SNI before verifyhost
by Willy Tarreau
· 7 years ago
96c7b8d
BUG/MINOR: ssl: Fix check against SNI during server certificate verification
by Christopher Faulet
· 7 years ago
f80bc24
MINOR: ssl: remove an unecessary SSL_OP_NO_* dependancy
by Emmanuel Hocdet
· 7 years ago
23877ab
BUG/MINOR: ssl: remove haproxy SSLv3 support when ssl lib have no SSLv3
by Emmanuel Hocdet
· 7 years ago
7784f17
OPTIM: ssl: don't consider a small ssl_read() as an indication of end of buffer
by Willy Tarreau
· 7 years ago
2ab8867
MINOR: ssl: compare server certificate names to the SNI on outgoing connections
by Willy Tarreau
· 7 years ago
8743f7e
MINOR: ssl: add a get_alpn() method to ssl_sock
by Willy Tarreau
· 8 years ago
1e59fcc
BUG/MINOR: ssl: Be sure that SSLv3 connection methods exist for openssl < 1.1.0
by Christopher Faulet
· 7 years ago
bbc1654
BUG/MINOR: ssl: do not call directly the conn_fd_handler from async_fd_handler
by Emeric Brun
· 7 years ago
b5e42a8
BUG/MAJOR: ssl: buffer overflow using offloaded ciphering on async engine
by Emeric Brun
· 7 years ago
ce9e01c
BUG/MAJOR: ssl: fix segfault on connection close using async engines.
by Emeric Brun
· 7 years ago
bd695fe
MEDIUM: ssl: disable SSLv3 per default for bind
by Emmanuel Hocdet
· 7 years ago
df701a2
MINOR: ssl: support ssl-min-ver and ssl-max-ver with crt-list
by Emmanuel Hocdet
· 7 years ago
4aa615f
MEDIUM: ssl: ctx_set_version/ssl_set_version func for methodVersions table
by Emmanuel Hocdet
· 7 years ago
ecb0e23
REORG: ssl: move defines and methodVersions table upper
by Emmanuel Hocdet
· 7 years ago
9ac143b
BUILD: ssl: fix build with OPENSSL_NO_ENGINE
by Emmanuel Hocdet
· 7 years ago
2c32d8f
MINOR: boringssl: basic support for OCSP Stapling
by Emmanuel Hocdet
· 7 years ago
3854e01
MEDIUM: ssl: handle multiple async engines
by Emeric Brun
· 7 years ago
fa6c7ee
MAJOR: ssl: add openssl async mode support
by Grant Zhang
· 8 years ago
872f9c2
MEDIUM: ssl: add basic support for OpenSSL crypto engine
by Grant Zhang
· 8 years ago
Next »