Gitiles
Code Review
Sign In
git01.mediatek.com
/
haproxy
/
560ddfa0035cd747c2f87d70aae2fe897dfef226
/
src
/
ssl_sock.c
52f2ff5
BUG/MEDIUM: fix DH length when EC key is used
by Ilya Shipitsin
· Sat Jul 23 23:55:19 2022 +0500
27a3245
MEDIUM: fd: make fd_insert() take local thread masks
by Willy Tarreau
· Thu Jul 07 08:29:00 2022 +0200
9464bb1
MEDIUM: fd: add the tgid to the fd and pass it to fd_insert()
by Willy Tarreau
· Tue Jul 05 05:16:13 2022 +0200
7d392a5
BUG/MEDIUM: ssl/fd: unexpected fd close using async engine
by Emeric Brun
· Fri Jul 01 17:36:50 2022 +0200
b8dec4a
CLEANUP: pool/tree-wide: remove suffix "_pool" from certain pool names
by Willy Tarreau
· Thu Jun 23 11:02:08 2022 +0200
301425b
MEDIUM: quic: Compatible version negotiation implementation (draft-08)
by Frédéric Lécaille
· Tue Jun 14 17:40:39 2022 +0200
748ece6
MINOR: quic: QUIC transport parameters split.
by Frédéric Lécaille
· Sat May 21 23:58:40 2022 +0200
b52d4d2
CLEANUP: sslsock: remove only occurrence of local variable "cs"
by Willy Tarreau
· Fri May 27 10:44:39 2022 +0200
cb086c6
REORG: stconn: rename conn_stream.{c,h} to stconn.{c,h}
by Willy Tarreau
· Fri May 27 09:47:12 2022 +0200
5edca2f
REORG: rename cs_utils.h to sc_strm.h
by Willy Tarreau
· Fri May 27 09:25:10 2022 +0200
d0a06d5
CLEANUP: applet: use applet_put*() everywhere possible
by Willy Tarreau
· Wed May 18 15:07:19 2022 +0200
7cb9e6c
CLEANUP: stream: rename "csf" and "csb" to "scf" and "scb"
by Willy Tarreau
· Tue May 17 19:40:40 2022 +0200
4596fe2
CLEANUP: conn_stream: tree-wide rename to stconn (stream connector)
by Willy Tarreau
· Tue May 17 19:07:51 2022 +0200
b605c42
CLEANUP: conn_stream: rename the stream endpoint flags CS_EP_* to SE_FL_*
by Willy Tarreau
· Tue May 17 17:04:55 2022 +0200
0cfcc40
CLEANUP: conn_stream: apply cs_endp_flags.cocci tree-wide
by Willy Tarreau
· Tue May 17 16:10:17 2022 +0200
1ea6e6a
CLEANUP: listener: replace bind_conf->generate_cers with BC_O_GENERATE_CERTS
by Willy Tarreau
· Fri May 20 16:03:18 2022 +0200
11ba404
CLEANUP: listener: replace all uses of bind_conf->is_ssl with BC_O_USE_SSL
by Willy Tarreau
· Fri May 20 15:56:32 2022 +0200
1746a38
MINOR: ssl: Add 'ssl-provider' global option
by Remi Tricot-Le Breton
· Mon May 16 16:24:33 2022 +0200
0698c80
CLEANUP: applet: remove the unneeded appctx->owner
by Willy Tarreau
· Wed May 11 14:09:57 2022 +0200
170b35b
CLEANUP: ssl/cli: make "show ssl ocsp-response" not use cli.p0 anymore
by Willy Tarreau
· Thu May 05 09:09:15 2022 +0200
9c5a38c
CLEANUP: ssl/cli: make "show tlskeys" not use appctx->st2 anymore
by Willy Tarreau
· Thu May 05 09:03:44 2022 +0200
bd33864
CLEANUP: ssl/cli: add a new "dump_entries" field to "show_keys_ref"
by Willy Tarreau
· Thu May 05 08:59:17 2022 +0200
a938052
CLEANUP: ssl/cli: stop using ctx.cli.i0/i1/p0 for "show tls-keys"
by Willy Tarreau
· Thu May 05 08:50:17 2022 +0200
1024393
MINOR: ssl: add a new global option "tune.ssl.hard-maxrecord"
by Thomas Prückl
· Wed Apr 27 13:04:54 2022 +0200
7e2e4f8
CLEANUP: tree-wide: remove 25 occurrences of unneeded fcntl.h
by Willy Tarreau
· Tue Apr 26 10:30:35 2022 +0200
acef5e2
MINOR: tree-wide: always consider EWOULDBLOCK in addition to EAGAIN
by Willy Tarreau
· Mon Apr 25 20:32:15 2022 +0200
79367f9
BUILD: xprt: use an initcall to register the transport layers
by Willy Tarreau
· Mon Apr 25 19:18:24 2022 +0200
f87c67e
MINOR: ssl: Add 'show ssl providers' cli command and providers list in -vv option
by Remi Tricot-Le Breton
· Thu Apr 21 12:06:41 2022 +0200
c69be7c
BUILD: ssl: Fix compilation with OpenSSL 1.0.2
by Remi Tricot-Le Breton
· Wed Apr 20 18:30:17 2022 +0200
1d6338e
MEDIUM: ssl: Disable DHE ciphers by default
by Remi Tricot-Le Breton
· Tue Apr 12 11:31:55 2022 +0200
528b3fd
MINOR: ssl: Use DH parameters defined in RFC7919 instead of hard coded ones
by Remi Tricot-Le Breton
· Tue Apr 12 11:31:54 2022 +0200
6b0a0fb
CLEANUP: tree-wide: Remove any ref to stream-interfaces
by Christopher Faulet
· Mon Apr 04 11:29:28 2022 +0200
a0bdec3
MEDIUM: stream-int/conn-stream: Move blocking flags from SI to CS
by Christopher Faulet
· Mon Apr 04 07:51:21 2022 +0200
908628c
MEDIUM: tree-wide: Use CS util functions instead of SI ones
by Christopher Faulet
· Fri Mar 25 16:43:49 2022 +0100
e9e4820
MINOR: conn-stream: Move some CS flags to the endpoint
by Christopher Faulet
· Tue Mar 22 18:13:29 2022 +0100
3a0a0d6
BUILD: ssl: add an unchecked version of __conn_get_ssl_sock_ctx()
by Willy Tarreau
· Tue Apr 12 07:31:06 2022 +0200
99ade09
BUILD: ssl: fix build warning with previous changes to ssl_sock_ctx
by Willy Tarreau
· Mon Apr 11 19:47:31 2022 +0200
939b0bf
MEDIUM: ssl: stop using conn->xprt_ctx to access the ssl_sock_ctx
by Willy Tarreau
· Mon Apr 11 11:29:11 2022 +0200
de82795
MEDIUM: ssl: improve retrieval of ssl_sock_ctx and SSL detection
by Willy Tarreau
· Mon Apr 11 10:43:28 2022 +0200
07ecfc5
MEDIUM: connection: panic when calling FD-specific functions on FD-less conns
by Willy Tarreau
· Mon Apr 11 18:07:03 2022 +0200
0e9c264
MINOR: connection: use conn_fd() when displaying connection errors
by Willy Tarreau
· Mon Apr 11 18:01:28 2022 +0200
d7bfbe2
BUILD: ssl: add USE_ENGINE and disable the openssl engine by default
by William Lallemand
· Mon Apr 11 18:41:24 2022 +0200
43c2ce4
BUG/MINOR: server/ssl: free the SNI sample expression
by William Lallemand
· Wed Mar 16 17:48:19 2022 +0100
95a61e8
MINOR: stream: Add pointer to front/back conn-streams into stream struct
by Christopher Faulet
· Wed Dec 22 14:22:03 2021 +0100
86e1c33
MEDIUM: applet: Set the conn-stream as appctx owner instead of the stream-int
by Christopher Faulet
· Mon Dec 20 17:09:39 2021 +0100
13a35e5
MAJOR: conn_stream/stream-int: move the appctx to the conn-stream
by Christopher Faulet
· Mon Dec 20 15:34:16 2021 +0100
1b01b7f
BUG/MINOR: ssl: Missing return value check in ssl_ocsp_response_print
by Remi Tricot-Le Breton
· Wed Feb 16 15:17:09 2022 +0100
8081b67
BUG/MINOR: ssl: Fix leak in "show ssl ocsp-response" CLI command
by Remi Tricot-Le Breton
· Wed Feb 16 15:03:51 2022 +0100
a9a591a
BUG/MINOR: ssl: Add missing return value check in ssl_ocsp_response_print
by Remi Tricot-Le Breton
· Wed Feb 16 14:42:22 2022 +0100
88c5695
MINOR: ssl: Remove calls to SSL_CTX_set_tmp_dh_callback on OpenSSLv3
by Remi Tricot-Le Breton
· Fri Feb 11 12:04:56 2022 +0100
c76c3c4
MEDIUM: ssl: Replace all DH objects by EVP_PKEY on OpenSSLv3 (via HASSL_DH type)
by Remi Tricot-Le Breton
· Fri Feb 11 12:04:55 2022 +0100
55d7e78
MINOR: ssl: Set default dh size to 2048
by Remi Tricot-Le Breton
· Fri Feb 11 12:04:54 2022 +0100
bed7263
MINOR: ssl: Build local DH of right size when needed
by Remi Tricot-Le Breton
· Fri Feb 11 12:04:53 2022 +0100
7f6425a
MINOR: ssl: Add ssl_new_dh_fromdata helper function
by Remi Tricot-Le Breton
· Fri Feb 11 12:04:52 2022 +0100
5f17930
MINOR: ssl: Add ssl_sock_set_tmp_dh_from_pkey helper function
by Remi Tricot-Le Breton
· Fri Feb 11 12:04:51 2022 +0100
846eda9
MINOR: ssl: Add ssl_sock_set_tmp_dh helper function
by Remi Tricot-Le Breton
· Fri Feb 11 12:04:50 2022 +0100
292a88c
MINOR: ssl: Factorize ssl_get_tmp_dh and append a cbk to its name
by Remi Tricot-Le Breton
· Fri Feb 11 12:04:49 2022 +0100
09ebb33
MINOR: ssl: Add ssl_sock_get_dh_from_bio helper function
by Remi Tricot-Le Breton
· Fri Feb 11 12:04:48 2022 +0100
78a36e3
MINOR: ssl: Remove call to ERR_load_SSL_strings with OpenSSLv3
by Remi Tricot-Le Breton
· Fri Feb 11 12:04:45 2022 +0100
1effd9a
MINOR: ssl: Remove call to ERR_func_error_string with OpenSSLv3
by Remi Tricot-Le Breton
· Fri Feb 11 12:04:44 2022 +0100
c9414e2
MINOR: ssl: Remove call to HMAC_Init_ex with OpenSSLv3
by Remi Tricot-Le Breton
· Tue Feb 08 17:45:59 2022 +0100
8ea1f5f
MINOR: ssl: Remove call to SSL_CTX_set_tlsext_ticket_key_cb with OpenSSLv3
by Remi Tricot-Le Breton
· Tue Feb 08 17:45:58 2022 +0100
c11e7e1
MINOR: ssl: Remove EC_KEY related calls when creating a certificate
by Remi Tricot-Le Breton
· Tue Feb 08 17:45:56 2022 +0100
ff4c3c4
MINOR: ssl: Remove EC_KEY related calls when preparing SSL context
by Remi Tricot-Le Breton
· Tue Feb 08 17:45:54 2022 +0100
36f80f6
CLEANUP: ssl: Remove unused ssl_sock_create_cert function
by Remi Tricot-Le Breton
· Tue Feb 08 17:45:52 2022 +0100
2e7d1eb
BUG/MINOR: ssl: Remove empty lines from "show ssl ocsp-response <id>" output
by Remi Tricot-Le Breton
· Tue Jan 11 10:11:10 2022 +0100
cfa2d56
MAJOR: quic: implement accept queue
by Amaury Denoyelle
· Wed Jan 19 16:01:05 2022 +0100
7c564bf
MINOR: ssl: fix build in release mode
by Amaury Denoyelle
· Mon Jan 24 11:04:05 2022 +0100
9320dd5
MEDIUM: quic/ssl: add new ex data for quic_conn
by Amaury Denoyelle
· Wed Jan 19 10:03:30 2022 +0100
a996763
BUG/MINOR: ssl: Store client SNI in SSL context in case of ClientHello error
by Remi Tricot-Le Breton
· Fri Jan 07 17:12:01 2022 +0100
e69563f
BUG/MEDIUM: ssl: free the ckch instance linked to a server
by William Lallemand
· Thu Dec 30 14:45:19 2021 +0100
231610a
BUG/MINOR: ssl: free the fields in srv->ssl_ctx
by William Lallemand
· Thu Dec 30 11:25:43 2021 +0100
2c776f1
BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server
by William Lallemand
· Tue Dec 28 18:47:17 2021 +0100
77bfa66
DEBUG: ssl: make sure we never change a servername on established connections
by Willy Tarreau
· Thu Dec 23 11:12:13 2021 +0100
cc750ef
MINOR: ssl: Remove empty lines from "show ssl ocsp-response" output
by Remi Tricot-Le Breton
· Fri Dec 17 18:53:23 2021 +0100
1761fdf
MINOR: ssl_sock: Set the QUIC application from ssl_sock_advertise_alpn_protos.
by Frédéric Lécaille
· Tue Dec 14 19:40:04 2021 +0100
b5b5247
MINOR: quic: Immediately close if no transport parameters extension found
by Frédéric Lécaille
· Mon Nov 22 15:55:16 2021 +0100
067a82b
MINOR: quic: Set "no_application_protocol" alert
by Frédéric Lécaille
· Fri Nov 19 17:02:20 2021 +0100
c5e7cf9
BUG/MINOR: ssl: make SSL counters atomic
by Willy Tarreau
· Mon Nov 22 17:46:13 2021 +0100
a956d15
MINOR: quic: Support transport parameters draft TLS extension
by Frédéric Lécaille
· Wed Nov 10 09:24:22 2021 +0100
7980dff
BUG/MEDIUM: ssl: abort with the correct SSL error when SNI not found
by William Lallemand
· Thu Nov 18 17:46:26 2021 +0100
e18d4e8
BUG/MEDIUM: ssl: backend TLS resumption with sni and TLSv1.3
by William Lallemand
· Wed Nov 17 02:59:21 2021 +0100
002e206
CLEANUP: ssl: fix wrong #else commentary
by William Lallemand
· Thu Nov 18 15:25:16 2021 +0100
71e588c
MEDIUM: quic: inspect ALPN to install app_ops
by Amaury Denoyelle
· Fri Nov 12 11:23:29 2021 +0100
82531f6
REORG: ssl-sock: move the sslconns/totalsslconns counters to global
by Willy Tarreau
· Wed Oct 06 12:15:18 2021 +0200
a8a72c6
CLEANUP: ssl/server: move ssl_sock_set_srv() to srv_set_ssl() in server.c
by Willy Tarreau
· Wed Oct 06 11:48:34 2021 +0200
1057bee
REORG: ssl: move ssl_sock_is_ssl() to connection.h and rename it
by Willy Tarreau
· Wed Oct 06 11:38:44 2021 +0200
9543d5a
MINOR: ssl: Store the last SSL error code in case of read or write failure
by Remi Tricot-Le Breton
· Wed Sep 29 18:56:53 2021 +0200
1fe0fad
MINOR: ssl: Rename ssl_bc_hsk_err to ssl_bc_err
by Remi Tricot-Le Breton
· Wed Sep 29 18:56:52 2021 +0200
61944f7
MINOR: ssl: Set connection error code in case of SSL read or write fatal failure
by Remi Tricot-Le Breton
· Wed Sep 29 18:56:51 2021 +0200
0faf807
MINOR: quic: Update the streams transport parameters.
by Frédéric Lécaille
· Thu Mar 18 15:05:18 2021 +0100
d5fc8fc
CLEANUP: Add haproxy/xxhash.h to avoid modifying import/xxhash.h
by Tim Duesterhus
· Sat Sep 11 17:51:13 2021 +0200
310a260
MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size
by Marcin Deranek
· Tue Jul 13 19:04:24 2021 +0200
769fd2e
MEDIUM: ssl: Capture more info from Client Hello
by Marcin Deranek
· Mon Jul 12 14:16:55 2021 +0200
f95c295
BUILD/MINOR: ssl: Fix compilation with OpenSSL 1.0.2
by Remi Tricot-Le Breton
· Fri Aug 20 09:51:23 2021 +0200
74f6ab6
MEDIUM: ssl: Keep a reference to the client's certificate for use in logs
by Remi Tricot-Le Breton
· Thu Aug 19 18:06:30 2021 +0200
7c6898e
MINOR: ssl: Add new ssl_fc_hsk_err sample fetch
by Remi Tricot-Le Breton
· Thu Jul 29 09:45:51 2021 +0200
2bf5d41
MINOR: ssl: use __objt_* variant when retrieving counters
by Amaury Denoyelle
· Mon Jul 26 09:59:06 2021 +0200
36aa451
MINOR: ssl: render file-access optional on server crt loading
by Amaury Denoyelle
· Fri May 21 16:22:11 2021 +0200
c593bcd
MINOR: ssl: always initialize random generator
by Amaury Denoyelle
· Wed May 19 15:35:29 2021 +0200
Next »