1. 5f17930 MINOR: ssl: Add ssl_sock_set_tmp_dh_from_pkey helper function by Remi Tricot-Le Breton · 2 years, 10 months ago
  2. 846eda9 MINOR: ssl: Add ssl_sock_set_tmp_dh helper function by Remi Tricot-Le Breton · 2 years, 10 months ago
  3. 292a88c MINOR: ssl: Factorize ssl_get_tmp_dh and append a cbk to its name by Remi Tricot-Le Breton · 2 years, 10 months ago
  4. 09ebb33 MINOR: ssl: Add ssl_sock_get_dh_from_bio helper function by Remi Tricot-Le Breton · 2 years, 10 months ago
  5. 78a36e3 MINOR: ssl: Remove call to ERR_load_SSL_strings with OpenSSLv3 by Remi Tricot-Le Breton · 2 years, 10 months ago
  6. 1effd9a MINOR: ssl: Remove call to ERR_func_error_string with OpenSSLv3 by Remi Tricot-Le Breton · 2 years, 10 months ago
  7. c9414e2 MINOR: ssl: Remove call to HMAC_Init_ex with OpenSSLv3 by Remi Tricot-Le Breton · 2 years, 10 months ago
  8. 8ea1f5f MINOR: ssl: Remove call to SSL_CTX_set_tlsext_ticket_key_cb with OpenSSLv3 by Remi Tricot-Le Breton · 2 years, 10 months ago
  9. c11e7e1 MINOR: ssl: Remove EC_KEY related calls when creating a certificate by Remi Tricot-Le Breton · 2 years, 10 months ago
  10. ff4c3c4 MINOR: ssl: Remove EC_KEY related calls when preparing SSL context by Remi Tricot-Le Breton · 2 years, 10 months ago
  11. 36f80f6 CLEANUP: ssl: Remove unused ssl_sock_create_cert function by Remi Tricot-Le Breton · 2 years, 10 months ago
  12. 2e7d1eb BUG/MINOR: ssl: Remove empty lines from "show ssl ocsp-response <id>" output by Remi Tricot-Le Breton · 2 years, 11 months ago
  13. cfa2d56 MAJOR: quic: implement accept queue by Amaury Denoyelle · 2 years, 10 months ago
  14. 7c564bf MINOR: ssl: fix build in release mode by Amaury Denoyelle · 2 years, 10 months ago
  15. 9320dd5 MEDIUM: quic/ssl: add new ex data for quic_conn by Amaury Denoyelle · 2 years, 10 months ago
  16. a996763 BUG/MINOR: ssl: Store client SNI in SSL context in case of ClientHello error by Remi Tricot-Le Breton · 2 years, 11 months ago
  17. e69563f BUG/MEDIUM: ssl: free the ckch instance linked to a server by William Lallemand · 2 years, 11 months ago
  18. 231610a BUG/MINOR: ssl: free the fields in srv->ssl_ctx by William Lallemand · 2 years, 11 months ago
  19. 2c776f1 BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server by William Lallemand · 3 years ago
  20. 77bfa66 DEBUG: ssl: make sure we never change a servername on established connections by Willy Tarreau · 3 years ago
  21. cc750ef MINOR: ssl: Remove empty lines from "show ssl ocsp-response" output by Remi Tricot-Le Breton · 3 years ago
  22. 1761fdf MINOR: ssl_sock: Set the QUIC application from ssl_sock_advertise_alpn_protos. by Frédéric Lécaille · 3 years ago
  23. b5b5247 MINOR: quic: Immediately close if no transport parameters extension found by Frédéric Lécaille · 3 years ago
  24. 067a82b MINOR: quic: Set "no_application_protocol" alert by Frédéric Lécaille · 3 years ago
  25. c5e7cf9 BUG/MINOR: ssl: make SSL counters atomic by Willy Tarreau · 3 years ago
  26. a956d15 MINOR: quic: Support transport parameters draft TLS extension by Frédéric Lécaille · 3 years, 1 month ago
  27. 7980dff BUG/MEDIUM: ssl: abort with the correct SSL error when SNI not found by William Lallemand · 3 years ago
  28. e18d4e8 BUG/MEDIUM: ssl: backend TLS resumption with sni and TLSv1.3 by William Lallemand · 3 years ago
  29. 002e206 CLEANUP: ssl: fix wrong #else commentary by William Lallemand · 3 years ago
  30. 71e588c MEDIUM: quic: inspect ALPN to install app_ops by Amaury Denoyelle · 3 years, 1 month ago
  31. 82531f6 REORG: ssl-sock: move the sslconns/totalsslconns counters to global by Willy Tarreau · 3 years, 2 months ago
  32. a8a72c6 CLEANUP: ssl/server: move ssl_sock_set_srv() to srv_set_ssl() in server.c by Willy Tarreau · 3 years, 2 months ago
  33. 1057bee REORG: ssl: move ssl_sock_is_ssl() to connection.h and rename it by Willy Tarreau · 3 years, 2 months ago
  34. 9543d5a MINOR: ssl: Store the last SSL error code in case of read or write failure by Remi Tricot-Le Breton · 3 years, 2 months ago
  35. 1fe0fad MINOR: ssl: Rename ssl_bc_hsk_err to ssl_bc_err by Remi Tricot-Le Breton · 3 years, 2 months ago
  36. 61944f7 MINOR: ssl: Set connection error code in case of SSL read or write fatal failure by Remi Tricot-Le Breton · 3 years, 2 months ago
  37. 0faf807 MINOR: quic: Update the streams transport parameters. by Frédéric Lécaille · 3 years, 9 months ago
  38. d5fc8fc CLEANUP: Add haproxy/xxhash.h to avoid modifying import/xxhash.h by Tim Duesterhus · 3 years, 3 months ago
  39. 310a260 MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size by Marcin Deranek · 3 years, 5 months ago
  40. 769fd2e MEDIUM: ssl: Capture more info from Client Hello by Marcin Deranek · 3 years, 5 months ago
  41. f95c295 BUILD/MINOR: ssl: Fix compilation with OpenSSL 1.0.2 by Remi Tricot-Le Breton · 3 years, 3 months ago
  42. 74f6ab6 MEDIUM: ssl: Keep a reference to the client's certificate for use in logs by Remi Tricot-Le Breton · 3 years, 3 months ago
  43. 7c6898e MINOR: ssl: Add new ssl_fc_hsk_err sample fetch by Remi Tricot-Le Breton · 3 years, 4 months ago
  44. 2bf5d41 MINOR: ssl: use __objt_* variant when retrieving counters by Amaury Denoyelle · 3 years, 4 months ago
  45. 36aa451 MINOR: ssl: render file-access optional on server crt loading by Amaury Denoyelle · 3 years, 6 months ago
  46. c593bcd MINOR: ssl: always initialize random generator by Amaury Denoyelle · 3 years, 6 months ago
  47. 9135859 CLEANUP: global: remove the nbproc field from the global structure by Willy Tarreau · 3 years, 6 months ago
  48. 4c19e99 BUG/MINOR: ssl: use atomic ops to update global shctx stats by Willy Tarreau · 3 years, 6 months ago
  49. 6916493 MINOR: ssl: Use OpenSSL's ASN1_TIME convertor when available by Remi Tricot-Le Breton · 3 years, 6 months ago
  50. 3faf0cb BUILD: ssl: Fix compilation with BoringSSL by Remi Tricot-Le Breton · 3 years, 6 months ago
  51. d92fd11 MINOR: ssl: Add new "show ssl ocsp-response" CLI command by Remi Tricot-Le Breton · 3 years, 6 months ago
  52. 5aa1dce MINOR: ssl: Keep the actual key length in the certificate_ocsp structure by Remi Tricot-Le Breton · 3 years, 6 months ago
  53. a3a0cce BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the future by Remi Tricot-Le Breton · 3 years, 6 months ago
  54. 722180a BUILD: make tune.ssl.keylog available again by William Lallemand · 3 years, 6 months ago
  55. e74cbc3 REORG: config: use parsing ctx for server config check by Amaury Denoyelle · 3 years, 6 months ago
  56. 1112430 MINOR: errors: specify prefix "config" for parsing output by Amaury Denoyelle · 3 years, 6 months ago
  57. f22b032 BUILD: fix compilation for OpenSSL-3.0.0-alpha17 by William Lallemand · 3 years, 6 months ago
  58. 612b2c3 BUG/MINOR: ssl: Missing calloc return value check in ssl_init_single_engine by Remi Tricot-Le Breton · 3 years, 7 months ago
  59. d75b99e BUILD/MINOR: ssl: Fix compilation with SSL enabled by Remi Tricot-Le Breton · 3 years, 7 months ago
  60. 40ddea8 MINOR: ssl: Add reference to default ckch instance in bind_conf by Remi Tricot-Le Breton · 3 years, 8 months ago
  61. 4458b97 MEDIUM: ssl: Chain ckch instances in ca-file entries by Remi Tricot-Le Breton · 3 years, 9 months ago
  62. af8820a CLEANUP: ssl: Move ssl_store related code to ssl_ckch.c by Remi Tricot-Le Breton · 3 years, 8 months ago
  63. 832e242 DEBUG: ssl: export ssl_sock_close() to see its symbol resolved in profiling by Willy Tarreau · 3 years, 7 months ago
  64. b205bfd CLEANUP: cli/tree-wide: properly re-align the CLI commands' help messages by Willy Tarreau · 3 years, 7 months ago
  65. 2b71810 CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion by Willy Tarreau · 3 years, 7 months ago
  66. ff88270 MINOR: pool: move pool declarations to read_mostly by Willy Tarreau · 3 years, 8 months ago
  67. 4781b15 CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec by Willy Tarreau · 3 years, 8 months ago
  68. 1db4273 CLEANUP: atomic: add an explicit _FETCH variant for add/sub/and/or by Willy Tarreau · 3 years, 8 months ago
  69. 8218aed BUG/MINOR: ssl: Fix update of default certificate by Remi Tricot-Le Breton · 3 years, 9 months ago
  70. fb00f31 BUG/MINOR: ssl: Prevent disk access when using "add ssl crt-list" by Remi Tricot-Le Breton · 3 years, 8 months ago
  71. f208ac0 CLEANUP: ssl: use pool_zalloc() in ssl_init_keylog() by Willy Tarreau · 3 years, 8 months ago
  72. b454e90 MINOR: ssl: use pool_alloc(), not pool_alloc_dirty() by Willy Tarreau · 3 years, 8 months ago
  73. bc5ce92 MEDIUM: connections: Implement a start() method in ssl_sock. by Olivier Houchard · 3 years, 9 months ago
  74. 1b3c931 MEDIUM: connections: Introduce a new XPRT method, start(). by Olivier Houchard · 3 years, 9 months ago
  75. 7416314 CLEANUP: task: make sure tasklet handlers always indicate their statuses by Willy Tarreau · 3 years, 9 months ago
  76. 4c48edb BUG/MEDIUM: ssl: properly remove the TASK_HEAVY flag at end of handshake by Willy Tarreau · 3 years, 9 months ago
  77. 430bf4a MINOR: server: allocate a per-thread struct for the per-thread connections stuff by Willy Tarreau · 3 years, 9 months ago
  78. 4149168 MEDIUM: ssl: implement xprt_set_used and xprt_set_idle to relax context checks by Willy Tarreau · 3 years, 9 months ago
  79. 144f84a MEDIUM: task: extend the state field to 32 bits by Willy Tarreau · 3 years, 9 months ago
  80. 566cebc BUG/MINOR: ssl: don't truncate the file descriptor to 16 bits in debug mode by Willy Tarreau · 3 years, 9 months ago
  81. 3bda3f4 CLEANUP: ssl: use realloc() instead of free()+malloc() by Willy Tarreau · 3 years, 9 months ago
  82. e709e82 CLEANUP: ssl: make ssl_sock_free_srv_ctx() zero the pointers after free by Willy Tarreau · 3 years, 9 months ago
  83. 01acf56 CLEANUP: ssl: remove a useless "if" before freeing an error message by Willy Tarreau · 3 years, 9 months ago
  84. 61cfdf4 CLEANUP: tree-wide: replace free(x);x=NULL with ha_free(&x) by Willy Tarreau · 3 years, 9 months ago
  85. 9205ab3 MINOR: ssl: mark the SSL handshake tasklet as heavy by Willy Tarreau · 3 years, 9 months ago
  86. 8990b01 MINOR: connection: allocate dynamically hash node for backend conns by Amaury Denoyelle · 3 years, 9 months ago
  87. f232cb3 MEDIUM: connection: replace idle conn lists by eb trees by Amaury Denoyelle · 3 years, 11 months ago
  88. 5c7086f MEDIUM: connection: protect idle conn lists with locks by Amaury Denoyelle · 3 years, 11 months ago
  89. 3ce6eed MEDIUM: ssl: add a rwlock for SSL server session cache by William Lallemand · 3 years, 10 months ago
  90. 7ff7747 BUILD: ssl: guard SSL_CTX_set_msg_callback with SSL_CTRL_SET_MSG_CALLBACK macro by Ilya Shipitsin · 3 years, 10 months ago
  91. f00cdb1 BUILD: ssl: guard SSL_CTX_add_server_custom_ext with special macro by Ilya Shipitsin · 3 years, 10 months ago
  92. 7bbf586 BUILD: ssl: fix typo in HAVE_SSL_CTX_ADD_SERVER_CUSTOM_EXT macro by Ilya Shipitsin · 3 years, 10 months ago
  93. a84986a BUG/MINOR: ssl: do not try to use early data if not configured by Willy Tarreau · 3 years, 10 months ago
  94. 0630038 BUG/MEDIUM: ssl: check a connection's status before computing a handshake by Willy Tarreau · 3 years, 10 months ago
  95. b886849 CLEANUP: ssl: remove dead code in ckch_inst_new_load_srv_store() by William Lallemand · 3 years, 10 months ago
  96. db26e2b CLEANUP: ssl: make load_srv_{ckchs,cert} match their bind counterpart by William Lallemand · 3 years, 10 months ago
  97. 795bd9b CLEANUP: ssl: remove SSL_CTX function parameter by William Lallemand · 3 years, 10 months ago
  98. f3eedfe MEDIUM: ssl: Enable backend certificate hot update by Remi Tricot-Le Breton · 3 years, 10 months ago
  99. d817dc7 MEDIUM: ssl: Load client certificates in a ckch for backend servers by Remi Tricot-Le Breton · 3 years, 10 months ago
  100. ec805a3 MINOR: ssl: Certificate chain loading refactorization by Remi Tricot-Le Breton · 3 years, 10 months ago