Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 6ab7ec9da6f3478bb4ee9b838d1bc543448c11c3 / src / ssl_sock.c
  1. d292e56 BUG/MAJOR: ssl_sock: Always clear retry flags in read/write functions by Olivier Houchard · Sat Jan 27 22:58:29 2024 +0100
  2. 05bf68b BUG/MEDIUM: ssl: segfault when cipher is NULL by William Lallemand · Mon Oct 30 18:08:16 2023 +0100
  3. 539bfaa BUG/MINOR: ssl: suboptimal certificate selection with TLSv1.3 and dual ECDSA/RSA by William Lallemand · Tue Oct 24 23:58:02 2023 +0200
  4. 1ffc378 BUILD: ssl: buggy -Werror=dangling-pointer since gcc 13.0 by William Lallemand · Tue May 09 14:15:57 2023 +0200
  5. 90f3cd2 BUG/MINOR: ssl_sock: fix possible memory leak on OOM by Willy Tarreau · Mon Aug 21 08:45:35 2023 +0200
  6. c5fd15d BUG/MEDIUM: connection: Preserve flags when a conn is removed from an idle list by Christopher Faulet · Thu Mar 16 11:43:05 2023 +0100
  7. c5eaae9 BUG/MINOR: ssl: Use 'date' instead of 'now' in ocsp stapling callback by Remi Tricot-Le Breton · Thu Mar 02 15:49:55 2023 +0100
  8. 52a61cc BUG/MEDIUM: ssl: wrong eviction from the session cache tree by William Lallemand · Tue Jan 31 14:12:28 2023 +0100
  9. d417c25 BUG/MINOR: ssl: Fix memory leak of find_chain in ssl_sock_load_cert_chain by Remi Tricot-Le Breton · Thu Dec 15 15:44:37 2022 +0100
  10. 99e4526 BUG/MEDIUM: ssl: Verify error codes can exceed 63 by Remi Tricot-Le Breton · Thu Nov 10 10:48:58 2022 +0100
  11. 2cb86e7 BUG/MINOR: ssl: don't initialize the keylog callback when not required by William Lallemand · Fri Nov 18 15:00:15 2022 +0100
  12. 1583897 BUG/MINOR: ssl: ocsp structure not freed properly in case of error by Remi Tricot-Le Breton · Thu Nov 03 15:16:49 2022 +0100
  13. 172da59 BUG/MINOR: ssl: Memory leak of AUTHORITY_KEYID struct when loading issuer by Remi Tricot-Le Breton · Thu Nov 03 15:16:48 2022 +0100
  14. 64ff81b BUG/MEDIUM: ssl/fd: unexpected fd close using async engine by Emeric Brun · Fri Jul 01 17:36:50 2022 +0200
  15. 17d0caa BUG/MINOR: server/ssl: free the SNI sample expression by William Lallemand · Wed Mar 16 17:48:19 2022 +0100
  16. e8a8aa4 BUILD: fix compilation for OpenSSL-3.0.0-alpha17 by William Lallemand · Wed Jun 02 16:09:11 2021 +0200
  17. f518644 BUG/MEDIUM: server: avoid changing healthcheck ctx with set server ssl by William Dauchy · Thu Jan 06 16:57:15 2022 +0100
  18. ec3d2d6 BUG/MEDIUM: ssl: free the ckch instance linked to a server by William Lallemand · Thu Dec 30 14:45:19 2021 +0100
  19. 9d11868 BUG/MINOR: ssl: free the fields in srv->ssl_ctx by William Lallemand · Thu Dec 30 11:25:43 2021 +0100
  20. 6338b7d BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server by William Lallemand · Tue Dec 28 18:47:17 2021 +0100
  21. 41736ab BUG/MINOR: ssl: make SSL counters atomic by Willy Tarreau · Mon Nov 22 17:46:13 2021 +0100
  22. 0f2291b BUG/MEDIUM: ssl: abort with the correct SSL error when SNI not found by William Lallemand · Thu Nov 18 17:46:26 2021 +0100
  23. 0faf526 CLEANUP: ssl: fix wrong #else commentary by William Lallemand · Thu Nov 18 15:25:16 2021 +0100
  24. c78ac5a BUG/MEDIUM: ssl: backend TLS resumption with sni and TLSv1.3 by William Lallemand · Wed Nov 17 02:59:21 2021 +0100
  25. 37d6939 BUG/MINOR: ssl: use atomic ops to update global shctx stats by Willy Tarreau · Tue Jun 15 16:39:22 2021 +0200
  26. 1adb439 BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the future by Remi Tricot-Le Breton · Wed Jun 09 17:16:18 2021 +0200
  27. ca5cf0a BUILD: make tune.ssl.keylog available again by William Lallemand · Wed Jun 09 16:46:12 2021 +0200
  28. 46697c8 BUG/MINOR: ssl: Missing calloc return value check in ssl_init_single_engine by Remi Tricot-Le Breton · Wed May 12 17:45:21 2021 +0200
  29. 832e242 DEBUG: ssl: export ssl_sock_close() to see its symbol resolved in profiling by Willy Tarreau · Thu May 13 10:11:03 2021 +0200
  30. b205bfd CLEANUP: cli/tree-wide: properly re-align the CLI commands' help messages by Willy Tarreau · Fri May 07 11:38:37 2021 +0200
  31. 2b71810 CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion by Willy Tarreau · Wed Apr 21 07:32:39 2021 +0200
  32. ff88270 MINOR: pool: move pool declarations to read_mostly by Willy Tarreau · Sat Apr 10 17:23:00 2021 +0200
  33. 4781b15 CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec by Willy Tarreau · Tue Apr 06 13:53:36 2021 +0200
  34. 1db4273 CLEANUP: atomic: add an explicit _FETCH variant for add/sub/and/or by Willy Tarreau · Tue Apr 06 11:44:07 2021 +0200
  35. 8218aed BUG/MINOR: ssl: Fix update of default certificate by Remi Tricot-Le Breton · Wed Mar 17 14:56:54 2021 +0100
  36. fb00f31 BUG/MINOR: ssl: Prevent disk access when using "add ssl crt-list" by Remi Tricot-Le Breton · Tue Mar 23 16:41:53 2021 +0100
  37. f208ac0 CLEANUP: ssl: use pool_zalloc() in ssl_init_keylog() by Willy Tarreau · Mon Mar 22 21:10:12 2021 +0100
  38. b454e90 MINOR: ssl: use pool_alloc(), not pool_alloc_dirty() by Willy Tarreau · Mon Mar 22 15:09:41 2021 +0100
  39. bc5ce92 MEDIUM: connections: Implement a start() method in ssl_sock. by Olivier Houchard · Fri Mar 05 23:47:00 2021 +0100
  40. 1b3c931 MEDIUM: connections: Introduce a new XPRT method, start(). by Olivier Houchard · Fri Mar 05 23:37:48 2021 +0100
  41. 7416314 CLEANUP: task: make sure tasklet handlers always indicate their statuses by Willy Tarreau · Sat Mar 13 11:30:19 2021 +0100
  42. 4c48edb BUG/MEDIUM: ssl: properly remove the TASK_HEAVY flag at end of handshake by Willy Tarreau · Tue Mar 09 17:58:02 2021 +0100
  43. 430bf4a MINOR: server: allocate a per-thread struct for the per-thread connections stuff by Willy Tarreau · Thu Mar 04 09:45:32 2021 +0100
  44. 4149168 MEDIUM: ssl: implement xprt_set_used and xprt_set_idle to relax context checks by Willy Tarreau · Tue Mar 02 17:29:56 2021 +0100
  45. 144f84a MEDIUM: task: extend the state field to 32 bits by Willy Tarreau · Tue Mar 02 16:09:26 2021 +0100
  46. 566cebc BUG/MINOR: ssl: don't truncate the file descriptor to 16 bits in debug mode by Willy Tarreau · Tue Mar 02 19:32:39 2021 +0100
  47. 3bda3f4 CLEANUP: ssl: use realloc() instead of free()+malloc() by Willy Tarreau · Fri Feb 26 21:05:08 2021 +0100
  48. e709e82 CLEANUP: ssl: make ssl_sock_free_srv_ctx() zero the pointers after free by Willy Tarreau · Fri Feb 26 21:06:32 2021 +0100
  49. 01acf56 CLEANUP: ssl: remove a useless "if" before freeing an error message by Willy Tarreau · Fri Feb 26 21:12:15 2021 +0100
  50. 61cfdf4 CLEANUP: tree-wide: replace free(x);x=NULL with ha_free(&x) by Willy Tarreau · Sat Feb 20 10:46:51 2021 +0100
  51. 9205ab3 MINOR: ssl: mark the SSL handshake tasklet as heavy by Willy Tarreau · Thu Feb 25 15:31:00 2021 +0100
  52. 8990b01 MINOR: connection: allocate dynamically hash node for backend conns by Amaury Denoyelle · Fri Feb 19 15:29:16 2021 +0100
  53. f232cb3 MEDIUM: connection: replace idle conn lists by eb trees by Amaury Denoyelle · Wed Jan 06 16:14:12 2021 +0100
  54. 5c7086f MEDIUM: connection: protect idle conn lists with locks by Amaury Denoyelle · Mon Jan 11 09:21:52 2021 +0100
  55. 3ce6eed MEDIUM: ssl: add a rwlock for SSL server session cache by William Lallemand · Mon Feb 08 10:43:44 2021 +0100
  56. 7ff7747 BUILD: ssl: guard SSL_CTX_set_msg_callback with SSL_CTRL_SET_MSG_CALLBACK macro by Ilya Shipitsin · Mon Feb 08 16:55:06 2021 +0500
  57. f00cdb1 BUILD: ssl: guard SSL_CTX_add_server_custom_ext with special macro by Ilya Shipitsin · Sat Feb 06 18:59:22 2021 +0500
  58. 7bbf586 BUILD: ssl: fix typo in HAVE_SSL_CTX_ADD_SERVER_CUSTOM_EXT macro by Ilya Shipitsin · Sat Feb 06 18:55:27 2021 +0500
  59. a84986a BUG/MINOR: ssl: do not try to use early data if not configured by Willy Tarreau · Wed Feb 03 11:21:38 2021 +0100
  60. 0630038 BUG/MEDIUM: ssl: check a connection's status before computing a handshake by Willy Tarreau · Tue Feb 02 15:42:25 2021 +0100
  61. b886849 CLEANUP: ssl: remove dead code in ckch_inst_new_load_srv_store() by William Lallemand · Wed Jan 27 14:42:40 2021 +0100
  62. db26e2b CLEANUP: ssl: make load_srv_{ckchs,cert} match their bind counterpart by William Lallemand · Tue Jan 26 12:01:46 2021 +0100
  63. 795bd9b CLEANUP: ssl: remove SSL_CTX function parameter by William Lallemand · Tue Jan 26 11:27:42 2021 +0100
  64. f3eedfe MEDIUM: ssl: Enable backend certificate hot update by Remi Tricot-Le Breton · Mon Jan 25 17:19:44 2021 +0100
  65. d817dc7 MEDIUM: ssl: Load client certificates in a ckch for backend servers by Remi Tricot-Le Breton · Mon Jan 25 17:19:43 2021 +0100
  66. ec805a3 MINOR: ssl: Certificate chain loading refactorization by Remi Tricot-Le Breton · Mon Jan 25 17:19:42 2021 +0100
  67. 442b7f2 MINOR: ssl: Server ssl context prepare function refactoring by Remi Tricot-Le Breton · Mon Jan 25 17:19:41 2021 +0100
  68. 1fc44d4 BUILD: ssl: guard Client Hello callbacks with HAVE_SSL_CLIENT_HELLO_CB macro instead of openssl version by Ilya Shipitsin · Sat Jan 23 00:09:14 2021 +0500
  69. 4bd5d63 MINOR: ssl/show_fd: report some FDs as suspicious when possible by Willy Tarreau · Thu Jan 21 08:53:50 2021 +0100
  70. 8050efe MINOR: cli: give the show_fd helpers the ability to report a suspicious entry by Willy Tarreau · Thu Jan 21 08:26:06 2021 +0100
  71. 691d503 MINOR: xprt/mux: export all *_io_cb functions so that "show fd" resolves them by Willy Tarreau · Wed Jan 20 14:55:01 2021 +0100
  72. de5675a MINOR: ssl: provide a "show fd" helper to report important SSL information by Willy Tarreau · Wed Jan 20 14:41:29 2021 +0100
  73. 761d64c BUILD: ssl: guard openssl specific with SSL_READ_EARLY_DATA_SUCCESS by Ilya Shipitsin · Thu Jan 07 11:59:58 2021 +0500
  74. ec36c91 BUILD: ssl: guard EVP_PKEY_get_default_digest_nid with ASN1_PKEY_CTRL_DEFAULT_MD_NID by Ilya Shipitsin · Thu Jan 07 11:57:42 2021 +0500
  75. 1e9a666 CLEANUP: assorted typo fixes in the code and comments by Ilya Shipitsin · Tue Jan 05 22:10:46 2021 +0500
  76. b6fc524 MINOR: ssl: make tlskeys_list_get_next() take a list element by Willy Tarreau · Tue Jan 05 10:44:30 2021 +0100
  77. cb8b281 CLEANUP: ssl: Remove useless local variable in tlskeys_list_get_next() by Tim Duesterhus · Sun Jan 03 01:29:56 2021 +0100
  78. 2c7bb33 CLEANUP: ssl: Remove useless loop in tlskeys_list_get_next() by Tim Duesterhus · Sun Jan 03 01:29:55 2021 +0100
  79. e5ff141 CLEANUP: Compare the return value of `XXXcmp()` functions with zero by Tim Duesterhus · Sat Jan 02 22:31:53 2021 +0100
  80. e9473c7 MINOR: ssl: QUIC transport parameters parsing. by Frédéric Lécaille · Mon Nov 23 15:37:11 2020 +0100
  81. ec21652 MINOR: ssl: SSL CTX initialization modifications for QUIC. by Frédéric Lécaille · Mon Nov 23 14:33:30 2020 +0100
  82. 901ee2f MINOR: ssl: Export definitions required by QUIC. by Frédéric Lécaille · Mon Nov 23 11:19:04 2020 +0100
  83. 5aa9241 MINOR: ssl_sock: Initialize BIO and SSL objects outside of ssl_sock_init() by Frédéric Lécaille · Mon Nov 09 15:59:23 2020 +0100
  84. 967e7e7 MEDIUM: xxhash: use the XXH3 functions to generate 64-bit hashes by Dragan Dosen · Tue Dec 22 13:22:34 2020 +0100
  85. af20488 BUILD: ssl: fine guard for SSL_CTX_get0_privatekey call by Ilya Shipitsin · Sat Dec 19 03:12:12 2020 +0500
  86. ec60909 BUILD: SSL: fine guard for SSL_CTX_add_server_custom_ext call by Ilya Shipitsin · Fri Nov 27 02:39:48 2020 +0500
  87. 2ded48d MINOR: connection: make conn_sock_drain() use the control layer's ->drain() by Willy Tarreau · Fri Dec 11 16:20:34 2020 +0100
  88. b7fdfdf MEDIUM: ssl: fatal error with bundle + openssl < 1.1.1 by William Lallemand · Fri Dec 04 15:45:02 2020 +0100
  89. f34ed0b BUILD: SSL: guard TLS13 ciphersuites with HAVE_SSL_CTX_SET_CIPHERSUITES by Ilya Shipitsin · Sat Nov 21 14:37:34 2020 +0500
  90. 06ce84a BUG/MEDIUM: ssl: error when no certificate are found by William Lallemand · Fri Nov 20 15:36:13 2020 +0100
  91. bdec3ba BUILD: ssl: use SSL_MODE_ASYNC macro instead of OPENSSL_VERSION by Ilya Shipitsin · Sat Nov 14 01:56:34 2020 +0500
  92. f69cd68 BUG/MINOR: ssl: segv on startup when AKID but no keyid by William Lallemand · Thu Nov 19 16:24:13 2020 +0100
  93. f637044 MEDIUM: cli/ssl: configure ssl on server at runtime by William Dauchy · Sat Nov 14 19:25:33 2020 +0100
  94. 034c162 MEDIUM: stats: add counters for failed handshake by Amaury Denoyelle · Fri Nov 13 16:05:00 2020 +0100
  95. f70b7db MINOR: ssl: remove client hello counters by Amaury Denoyelle · Fri Nov 13 16:04:59 2020 +0100
  96. fc633b6 CLEANUP: config: Return ERR_NONE from config callbacks instead of 0 by Christopher Faulet · Fri Nov 06 15:24:23 2020 +0100
  97. 4299528 BUILD: ssl: silence build warning on uninitialised counters by Willy Tarreau · Fri Nov 06 13:19:18 2020 +0100
  98. d0447a7 MINOR: ssl: add counters for ssl sessions by Amaury Denoyelle · Tue Nov 03 17:10:02 2020 +0100
  99. fbc3377 MINOR: ssl: count client hello for stats by Amaury Denoyelle · Tue Nov 03 17:10:01 2020 +0100
  100. 9963fa7 MINOR: ssl: instantiate stats module by Amaury Denoyelle · Tue Nov 03 17:10:00 2020 +0100