Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 6e805dab2add31c7a60f2f4be933f8e6903151fe / src / ssl_sock.c
  1. 43c2ce4 BUG/MINOR: server/ssl: free the SNI sample expression by William Lallemand · Wed Mar 16 17:48:19 2022 +0100
  2. 95a61e8 MINOR: stream: Add pointer to front/back conn-streams into stream struct by Christopher Faulet · Wed Dec 22 14:22:03 2021 +0100
  3. 86e1c33 MEDIUM: applet: Set the conn-stream as appctx owner instead of the stream-int by Christopher Faulet · Mon Dec 20 17:09:39 2021 +0100
  4. 13a35e5 MAJOR: conn_stream/stream-int: move the appctx to the conn-stream by Christopher Faulet · Mon Dec 20 15:34:16 2021 +0100
  5. 1b01b7f BUG/MINOR: ssl: Missing return value check in ssl_ocsp_response_print by Remi Tricot-Le Breton · Wed Feb 16 15:17:09 2022 +0100
  6. 8081b67 BUG/MINOR: ssl: Fix leak in "show ssl ocsp-response" CLI command by Remi Tricot-Le Breton · Wed Feb 16 15:03:51 2022 +0100
  7. a9a591a BUG/MINOR: ssl: Add missing return value check in ssl_ocsp_response_print by Remi Tricot-Le Breton · Wed Feb 16 14:42:22 2022 +0100
  8. 88c5695 MINOR: ssl: Remove calls to SSL_CTX_set_tmp_dh_callback on OpenSSLv3 by Remi Tricot-Le Breton · Fri Feb 11 12:04:56 2022 +0100
  9. c76c3c4 MEDIUM: ssl: Replace all DH objects by EVP_PKEY on OpenSSLv3 (via HASSL_DH type) by Remi Tricot-Le Breton · Fri Feb 11 12:04:55 2022 +0100
  10. 55d7e78 MINOR: ssl: Set default dh size to 2048 by Remi Tricot-Le Breton · Fri Feb 11 12:04:54 2022 +0100
  11. bed7263 MINOR: ssl: Build local DH of right size when needed by Remi Tricot-Le Breton · Fri Feb 11 12:04:53 2022 +0100
  12. 7f6425a MINOR: ssl: Add ssl_new_dh_fromdata helper function by Remi Tricot-Le Breton · Fri Feb 11 12:04:52 2022 +0100
  13. 5f17930 MINOR: ssl: Add ssl_sock_set_tmp_dh_from_pkey helper function by Remi Tricot-Le Breton · Fri Feb 11 12:04:51 2022 +0100
  14. 846eda9 MINOR: ssl: Add ssl_sock_set_tmp_dh helper function by Remi Tricot-Le Breton · Fri Feb 11 12:04:50 2022 +0100
  15. 292a88c MINOR: ssl: Factorize ssl_get_tmp_dh and append a cbk to its name by Remi Tricot-Le Breton · Fri Feb 11 12:04:49 2022 +0100
  16. 09ebb33 MINOR: ssl: Add ssl_sock_get_dh_from_bio helper function by Remi Tricot-Le Breton · Fri Feb 11 12:04:48 2022 +0100
  17. 78a36e3 MINOR: ssl: Remove call to ERR_load_SSL_strings with OpenSSLv3 by Remi Tricot-Le Breton · Fri Feb 11 12:04:45 2022 +0100
  18. 1effd9a MINOR: ssl: Remove call to ERR_func_error_string with OpenSSLv3 by Remi Tricot-Le Breton · Fri Feb 11 12:04:44 2022 +0100
  19. c9414e2 MINOR: ssl: Remove call to HMAC_Init_ex with OpenSSLv3 by Remi Tricot-Le Breton · Tue Feb 08 17:45:59 2022 +0100
  20. 8ea1f5f MINOR: ssl: Remove call to SSL_CTX_set_tlsext_ticket_key_cb with OpenSSLv3 by Remi Tricot-Le Breton · Tue Feb 08 17:45:58 2022 +0100
  21. c11e7e1 MINOR: ssl: Remove EC_KEY related calls when creating a certificate by Remi Tricot-Le Breton · Tue Feb 08 17:45:56 2022 +0100
  22. ff4c3c4 MINOR: ssl: Remove EC_KEY related calls when preparing SSL context by Remi Tricot-Le Breton · Tue Feb 08 17:45:54 2022 +0100
  23. 36f80f6 CLEANUP: ssl: Remove unused ssl_sock_create_cert function by Remi Tricot-Le Breton · Tue Feb 08 17:45:52 2022 +0100
  24. 2e7d1eb BUG/MINOR: ssl: Remove empty lines from "show ssl ocsp-response <id>" output by Remi Tricot-Le Breton · Tue Jan 11 10:11:10 2022 +0100
  25. cfa2d56 MAJOR: quic: implement accept queue by Amaury Denoyelle · Wed Jan 19 16:01:05 2022 +0100
  26. 7c564bf MINOR: ssl: fix build in release mode by Amaury Denoyelle · Mon Jan 24 11:04:05 2022 +0100
  27. 9320dd5 MEDIUM: quic/ssl: add new ex data for quic_conn by Amaury Denoyelle · Wed Jan 19 10:03:30 2022 +0100
  28. a996763 BUG/MINOR: ssl: Store client SNI in SSL context in case of ClientHello error by Remi Tricot-Le Breton · Fri Jan 07 17:12:01 2022 +0100
  29. e69563f BUG/MEDIUM: ssl: free the ckch instance linked to a server by William Lallemand · Thu Dec 30 14:45:19 2021 +0100
  30. 231610a BUG/MINOR: ssl: free the fields in srv->ssl_ctx by William Lallemand · Thu Dec 30 11:25:43 2021 +0100
  31. 2c776f1 BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server by William Lallemand · Tue Dec 28 18:47:17 2021 +0100
  32. 77bfa66 DEBUG: ssl: make sure we never change a servername on established connections by Willy Tarreau · Thu Dec 23 11:12:13 2021 +0100
  33. cc750ef MINOR: ssl: Remove empty lines from "show ssl ocsp-response" output by Remi Tricot-Le Breton · Fri Dec 17 18:53:23 2021 +0100
  34. 1761fdf MINOR: ssl_sock: Set the QUIC application from ssl_sock_advertise_alpn_protos. by Frédéric Lécaille · Tue Dec 14 19:40:04 2021 +0100
  35. b5b5247 MINOR: quic: Immediately close if no transport parameters extension found by Frédéric Lécaille · Mon Nov 22 15:55:16 2021 +0100
  36. 067a82b MINOR: quic: Set "no_application_protocol" alert by Frédéric Lécaille · Fri Nov 19 17:02:20 2021 +0100
  37. c5e7cf9 BUG/MINOR: ssl: make SSL counters atomic by Willy Tarreau · Mon Nov 22 17:46:13 2021 +0100
  38. a956d15 MINOR: quic: Support transport parameters draft TLS extension by Frédéric Lécaille · Wed Nov 10 09:24:22 2021 +0100
  39. 7980dff BUG/MEDIUM: ssl: abort with the correct SSL error when SNI not found by William Lallemand · Thu Nov 18 17:46:26 2021 +0100
  40. e18d4e8 BUG/MEDIUM: ssl: backend TLS resumption with sni and TLSv1.3 by William Lallemand · Wed Nov 17 02:59:21 2021 +0100
  41. 002e206 CLEANUP: ssl: fix wrong #else commentary by William Lallemand · Thu Nov 18 15:25:16 2021 +0100
  42. 71e588c MEDIUM: quic: inspect ALPN to install app_ops by Amaury Denoyelle · Fri Nov 12 11:23:29 2021 +0100
  43. 82531f6 REORG: ssl-sock: move the sslconns/totalsslconns counters to global by Willy Tarreau · Wed Oct 06 12:15:18 2021 +0200
  44. a8a72c6 CLEANUP: ssl/server: move ssl_sock_set_srv() to srv_set_ssl() in server.c by Willy Tarreau · Wed Oct 06 11:48:34 2021 +0200
  45. 1057bee REORG: ssl: move ssl_sock_is_ssl() to connection.h and rename it by Willy Tarreau · Wed Oct 06 11:38:44 2021 +0200
  46. 9543d5a MINOR: ssl: Store the last SSL error code in case of read or write failure by Remi Tricot-Le Breton · Wed Sep 29 18:56:53 2021 +0200
  47. 1fe0fad MINOR: ssl: Rename ssl_bc_hsk_err to ssl_bc_err by Remi Tricot-Le Breton · Wed Sep 29 18:56:52 2021 +0200
  48. 61944f7 MINOR: ssl: Set connection error code in case of SSL read or write fatal failure by Remi Tricot-Le Breton · Wed Sep 29 18:56:51 2021 +0200
  49. 0faf807 MINOR: quic: Update the streams transport parameters. by Frédéric Lécaille · Thu Mar 18 15:05:18 2021 +0100
  50. d5fc8fc CLEANUP: Add haproxy/xxhash.h to avoid modifying import/xxhash.h by Tim Duesterhus · Sat Sep 11 17:51:13 2021 +0200
  51. 310a260 MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size by Marcin Deranek · Tue Jul 13 19:04:24 2021 +0200
  52. 769fd2e MEDIUM: ssl: Capture more info from Client Hello by Marcin Deranek · Mon Jul 12 14:16:55 2021 +0200
  53. f95c295 BUILD/MINOR: ssl: Fix compilation with OpenSSL 1.0.2 by Remi Tricot-Le Breton · Fri Aug 20 09:51:23 2021 +0200
  54. 74f6ab6 MEDIUM: ssl: Keep a reference to the client's certificate for use in logs by Remi Tricot-Le Breton · Thu Aug 19 18:06:30 2021 +0200
  55. 7c6898e MINOR: ssl: Add new ssl_fc_hsk_err sample fetch by Remi Tricot-Le Breton · Thu Jul 29 09:45:51 2021 +0200
  56. 2bf5d41 MINOR: ssl: use __objt_* variant when retrieving counters by Amaury Denoyelle · Mon Jul 26 09:59:06 2021 +0200
  57. 36aa451 MINOR: ssl: render file-access optional on server crt loading by Amaury Denoyelle · Fri May 21 16:22:11 2021 +0200
  58. c593bcd MINOR: ssl: always initialize random generator by Amaury Denoyelle · Wed May 19 15:35:29 2021 +0200
  59. 9135859 CLEANUP: global: remove the nbproc field from the global structure by Willy Tarreau · Tue Jun 15 08:08:04 2021 +0200
  60. 4c19e99 BUG/MINOR: ssl: use atomic ops to update global shctx stats by Willy Tarreau · Tue Jun 15 16:39:22 2021 +0200
  61. 6916493 MINOR: ssl: Use OpenSSL's ASN1_TIME convertor when available by Remi Tricot-Le Breton · Fri Jun 11 10:28:09 2021 +0200
  62. 3faf0cb BUILD: ssl: Fix compilation with BoringSSL by Remi Tricot-Le Breton · Thu Jun 10 18:10:32 2021 +0200
  63. d92fd11 MINOR: ssl: Add new "show ssl ocsp-response" CLI command by Remi Tricot-Le Breton · Thu Jun 10 13:51:13 2021 +0200
  64. 5aa1dce MINOR: ssl: Keep the actual key length in the certificate_ocsp structure by Remi Tricot-Le Breton · Thu Jun 10 13:51:12 2021 +0200
  65. a3a0cce BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the future by Remi Tricot-Le Breton · Wed Jun 09 17:16:18 2021 +0200
  66. 722180a BUILD: make tune.ssl.keylog available again by William Lallemand · Wed Jun 09 16:46:12 2021 +0200
  67. e74cbc3 REORG: config: use parsing ctx for server config check by Amaury Denoyelle · Fri May 28 10:34:01 2021 +0200
  68. 1112430 MINOR: errors: specify prefix "config" for parsing output by Amaury Denoyelle · Fri Jun 04 18:22:08 2021 +0200
  69. f22b032 BUILD: fix compilation for OpenSSL-3.0.0-alpha17 by William Lallemand · Wed Jun 02 16:09:11 2021 +0200
  70. 612b2c3 BUG/MINOR: ssl: Missing calloc return value check in ssl_init_single_engine by Remi Tricot-Le Breton · Wed May 12 17:45:21 2021 +0200
  71. d75b99e BUILD/MINOR: ssl: Fix compilation with SSL enabled by Remi Tricot-Le Breton · Mon May 17 11:45:55 2021 +0200
  72. 40ddea8 MINOR: ssl: Add reference to default ckch instance in bind_conf by Remi Tricot-Le Breton · Tue Apr 13 16:07:29 2021 +0200
  73. 4458b97 MEDIUM: ssl: Chain ckch instances in ca-file entries by Remi Tricot-Le Breton · Fri Feb 19 17:41:55 2021 +0100
  74. af8820a CLEANUP: ssl: Move ssl_store related code to ssl_ckch.c by Remi Tricot-Le Breton · Tue Apr 13 10:10:37 2021 +0200
  75. 832e242 DEBUG: ssl: export ssl_sock_close() to see its symbol resolved in profiling by Willy Tarreau · Thu May 13 10:11:03 2021 +0200
  76. b205bfd CLEANUP: cli/tree-wide: properly re-align the CLI commands' help messages by Willy Tarreau · Fri May 07 11:38:37 2021 +0200
  77. 2b71810 CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion by Willy Tarreau · Wed Apr 21 07:32:39 2021 +0200
  78. ff88270 MINOR: pool: move pool declarations to read_mostly by Willy Tarreau · Sat Apr 10 17:23:00 2021 +0200
  79. 4781b15 CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec by Willy Tarreau · Tue Apr 06 13:53:36 2021 +0200
  80. 1db4273 CLEANUP: atomic: add an explicit _FETCH variant for add/sub/and/or by Willy Tarreau · Tue Apr 06 11:44:07 2021 +0200
  81. 8218aed BUG/MINOR: ssl: Fix update of default certificate by Remi Tricot-Le Breton · Wed Mar 17 14:56:54 2021 +0100
  82. fb00f31 BUG/MINOR: ssl: Prevent disk access when using "add ssl crt-list" by Remi Tricot-Le Breton · Tue Mar 23 16:41:53 2021 +0100
  83. f208ac0 CLEANUP: ssl: use pool_zalloc() in ssl_init_keylog() by Willy Tarreau · Mon Mar 22 21:10:12 2021 +0100
  84. b454e90 MINOR: ssl: use pool_alloc(), not pool_alloc_dirty() by Willy Tarreau · Mon Mar 22 15:09:41 2021 +0100
  85. bc5ce92 MEDIUM: connections: Implement a start() method in ssl_sock. by Olivier Houchard · Fri Mar 05 23:47:00 2021 +0100
  86. 1b3c931 MEDIUM: connections: Introduce a new XPRT method, start(). by Olivier Houchard · Fri Mar 05 23:37:48 2021 +0100
  87. 7416314 CLEANUP: task: make sure tasklet handlers always indicate their statuses by Willy Tarreau · Sat Mar 13 11:30:19 2021 +0100
  88. 4c48edb BUG/MEDIUM: ssl: properly remove the TASK_HEAVY flag at end of handshake by Willy Tarreau · Tue Mar 09 17:58:02 2021 +0100
  89. 430bf4a MINOR: server: allocate a per-thread struct for the per-thread connections stuff by Willy Tarreau · Thu Mar 04 09:45:32 2021 +0100
  90. 4149168 MEDIUM: ssl: implement xprt_set_used and xprt_set_idle to relax context checks by Willy Tarreau · Tue Mar 02 17:29:56 2021 +0100
  91. 144f84a MEDIUM: task: extend the state field to 32 bits by Willy Tarreau · Tue Mar 02 16:09:26 2021 +0100
  92. 566cebc BUG/MINOR: ssl: don't truncate the file descriptor to 16 bits in debug mode by Willy Tarreau · Tue Mar 02 19:32:39 2021 +0100
  93. 3bda3f4 CLEANUP: ssl: use realloc() instead of free()+malloc() by Willy Tarreau · Fri Feb 26 21:05:08 2021 +0100
  94. e709e82 CLEANUP: ssl: make ssl_sock_free_srv_ctx() zero the pointers after free by Willy Tarreau · Fri Feb 26 21:06:32 2021 +0100
  95. 01acf56 CLEANUP: ssl: remove a useless "if" before freeing an error message by Willy Tarreau · Fri Feb 26 21:12:15 2021 +0100
  96. 61cfdf4 CLEANUP: tree-wide: replace free(x);x=NULL with ha_free(&x) by Willy Tarreau · Sat Feb 20 10:46:51 2021 +0100
  97. 9205ab3 MINOR: ssl: mark the SSL handshake tasklet as heavy by Willy Tarreau · Thu Feb 25 15:31:00 2021 +0100
  98. 8990b01 MINOR: connection: allocate dynamically hash node for backend conns by Amaury Denoyelle · Fri Feb 19 15:29:16 2021 +0100
  99. f232cb3 MEDIUM: connection: replace idle conn lists by eb trees by Amaury Denoyelle · Wed Jan 06 16:14:12 2021 +0100
  100. 5c7086f MEDIUM: connection: protect idle conn lists with locks by Amaury Denoyelle · Mon Jan 11 09:21:52 2021 +0100