1. c8d814e MINOR: ssl: Move OCSP code to a dedicated source file by Remi Tricot-Le Breton · Tue Dec 20 11:11:17 2022 +0100
  2. aff8277 MEDIUM: ssl: Start update task if at least one ocsp-update option is set to on by Remi Tricot-Le Breton · Tue Dec 20 11:11:14 2022 +0100
  3. 6477bbd MEDIUM: ssl: Add ocsp update task main function by Remi Tricot-Le Breton · Tue Dec 20 11:11:13 2022 +0100
  4. b55be8c MEDIUM: ssl: Insert ocsp responses in update tree when needed by Remi Tricot-Le Breton · Tue Dec 20 11:11:12 2022 +0100
  5. bdd3c79 MINOR: ssl: Add ocsp_update_tree and helper functions by Remi Tricot-Le Breton · Tue Dec 20 11:11:09 2022 +0100
  6. cc34667 MEDIUM: ssl: Add ocsp_certid in ckch structure and discard ocsp buffer early by Remi Tricot-Le Breton · Tue Dec 20 11:11:08 2022 +0100
  7. eeaa29b MINOR: ssl: Add "update ssl ocsp-response" cli command by Remi Tricot-Le Breton · Tue Dec 20 11:11:07 2022 +0100
  8. c0b4058 MINOR: ssl: Add helper function that checks the validity of an OCSP response by Remi Tricot-Le Breton · Tue Dec 20 11:11:06 2022 +0100
  9. e09d2ae MINOR: ssl: Add OCSP request helper function by Remi Tricot-Le Breton · Tue Dec 20 11:11:05 2022 +0100
  10. 47a4f12 MINOR: ssl: Add helper function that extracts an OCSP URI from a certificate by Remi Tricot-Le Breton · Tue Dec 20 11:11:04 2022 +0100
  11. 2b96364 MINOR: ssl: Add a lock to the OCSP response tree by Remi Tricot-Le Breton · Tue Dec 20 11:11:02 2022 +0100
  12. 4cf0d3f BUG/MINOR: ssl: Fix memory leak of find_chain in ssl_sock_load_cert_chain by Remi Tricot-Le Breton · Thu Dec 15 15:44:37 2022 +0100
  13. e3d5f9a MINOR: ssl: Remove unnecessary alloc'ed trash chunk in show ocsp-response by Remi Tricot-Le Breton · Thu Dec 15 15:44:36 2022 +0100
  14. 9334843 MINOR: ssl: Remove unneeded buffer allocation in show ocsp-response by Remi Tricot-Le Breton · Thu Dec 15 15:44:35 2022 +0100
  15. 04007cb CLEANUP: ssl: remove check on srv->proxy by William Lallemand · Wed Dec 14 10:34:36 2022 +0100
  16. 0adafb3 BUG/MINOR: startup: don't use internal proxies to compute the maxconn by William Lallemand · Tue Dec 13 18:17:44 2022 +0100
  17. 52ddd99 MEDIUM: ssl: rename the struct "cert_key_and_chain" to "ckch_data" by William Lallemand · Tue Nov 22 11:51:53 2022 +0100
  18. 3cbf09e MEDIUM: ssl: add minimal WolfSSL support with OpenSSL compatibility mode by Uriah Pollock · Wed Nov 23 16:41:25 2022 +0100
  19. 881cce9 BUILD: ssl-sock: Silent error about NULL deref in ssl_sock_bind_verifycbk() by Christopher Faulet · Wed Nov 23 09:27:13 2022 +0100
  20. b60a77b BUG/MINOR: ssl: don't initialize the keylog callback when not required by William Lallemand · Fri Nov 18 15:00:15 2022 +0100
  21. 45fed2c MINOR: ssl: ssl_sock_load_cert_chain() display error strings by William Lallemand · Tue Nov 15 16:56:03 2022 +0100
  22. a551f4f BUILD: ssl: use __fallthrough in cli_io_handler_tlskeys_files() by Willy Tarreau · Mon Nov 14 07:34:43 2022 +0100
  23. 4639689 BUG/MINOR: ssl: bind_conf is uncorrectly accessed when using QUIC by William Lallemand · Thu Nov 10 16:45:24 2022 +0100
  24. 9b25982 BUG/MEDIUM: ssl: Verify error codes can exceed 63 by Remi Tricot-Le Breton · Thu Nov 10 10:48:58 2022 +0100
  25. aa529f7 BUG/MINOR: ssl: ocsp structure not freed properly in case of error by Remi Tricot-Le Breton · Thu Nov 03 15:16:49 2022 +0100
  26. 1621dc1 BUG/MINOR: ssl: Memory leak of AUTHORITY_KEYID struct when loading issuer by Remi Tricot-Le Breton · Thu Nov 03 15:16:48 2022 +0100
  27. a2c21db BUG/MINOR: ssl: Memory leak of DH BIGNUM fields by Remi Tricot-Le Breton · Thu Nov 03 15:16:47 2022 +0100
  28. 5de4951 MINOR: ssl: dump the SSL string error when SSL_CTX_use_PrivateKey() failed. by William Lallemand · Thu Oct 27 14:41:07 2022 +0200
  29. ba303de BUILD: ssl_sock: fix null dereference for QUIC build by Amaury Denoyelle · Mon Oct 17 18:46:49 2022 +0200
  30. 48e46f9 BUILD: ssl_sock: bind_conf uninitialized in ssl_sock_bind_verifycbk() by Frédéric Lécaille · Fri Oct 14 09:34:00 2022 +0200
  31. 92fa63f CLEANUP: quic: create a dedicated quic_conn module by Amaury Denoyelle · Fri Sep 30 18:11:13 2022 +0200
  32. 8522348 BUG/MAJOR: conn-idle: fix hash indexing issues on idle conns by Willy Tarreau · Thu Sep 29 20:32:43 2022 +0200
  33. a94bedc CLEANUP: quic,ssl: fix tiny typos in C comments by cui fliter · Mon Aug 29 14:42:57 2022 +0800
  34. 70a6e63 MINOR: quic: add QUIC support when no client_hello_cb by William Lallemand · Wed Sep 07 11:21:34 2022 +0200
  35. 4b7938d BUILD: ssl: fix the ifdef mess in ssl_sock_initial_ctx by William Lallemand · Wed Sep 07 10:54:17 2022 +0200
  36. 844009d BUILD: ssl: fix ssl_sock_switchtx_cbk when no client_hello_cb by William Lallemand · Fri Sep 02 15:27:32 2022 +0200
  37. 2be0ac5 BUG/MINOR: quic: Possible crash when verifying certificates by Frédéric Lécaille · Tue Sep 06 19:37:08 2022 +0200
  38. 6aec1f3 BUG/MINOR: quic: Possible crash with "tls-ticket-keys" on QUIC bind lines by Frédéric Lécaille · Tue Sep 06 17:04:55 2022 +0200
  39. 52f2ff5 BUG/MEDIUM: fix DH length when EC key is used by Ilya Shipitsin · Sat Jul 23 23:55:19 2022 +0500
  40. 27a3245 MEDIUM: fd: make fd_insert() take local thread masks by Willy Tarreau · Thu Jul 07 08:29:00 2022 +0200
  41. 9464bb1 MEDIUM: fd: add the tgid to the fd and pass it to fd_insert() by Willy Tarreau · Tue Jul 05 05:16:13 2022 +0200
  42. 7d392a5 BUG/MEDIUM: ssl/fd: unexpected fd close using async engine by Emeric Brun · Fri Jul 01 17:36:50 2022 +0200
  43. b8dec4a CLEANUP: pool/tree-wide: remove suffix "_pool" from certain pool names by Willy Tarreau · Thu Jun 23 11:02:08 2022 +0200
  44. 301425b MEDIUM: quic: Compatible version negotiation implementation (draft-08) by Frédéric Lécaille · Tue Jun 14 17:40:39 2022 +0200
  45. 748ece6 MINOR: quic: QUIC transport parameters split. by Frédéric Lécaille · Sat May 21 23:58:40 2022 +0200
  46. b52d4d2 CLEANUP: sslsock: remove only occurrence of local variable "cs" by Willy Tarreau · Fri May 27 10:44:39 2022 +0200
  47. cb086c6 REORG: stconn: rename conn_stream.{c,h} to stconn.{c,h} by Willy Tarreau · Fri May 27 09:47:12 2022 +0200
  48. 5edca2f REORG: rename cs_utils.h to sc_strm.h by Willy Tarreau · Fri May 27 09:25:10 2022 +0200
  49. d0a06d5 CLEANUP: applet: use applet_put*() everywhere possible by Willy Tarreau · Wed May 18 15:07:19 2022 +0200
  50. 7cb9e6c CLEANUP: stream: rename "csf" and "csb" to "scf" and "scb" by Willy Tarreau · Tue May 17 19:40:40 2022 +0200
  51. 4596fe2 CLEANUP: conn_stream: tree-wide rename to stconn (stream connector) by Willy Tarreau · Tue May 17 19:07:51 2022 +0200
  52. b605c42 CLEANUP: conn_stream: rename the stream endpoint flags CS_EP_* to SE_FL_* by Willy Tarreau · Tue May 17 17:04:55 2022 +0200
  53. 0cfcc40 CLEANUP: conn_stream: apply cs_endp_flags.cocci tree-wide by Willy Tarreau · Tue May 17 16:10:17 2022 +0200
  54. 1ea6e6a CLEANUP: listener: replace bind_conf->generate_cers with BC_O_GENERATE_CERTS by Willy Tarreau · Fri May 20 16:03:18 2022 +0200
  55. 11ba404 CLEANUP: listener: replace all uses of bind_conf->is_ssl with BC_O_USE_SSL by Willy Tarreau · Fri May 20 15:56:32 2022 +0200
  56. 1746a38 MINOR: ssl: Add 'ssl-provider' global option by Remi Tricot-Le Breton · Mon May 16 16:24:33 2022 +0200
  57. 0698c80 CLEANUP: applet: remove the unneeded appctx->owner by Willy Tarreau · Wed May 11 14:09:57 2022 +0200
  58. 170b35b CLEANUP: ssl/cli: make "show ssl ocsp-response" not use cli.p0 anymore by Willy Tarreau · Thu May 05 09:09:15 2022 +0200
  59. 9c5a38c CLEANUP: ssl/cli: make "show tlskeys" not use appctx->st2 anymore by Willy Tarreau · Thu May 05 09:03:44 2022 +0200
  60. bd33864 CLEANUP: ssl/cli: add a new "dump_entries" field to "show_keys_ref" by Willy Tarreau · Thu May 05 08:59:17 2022 +0200
  61. a938052 CLEANUP: ssl/cli: stop using ctx.cli.i0/i1/p0 for "show tls-keys" by Willy Tarreau · Thu May 05 08:50:17 2022 +0200
  62. 1024393 MINOR: ssl: add a new global option "tune.ssl.hard-maxrecord" by Thomas Prückl · Wed Apr 27 13:04:54 2022 +0200
  63. 7e2e4f8 CLEANUP: tree-wide: remove 25 occurrences of unneeded fcntl.h by Willy Tarreau · Tue Apr 26 10:30:35 2022 +0200
  64. acef5e2 MINOR: tree-wide: always consider EWOULDBLOCK in addition to EAGAIN by Willy Tarreau · Mon Apr 25 20:32:15 2022 +0200
  65. 79367f9 BUILD: xprt: use an initcall to register the transport layers by Willy Tarreau · Mon Apr 25 19:18:24 2022 +0200
  66. f87c67e MINOR: ssl: Add 'show ssl providers' cli command and providers list in -vv option by Remi Tricot-Le Breton · Thu Apr 21 12:06:41 2022 +0200
  67. c69be7c BUILD: ssl: Fix compilation with OpenSSL 1.0.2 by Remi Tricot-Le Breton · Wed Apr 20 18:30:17 2022 +0200
  68. 1d6338e MEDIUM: ssl: Disable DHE ciphers by default by Remi Tricot-Le Breton · Tue Apr 12 11:31:55 2022 +0200
  69. 528b3fd MINOR: ssl: Use DH parameters defined in RFC7919 instead of hard coded ones by Remi Tricot-Le Breton · Tue Apr 12 11:31:54 2022 +0200
  70. 6b0a0fb CLEANUP: tree-wide: Remove any ref to stream-interfaces by Christopher Faulet · Mon Apr 04 11:29:28 2022 +0200
  71. a0bdec3 MEDIUM: stream-int/conn-stream: Move blocking flags from SI to CS by Christopher Faulet · Mon Apr 04 07:51:21 2022 +0200
  72. 908628c MEDIUM: tree-wide: Use CS util functions instead of SI ones by Christopher Faulet · Fri Mar 25 16:43:49 2022 +0100
  73. e9e4820 MINOR: conn-stream: Move some CS flags to the endpoint by Christopher Faulet · Tue Mar 22 18:13:29 2022 +0100
  74. 3a0a0d6 BUILD: ssl: add an unchecked version of __conn_get_ssl_sock_ctx() by Willy Tarreau · Tue Apr 12 07:31:06 2022 +0200
  75. 99ade09 BUILD: ssl: fix build warning with previous changes to ssl_sock_ctx by Willy Tarreau · Mon Apr 11 19:47:31 2022 +0200
  76. 939b0bf MEDIUM: ssl: stop using conn->xprt_ctx to access the ssl_sock_ctx by Willy Tarreau · Mon Apr 11 11:29:11 2022 +0200
  77. de82795 MEDIUM: ssl: improve retrieval of ssl_sock_ctx and SSL detection by Willy Tarreau · Mon Apr 11 10:43:28 2022 +0200
  78. 07ecfc5 MEDIUM: connection: panic when calling FD-specific functions on FD-less conns by Willy Tarreau · Mon Apr 11 18:07:03 2022 +0200
  79. 0e9c264 MINOR: connection: use conn_fd() when displaying connection errors by Willy Tarreau · Mon Apr 11 18:01:28 2022 +0200
  80. d7bfbe2 BUILD: ssl: add USE_ENGINE and disable the openssl engine by default by William Lallemand · Mon Apr 11 18:41:24 2022 +0200
  81. 43c2ce4 BUG/MINOR: server/ssl: free the SNI sample expression by William Lallemand · Wed Mar 16 17:48:19 2022 +0100
  82. 95a61e8 MINOR: stream: Add pointer to front/back conn-streams into stream struct by Christopher Faulet · Wed Dec 22 14:22:03 2021 +0100
  83. 86e1c33 MEDIUM: applet: Set the conn-stream as appctx owner instead of the stream-int by Christopher Faulet · Mon Dec 20 17:09:39 2021 +0100
  84. 13a35e5 MAJOR: conn_stream/stream-int: move the appctx to the conn-stream by Christopher Faulet · Mon Dec 20 15:34:16 2021 +0100
  85. 1b01b7f BUG/MINOR: ssl: Missing return value check in ssl_ocsp_response_print by Remi Tricot-Le Breton · Wed Feb 16 15:17:09 2022 +0100
  86. 8081b67 BUG/MINOR: ssl: Fix leak in "show ssl ocsp-response" CLI command by Remi Tricot-Le Breton · Wed Feb 16 15:03:51 2022 +0100
  87. a9a591a BUG/MINOR: ssl: Add missing return value check in ssl_ocsp_response_print by Remi Tricot-Le Breton · Wed Feb 16 14:42:22 2022 +0100
  88. 88c5695 MINOR: ssl: Remove calls to SSL_CTX_set_tmp_dh_callback on OpenSSLv3 by Remi Tricot-Le Breton · Fri Feb 11 12:04:56 2022 +0100
  89. c76c3c4 MEDIUM: ssl: Replace all DH objects by EVP_PKEY on OpenSSLv3 (via HASSL_DH type) by Remi Tricot-Le Breton · Fri Feb 11 12:04:55 2022 +0100
  90. 55d7e78 MINOR: ssl: Set default dh size to 2048 by Remi Tricot-Le Breton · Fri Feb 11 12:04:54 2022 +0100
  91. bed7263 MINOR: ssl: Build local DH of right size when needed by Remi Tricot-Le Breton · Fri Feb 11 12:04:53 2022 +0100
  92. 7f6425a MINOR: ssl: Add ssl_new_dh_fromdata helper function by Remi Tricot-Le Breton · Fri Feb 11 12:04:52 2022 +0100
  93. 5f17930 MINOR: ssl: Add ssl_sock_set_tmp_dh_from_pkey helper function by Remi Tricot-Le Breton · Fri Feb 11 12:04:51 2022 +0100
  94. 846eda9 MINOR: ssl: Add ssl_sock_set_tmp_dh helper function by Remi Tricot-Le Breton · Fri Feb 11 12:04:50 2022 +0100
  95. 292a88c MINOR: ssl: Factorize ssl_get_tmp_dh and append a cbk to its name by Remi Tricot-Le Breton · Fri Feb 11 12:04:49 2022 +0100
  96. 09ebb33 MINOR: ssl: Add ssl_sock_get_dh_from_bio helper function by Remi Tricot-Le Breton · Fri Feb 11 12:04:48 2022 +0100
  97. 78a36e3 MINOR: ssl: Remove call to ERR_load_SSL_strings with OpenSSLv3 by Remi Tricot-Le Breton · Fri Feb 11 12:04:45 2022 +0100
  98. 1effd9a MINOR: ssl: Remove call to ERR_func_error_string with OpenSSLv3 by Remi Tricot-Le Breton · Fri Feb 11 12:04:44 2022 +0100
  99. c9414e2 MINOR: ssl: Remove call to HMAC_Init_ex with OpenSSLv3 by Remi Tricot-Le Breton · Tue Feb 08 17:45:59 2022 +0100
  100. 8ea1f5f MINOR: ssl: Remove call to SSL_CTX_set_tlsext_ticket_key_cb with OpenSSLv3 by Remi Tricot-Le Breton · Tue Feb 08 17:45:58 2022 +0100