1. 7c6898e MINOR: ssl: Add new ssl_fc_hsk_err sample fetch by Remi Tricot-Le Breton · 3 years, 4 months ago
  2. 2bf5d41 MINOR: ssl: use __objt_* variant when retrieving counters by Amaury Denoyelle · 3 years, 4 months ago
  3. 36aa451 MINOR: ssl: render file-access optional on server crt loading by Amaury Denoyelle · 3 years, 6 months ago
  4. c593bcd MINOR: ssl: always initialize random generator by Amaury Denoyelle · 3 years, 6 months ago
  5. 9135859 CLEANUP: global: remove the nbproc field from the global structure by Willy Tarreau · 3 years, 5 months ago
  6. 4c19e99 BUG/MINOR: ssl: use atomic ops to update global shctx stats by Willy Tarreau · 3 years, 5 months ago
  7. 6916493 MINOR: ssl: Use OpenSSL's ASN1_TIME convertor when available by Remi Tricot-Le Breton · 3 years, 6 months ago
  8. 3faf0cb BUILD: ssl: Fix compilation with BoringSSL by Remi Tricot-Le Breton · 3 years, 6 months ago
  9. d92fd11 MINOR: ssl: Add new "show ssl ocsp-response" CLI command by Remi Tricot-Le Breton · 3 years, 6 months ago
  10. 5aa1dce MINOR: ssl: Keep the actual key length in the certificate_ocsp structure by Remi Tricot-Le Breton · 3 years, 6 months ago
  11. a3a0cce BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the future by Remi Tricot-Le Breton · 3 years, 6 months ago
  12. 722180a BUILD: make tune.ssl.keylog available again by William Lallemand · 3 years, 6 months ago
  13. e74cbc3 REORG: config: use parsing ctx for server config check by Amaury Denoyelle · 3 years, 6 months ago
  14. 1112430 MINOR: errors: specify prefix "config" for parsing output by Amaury Denoyelle · 3 years, 6 months ago
  15. f22b032 BUILD: fix compilation for OpenSSL-3.0.0-alpha17 by William Lallemand · 3 years, 6 months ago
  16. 612b2c3 BUG/MINOR: ssl: Missing calloc return value check in ssl_init_single_engine by Remi Tricot-Le Breton · 3 years, 7 months ago
  17. d75b99e BUILD/MINOR: ssl: Fix compilation with SSL enabled by Remi Tricot-Le Breton · 3 years, 6 months ago
  18. 40ddea8 MINOR: ssl: Add reference to default ckch instance in bind_conf by Remi Tricot-Le Breton · 3 years, 8 months ago
  19. 4458b97 MEDIUM: ssl: Chain ckch instances in ca-file entries by Remi Tricot-Le Breton · 3 years, 9 months ago
  20. af8820a CLEANUP: ssl: Move ssl_store related code to ssl_ckch.c by Remi Tricot-Le Breton · 3 years, 8 months ago
  21. 832e242 DEBUG: ssl: export ssl_sock_close() to see its symbol resolved in profiling by Willy Tarreau · 3 years, 7 months ago
  22. b205bfd CLEANUP: cli/tree-wide: properly re-align the CLI commands' help messages by Willy Tarreau · 3 years, 7 months ago
  23. 2b71810 CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion by Willy Tarreau · 3 years, 7 months ago
  24. ff88270 MINOR: pool: move pool declarations to read_mostly by Willy Tarreau · 3 years, 8 months ago
  25. 4781b15 CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec by Willy Tarreau · 3 years, 8 months ago
  26. 1db4273 CLEANUP: atomic: add an explicit _FETCH variant for add/sub/and/or by Willy Tarreau · 3 years, 8 months ago
  27. 8218aed BUG/MINOR: ssl: Fix update of default certificate by Remi Tricot-Le Breton · 3 years, 8 months ago
  28. fb00f31 BUG/MINOR: ssl: Prevent disk access when using "add ssl crt-list" by Remi Tricot-Le Breton · 3 years, 8 months ago
  29. f208ac0 CLEANUP: ssl: use pool_zalloc() in ssl_init_keylog() by Willy Tarreau · 3 years, 8 months ago
  30. b454e90 MINOR: ssl: use pool_alloc(), not pool_alloc_dirty() by Willy Tarreau · 3 years, 8 months ago
  31. bc5ce92 MEDIUM: connections: Implement a start() method in ssl_sock. by Olivier Houchard · 3 years, 9 months ago
  32. 1b3c931 MEDIUM: connections: Introduce a new XPRT method, start(). by Olivier Houchard · 3 years, 9 months ago
  33. 7416314 CLEANUP: task: make sure tasklet handlers always indicate their statuses by Willy Tarreau · 3 years, 9 months ago
  34. 4c48edb BUG/MEDIUM: ssl: properly remove the TASK_HEAVY flag at end of handshake by Willy Tarreau · 3 years, 9 months ago
  35. 430bf4a MINOR: server: allocate a per-thread struct for the per-thread connections stuff by Willy Tarreau · 3 years, 9 months ago
  36. 4149168 MEDIUM: ssl: implement xprt_set_used and xprt_set_idle to relax context checks by Willy Tarreau · 3 years, 9 months ago
  37. 144f84a MEDIUM: task: extend the state field to 32 bits by Willy Tarreau · 3 years, 9 months ago
  38. 566cebc BUG/MINOR: ssl: don't truncate the file descriptor to 16 bits in debug mode by Willy Tarreau · 3 years, 9 months ago
  39. 3bda3f4 CLEANUP: ssl: use realloc() instead of free()+malloc() by Willy Tarreau · 3 years, 9 months ago
  40. e709e82 CLEANUP: ssl: make ssl_sock_free_srv_ctx() zero the pointers after free by Willy Tarreau · 3 years, 9 months ago
  41. 01acf56 CLEANUP: ssl: remove a useless "if" before freeing an error message by Willy Tarreau · 3 years, 9 months ago
  42. 61cfdf4 CLEANUP: tree-wide: replace free(x);x=NULL with ha_free(&x) by Willy Tarreau · 3 years, 9 months ago
  43. 9205ab3 MINOR: ssl: mark the SSL handshake tasklet as heavy by Willy Tarreau · 3 years, 9 months ago
  44. 8990b01 MINOR: connection: allocate dynamically hash node for backend conns by Amaury Denoyelle · 3 years, 9 months ago
  45. f232cb3 MEDIUM: connection: replace idle conn lists by eb trees by Amaury Denoyelle · 3 years, 11 months ago
  46. 5c7086f MEDIUM: connection: protect idle conn lists with locks by Amaury Denoyelle · 3 years, 11 months ago
  47. 3ce6eed MEDIUM: ssl: add a rwlock for SSL server session cache by William Lallemand · 3 years, 10 months ago
  48. 7ff7747 BUILD: ssl: guard SSL_CTX_set_msg_callback with SSL_CTRL_SET_MSG_CALLBACK macro by Ilya Shipitsin · 3 years, 10 months ago
  49. f00cdb1 BUILD: ssl: guard SSL_CTX_add_server_custom_ext with special macro by Ilya Shipitsin · 3 years, 10 months ago
  50. 7bbf586 BUILD: ssl: fix typo in HAVE_SSL_CTX_ADD_SERVER_CUSTOM_EXT macro by Ilya Shipitsin · 3 years, 10 months ago
  51. a84986a BUG/MINOR: ssl: do not try to use early data if not configured by Willy Tarreau · 3 years, 10 months ago
  52. 0630038 BUG/MEDIUM: ssl: check a connection's status before computing a handshake by Willy Tarreau · 3 years, 10 months ago
  53. b886849 CLEANUP: ssl: remove dead code in ckch_inst_new_load_srv_store() by William Lallemand · 3 years, 10 months ago
  54. db26e2b CLEANUP: ssl: make load_srv_{ckchs,cert} match their bind counterpart by William Lallemand · 3 years, 10 months ago
  55. 795bd9b CLEANUP: ssl: remove SSL_CTX function parameter by William Lallemand · 3 years, 10 months ago
  56. f3eedfe MEDIUM: ssl: Enable backend certificate hot update by Remi Tricot-Le Breton · 3 years, 10 months ago
  57. d817dc7 MEDIUM: ssl: Load client certificates in a ckch for backend servers by Remi Tricot-Le Breton · 3 years, 10 months ago
  58. ec805a3 MINOR: ssl: Certificate chain loading refactorization by Remi Tricot-Le Breton · 3 years, 10 months ago
  59. 442b7f2 MINOR: ssl: Server ssl context prepare function refactoring by Remi Tricot-Le Breton · 3 years, 10 months ago
  60. 1fc44d4 BUILD: ssl: guard Client Hello callbacks with HAVE_SSL_CLIENT_HELLO_CB macro instead of openssl version by Ilya Shipitsin · 3 years, 10 months ago
  61. 4bd5d63 MINOR: ssl/show_fd: report some FDs as suspicious when possible by Willy Tarreau · 3 years, 10 months ago
  62. 8050efe MINOR: cli: give the show_fd helpers the ability to report a suspicious entry by Willy Tarreau · 3 years, 10 months ago
  63. 691d503 MINOR: xprt/mux: export all *_io_cb functions so that "show fd" resolves them by Willy Tarreau · 3 years, 10 months ago
  64. de5675a MINOR: ssl: provide a "show fd" helper to report important SSL information by Willy Tarreau · 3 years, 10 months ago
  65. 761d64c BUILD: ssl: guard openssl specific with SSL_READ_EARLY_DATA_SUCCESS by Ilya Shipitsin · 3 years, 11 months ago
  66. ec36c91 BUILD: ssl: guard EVP_PKEY_get_default_digest_nid with ASN1_PKEY_CTRL_DEFAULT_MD_NID by Ilya Shipitsin · 3 years, 11 months ago
  67. 1e9a666 CLEANUP: assorted typo fixes in the code and comments by Ilya Shipitsin · 3 years, 11 months ago
  68. b6fc524 MINOR: ssl: make tlskeys_list_get_next() take a list element by Willy Tarreau · 3 years, 11 months ago
  69. cb8b281 CLEANUP: ssl: Remove useless local variable in tlskeys_list_get_next() by Tim Duesterhus · 3 years, 11 months ago
  70. 2c7bb33 CLEANUP: ssl: Remove useless loop in tlskeys_list_get_next() by Tim Duesterhus · 3 years, 11 months ago
  71. e5ff141 CLEANUP: Compare the return value of `XXXcmp()` functions with zero by Tim Duesterhus · 3 years, 11 months ago
  72. e9473c7 MINOR: ssl: QUIC transport parameters parsing. by Frédéric Lécaille · 4 years ago
  73. ec21652 MINOR: ssl: SSL CTX initialization modifications for QUIC. by Frédéric Lécaille · 4 years ago
  74. 901ee2f MINOR: ssl: Export definitions required by QUIC. by Frédéric Lécaille · 4 years ago
  75. 5aa9241 MINOR: ssl_sock: Initialize BIO and SSL objects outside of ssl_sock_init() by Frédéric Lécaille · 4 years, 1 month ago
  76. 967e7e7 MEDIUM: xxhash: use the XXH3 functions to generate 64-bit hashes by Dragan Dosen · 4 years ago
  77. af20488 BUILD: ssl: fine guard for SSL_CTX_get0_privatekey call by Ilya Shipitsin · 4 years ago
  78. ec60909 BUILD: SSL: fine guard for SSL_CTX_add_server_custom_ext call by Ilya Shipitsin · 4 years ago
  79. 2ded48d MINOR: connection: make conn_sock_drain() use the control layer's ->drain() by Willy Tarreau · 4 years ago
  80. b7fdfdf MEDIUM: ssl: fatal error with bundle + openssl < 1.1.1 by William Lallemand · 4 years ago
  81. f34ed0b BUILD: SSL: guard TLS13 ciphersuites with HAVE_SSL_CTX_SET_CIPHERSUITES by Ilya Shipitsin · 4 years ago
  82. 06ce84a BUG/MEDIUM: ssl: error when no certificate are found by William Lallemand · 4 years ago
  83. bdec3ba BUILD: ssl: use SSL_MODE_ASYNC macro instead of OPENSSL_VERSION by Ilya Shipitsin · 4 years ago
  84. f69cd68 BUG/MINOR: ssl: segv on startup when AKID but no keyid by William Lallemand · 4 years ago
  85. f637044 MEDIUM: cli/ssl: configure ssl on server at runtime by William Dauchy · 4 years ago
  86. 034c162 MEDIUM: stats: add counters for failed handshake by Amaury Denoyelle · 4 years ago
  87. f70b7db MINOR: ssl: remove client hello counters by Amaury Denoyelle · 4 years ago
  88. fc633b6 CLEANUP: config: Return ERR_NONE from config callbacks instead of 0 by Christopher Faulet · 4 years, 1 month ago
  89. 4299528 BUILD: ssl: silence build warning on uninitialised counters by Willy Tarreau · 4 years, 1 month ago
  90. d0447a7 MINOR: ssl: add counters for ssl sessions by Amaury Denoyelle · 4 years, 1 month ago
  91. fbc3377 MINOR: ssl: count client hello for stats by Amaury Denoyelle · 4 years, 1 month ago
  92. 9963fa7 MINOR: ssl: instantiate stats module by Amaury Denoyelle · 4 years, 1 month ago
  93. 6d27a92 BUG/MINOR: ssl: don't report 1024 bits DH param load error when it's higher by Willy Tarreau · 4 years, 1 month ago
  94. 0aa8c29 BUILD: ssl: use feature macros for detecting ec curves manipulation support by Ilya Shipitsin · 4 years, 1 month ago
  95. 04a5a44 BUILD: ssl: use HAVE_OPENSSL_KEYLOG instead of OpenSSL versions by Ilya Shipitsin · 4 years, 1 month ago
  96. b9b84a4 BUILD: ssl: more elegant OpenSSL early data support check by Ilya Shipitsin · 4 years, 1 month ago
  97. a73a222 BUG/MEDIUM: ssl: OCSP must work with BoringSSL by Emmanuel Hocdet · 4 years, 1 month ago
  98. 8e8581e MINOR: ssl: 'ssl-load-extra-del-ext' removes the certificate extension by William Lallemand · 4 years, 1 month ago
  99. b3201a3 BUG/MINOR: disable dynamic OCSP load with BoringSSL by Ilya Shipitsin · 4 years, 1 month ago
  100. 58feb49 CLEANUP: ssl: Release cached SSL sessions on deinit by Christopher Faulet · 4 years, 2 months ago