- 2cb86e7 BUG/MINOR: ssl: don't initialize the keylog callback when not required by William Lallemand · 2 years ago
- 1583897 BUG/MINOR: ssl: ocsp structure not freed properly in case of error by Remi Tricot-Le Breton · 2 years ago
- 172da59 BUG/MINOR: ssl: Memory leak of AUTHORITY_KEYID struct when loading issuer by Remi Tricot-Le Breton · 2 years ago
- 64ff81b BUG/MEDIUM: ssl/fd: unexpected fd close using async engine by Emeric Brun · 2 years, 4 months ago
- 17d0caa BUG/MINOR: server/ssl: free the SNI sample expression by William Lallemand · 2 years, 8 months ago
- e8a8aa4 BUILD: fix compilation for OpenSSL-3.0.0-alpha17 by William Lallemand · 3 years, 5 months ago
- f518644 BUG/MEDIUM: server: avoid changing healthcheck ctx with set server ssl by William Dauchy · 2 years, 10 months ago
- ec3d2d6 BUG/MEDIUM: ssl: free the ckch instance linked to a server by William Lallemand · 2 years, 11 months ago
- 9d11868 BUG/MINOR: ssl: free the fields in srv->ssl_ctx by William Lallemand · 2 years, 11 months ago
- 6338b7d BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server by William Lallemand · 2 years, 11 months ago
- 41736ab BUG/MINOR: ssl: make SSL counters atomic by Willy Tarreau · 3 years ago
- 0f2291b BUG/MEDIUM: ssl: abort with the correct SSL error when SNI not found by William Lallemand · 3 years ago
- 0faf526 CLEANUP: ssl: fix wrong #else commentary by William Lallemand · 3 years ago
- c78ac5a BUG/MEDIUM: ssl: backend TLS resumption with sni and TLSv1.3 by William Lallemand · 3 years ago
- 37d6939 BUG/MINOR: ssl: use atomic ops to update global shctx stats by Willy Tarreau · 3 years, 5 months ago
- 1adb439 BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the future by Remi Tricot-Le Breton · 3 years, 5 months ago
- ca5cf0a BUILD: make tune.ssl.keylog available again by William Lallemand · 3 years, 5 months ago
- 46697c8 BUG/MINOR: ssl: Missing calloc return value check in ssl_init_single_engine by Remi Tricot-Le Breton · 3 years, 6 months ago
- 832e242 DEBUG: ssl: export ssl_sock_close() to see its symbol resolved in profiling by Willy Tarreau · 3 years, 6 months ago
- b205bfd CLEANUP: cli/tree-wide: properly re-align the CLI commands' help messages by Willy Tarreau · 3 years, 6 months ago
- 2b71810 CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion by Willy Tarreau · 3 years, 7 months ago
- ff88270 MINOR: pool: move pool declarations to read_mostly by Willy Tarreau · 3 years, 7 months ago
- 4781b15 CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec by Willy Tarreau · 3 years, 7 months ago
- 1db4273 CLEANUP: atomic: add an explicit _FETCH variant for add/sub/and/or by Willy Tarreau · 3 years, 7 months ago
- 8218aed BUG/MINOR: ssl: Fix update of default certificate by Remi Tricot-Le Breton · 3 years, 8 months ago
- fb00f31 BUG/MINOR: ssl: Prevent disk access when using "add ssl crt-list" by Remi Tricot-Le Breton · 3 years, 8 months ago
- f208ac0 CLEANUP: ssl: use pool_zalloc() in ssl_init_keylog() by Willy Tarreau · 3 years, 8 months ago
- b454e90 MINOR: ssl: use pool_alloc(), not pool_alloc_dirty() by Willy Tarreau · 3 years, 8 months ago
- bc5ce92 MEDIUM: connections: Implement a start() method in ssl_sock. by Olivier Houchard · 3 years, 8 months ago
- 1b3c931 MEDIUM: connections: Introduce a new XPRT method, start(). by Olivier Houchard · 3 years, 8 months ago
- 7416314 CLEANUP: task: make sure tasklet handlers always indicate their statuses by Willy Tarreau · 3 years, 8 months ago
- 4c48edb BUG/MEDIUM: ssl: properly remove the TASK_HEAVY flag at end of handshake by Willy Tarreau · 3 years, 8 months ago
- 430bf4a MINOR: server: allocate a per-thread struct for the per-thread connections stuff by Willy Tarreau · 3 years, 8 months ago
- 4149168 MEDIUM: ssl: implement xprt_set_used and xprt_set_idle to relax context checks by Willy Tarreau · 3 years, 8 months ago
- 144f84a MEDIUM: task: extend the state field to 32 bits by Willy Tarreau · 3 years, 8 months ago
- 566cebc BUG/MINOR: ssl: don't truncate the file descriptor to 16 bits in debug mode by Willy Tarreau · 3 years, 8 months ago
- 3bda3f4 CLEANUP: ssl: use realloc() instead of free()+malloc() by Willy Tarreau · 3 years, 9 months ago
- e709e82 CLEANUP: ssl: make ssl_sock_free_srv_ctx() zero the pointers after free by Willy Tarreau · 3 years, 9 months ago
- 01acf56 CLEANUP: ssl: remove a useless "if" before freeing an error message by Willy Tarreau · 3 years, 9 months ago
- 61cfdf4 CLEANUP: tree-wide: replace free(x);x=NULL with ha_free(&x) by Willy Tarreau · 3 years, 9 months ago
- 9205ab3 MINOR: ssl: mark the SSL handshake tasklet as heavy by Willy Tarreau · 3 years, 9 months ago
- 8990b01 MINOR: connection: allocate dynamically hash node for backend conns by Amaury Denoyelle · 3 years, 9 months ago
- f232cb3 MEDIUM: connection: replace idle conn lists by eb trees by Amaury Denoyelle · 3 years, 10 months ago
- 5c7086f MEDIUM: connection: protect idle conn lists with locks by Amaury Denoyelle · 3 years, 10 months ago
- 3ce6eed MEDIUM: ssl: add a rwlock for SSL server session cache by William Lallemand · 3 years, 9 months ago
- 7ff7747 BUILD: ssl: guard SSL_CTX_set_msg_callback with SSL_CTRL_SET_MSG_CALLBACK macro by Ilya Shipitsin · 3 years, 9 months ago
- f00cdb1 BUILD: ssl: guard SSL_CTX_add_server_custom_ext with special macro by Ilya Shipitsin · 3 years, 9 months ago
- 7bbf586 BUILD: ssl: fix typo in HAVE_SSL_CTX_ADD_SERVER_CUSTOM_EXT macro by Ilya Shipitsin · 3 years, 9 months ago
- a84986a BUG/MINOR: ssl: do not try to use early data if not configured by Willy Tarreau · 3 years, 9 months ago
- 0630038 BUG/MEDIUM: ssl: check a connection's status before computing a handshake by Willy Tarreau · 3 years, 9 months ago
- b886849 CLEANUP: ssl: remove dead code in ckch_inst_new_load_srv_store() by William Lallemand · 3 years, 10 months ago
- db26e2b CLEANUP: ssl: make load_srv_{ckchs,cert} match their bind counterpart by William Lallemand · 3 years, 10 months ago
- 795bd9b CLEANUP: ssl: remove SSL_CTX function parameter by William Lallemand · 3 years, 10 months ago
- f3eedfe MEDIUM: ssl: Enable backend certificate hot update by Remi Tricot-Le Breton · 3 years, 10 months ago
- d817dc7 MEDIUM: ssl: Load client certificates in a ckch for backend servers by Remi Tricot-Le Breton · 3 years, 10 months ago
- ec805a3 MINOR: ssl: Certificate chain loading refactorization by Remi Tricot-Le Breton · 3 years, 10 months ago
- 442b7f2 MINOR: ssl: Server ssl context prepare function refactoring by Remi Tricot-Le Breton · 3 years, 10 months ago
- 1fc44d4 BUILD: ssl: guard Client Hello callbacks with HAVE_SSL_CLIENT_HELLO_CB macro instead of openssl version by Ilya Shipitsin · 3 years, 10 months ago
- 4bd5d63 MINOR: ssl/show_fd: report some FDs as suspicious when possible by Willy Tarreau · 3 years, 10 months ago
- 8050efe MINOR: cli: give the show_fd helpers the ability to report a suspicious entry by Willy Tarreau · 3 years, 10 months ago
- 691d503 MINOR: xprt/mux: export all *_io_cb functions so that "show fd" resolves them by Willy Tarreau · 3 years, 10 months ago
- de5675a MINOR: ssl: provide a "show fd" helper to report important SSL information by Willy Tarreau · 3 years, 10 months ago
- 761d64c BUILD: ssl: guard openssl specific with SSL_READ_EARLY_DATA_SUCCESS by Ilya Shipitsin · 3 years, 10 months ago
- ec36c91 BUILD: ssl: guard EVP_PKEY_get_default_digest_nid with ASN1_PKEY_CTRL_DEFAULT_MD_NID by Ilya Shipitsin · 3 years, 10 months ago
- 1e9a666 CLEANUP: assorted typo fixes in the code and comments by Ilya Shipitsin · 3 years, 10 months ago
- b6fc524 MINOR: ssl: make tlskeys_list_get_next() take a list element by Willy Tarreau · 3 years, 10 months ago
- cb8b281 CLEANUP: ssl: Remove useless local variable in tlskeys_list_get_next() by Tim Duesterhus · 3 years, 10 months ago
- 2c7bb33 CLEANUP: ssl: Remove useless loop in tlskeys_list_get_next() by Tim Duesterhus · 3 years, 10 months ago
- e5ff141 CLEANUP: Compare the return value of `XXXcmp()` functions with zero by Tim Duesterhus · 3 years, 10 months ago
- e9473c7 MINOR: ssl: QUIC transport parameters parsing. by Frédéric Lécaille · 4 years ago
- ec21652 MINOR: ssl: SSL CTX initialization modifications for QUIC. by Frédéric Lécaille · 4 years ago
- 901ee2f MINOR: ssl: Export definitions required by QUIC. by Frédéric Lécaille · 4 years ago
- 5aa9241 MINOR: ssl_sock: Initialize BIO and SSL objects outside of ssl_sock_init() by Frédéric Lécaille · 4 years ago
- 967e7e7 MEDIUM: xxhash: use the XXH3 functions to generate 64-bit hashes by Dragan Dosen · 3 years, 11 months ago
- af20488 BUILD: ssl: fine guard for SSL_CTX_get0_privatekey call by Ilya Shipitsin · 3 years, 11 months ago
- ec60909 BUILD: SSL: fine guard for SSL_CTX_add_server_custom_ext call by Ilya Shipitsin · 4 years ago
- 2ded48d MINOR: connection: make conn_sock_drain() use the control layer's ->drain() by Willy Tarreau · 4 years ago
- b7fdfdf MEDIUM: ssl: fatal error with bundle + openssl < 1.1.1 by William Lallemand · 4 years ago
- f34ed0b BUILD: SSL: guard TLS13 ciphersuites with HAVE_SSL_CTX_SET_CIPHERSUITES by Ilya Shipitsin · 4 years ago
- 06ce84a BUG/MEDIUM: ssl: error when no certificate are found by William Lallemand · 4 years ago
- bdec3ba BUILD: ssl: use SSL_MODE_ASYNC macro instead of OPENSSL_VERSION by Ilya Shipitsin · 4 years ago
- f69cd68 BUG/MINOR: ssl: segv on startup when AKID but no keyid by William Lallemand · 4 years ago
- f637044 MEDIUM: cli/ssl: configure ssl on server at runtime by William Dauchy · 4 years ago
- 034c162 MEDIUM: stats: add counters for failed handshake by Amaury Denoyelle · 4 years ago
- f70b7db MINOR: ssl: remove client hello counters by Amaury Denoyelle · 4 years ago
- fc633b6 CLEANUP: config: Return ERR_NONE from config callbacks instead of 0 by Christopher Faulet · 4 years ago
- 4299528 BUILD: ssl: silence build warning on uninitialised counters by Willy Tarreau · 4 years ago
- d0447a7 MINOR: ssl: add counters for ssl sessions by Amaury Denoyelle · 4 years ago
- fbc3377 MINOR: ssl: count client hello for stats by Amaury Denoyelle · 4 years ago
- 9963fa7 MINOR: ssl: instantiate stats module by Amaury Denoyelle · 4 years ago
- 6d27a92 BUG/MINOR: ssl: don't report 1024 bits DH param load error when it's higher by Willy Tarreau · 4 years ago
- 0aa8c29 BUILD: ssl: use feature macros for detecting ec curves manipulation support by Ilya Shipitsin · 4 years ago
- 04a5a44 BUILD: ssl: use HAVE_OPENSSL_KEYLOG instead of OpenSSL versions by Ilya Shipitsin · 4 years ago
- b9b84a4 BUILD: ssl: more elegant OpenSSL early data support check by Ilya Shipitsin · 4 years, 1 month ago
- a73a222 BUG/MEDIUM: ssl: OCSP must work with BoringSSL by Emmanuel Hocdet · 4 years, 1 month ago
- 8e8581e MINOR: ssl: 'ssl-load-extra-del-ext' removes the certificate extension by William Lallemand · 4 years, 1 month ago
- b3201a3 BUG/MINOR: disable dynamic OCSP load with BoringSSL by Ilya Shipitsin · 4 years, 1 month ago
- 58feb49 CLEANUP: ssl: Release cached SSL sessions on deinit by Christopher Faulet · 4 years, 1 month ago
- 70bf06e BUILD: fix build with openssl < 1.0.2 since bundle removal by William Lallemand · 4 years, 2 months ago
- e7eb1fe CLEANUP: ssl: remove utility functions for bundle by William Lallemand · 4 years, 2 months ago