Gitiles
Code Review
Sign In
git01.mediatek.com
/
haproxy
/
c9ede6c43e40b255d7caa22c41a6790314699dc1
/
src
/
ssl_sock.c
ece0c33
BUG/MEDIUM: ssl engines: Fix async engines fds were not considered to fix fd limit automatically.
by Emeric Brun
· 7 years ago
c61c0b3
BUG/MINOR: ssl: support tune.ssl.cachesize 0 again
by William Lallemand
· 7 years ago
cebd796
BUG/MINOR: ssl: CO_FL_EARLY_DATA removal is managed by stream
by Emmanuel Hocdet
· 7 years ago
c3cd35f
BUG/MEDIUM: ssl: don't allocate shctx several time
by William Lallemand
· 7 years ago
bafbe01
CLEANUP: pools: rename all pool functions and pointers to remove this "2"
by Willy Tarreau
· 7 years ago
767a84b
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
by Christopher Faulet
· 7 years ago
ca6a957
MINOR: ssl: Handle early data with BoringSSL
by Emmanuel Hocdet
· 7 years ago
90084a1
MINOR: ssl: Handle reading early data after writing better.
by Olivier Houchard
· 7 years ago
ff3a41e
BUG/MINOR: Use crt_base instead of ca_base when crt is parsed on a server line
by Christopher Faulet
· 7 years ago
424ecfb
MINOR: ssl: Don't disable early data handling if we could not write.
by Olivier Houchard
· 7 years ago
777e4b9
BUG/MINOR: ssl: Always start the handshake if we can't send early data.
by Olivier Houchard
· 7 years ago
e9bed53
MINOR: ssl: Make sure we don't shutw the connection before the handshake.
by Olivier Houchard
· 7 years ago
e6060c5
MINOR: SSL: Store the ASN1 representation of client sessions.
by Olivier Houchard
· 7 years ago
9dcf9b6
MINOR: threads: Use __decl_hathreads to declare locks
by Christopher Faulet
· 7 years ago
522eea7
MINOR: ssl: Handle sending early data to server.
by Olivier Houchard
· 7 years ago
cfdef2e
MINOR: ssl: Spell 0x10101000L correctly.
by Olivier Houchard
· 7 years ago
bd84ac8
MINOR: ssl: Handle session resumption with TLS 1.3
by Olivier Houchard
· 7 years ago
35a63cc
BUG/MINOR; ssl: Don't assume we have a ssl_bind_conf because a SNI is matched.
by Olivier Houchard
· 7 years ago
2a944ee
BUILD: threads: Rename SPIN/RWLOCK macros using HA_ prefix
by Christopher Faulet
· 7 years ago
79a481d
MINOR: ssl: Remove the global allow-0rtt option.
by Olivier Houchard
· 7 years ago
821bb9b
MAJOR: threads/ssl: Make SSL part thread-safe
by Emeric Brun
· 7 years ago
8d8aa0d
MEDIUM: threads/listeners: Make listeners thread-safe
by Christopher Faulet
· 7 years ago
36716a7
MEDIUM: threads/fd: Initialize the process mask during the call to fd_insert
by Christopher Faulet
· 7 years ago
b349e48
MEDIUM: threads/pool: Make pool thread-safe by locking all access to a pool
by Christopher Faulet
· 7 years ago
a3c77cf
MINOR: shctx: rename lock functions
by William Lallemand
· 7 years ago
4f45bb9
MEDIUM: shctx: separate ssl and shctx
by William Lallemand
· 7 years ago
ed0b5ad
REORG: shctx: move ssl functions to ssl_sock.c
by William Lallemand
· 7 years ago
3f85c9a
MEDIUM: shctx: allow the use of multiple shctx
by William Lallemand
· 7 years ago
01da571
MINOR: merge ssl_sock_get calls for log and ppv2
by Emmanuel Hocdet
· 7 years ago
9679ac9
MINOR: ssl: Don't abuse ssl_options.
by Olivier Houchard
· 7 years ago
ccaa7de
MINOR: ssl/proto_http: Add keywords to take care of early data.
by Olivier Houchard
· 7 years ago
c2aae74
MEDIUM: ssl: Handle early data with OpenSSL 1.1.1
by Olivier Houchard
· 7 years ago
253c62b
MINOR: ssl: generated certificate is missing in switchctx early callback
by Emmanuel Hocdet
· 7 years ago
84e417d
MINOR: ssl: support Openssl 1.1.1 early callback for switchctx
by Emmanuel Hocdet
· 7 years ago
48e8755
MEDIUM: ssl: convert CBS (BoringSSL api) usage to neutral code
by Emmanuel Hocdet
· 7 years ago
31d4dbe
MINOR: ssl_sock: make use of CO_FL_WILL_UPDATE
by Willy Tarreau
· 7 years ago
8de70bc
MINOR: ssl: don't abort after sending 16kB
by Willy Tarreau
· 7 years ago
8c6a364
CLEANUP: cli: remove undocumented "set ssl tls-keys" command
by Lukas Tribus
· 7 years ago
f4bbc43
BUG/MINOR: cli: restore "set ssl tls-key" command
by Lukas Tribus
· 7 years ago
ef60705
BUG/MINOR: ssl: OCSP_single_get0_status can return -1
by Emmanuel Hocdet
· 7 years ago
019f9b1
MINOR: ssl: build with recent BoringSSL library
by Emmanuel Hocdet
· 7 years ago
e966e4e
BUILD: ssl: support OPENSSL_NO_ASYNC #define
by Emmanuel Hocdet
· 7 years ago
872085c
BUG/MINOR: ssl: ocsp response with 'revoked' status is correct
by Emmanuel Hocdet
· 7 years ago
06d80a9
REORG: channel: finally rename the last bi_* / bo_* functions
by Willy Tarreau
· 7 years ago
9130a96
MINOR: checks: Add a new keyword to specify a SNI when doing SSL checks.
by Olivier Houchard
· 7 years ago
953917a
BUG/MEDIUM: ssl: fix OCSP expiry calculation
by Frederik Deweerdt
· 7 years ago
f8bb0ce
MINOR: ssl: Remove useless checks on bind_conf or bind_conf->is_ssl
by Christopher Faulet
· 7 years ago
c3680ec
MINOR: add severity information to cli feedback messages
by Andjelko Iharos
· 7 years ago
ddcde19
MINOR: ssl: rework smp_fetch_ssl_fc_cl_str without internal ssl use
by Emmanuel Hocdet
· 7 years ago
4366476
MINOR: ssl: remove duplicate ssl_methods in struct bind_conf
by Emmanuel Hocdet
· 7 years ago
585744b
REORG/MEDIUM: connection: introduce the notion of connection handle
by Willy Tarreau
· 7 years ago
1596929
BUILD: ssl: replace SSL_CTX_get0_privatekey for openssl < 1.0.2
by Emmanuel Hocdet
· 7 years ago
aa0d637
MINOR: ssl: allow to start without certificate if strict-sni is set
by Emmanuel Hocdet
· 7 years ago
48a8332
BUG/MEDIUM: ssl: Fix regression about certificates generation
by Christopher Faulet
· 7 years ago
174dfe5
MINOR: ssl: add "no-ca-names" parameter for bind
by Emmanuel Hocdet
· 7 years ago
71d058c
MINOR: ssl: add a new error codes for wrong server certificates
by Willy Tarreau
· 7 years ago
ad92a9a
BUG/MINOR: ssl: make use of the name in SNI before verifyhost
by Willy Tarreau
· 7 years ago
96c7b8d
BUG/MINOR: ssl: Fix check against SNI during server certificate verification
by Christopher Faulet
· 7 years ago
f80bc24
MINOR: ssl: remove an unecessary SSL_OP_NO_* dependancy
by Emmanuel Hocdet
· 7 years ago
23877ab
BUG/MINOR: ssl: remove haproxy SSLv3 support when ssl lib have no SSLv3
by Emmanuel Hocdet
· 7 years ago
7784f17
OPTIM: ssl: don't consider a small ssl_read() as an indication of end of buffer
by Willy Tarreau
· 7 years ago
2ab8867
MINOR: ssl: compare server certificate names to the SNI on outgoing connections
by Willy Tarreau
· 7 years ago
8743f7e
MINOR: ssl: add a get_alpn() method to ssl_sock
by Willy Tarreau
· 8 years ago
1e59fcc
BUG/MINOR: ssl: Be sure that SSLv3 connection methods exist for openssl < 1.1.0
by Christopher Faulet
· 7 years ago
bbc1654
BUG/MINOR: ssl: do not call directly the conn_fd_handler from async_fd_handler
by Emeric Brun
· 7 years ago
b5e42a8
BUG/MAJOR: ssl: buffer overflow using offloaded ciphering on async engine
by Emeric Brun
· 7 years ago
ce9e01c
BUG/MAJOR: ssl: fix segfault on connection close using async engines.
by Emeric Brun
· 7 years ago
bd695fe
MEDIUM: ssl: disable SSLv3 per default for bind
by Emmanuel Hocdet
· 8 years ago
df701a2
MINOR: ssl: support ssl-min-ver and ssl-max-ver with crt-list
by Emmanuel Hocdet
· 8 years ago
4aa615f
MEDIUM: ssl: ctx_set_version/ssl_set_version func for methodVersions table
by Emmanuel Hocdet
· 8 years ago
ecb0e23
REORG: ssl: move defines and methodVersions table upper
by Emmanuel Hocdet
· 8 years ago
9ac143b
BUILD: ssl: fix build with OPENSSL_NO_ENGINE
by Emmanuel Hocdet
· 7 years ago
2c32d8f
MINOR: boringssl: basic support for OCSP Stapling
by Emmanuel Hocdet
· 7 years ago
3854e01
MEDIUM: ssl: handle multiple async engines
by Emeric Brun
· 8 years ago
fa6c7ee
MAJOR: ssl: add openssl async mode support
by Grant Zhang
· 8 years ago
872f9c2
MEDIUM: ssl: add basic support for OpenSSL crypto engine
by Grant Zhang
· 8 years ago
abd3233
MEDIUM: ssl: ssl-min-ver and ssl-max-ver compatibility.
by Emmanuel Hocdet
· 8 years ago
e1c722b
MEDIUM: ssl: add ssl-min-ver and ssl-max-ver parameters for bind and server
by Emmanuel Hocdet
· 8 years ago
50e25e1
MINOR: ssl: show methods supported by openssl
by Emmanuel Hocdet
· 8 years ago
42fb980
MINOR: ssl: support TLSv1.3 for bind and server
by Emmanuel Hocdet
· 8 years ago
b4e9ba4
MEDIUM: ssl: calculate the real min/max TLS version and find holes
by Emmanuel Hocdet
· 8 years ago
5db33cb
MEDIUM: ssl: ssl_methods implementation is reworked and factored for min/max tlsxx
by Emmanuel Hocdet
· 8 years ago
6cb2d1e
MEDIUM: ssl: revert ssl/tls version settings relative to default-server.
by Emmanuel Hocdet
· 8 years ago
53ae85c
MINOR: ssl: add prefer-client-ciphers
by Lukas Tribus
· 8 years ago
fa5c5c8
BUG/MINOR: ssl: fix warnings about methods for opensslv1.1.
by Emeric Brun
· 8 years ago
9a146de
MINOR: server: Make 'default-server' support 'sni' keyword.
by Frédéric Lécaille
· 8 years ago
bcaf1d7
MINOR: server: Make 'default-server' support 'ciphers' keyword.
by Frédéric Lécaille
· 8 years ago
5e57643
MINOR: server: Make 'default-server' support 'ca-file', 'crl-file' and 'crt' settings.
by Frédéric Lécaille
· 8 years ago
273f321
MINOR: server: Make 'default-server' support 'verifyhost' setting.
by Frédéric Lécaille
· 8 years ago
7c8cd58
MINOR: server: Make 'default-server' support 'verify' keyword.
by Frédéric Lécaille
· 8 years ago
18388c9
CLEANUP: server: code alignement.
by Frédéric Lécaille
· 8 years ago
e892c4c
MINOR: server: Make 'default-server' support 'send-proxy-v2-ssl*' keywords.
by Frédéric Lécaille
· 8 years ago
e381d76
MINOR: server: Make 'default-server' support 'ssl' keyword.
by Frédéric Lécaille
· 8 years ago
2cfcdbe
MINOR: server: Make 'default-server' support 'no-ssl*' and 'no-tlsv*' keywords.
by Frédéric Lécaille
· 8 years ago
ec16f03
CLEANUP: server: code alignement.
by Frédéric Lécaille
· 8 years ago
9698092
MINOR: server: Make 'default-server' support 'force-sslv3' and 'force-tlsv1[0-2]' keywords.
by Frédéric Lécaille
· 8 years ago
340ae60
MINOR: server: Make 'default-server' support 'check-ssl' keyword.
by Frédéric Lécaille
· 8 years ago
a52bb15
BUILD: ssl: simplify SSL_CTX_set_ecdh_auto compatibility
by Emmanuel Hocdet
· 8 years ago
8d71049
BUG/MEDIUM: ssl: Clear OpenSSL error stack after trying to parse OCSP file
by Janusz Dziemidowicz
· 8 years ago
e380474
MINOR: ssl: improved cipherlist captures
by Emmanuel Hocdet
· 8 years ago
Next »