Gitiles
Code Review
Sign In
git01.mediatek.com
/
haproxy
/
ce85149629f560615d54b00c935b7b842e8de7da
/
src
/
ssl_sock.c
« Previous
ccaa7de
MINOR: ssl/proto_http: Add keywords to take care of early data.
by Olivier Houchard
· 7 years ago
c2aae74
MEDIUM: ssl: Handle early data with OpenSSL 1.1.1
by Olivier Houchard
· 7 years ago
253c62b
MINOR: ssl: generated certificate is missing in switchctx early callback
by Emmanuel Hocdet
· 7 years ago
84e417d
MINOR: ssl: support Openssl 1.1.1 early callback for switchctx
by Emmanuel Hocdet
· 7 years ago
48e8755
MEDIUM: ssl: convert CBS (BoringSSL api) usage to neutral code
by Emmanuel Hocdet
· 7 years ago
31d4dbe
MINOR: ssl_sock: make use of CO_FL_WILL_UPDATE
by Willy Tarreau
· 7 years ago
8de70bc
MINOR: ssl: don't abort after sending 16kB
by Willy Tarreau
· 7 years ago
8c6a364
CLEANUP: cli: remove undocumented "set ssl tls-keys" command
by Lukas Tribus
· 7 years ago
f4bbc43
BUG/MINOR: cli: restore "set ssl tls-key" command
by Lukas Tribus
· 7 years ago
ef60705
BUG/MINOR: ssl: OCSP_single_get0_status can return -1
by Emmanuel Hocdet
· 7 years ago
019f9b1
MINOR: ssl: build with recent BoringSSL library
by Emmanuel Hocdet
· 7 years ago
e966e4e
BUILD: ssl: support OPENSSL_NO_ASYNC #define
by Emmanuel Hocdet
· 7 years ago
872085c
BUG/MINOR: ssl: ocsp response with 'revoked' status is correct
by Emmanuel Hocdet
· 7 years ago
06d80a9
REORG: channel: finally rename the last bi_* / bo_* functions
by Willy Tarreau
· 7 years ago
9130a96
MINOR: checks: Add a new keyword to specify a SNI when doing SSL checks.
by Olivier Houchard
· 7 years ago
953917a
BUG/MEDIUM: ssl: fix OCSP expiry calculation
by Frederik Deweerdt
· 7 years ago
f8bb0ce
MINOR: ssl: Remove useless checks on bind_conf or bind_conf->is_ssl
by Christopher Faulet
· 7 years ago
c3680ec
MINOR: add severity information to cli feedback messages
by Andjelko Iharos
· 7 years ago
ddcde19
MINOR: ssl: rework smp_fetch_ssl_fc_cl_str without internal ssl use
by Emmanuel Hocdet
· 7 years ago
4366476
MINOR: ssl: remove duplicate ssl_methods in struct bind_conf
by Emmanuel Hocdet
· 7 years ago
585744b
REORG/MEDIUM: connection: introduce the notion of connection handle
by Willy Tarreau
· 7 years ago
1596929
BUILD: ssl: replace SSL_CTX_get0_privatekey for openssl < 1.0.2
by Emmanuel Hocdet
· 7 years ago
aa0d637
MINOR: ssl: allow to start without certificate if strict-sni is set
by Emmanuel Hocdet
· 7 years ago
48a8332
BUG/MEDIUM: ssl: Fix regression about certificates generation
by Christopher Faulet
· 7 years ago
174dfe5
MINOR: ssl: add "no-ca-names" parameter for bind
by Emmanuel Hocdet
· 7 years ago
71d058c
MINOR: ssl: add a new error codes for wrong server certificates
by Willy Tarreau
· 7 years ago
ad92a9a
BUG/MINOR: ssl: make use of the name in SNI before verifyhost
by Willy Tarreau
· 7 years ago
96c7b8d
BUG/MINOR: ssl: Fix check against SNI during server certificate verification
by Christopher Faulet
· 7 years ago
f80bc24
MINOR: ssl: remove an unecessary SSL_OP_NO_* dependancy
by Emmanuel Hocdet
· 7 years ago
23877ab
BUG/MINOR: ssl: remove haproxy SSLv3 support when ssl lib have no SSLv3
by Emmanuel Hocdet
· 7 years ago
7784f17
OPTIM: ssl: don't consider a small ssl_read() as an indication of end of buffer
by Willy Tarreau
· 7 years ago
2ab8867
MINOR: ssl: compare server certificate names to the SNI on outgoing connections
by Willy Tarreau
· 7 years ago
8743f7e
MINOR: ssl: add a get_alpn() method to ssl_sock
by Willy Tarreau
· 8 years ago
1e59fcc
BUG/MINOR: ssl: Be sure that SSLv3 connection methods exist for openssl < 1.1.0
by Christopher Faulet
· 7 years ago
bbc1654
BUG/MINOR: ssl: do not call directly the conn_fd_handler from async_fd_handler
by Emeric Brun
· 7 years ago
b5e42a8
BUG/MAJOR: ssl: buffer overflow using offloaded ciphering on async engine
by Emeric Brun
· 7 years ago
ce9e01c
BUG/MAJOR: ssl: fix segfault on connection close using async engines.
by Emeric Brun
· 7 years ago
bd695fe
MEDIUM: ssl: disable SSLv3 per default for bind
by Emmanuel Hocdet
· 7 years ago
df701a2
MINOR: ssl: support ssl-min-ver and ssl-max-ver with crt-list
by Emmanuel Hocdet
· 7 years ago
4aa615f
MEDIUM: ssl: ctx_set_version/ssl_set_version func for methodVersions table
by Emmanuel Hocdet
· 7 years ago
ecb0e23
REORG: ssl: move defines and methodVersions table upper
by Emmanuel Hocdet
· 7 years ago
9ac143b
BUILD: ssl: fix build with OPENSSL_NO_ENGINE
by Emmanuel Hocdet
· 7 years ago
2c32d8f
MINOR: boringssl: basic support for OCSP Stapling
by Emmanuel Hocdet
· 7 years ago
3854e01
MEDIUM: ssl: handle multiple async engines
by Emeric Brun
· 7 years ago
fa6c7ee
MAJOR: ssl: add openssl async mode support
by Grant Zhang
· 8 years ago
872f9c2
MEDIUM: ssl: add basic support for OpenSSL crypto engine
by Grant Zhang
· 8 years ago
abd3233
MEDIUM: ssl: ssl-min-ver and ssl-max-ver compatibility.
by Emmanuel Hocdet
· 8 years ago
e1c722b
MEDIUM: ssl: add ssl-min-ver and ssl-max-ver parameters for bind and server
by Emmanuel Hocdet
· 8 years ago
50e25e1
MINOR: ssl: show methods supported by openssl
by Emmanuel Hocdet
· 8 years ago
42fb980
MINOR: ssl: support TLSv1.3 for bind and server
by Emmanuel Hocdet
· 8 years ago
b4e9ba4
MEDIUM: ssl: calculate the real min/max TLS version and find holes
by Emmanuel Hocdet
· 8 years ago
5db33cb
MEDIUM: ssl: ssl_methods implementation is reworked and factored for min/max tlsxx
by Emmanuel Hocdet
· 8 years ago
6cb2d1e
MEDIUM: ssl: revert ssl/tls version settings relative to default-server.
by Emmanuel Hocdet
· 8 years ago
53ae85c
MINOR: ssl: add prefer-client-ciphers
by Lukas Tribus
· 8 years ago
fa5c5c8
BUG/MINOR: ssl: fix warnings about methods for opensslv1.1.
by Emeric Brun
· 8 years ago
9a146de
MINOR: server: Make 'default-server' support 'sni' keyword.
by Frédéric Lécaille
· 8 years ago
bcaf1d7
MINOR: server: Make 'default-server' support 'ciphers' keyword.
by Frédéric Lécaille
· 8 years ago
5e57643
MINOR: server: Make 'default-server' support 'ca-file', 'crl-file' and 'crt' settings.
by Frédéric Lécaille
· 8 years ago
273f321
MINOR: server: Make 'default-server' support 'verifyhost' setting.
by Frédéric Lécaille
· 8 years ago
7c8cd58
MINOR: server: Make 'default-server' support 'verify' keyword.
by Frédéric Lécaille
· 8 years ago
18388c9
CLEANUP: server: code alignement.
by Frédéric Lécaille
· 8 years ago
e892c4c
MINOR: server: Make 'default-server' support 'send-proxy-v2-ssl*' keywords.
by Frédéric Lécaille
· 8 years ago
e381d76
MINOR: server: Make 'default-server' support 'ssl' keyword.
by Frédéric Lécaille
· 8 years ago
2cfcdbe
MINOR: server: Make 'default-server' support 'no-ssl*' and 'no-tlsv*' keywords.
by Frédéric Lécaille
· 8 years ago
ec16f03
CLEANUP: server: code alignement.
by Frédéric Lécaille
· 8 years ago
9698092
MINOR: server: Make 'default-server' support 'force-sslv3' and 'force-tlsv1[0-2]' keywords.
by Frédéric Lécaille
· 8 years ago
340ae60
MINOR: server: Make 'default-server' support 'check-ssl' keyword.
by Frédéric Lécaille
· 8 years ago
a52bb15
BUILD: ssl: simplify SSL_CTX_set_ecdh_auto compatibility
by Emmanuel Hocdet
· 8 years ago
8d71049
BUG/MEDIUM: ssl: Clear OpenSSL error stack after trying to parse OCSP file
by Janusz Dziemidowicz
· 8 years ago
e380474
MINOR: ssl: improved cipherlist captures
by Emmanuel Hocdet
· 8 years ago
aaee750
BUG/MINOR: ssl: fix cipherlist captures with sustainable SSL calls
by Emmanuel Hocdet
· 8 years ago
f6b37c6
BUG/MEDIUM: ssl: in bind line, ssl-options after 'crt' are ignored.
by Emmanuel Hocdet
· 8 years ago
4608ed9
MEDIUM: ssl: remove ssl-options from crt-list
by Emmanuel Hocdet
· 8 years ago
5bf7732
MEDIUM: ssl: add new sample-fetch which captures the cipherlist
by Thierry FOURNIER
· 8 years ago
cc6c2a2
BUILD: ssl: fix build with -DOPENSSL_NO_DH
by Emmanuel Hocdet
· 8 years ago
4de1ff1
MINOR: ssl: removes SSL_CTX_set_ssl_version call and cleanup CTX creation.
by Emmanuel Hocdet
· 8 years ago
d385060
BUG/MEDIUM: ssl: switchctx should not return SSL_TLSEXT_ERR_ALERT_WARNING
by Emmanuel Hocdet
· 8 years ago
530141f
BUG/MEDIUM: ssl: fix verify/ca-file per certificate
by Emmanuel Hocdet
· 8 years ago
0594211
MEDIUM: boringssl: support native multi-cert selection without bundling
by Emmanuel Hocdet
· 8 years ago
e3cc3a3
BUG/MAJOR: ssl: fix a regression in ssl_sock_shutw()
by Willy Tarreau
· 8 years ago
e3e326d
BUILD: ssl: kill a build warning introduced by BoringSSL compatibility
by Willy Tarreau
· 8 years ago
fdec789
BUILD: ssl: fix to build (again) with boringssl
by Emmanuel Hocdet
· 8 years ago
e7f2b73
MINOR: ssl: add curve suite for ECDHE negotiation
by Emmanuel Hocdet
· 8 years ago
9826329
MAJOR: ssl: bind configuration per certificat
by Emmanuel Hocdet
· 8 years ago
3eb5b3f
MINOR: ssl: don't show prefer-server-ciphers output
by Lukas Tribus
· 8 years ago
405ff31
BUG/MINOR: ssl: assert on SSL_set_shutdown with BoringSSL
by Emmanuel Hocdet
· 8 years ago
b7a4c34
BUG/MINOR: ssl: EVP_PKEY must be freed after X509_get_pubkey usage
by Emmanuel Hocdet
· 8 years ago
119a408
BUG/MEDIUM: ssl: for a handshake when server-side SNI changes
by Willy Tarreau
· 8 years ago
ef93460
CLEANUP: ssl: move most ssl-specific global settings to ssl_sock.c
by Willy Tarreau
· 8 years ago
d1c5750
CLEANUP: ssl: move tlskeys_finalize_config() to a post_check callback
by Willy Tarreau
· 8 years ago
17d4538
MINOR: ssl_sock: implement and use prepare_srv()/destroy_srv()
by Willy Tarreau
· 8 years ago
d9f5cca
CLEANUP: connection: unexport raw_sock and ssl_sock
by Willy Tarreau
· 8 years ago
13e1410
MINOR: connection: add a minimal transport layer registration system
by Willy Tarreau
· 8 years ago
795cdab
MINOR: ssl_sock: implement ssl_sock_destroy_bind_conf()
by Willy Tarreau
· 8 years ago
55d3791
MEDIUM: ssl_sock: implement ssl_sock_prepare_bind_conf()
by Willy Tarreau
· 8 years ago
0320934
MEDIUM: ssl: remote the proxy argument from most functions
by Willy Tarreau
· 8 years ago
71a8c7c
MINOR: listener: move the transport layer pointer to the bind_conf
by Willy Tarreau
· 8 years ago
94ff03a
BUG/MEDIUM: ssl: avoid double free when releasing bind_confs
by Willy Tarreau
· 8 years ago
30fd4bd
BUG/MEDIUM: ssl: properly reset the reused_sess during a forced handshake
by Willy Tarreau
· 8 years ago
14e36a1
MEDIUM: cfgparse: move ssl-dh-param-file parsing to ssl_sock
by Willy Tarreau
· 8 years ago
Next »