Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / f8d0ab54ec0db98c10853cf580e36d09a469c346 / src / ssl_sock.c
  1. d0a06d5 CLEANUP: applet: use applet_put*() everywhere possible by Willy Tarreau · 2 years, 6 months ago
  2. 7cb9e6c CLEANUP: stream: rename "csf" and "csb" to "scf" and "scb" by Willy Tarreau · 2 years, 6 months ago
  3. 4596fe2 CLEANUP: conn_stream: tree-wide rename to stconn (stream connector) by Willy Tarreau · 2 years, 6 months ago
  4. b605c42 CLEANUP: conn_stream: rename the stream endpoint flags CS_EP_* to SE_FL_* by Willy Tarreau · 2 years, 6 months ago
  5. 0cfcc40 CLEANUP: conn_stream: apply cs_endp_flags.cocci tree-wide by Willy Tarreau · 2 years, 6 months ago
  6. 1ea6e6a CLEANUP: listener: replace bind_conf->generate_cers with BC_O_GENERATE_CERTS by Willy Tarreau · 2 years, 6 months ago
  7. 11ba404 CLEANUP: listener: replace all uses of bind_conf->is_ssl with BC_O_USE_SSL by Willy Tarreau · 2 years, 6 months ago
  8. 1746a38 MINOR: ssl: Add 'ssl-provider' global option by Remi Tricot-Le Breton · 2 years, 6 months ago
  9. 0698c80 CLEANUP: applet: remove the unneeded appctx->owner by Willy Tarreau · 2 years, 7 months ago
  10. 170b35b CLEANUP: ssl/cli: make "show ssl ocsp-response" not use cli.p0 anymore by Willy Tarreau · 2 years, 7 months ago
  11. 9c5a38c CLEANUP: ssl/cli: make "show tlskeys" not use appctx->st2 anymore by Willy Tarreau · 2 years, 7 months ago
  12. bd33864 CLEANUP: ssl/cli: add a new "dump_entries" field to "show_keys_ref" by Willy Tarreau · 2 years, 7 months ago
  13. a938052 CLEANUP: ssl/cli: stop using ctx.cli.i0/i1/p0 for "show tls-keys" by Willy Tarreau · 2 years, 7 months ago
  14. 1024393 MINOR: ssl: add a new global option "tune.ssl.hard-maxrecord" by Thomas Prückl · 2 years, 7 months ago
  15. 7e2e4f8 CLEANUP: tree-wide: remove 25 occurrences of unneeded fcntl.h by Willy Tarreau · 2 years, 7 months ago
  16. acef5e2 MINOR: tree-wide: always consider EWOULDBLOCK in addition to EAGAIN by Willy Tarreau · 2 years, 7 months ago
  17. 79367f9 BUILD: xprt: use an initcall to register the transport layers by Willy Tarreau · 2 years, 7 months ago
  18. f87c67e MINOR: ssl: Add 'show ssl providers' cli command and providers list in -vv option by Remi Tricot-Le Breton · 2 years, 7 months ago
  19. c69be7c BUILD: ssl: Fix compilation with OpenSSL 1.0.2 by Remi Tricot-Le Breton · 2 years, 7 months ago
  20. 1d6338e MEDIUM: ssl: Disable DHE ciphers by default by Remi Tricot-Le Breton · 2 years, 8 months ago
  21. 528b3fd MINOR: ssl: Use DH parameters defined in RFC7919 instead of hard coded ones by Remi Tricot-Le Breton · 2 years, 8 months ago
  22. 6b0a0fb CLEANUP: tree-wide: Remove any ref to stream-interfaces by Christopher Faulet · 2 years, 8 months ago
  23. a0bdec3 MEDIUM: stream-int/conn-stream: Move blocking flags from SI to CS by Christopher Faulet · 2 years, 8 months ago
  24. 908628c MEDIUM: tree-wide: Use CS util functions instead of SI ones by Christopher Faulet · 2 years, 8 months ago
  25. e9e4820 MINOR: conn-stream: Move some CS flags to the endpoint by Christopher Faulet · 2 years, 8 months ago
  26. 3a0a0d6 BUILD: ssl: add an unchecked version of __conn_get_ssl_sock_ctx() by Willy Tarreau · 2 years, 8 months ago
  27. 99ade09 BUILD: ssl: fix build warning with previous changes to ssl_sock_ctx by Willy Tarreau · 2 years, 8 months ago
  28. 939b0bf MEDIUM: ssl: stop using conn->xprt_ctx to access the ssl_sock_ctx by Willy Tarreau · 2 years, 8 months ago
  29. de82795 MEDIUM: ssl: improve retrieval of ssl_sock_ctx and SSL detection by Willy Tarreau · 2 years, 8 months ago
  30. 07ecfc5 MEDIUM: connection: panic when calling FD-specific functions on FD-less conns by Willy Tarreau · 2 years, 8 months ago
  31. 0e9c264 MINOR: connection: use conn_fd() when displaying connection errors by Willy Tarreau · 2 years, 8 months ago
  32. d7bfbe2 BUILD: ssl: add USE_ENGINE and disable the openssl engine by default by William Lallemand · 2 years, 8 months ago
  33. 43c2ce4 BUG/MINOR: server/ssl: free the SNI sample expression by William Lallemand · 2 years, 8 months ago
  34. 95a61e8 MINOR: stream: Add pointer to front/back conn-streams into stream struct by Christopher Faulet · 3 years ago
  35. 86e1c33 MEDIUM: applet: Set the conn-stream as appctx owner instead of the stream-int by Christopher Faulet · 3 years ago
  36. 13a35e5 MAJOR: conn_stream/stream-int: move the appctx to the conn-stream by Christopher Faulet · 3 years ago
  37. 1b01b7f BUG/MINOR: ssl: Missing return value check in ssl_ocsp_response_print by Remi Tricot-Le Breton · 2 years, 9 months ago
  38. 8081b67 BUG/MINOR: ssl: Fix leak in "show ssl ocsp-response" CLI command by Remi Tricot-Le Breton · 2 years, 9 months ago
  39. a9a591a BUG/MINOR: ssl: Add missing return value check in ssl_ocsp_response_print by Remi Tricot-Le Breton · 2 years, 9 months ago
  40. 88c5695 MINOR: ssl: Remove calls to SSL_CTX_set_tmp_dh_callback on OpenSSLv3 by Remi Tricot-Le Breton · 2 years, 10 months ago
  41. c76c3c4 MEDIUM: ssl: Replace all DH objects by EVP_PKEY on OpenSSLv3 (via HASSL_DH type) by Remi Tricot-Le Breton · 2 years, 10 months ago
  42. 55d7e78 MINOR: ssl: Set default dh size to 2048 by Remi Tricot-Le Breton · 2 years, 10 months ago
  43. bed7263 MINOR: ssl: Build local DH of right size when needed by Remi Tricot-Le Breton · 2 years, 10 months ago
  44. 7f6425a MINOR: ssl: Add ssl_new_dh_fromdata helper function by Remi Tricot-Le Breton · 2 years, 10 months ago
  45. 5f17930 MINOR: ssl: Add ssl_sock_set_tmp_dh_from_pkey helper function by Remi Tricot-Le Breton · 2 years, 10 months ago
  46. 846eda9 MINOR: ssl: Add ssl_sock_set_tmp_dh helper function by Remi Tricot-Le Breton · 2 years, 10 months ago
  47. 292a88c MINOR: ssl: Factorize ssl_get_tmp_dh and append a cbk to its name by Remi Tricot-Le Breton · 2 years, 10 months ago
  48. 09ebb33 MINOR: ssl: Add ssl_sock_get_dh_from_bio helper function by Remi Tricot-Le Breton · 2 years, 10 months ago
  49. 78a36e3 MINOR: ssl: Remove call to ERR_load_SSL_strings with OpenSSLv3 by Remi Tricot-Le Breton · 2 years, 10 months ago
  50. 1effd9a MINOR: ssl: Remove call to ERR_func_error_string with OpenSSLv3 by Remi Tricot-Le Breton · 2 years, 10 months ago
  51. c9414e2 MINOR: ssl: Remove call to HMAC_Init_ex with OpenSSLv3 by Remi Tricot-Le Breton · 2 years, 10 months ago
  52. 8ea1f5f MINOR: ssl: Remove call to SSL_CTX_set_tlsext_ticket_key_cb with OpenSSLv3 by Remi Tricot-Le Breton · 2 years, 10 months ago
  53. c11e7e1 MINOR: ssl: Remove EC_KEY related calls when creating a certificate by Remi Tricot-Le Breton · 2 years, 10 months ago
  54. ff4c3c4 MINOR: ssl: Remove EC_KEY related calls when preparing SSL context by Remi Tricot-Le Breton · 2 years, 10 months ago
  55. 36f80f6 CLEANUP: ssl: Remove unused ssl_sock_create_cert function by Remi Tricot-Le Breton · 2 years, 10 months ago
  56. 2e7d1eb BUG/MINOR: ssl: Remove empty lines from "show ssl ocsp-response <id>" output by Remi Tricot-Le Breton · 2 years, 11 months ago
  57. cfa2d56 MAJOR: quic: implement accept queue by Amaury Denoyelle · 2 years, 10 months ago
  58. 7c564bf MINOR: ssl: fix build in release mode by Amaury Denoyelle · 2 years, 10 months ago
  59. 9320dd5 MEDIUM: quic/ssl: add new ex data for quic_conn by Amaury Denoyelle · 2 years, 10 months ago
  60. a996763 BUG/MINOR: ssl: Store client SNI in SSL context in case of ClientHello error by Remi Tricot-Le Breton · 2 years, 11 months ago
  61. e69563f BUG/MEDIUM: ssl: free the ckch instance linked to a server by William Lallemand · 2 years, 11 months ago
  62. 231610a BUG/MINOR: ssl: free the fields in srv->ssl_ctx by William Lallemand · 2 years, 11 months ago
  63. 2c776f1 BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server by William Lallemand · 2 years, 11 months ago
  64. 77bfa66 DEBUG: ssl: make sure we never change a servername on established connections by Willy Tarreau · 3 years ago
  65. cc750ef MINOR: ssl: Remove empty lines from "show ssl ocsp-response" output by Remi Tricot-Le Breton · 3 years ago
  66. 1761fdf MINOR: ssl_sock: Set the QUIC application from ssl_sock_advertise_alpn_protos. by Frédéric Lécaille · 3 years ago
  67. b5b5247 MINOR: quic: Immediately close if no transport parameters extension found by Frédéric Lécaille · 3 years ago
  68. 067a82b MINOR: quic: Set "no_application_protocol" alert by Frédéric Lécaille · 3 years ago
  69. c5e7cf9 BUG/MINOR: ssl: make SSL counters atomic by Willy Tarreau · 3 years ago
  70. a956d15 MINOR: quic: Support transport parameters draft TLS extension by Frédéric Lécaille · 3 years ago
  71. 7980dff BUG/MEDIUM: ssl: abort with the correct SSL error when SNI not found by William Lallemand · 3 years ago
  72. e18d4e8 BUG/MEDIUM: ssl: backend TLS resumption with sni and TLSv1.3 by William Lallemand · 3 years ago
  73. 002e206 CLEANUP: ssl: fix wrong #else commentary by William Lallemand · 3 years ago
  74. 71e588c MEDIUM: quic: inspect ALPN to install app_ops by Amaury Denoyelle · 3 years ago
  75. 82531f6 REORG: ssl-sock: move the sslconns/totalsslconns counters to global by Willy Tarreau · 3 years, 2 months ago
  76. a8a72c6 CLEANUP: ssl/server: move ssl_sock_set_srv() to srv_set_ssl() in server.c by Willy Tarreau · 3 years, 2 months ago
  77. 1057bee REORG: ssl: move ssl_sock_is_ssl() to connection.h and rename it by Willy Tarreau · 3 years, 2 months ago
  78. 9543d5a MINOR: ssl: Store the last SSL error code in case of read or write failure by Remi Tricot-Le Breton · 3 years, 2 months ago
  79. 1fe0fad MINOR: ssl: Rename ssl_bc_hsk_err to ssl_bc_err by Remi Tricot-Le Breton · 3 years, 2 months ago
  80. 61944f7 MINOR: ssl: Set connection error code in case of SSL read or write fatal failure by Remi Tricot-Le Breton · 3 years, 2 months ago
  81. 0faf807 MINOR: quic: Update the streams transport parameters. by Frédéric Lécaille · 3 years, 8 months ago
  82. d5fc8fc CLEANUP: Add haproxy/xxhash.h to avoid modifying import/xxhash.h by Tim Duesterhus · 3 years, 2 months ago
  83. 310a260 MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size by Marcin Deranek · 3 years, 4 months ago
  84. 769fd2e MEDIUM: ssl: Capture more info from Client Hello by Marcin Deranek · 3 years, 5 months ago
  85. f95c295 BUILD/MINOR: ssl: Fix compilation with OpenSSL 1.0.2 by Remi Tricot-Le Breton · 3 years, 3 months ago
  86. 74f6ab6 MEDIUM: ssl: Keep a reference to the client's certificate for use in logs by Remi Tricot-Le Breton · 3 years, 3 months ago
  87. 7c6898e MINOR: ssl: Add new ssl_fc_hsk_err sample fetch by Remi Tricot-Le Breton · 3 years, 4 months ago
  88. 2bf5d41 MINOR: ssl: use __objt_* variant when retrieving counters by Amaury Denoyelle · 3 years, 4 months ago
  89. 36aa451 MINOR: ssl: render file-access optional on server crt loading by Amaury Denoyelle · 3 years, 6 months ago
  90. c593bcd MINOR: ssl: always initialize random generator by Amaury Denoyelle · 3 years, 6 months ago
  91. 9135859 CLEANUP: global: remove the nbproc field from the global structure by Willy Tarreau · 3 years, 5 months ago
  92. 4c19e99 BUG/MINOR: ssl: use atomic ops to update global shctx stats by Willy Tarreau · 3 years, 5 months ago
  93. 6916493 MINOR: ssl: Use OpenSSL's ASN1_TIME convertor when available by Remi Tricot-Le Breton · 3 years, 6 months ago
  94. 3faf0cb BUILD: ssl: Fix compilation with BoringSSL by Remi Tricot-Le Breton · 3 years, 6 months ago
  95. d92fd11 MINOR: ssl: Add new "show ssl ocsp-response" CLI command by Remi Tricot-Le Breton · 3 years, 6 months ago
  96. 5aa1dce MINOR: ssl: Keep the actual key length in the certificate_ocsp structure by Remi Tricot-Le Breton · 3 years, 6 months ago
  97. a3a0cce BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the future by Remi Tricot-Le Breton · 3 years, 6 months ago
  98. 722180a BUILD: make tune.ssl.keylog available again by William Lallemand · 3 years, 6 months ago
  99. e74cbc3 REORG: config: use parsing ctx for server config check by Amaury Denoyelle · 3 years, 6 months ago
  100. 1112430 MINOR: errors: specify prefix "config" for parsing output by Amaury Denoyelle · 3 years, 6 months ago