Split tls_handshake() out from tls_accept/tls_connect. By doing this the
tls_accept/tls_connect functions can be guaranteed to succeed or fail and
will no longer return TLS_READ_AGAIN/TLS_WRITE_AGAIN

Split tls_handshake() out from tls_accept/tls_connect. By doing this the
tls_accept/tls_connect functions can be guaranteed to succeed or fail and
will no longer return TLS_READ_AGAIN/TLS_WRITE_AGAIN. This also resolves
the semantics of tls_accept_*.

The tls_handshake() function now does I/O and can return
TLS_READ_AGAIN/TLS_WRITE_AGAIN. Calls to tls_read() and tls_write() will
trigger the handshake if it has not already completed, meaning that in many
cases existing code will continue to work.

Discussed over many coffees at l2k15.

ok beck@ bluhm@

show more ...

Indent labels with a space so that diff -p is more friendly.

Requested by bluhm@

Add client certificate support. Still needs a few tweaks but this will
ride upcoming minor bump
ok jsing@

Only take ownership of a socket if we allocated it within libtls. If we are
passed a socket then the caller is responsible for closing it.

ok bcook@

Remove the default HTTPS port from tls_connect() - this is a TLS library,
not a HTTPS library.

ok beck@

Improve libtls error messages.

The tls_set_error() function previously stored the errno but did nothing
with it. Change tls_set_error() to append the strerror(3) of the stored
errno so that we inclu

Improve libtls error messages.

The tls_set_error() function previously stored the errno but did nothing
with it. Change tls_set_error() to append the strerror(3) of the stored
errno so that we include useful information regarding failures.

Provide a tls_set_errorx() function that does not store the errno or
include strerror(3) in the error message. Call this function instead of
tls_set_error() for errors where the errno value has no useful meaning.

With feedback from and ok doug@

show more ...

Split the persistent/configuration flags from temporary state flags and
ensure that the temporary state flags get cleared in tls_reset(). Fixes a
bug spotted by Marko Kreen whereby TLS_CONNECTING cou

Split the persistent/configuration flags from temporary state flags and
ensure that the temporary state flags get cleared in tls_reset(). Fixes a
bug spotted by Marko Kreen whereby TLS_CONNECTING could remain on reset.

While here, also move the TLS_STATE_CONNECTING check to after the
TLS_CLIENT check - if TLS_STATE_CONNECTING was ever set on any other
context type it would allow a bypass.

ok bluhm@

show more ...

SSL_set_app_data is a macro for SSL_set_ex_data(), which is a wrapper
around CRYPTO_set_ex_data(), which can fail. Since this is the case, check
the return value of CRYPTO_set_ex_data^WSSL_set_ex_dat

SSL_set_app_data is a macro for SSL_set_ex_data(), which is a wrapper
around CRYPTO_set_ex_data(), which can fail. Since this is the case, check
the return value of CRYPTO_set_ex_data^WSSL_set_ex_data^WSSL_set_app_data.

show more ...

Store a reference to the libtls context in the SSL client connection app
data (as is already done for server connections).

From Marko Kreen.

Store errors that occur during a tls_accept_socket() call on the context
for the server, rather than on the context for the connection. This makes
more sense than the current behaviour does.

Issue r

Store errors that occur during a tls_accept_socket() call on the context
for the server, rather than on the context for the connection. This makes
more sense than the current behaviour does.

Issue reported by Tim van der Molen.

show more ...

free the server certificate in tls_connect_fds(); fixes a memory leak with
repeated use of tls_connect. ok jsing

Provide a tls_connect_servername() function that has the same behaviour
as tls_connect(), however allows the name to use for verification to be
explicitly provided, rather than being inferred from th

Provide a tls_connect_servername() function that has the same behaviour
as tls_connect(), however allows the name to use for verification to be
explicitly provided, rather than being inferred from the host value.

Requested by reyk@

ok reyk@ tedu@

show more ...

Be consistent with naming - only use "host" and "hostname" when referring
to an actual host and use "servername" when referring to the name of the
TLS server that we expect to be indentified in the s

Be consistent with naming - only use "host" and "hostname" when referring
to an actual host and use "servername" when referring to the name of the
TLS server that we expect to be indentified in the server certificate.

Likewise, rename verify_host to verify_name and use the term "name"
throughout the verification code (rather than host or hostname).

Requested by and ok tedu@

show more ...

When parsing the host in tls_connect(), first check if it is a numeric
IPv4 or IPv6 address before trying to resolve the address with the
AI_ADDRCONFIG flag set. This makes sure that attempts to con

When parsing the host in tls_connect(), first check if it is a numeric
IPv4 or IPv6 address before trying to resolve the address with the
AI_ADDRCONFIG flag set. This makes sure that attempts to connect to
numeric IPs or loopback addresses are always possible and not
prevented by AI_ADDRCONFIG.

OK jsing@ tedu@

show more ...

Use the AI_ADDRCONFIG flag in tls_connect(). This tells the resolver
to ignore unsupported address families - eg. don't resolv IPv6 on
IPv4-only hosts.

OK jsing@

Convert tls_connect_fds() and tls_accept_socket() to the new OpenSSL error
dance handling code. This means that we get slightly useful messages when
a TLS connection or accept fails.

Requested by re

Convert tls_connect_fds() and tls_accept_socket() to the new OpenSSL error
dance handling code. This means that we get slightly useful messages when
a TLS connection or accept fails.

Requested by reyk@

show more ...

Make the TLS connect and accept error messages consistent.
OK jsing@

Allow to to load the CA chain directly from memory instead of
specifying a file. This enables CA verification in privsep'ed
processes that are running chroot'ed without direct access to the
certific

Allow to to load the CA chain directly from memory instead of
specifying a file. This enables CA verification in privsep'ed
processes that are running chroot'ed without direct access to the
certificate files.

With feedback, tests, and OK from bluhm@

show more ...

For non-blocking sockets tls_connect_fds() could fail with EAGAIN.
Use the same logic from the read, write, accept functions to inform
the caller wether a readable or writable socket is needed. Afte

For non-blocking sockets tls_connect_fds() could fail with EAGAIN.
Use the same logic from the read, write, accept functions to inform
the caller wether a readable or writable socket is needed. After
that event, the connect function must be called again. All the
checks before connecting are done only once.
OK tedu@

show more ...

Rename the tls_connect_socket() parameter 'socket' to 's' to avoid
a compiler warning about shadowing a global declaration.
OK jsing@

include netinet/in.h to define struct in6_addr.

Noticed while testing libtls on FreeBSD.

Allow specific libtls hostname validation errors to propagate.

Remove direct calls to printf from the tls_check_hostname() path. This allows
NUL byte error messages to bubble up to the caller, to be

Allow specific libtls hostname validation errors to propagate.

Remove direct calls to printf from the tls_check_hostname() path. This allows
NUL byte error messages to bubble up to the caller, to be logged in a
program-appropriate way. It also removes non-portable calls to getprogname().

ok jsing@

show more ...

revert previous change for now, adjusting based on comments from jsing@

Allow specific libtls hostname validation errors to propagate.

Remove direct calls to printf from the tls_check_hostname() path. This allows
NUL byte error messages to bubble up to the caller, to be

Allow specific libtls hostname validation errors to propagate.

Remove direct calls to printf from the tls_check_hostname() path. This allows
NUL byte error messages to bubble up to the caller, to be logged in a
program-appropriate way. It also removes non-portable calls to getprogname().

The semantics of tls_error() are changed slightly: the last error message is
not necessarily preserved between subsequent calls into the library.
When the previous call to libtls succeeds, client programs should treat the
return value of tls_error() as undefined.

ok tedu@

show more ...

Add a tls_connect_fds() function that allows a secure connection to be
established using a pair of existing file descriptors.

Based on a diff/request from Jan Klemkow.

Rides previous libtls rename/

Add a tls_connect_fds() function that allows a secure connection to be
established using a pair of existing file descriptors.

Based on a diff/request from Jan Klemkow.

Rides previous libtls rename/library bump.

Discussed with tedu@.

show more ...