| #
7a756d37 |
| 26-Mar-2024 |
joshua <joshua@openbsd.org> |
Add error code support to libtls
This adds tls_config_error_code() and tls_error_code(), which will become
public API at a later date.
Additional error codes will be added in follow-up commits.
ok
Add error code support to libtls
This adds tls_config_error_code() and tls_error_code(), which will become
public API at a later date.
Additional error codes will be added in follow-up commits.
ok jsing@ beck@
show more ...
|
| #
7a6bb149 |
| 05-Jan-2021 |
jsing <jsing@openbsd.org> |
Fix indent.
|
| #
0431a4ac |
| 15-Dec-2020 |
inoguchi <inoguchi@openbsd.org> |
Fix return value variable type in tls_keypair_load_cert
ERR_peek_error() returns unsigned long.
Reported by github issue by @rozhuk-im.
ok bcook@ jsing@
|
| #
b3064b8a |
| 07-Apr-2018 |
jsing <jsing@openbsd.org> |
Correct tls_config_clear_keys() behaviour.
Previously this incorrectly called tls_keypair_clear(), which results in
the private key being cleared, along with the certificate, OCSP staple and
pubkey
Correct tls_config_clear_keys() behaviour.
Previously this incorrectly called tls_keypair_clear(), which results in
the private key being cleared, along with the certificate, OCSP staple and
pubkey hash. This breaks OCSP stapling if tls_config_clear_keys() is called
following tls_configure(), as is done by httpd.
Fix this by calling tls_keypair_clear_key() so that only the private key is
cleared, leaving the other public data untouched. While here, remove
tls_keypair_clear() and fold the necessary parts into tls_keypair_free().
ok beck@
show more ...
|
| #
2974e8f1 |
| 10-Feb-2018 |
jsing <jsing@openbsd.org> |
Move the keypair pubkey hash handling code to during config.
The keypair pubkey hash was being generated and set in the keypair when the
TLS context was being configured. This code should not be mes
Move the keypair pubkey hash handling code to during config.
The keypair pubkey hash was being generated and set in the keypair when the
TLS context was being configured. This code should not be messing around
with the keypair contents, since it is part of the config (and not the
context).
Instead, generate the pubkey hash and store it in the keypair when the
certificate is configured. This means that we are guaranteed to have the
pubkey hash and as a side benefit, we identify bad certificate content
when it is provided, instead of during the context configuration.
ok beck@
show more ...
|
| #
34002f5d |
| 08-Feb-2018 |
jsing <jsing@openbsd.org> |
Have tls_keypair_pubkey_hash() call tls_keypair_load_cert() instead of
rolling its own certificate loading. This also means we get better error
reporting on failure.
|
| #
05729e6f |
| 08-Feb-2018 |
jsing <jsing@openbsd.org> |
Ensure that tls_keypair_clear() clears the OCSP staple and pubkey hash.
|
| #
50cd4781 |
| 08-Feb-2018 |
jsing <jsing@openbsd.org> |
Move tls_keypair_pubkey_hash() to the keypair file.
|
| #
bb4cb1b0 |
| 08-Feb-2018 |
jsing <jsing@openbsd.org> |
Split keypair handling out into its own file - it had already appeared
in multiple locations.
ok beck@
|