Add TLS_ERROR_INVALID_CONTEXT error code to libtls

ok jsing@ beck@

Add error code support to libtls

This adds tls_config_error_code() and tls_error_code(), which will become
public API at a later date.

Additional error codes will be added in follow-up commits.

ok

Add error code support to libtls

This adds tls_config_error_code() and tls_error_code(), which will become
public API at a later date.

Additional error codes will be added in follow-up commits.

ok jsing@ beck@

show more ...

add missing #include <string.h>; ok tb@

Check function return value in libtls

EVP_EncryptInit_ex, EVP_DecryptInit_ex and HMAC_Init_ex are possible to
fail and return error.
Error from these functions will be fatal for the callback, and I

Check function return value in libtls

EVP_EncryptInit_ex, EVP_DecryptInit_ex and HMAC_Init_ex are possible to
fail and return error.
Error from these functions will be fatal for the callback, and I choose to
return -1.
SSL_CTX_set_tlsext_ticket_key_cb.3 explains the return value of callback.

This also could fix Coverity CID 345319.

ok jsing@ tb@

show more ...

Use SSL_AD_INTERNAL_ERROR

One instance of TLS1_AD_* was missed and broke the tree in the recent
switch to using only one version of alert defines internally.

Remove unnecessary cast in free.

ok jsing

Acquire mutex before incrementing the refcount. Fixes COV-186144

ok tb@

Automatically handle library initialisation for libtls.

Now that we have tls_init() under pthread_once(), automatically initialise
libtls from the entry point functions (tls_config(), tls_client() a

Automatically handle library initialisation for libtls.

Now that we have tls_init() under pthread_once(), automatically initialise
libtls from the entry point functions (tls_config(), tls_client() and
tls_server()) - this makes an explicit tls_init() call no longer a
requirement.

ok bcook@ beck@ inoguchi@

show more ...

Split keypair handling out into its own file - it had already appeared
in multiple locations.

ok beck@

Keep track of which keypair is in use by a TLS context.

This fixes a bug where by a TLS server with SNI would always only return
the OCSP staple for the default keypair, rather than returning the OC

Keep track of which keypair is in use by a TLS context.

This fixes a bug where by a TLS server with SNI would always only return
the OCSP staple for the default keypair, rather than returning the OCSP
staple associated with the keypair that was selected via SNI.

Issue reported by William Graeber and confirmed by Andreas Bartelt.

Fix tested by William Graeber and Andreas Bartelt - thanks!

show more ...

Add a tls_config_set_ecdhecurves() function to libtls, which allows the
names of the elliptic curves that may be used during client and server
key exchange to be specified.

This deprecates tls_confi

Add a tls_config_set_ecdhecurves() function to libtls, which allows the
names of the elliptic curves that may be used during client and server
key exchange to be specified.

This deprecates tls_config_set_ecdhecurve(), which could only be used to
specify a single supported curve.

ok beck@

show more ...

RFC 6066 states that IP literals are not permitted in "HostName" for a
TLS Server Name extension, however seemingly several clients (including
Python, Ruby and Safari) violate the RFC. Given that thi

RFC 6066 states that IP literals are not permitted in "HostName" for a
TLS Server Name extension, however seemingly several clients (including
Python, Ruby and Safari) violate the RFC. Given that this is a fairly
widespread issue, if we receive a TLS Server Name extension that contains
an IP literal, pretend that we did not receive the extension rather than
causing a handshake failure.

Issue raised by jsg@

ok jsg@

show more ...

Use the tls_password_cb() callback with all PEM_read_bio_*() calls, so that
we can prevent libcrypto from going behind our back and trying to read
passwords from standard input (which we may not be p

Use the tls_password_cb() callback with all PEM_read_bio_*() calls, so that
we can prevent libcrypto from going behind our back and trying to read
passwords from standard input (which we may not be permitted to do).

Found by jsg@ with httpd and password protected keys.

show more ...

Use the standard `rv' idiom in tls_keypair_load_cert(), rather than
duplicating clean up code.

Perform reference counting for tls_config. This allows tls_config_free() to
be called as soon as it has been passed to the final tls_configure() call,
simplifying lifetime tracking for the applicatio

Perform reference counting for tls_config. This allows tls_config_free() to
be called as soon as it has been passed to the final tls_configure() call,
simplifying lifetime tracking for the application.

Requested some time ago by tedu@.

ok beck@

show more ...

Rework name verification code so that a match is indicated via an argument,
rather than return codes. More strictly follow RFC 6125, in particular only
check the CN if there are no SAN identifiers pr

Rework name verification code so that a match is indicated via an argument,
rather than return codes. More strictly follow RFC 6125, in particular only
check the CN if there are no SAN identifiers present in the certificate
(per section 6.4.4).

Previous behaviour questioned by Daniel Stenberg <daniel at haxx dot se>.

ok beck@ jca@

show more ...

Disable client-initiated renegotiation for libtls servers.

ok beck@ reyk@

Use a flag to track when we need to call SSL_shutdown(). This avoids an
issue where by calling tls_close() on a TLS context that has not attempted
a handshake, results in an unexpected failure.

Repo

Use a flag to track when we need to call SSL_shutdown(). This avoids an
issue where by calling tls_close() on a TLS context that has not attempted
a handshake, results in an unexpected failure.

Reported by Vinay Sajip.

ok beck@

show more ...

Introduce ticket support. To enable them it is enough to set a positive
lifetime with tls_config_set_session_lifetime(). This enables tickets
and uses an internal automatic rekeying mode for the tick

Introduce ticket support. To enable them it is enough to set a positive
lifetime with tls_config_set_session_lifetime(). This enables tickets
and uses an internal automatic rekeying mode for the ticket keys.

If multiple processes are involved the following functions can be used to make
tickets work accross all instances:
- tls_config_set_session_id() sets the session identifier
- tls_config_add_ticket_key() adds an encryption and authentication key

For now only the last 4 keys added will be used (unless they are too old).
If tls_config_add_ticket_key() is used the caller must ensure to add new keys
regularly. It is best to do this 4 times per session lifetime (which is also
the ticket key lifetime).

Since tickets break PFS it is best to minimize the session lifetime according
to needs.

With a lot of help, input and OK beck@, jsing@

show more ...

If tls_set_cbs() fails an error will already be specified, so do not
replace it with a less specific one.

Set the callback on the correct ssl_ctx for the SNI case, instead of
the master only.
ok jsing@

Add support for server side OCSP stapling to libtls.
Add support for server side OCSP stapling to netcat.

Avoid shadowing the socket global.

ok miod@

Set callbacks on the right tls ctx on accept.

From Tobias Pape

Maintain consistency with function naming.