Add callback-based interface to libtls.

This allows working with buffers and callback functions instead of directly on
sockets or file descriptors.
Original patch from Tobias Pape <tobias_at_netshed

Add callback-based interface to libtls.

This allows working with buffers and callback functions instead of directly on
sockets or file descriptors.
Original patch from Tobias Pape <tobias_at_netshed.de>.
ok beck@

show more ...

Create contexts for server side SNI - these include the additional SSL_CTX
that is required for certificate switching with libssl and the certificate
itself so that we can match against the subject a

Create contexts for server side SNI - these include the additional SSL_CTX
that is required for certificate switching with libssl and the certificate
itself so that we can match against the subject and SANs. Hook up the
servername callback and switch to the appropriate SSL_CTX if we find a
matching certificate.

ok beck@

show more ...

Split out the TLS server SSL_CTX allocation and configuration code, so
that it can be reused to allocate the additional SSL_CTXs needed for SNI.

ok reyk@

Explicitly pass in an SSL_CTX * to the functions that operate on one,
instead of assuming that they should use the one associated with the TLS
context. This allows these functions to be used with the

Explicitly pass in an SSL_CTX * to the functions that operate on one,
instead of assuming that they should use the one associated with the TLS
context. This allows these functions to be used with the additional
SSL contexts that are needed to support server-side SNI.

Also rename tls_configure_keypair() to tls_configure_ssl_keypair(), so that
these functions have a common prefix.

ok reyk@

show more ...

Add ALPN support to libtls.

ok beck@ doug@

Revert previous since it adds new symbols.

Requested by deraadt@

Add ALPN support to libtls.

ok beck@ doug@

Factor our the keypair handling in libtls. This results in more readable
and self-contained code, while preparing for the ability to handle
multiple keypairs. Also provide two additional functions th

Factor our the keypair handling in libtls. This results in more readable
and self-contained code, while preparing for the ability to handle
multiple keypairs. Also provide two additional functions that allow
a public certificate and private key to be set with a single function
call.

ok beck@

show more ...

clean some ugly intendation warts

Ensure that we clear the libssl error stack before we make a function call
that we will pass the result through tls_ssl_error() on failure. Otherwise
we can end up reporting spurious errors due to th

Ensure that we clear the libssl error stack before we make a function call
that we will pass the result through tls_ssl_error() on failure. Otherwise
we can end up reporting spurious errors due to their being unrelated errors
already on the error stack.

Spotted by Marko Kreen.

ok beck@

show more ...

actually set return value to 0 on success.
ok jsing@ who wears the cone of shame.

Split tls_handshake() out from tls_accept/tls_connect. By doing this the
tls_accept/tls_connect functions can be guaranteed to succeed or fail and
will no longer return TLS_READ_AGAIN/TLS_WRITE_AGAIN

Split tls_handshake() out from tls_accept/tls_connect. By doing this the
tls_accept/tls_connect functions can be guaranteed to succeed or fail and
will no longer return TLS_READ_AGAIN/TLS_WRITE_AGAIN. This also resolves
the semantics of tls_accept_*.

The tls_handshake() function now does I/O and can return
TLS_READ_AGAIN/TLS_WRITE_AGAIN. Calls to tls_read() and tls_write() will
trigger the handshake if it has not already completed, meaning that in many
cases existing code will continue to work.

Discussed over many coffees at l2k15.

ok beck@ bluhm@

show more ...

Add support for preferring the server's cipher list or the client's cipher
list. Prefer the server's cipher list by default.

Based on a diff from Kyle Thompson <jmp at giga dot moe>.

ok beck@ bcook@

Indent labels with a space so that diff -p is more friendly.

Requested by bluhm@

Add client certificate support. Still needs a few tweaks but this will
ride upcoming minor bump
ok jsing@

Only take ownership of a socket if we allocated it within libtls. If we are
passed a socket then the caller is responsible for closing it.

ok bcook@

Improve libtls error messages.

The tls_set_error() function previously stored the errno but did nothing
with it. Change tls_set_error() to append the strerror(3) of the stored
errno so that we inclu

Improve libtls error messages.

The tls_set_error() function previously stored the errno but did nothing
with it. Change tls_set_error() to append the strerror(3) of the stored
errno so that we include useful information regarding failures.

Provide a tls_set_errorx() function that does not store the errno or
include strerror(3) in the error message. Call this function instead of
tls_set_error() for errors where the errno value has no useful meaning.

With feedback from and ok doug@

show more ...

Unify error message between client and server.

SSL_set_app_data is a macro for SSL_set_ex_data(), which is a wrapper
around CRYPTO_set_ex_data(), which can fail. Since this is the case, check
the return value of CRYPTO_set_ex_data^WSSL_set_ex_dat

SSL_set_app_data is a macro for SSL_set_ex_data(), which is a wrapper
around CRYPTO_set_ex_data(), which can fail. Since this is the case, check
the return value of CRYPTO_set_ex_data^WSSL_set_ex_data^WSSL_set_app_data.

show more ...

Provide a tls_accept_fds() function, which allows a TLS connection to be
accepted via an existing pair of file descriptors.

Based on a diff from Jan Klemkow.

Store errors that occur during a tls_accept_socket() call on the context
for the server, rather than on the context for the connection. This makes
more sense than the current behaviour does.

Issue r

Store errors that occur during a tls_accept_socket() call on the context
for the server, rather than on the context for the connection. This makes
more sense than the current behaviour does.

Issue reported by Tim van der Molen.

show more ...

Convert tls_connect_fds() and tls_accept_socket() to the new OpenSSL error
dance handling code. This means that we get slightly useful messages when
a TLS connection or accept fails.

Requested by re

Convert tls_connect_fds() and tls_accept_socket() to the new OpenSSL error
dance handling code. This means that we get slightly useful messages when
a TLS connection or accept fails.

Requested by reyk@

show more ...

Add tls_config_set_dheparams() to allow specification of the parameters to
use for DHE. This enables the use of DHE cipher suites.

Rename tls_config_set_ecdhcurve() to tls_config_set_ecdhecurve() si

Add tls_config_set_dheparams() to allow specification of the parameters to
use for DHE. This enables the use of DHE cipher suites.

Rename tls_config_set_ecdhcurve() to tls_config_set_ecdhecurve() since it
is only used to specify the curve for ephemeral ECDH.

Discussed with reyk@

show more ...

Make the TLS connect and accept error messages consistent.
OK jsing@

The SSL/TLS session Id context is limited to 32 bytes. Instead of
using the name of relayd relay or smtpd pki, use a 32 byte arc4random
buffer that should be unique for the context. This fixes an i

The SSL/TLS session Id context is limited to 32 bytes. Instead of
using the name of relayd relay or smtpd pki, use a 32 byte arc4random
buffer that should be unique for the context. This fixes an issue in
OpenSMTPD when a long pki name could break the configuration.

OK gilles@ benno@

show more ...