#
39d0e38d |
| 27-Jul-2023 |
Chuck Lever <chuck.lever@oracle.com> |
net/handshake: Add helpers for parsing incoming TLS Alerts
Kernel TLS consumers can replace common TLS Alert parsing code with these helpers.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Lin
net/handshake: Add helpers for parsing incoming TLS Alerts
Kernel TLS consumers can replace common TLS Alert parsing code with these helpers.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Link: https://lore.kernel.org/r/169047942074.5241.13791647439480672048.stgit@oracle-102.nfsv4bat.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
show more ...
|
#
35b1b538 |
| 27-Jul-2023 |
Chuck Lever <chuck.lever@oracle.com> |
net/handshake: Add API for sending TLS Closure alerts
This helper sends an alert only if a TLS session was established.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Link: https://lore.kernel
net/handshake: Add API for sending TLS Closure alerts
This helper sends an alert only if a TLS session was established.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Link: https://lore.kernel.org/r/169047936730.5241.618595693821012638.stgit@oracle-102.nfsv4bat.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
show more ...
|
#
26fb5480 |
| 11-May-2023 |
Chuck Lever <chuck.lever@oracle.com> |
net/handshake: Enable the SNI extension to work properly
Enable the upper layer protocol to specify the SNI peername. This avoids the need for tlshd to use a DNS lookup, which can return a hostname
net/handshake: Enable the SNI extension to work properly
Enable the upper layer protocol to specify the SNI peername. This avoids the need for tlshd to use a DNS lookup, which can return a hostname that doesn't match the incoming certificate's SubjectName.
Fixes: 2fd5532044a8 ("net/handshake: Add a kernel API for requesting a TLSv1.3 handshake") Reviewed-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
show more ...
|
#
2fd55320 |
| 17-Apr-2023 |
Chuck Lever <chuck.lever@oracle.com> |
net/handshake: Add a kernel API for requesting a TLSv1.3 handshake
To enable kernel consumers of TLS to request a TLS handshake, add support to net/handshake/ to request a handshake upcall.
This pa
net/handshake: Add a kernel API for requesting a TLSv1.3 handshake
To enable kernel consumers of TLS to request a TLS handshake, add support to net/handshake/ to request a handshake upcall.
This patch also acts as a template for adding handshake upcall support for other kernel transport layer security providers.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
show more ...
|