| #
db36e951 |
| 23-Oct-2024 |
jsg <jsg@openbsd.org> |
remove duplicate defines; ok tb@
|
| #
170946b3 |
| 02-Mar-2024 |
tb <tb@openbsd.org> |
Make {SSL3,TLS}_CT_* internal
And here goes a bunch of unused macros that just had to be in two
headers so they could get out of sync. Three of these constants
are used in a single function...
ok j
Make {SSL3,TLS}_CT_* internal
And here goes a bunch of unused macros that just had to be in two
headers so they could get out of sync. Three of these constants
are used in a single function...
ok jsing
show more ...
|
| #
20a14f12 |
| 02-Mar-2024 |
tb <tb@openbsd.org> |
Export SSL_get_{peer_,}signature_type_nid()
Also move the prototypes to the correct header.
Oversight reported by Frank Lichtenheld, thanks!
Fixes https://github.com/libressl/openbsd/issues/147
ok
Export SSL_get_{peer_,}signature_type_nid()
Also move the prototypes to the correct header.
Oversight reported by Frank Lichtenheld, thanks!
Fixes https://github.com/libressl/openbsd/issues/147
ok jsing
show more ...
|
| #
689a9b7e |
| 03-Feb-2024 |
beck <beck@openbsd.org> |
Remove GOST and STREEBOG support from libssl.
This version of GOST is old and not anywhere close to compliant with
modern GOST standards. It is also very intrusive in libssl and
makes a mess everywh
Remove GOST and STREEBOG support from libssl.
This version of GOST is old and not anywhere close to compliant with
modern GOST standards. It is also very intrusive in libssl and
makes a mess everywhere. Efforts to entice a suitably minded anyone
to care about it have been unsuccessful.
At this point it is probably best to remove this, and if someone
ever showed up who truly needed a working version, it should be
a clean implementation from scratch, and have it use something
closer to the typical API in libcrypto so it would integrate less
painfully here.
This removes it from libssl in preparation for it's removal from
libcrypto with a future major bump
ok tb@
show more ...
|
| #
7dc6669a |
| 17-Jul-2022 |
jsing <jsing@openbsd.org> |
Correct value for TLSEXT_TYPE_quic_transport_parameters
Use the correct value for TLSEXT_TYPE_quic_transport_parameters according
to RFC 9001 section 8.2. Also move the define under LIBRESSL_HAS_QUI
Correct value for TLSEXT_TYPE_quic_transport_parameters
Use the correct value for TLSEXT_TYPE_quic_transport_parameters according
to RFC 9001 section 8.2. Also move the define under LIBRESSL_HAS_QUIC to
avoid things finding it prematurely.
ok beck@ tb@
show more ...
|
| #
c381d390 |
| 13-Jul-2022 |
tb <tb@openbsd.org> |
Remove #ifndef around the definition of OPENSSL_TLS_SECURITY_LEVEL.
We do not intend to make this a compile-time option.
Reminded by schwarze who asked about it
ok jsing
|
| #
9846584d |
| 07-Jul-2022 |
tb <tb@openbsd.org> |
Expose security level symbols and error codes in the headers.
ok jsing
|
| #
8385bbf8 |
| 29-Jun-2022 |
beck <beck@openbsd.org> |
Add support for sending QUIC transport parameters
This is the start of adding the boringssl API for QUIC support,
and the TLS extensions necessary to send and receive QUIC transport
data.
Inspired
Add support for sending QUIC transport parameters
This is the start of adding the boringssl API for QUIC support,
and the TLS extensions necessary to send and receive QUIC transport
data.
Inspired by boringssl's https://boringssl-review.googlesource.com/24464
ok jsing@ tb@
show more ...
|
| #
f631ff81 |
| 28-Jun-2022 |
tb <tb@openbsd.org> |
Provide OPENSSL_TLS_SECURITY_LEVEL define
ok beck jsing sthen
|
| #
93fa6e49 |
| 05-Feb-2022 |
tb <tb@openbsd.org> |
Switch TLSv1.3 cipher names from AEAD- to OpenSSL's TLS_
OpenSSL chose to break the previous naming convention for ciphers and
to adopt TLS_* "RFC" names instead. Unfortunately, these names are
expo
Switch TLSv1.3 cipher names from AEAD- to OpenSSL's TLS_
OpenSSL chose to break the previous naming convention for ciphers and
to adopt TLS_* "RFC" names instead. Unfortunately, these names are
exposed in several APIs and some language bindings test for these
non-standard names instead of cipher values, which is ... unfortunate
(others would say "plain crazy").
We currently have to maintain patches in regress and ports (p5-Net-SSLeay,
openssl-ruby-tests - which means that Ruby will pick this up at some point)
to work around this difference and that's just not worth the effort.
The old AEAD- names will become aliases and continue to work, but in
openssl ciphers and netcat output the TLS_* names will now be displayed.
"I would be very happy if this gets committed" bluhm
ok beck inoguchi, begrudgingly ok jsing
show more ...
|
| #
47ccd491 |
| 15-Oct-2021 |
jsing <jsing@openbsd.org> |
Move various structs from ssl.h/tls1.h to ssl_locl.h.
These were already under LIBRESSL_INTERNAL hence no ABI change.
ok tb@
|
| #
27521bdf |
| 10-Sep-2021 |
tb <tb@openbsd.org> |
Expose SSL_get_tlext_status_type() in tls1.h
ok beck jsing
|
| #
51c5ceb2 |
| 10-Sep-2021 |
tb <tb@openbsd.org> |
Remove TLS1_get_{,client_}version()
ok jsing
|
| #
cf6ab171 |
| 10-Sep-2021 |
tb <tb@openbsd.org> |
Remove struct tls_session_ticket_ext_st and TLS_SESSION_TICKET_EXT
from public visibility.
with/ok jsing
|
| #
a6ff6cd4 |
| 08-Sep-2021 |
tb <tb@openbsd.org> |
Prepare to provide SSL_get_tlsext_status_type()
Needed for nginx-lua to build with opaque SSL.
ok inoguchi jsing
|
| #
9e6414f4 |
| 14-Jun-2021 |
tb <tb@openbsd.org> |
Remove TLS1_AD_INTERNAL_ERROR from internal visibility again
With tls_server.c r1.47 this is no longer needed.
|
| #
62172254 |
| 14-Jun-2021 |
deraadt <deraadt@openbsd.org> |
ugly hack around broken build until people wake up.
|
| #
3c03665a |
| 13-Jun-2021 |
jsing <jsing@openbsd.org> |
Define SSL_AD_* as actual values.
Rather than having SSL_AD_* as defines that refer to SSL3_AD_* or
TLS1_AD_*, just give them actual values directly since it is more readable
and the indirection pro
Define SSL_AD_* as actual values.
Rather than having SSL_AD_* as defines that refer to SSL3_AD_* or
TLS1_AD_*, just give them actual values directly since it is more readable
and the indirection provides no value. Place SSL3_AD_* and TLS1_AD_* under
#ifndef LIBRESSL_INTERNAL to prevent further usage.
ok tb@
show more ...
|
| #
5fb60306 |
| 10-Mar-2021 |
jsing <jsing@openbsd.org> |
Guard TLS1_get_{client_,}version() macros with #ifndef LIBRESSL_INTERNAL.
These are no longer used (and should not be used) internally.
|
| #
22c2c18e |
| 05-Jun-2020 |
jsing <jsing@openbsd.org> |
Use IANA allocated GOST ClientCertificateTypes.
IANA has allocated numbers for GOST ClientCertificateType. Use them in
addition to private values (left in place for compatibility).
Diff from Dmitry
Use IANA allocated GOST ClientCertificateTypes.
IANA has allocated numbers for GOST ClientCertificateType. Use them in
addition to private values (left in place for compatibility).
Diff from Dmitry Baryshkov <dbaryshkov@gmail.com>
Sponsored by ROSA Linux
ok inoguchi@ tb@
show more ...
|
| #
e52e7f29 |
| 02-Jan-2020 |
jsing <jsing@openbsd.org> |
Provide TLSEXT_TYPE_* aliases for TLS 1.3.
OpenSSL decided to use their own names for two of the TLS 1.3 extensions,
rather than using the names given in the RFC. Provide aliases for these so
that c
Provide TLSEXT_TYPE_* aliases for TLS 1.3.
OpenSSL decided to use their own names for two of the TLS 1.3 extensions,
rather than using the names given in the RFC. Provide aliases for these so
that code written to work with OpenSSL also works with LibreSSL (otherwise
everyone gets to provide their own workarounds).
Issue noted by d3x0r on github.
ok inoguchi@ tb@
show more ...
|
| #
b585d7de |
| 19-Mar-2019 |
jsing <jsing@openbsd.org> |
Revert TLS1_get{,_client}_version simplification because DTLS.
|
| #
0b8e44ec |
| 17-Mar-2019 |
jsing <jsing@openbsd.org> |
Partially clean up the TLS1_get_{,client}_version macros.
LibreSSL only supports TLSv1.0 and above, hence the checks the macros are
performing are useless. Simplify them to their effective code. Als
Partially clean up the TLS1_get_{,client}_version macros.
LibreSSL only supports TLSv1.0 and above, hence the checks the macros are
performing are useless. Simplify them to their effective code. Also place
both under #ifndef LIBRESSL_INTERNAL and use the variables directly in our
code, which improves readability.
ok tb@
show more ...
|
| #
96b1ac03 |
| 09-Nov-2018 |
beck <beck@openbsd.org> |
Reimplement the sigalgs processing code into a new implementation
that will be usable with TLS 1.3 with less eye bleed.
ok jsing@ tb@
|
| #
d3b2bb0d |
| 07-Nov-2018 |
jsing <jsing@openbsd.org> |
Add TLSv1.3 cipher suites (with appropriate guards).
ok beck@ tb@
|