0
0
Fork 0
mirror of https://github.com/matrix-construct/construct synced 2024-11-09 03:21:15 +01:00
Commit graph

18 commits

Author SHA1 Message Date
Aaron Jones
3057f91d98
openssl: change how we load DH parameters
The code already assumes the presence of fopen(3) and errno, and, by
extension, fclose(3) and strerror(3), so just use those instead of the
BIO wrappers.

Additionally, don't fail to initialise if the DH file does exist but
parsing it fails, as per the pre-existing comment about them being
optional.
2016-05-25 21:46:34 +00:00
Aaron Jones
c40eede13b
[TLS Backends] Make version strings more useful and consistent 2016-05-05 03:47:46 +00:00
Aaron Jones
0fe9dd4119
[TLS Backends] Allow absense of private key file
Use the certificate file instead
2016-05-05 03:47:33 +00:00
Aaron Jones
92404a1a98
[openssl] Forward-port some more cleanups from fixes to 3.5 2016-04-30 21:45:16 +00:00
Aaron Jones
cf12678be5
[openssl] More improvements to the backend
* Don't manually initialise libssl 1.1.0 -- it does this automatically
* SSL_library_init() should be called first otherwise
* Move SSL_CTX construction to rb_setup_ssl_server()
* Test for all required files (certificate & key) before doing anything
* Free the old CTX before constructing a new one (Fixes #186)
* Don't try to set options / ciphers etc on a NULL CTX
* Clean up ifdef indentation
* Fix DH parameters memory leak
2016-04-29 16:26:52 +00:00
Simon Arlott
f9014791da
openssl: set ciphers on client connections too 2016-04-29 07:42:12 +01:00
Aaron Jones
b28c26d965
Partially revert previous commit
The OpenSSL backend is the only one that assigns a non-constant
value to the length variable. Use the correct type for its
pointer and cast instead.

[ci skip]
2016-04-27 21:49:55 +00:00
Aaron Jones
e3760ba710
[TLS backends] Miscellaneous fixes
* Certificate fingerprint length functions return an "int", so use an
  int when calculating the length
* Clean up the OpenSSL certificate fingerprint if() and indentation mess
2016-04-27 21:45:19 +00:00
Simon Arlott
d6acb43769
openssl: don't allow certificates outside the validity period 2016-04-27 22:03:49 +01:00
Aaron Jones
b1f0549361
[openssl] support ECDHE on more than one curve when possible 2016-04-27 16:17:33 +00:00
Simon Arlott
0346918701
add mkfingerprint program 2016-04-26 20:49:03 +01:00
Simon Arlott
e1f16ce22e
openssl: accept more certificate verify errors as valid 2016-04-25 20:38:39 +01:00
Simon Arlott
5ad62c80ee
librb: remove socklen parameter from rb_connect_tcp 2016-04-24 17:11:20 +01:00
Simon Arlott
cf430c1a40
ssld: Add new certfp_methods spki_sha256 and spki_sha512
These operate on the SubjectPublicKeyInfo of the certificate, which does
change unless the private key is changed. This allows the fingerprint to
stay constant even if the certificate is reissued.

(The same fingerprint is also used by DANE)
2016-04-23 22:51:05 +01:00
Matt Ullman
c056dba233 Remove the rest of the SVN id tags 2016-03-23 20:13:12 -04:00
Elizabeth Myers
3a1f645bed misc solaris fixes 2016-03-23 12:04:46 -05:00
Elizabeth Myers
fe037171d6 Change all leftover libratbox stuff to librb. 2016-03-06 03:49:27 -06:00
William Pitcock
c83f2f5e12 rename libratbox to librb, since its pretty modified anyway 2016-03-06 02:30:20 -06:00
Renamed from libratbox/src/openssl.c (Browse further)