min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,319 Commits 2 Branches 0 Tags 16 MiB
Commit Graph

466 Commits

Author SHA1 Message Date
Steven Fackler 3456add537 Add SslRef::verified_chain 2018-05-29 21:53:22 -07:00
Steven Fackler a774c0c5f2 Rename X509Ref::fingerprint to X509Ref::digest and avoid allocating 2018-05-24 21:07:36 -07:00
Steven Fackler 3cd33cdd8b Don't panic on bogus servernames 
Also add a second version of the method to avoid filtering out non-utf8
names.

Closes #930
 2018-05-24 20:22:15 -07:00
Steven Fackler c0876cc8c6 Add bindings to SSL_get_finished and SSL_get_peer_finished 
These are used for the tls-unique SCRAM channel binding mode.
 2018-05-24 20:00:28 -07:00
Steven Fackler c7db3d18ad
Merge pull request #920 from Ralith/max-early-data-accessors 
TLS1.3 early data support
 2018-05-22 20:42:46 -07:00
Benjamin Saunders 2e478fdcf4 Expose early I/O 2018-05-22 20:25:28 -07:00
Steven Fackler 7a7f98a32c
Revert "Move proto version accessors to SslContextRef" 2018-05-20 20:55:20 -07:00
Steven Fackler b976b5fd52 Move proto version accessors to SslContextRef 
Add a Derf impl for SslContextBuilder so existing use still works.
 2018-05-20 20:47:00 -07:00
Steven Fackler f0347fbce8 Improve error Display impls 2018-05-20 19:37:19 -07:00
Steven Fackler 4c1fdf1d81 Support ALPN on libressl 
Closes #690
 2018-05-20 12:52:49 -07:00
Steven Fackler a6fcef01c0 Overhaul openssl cfgs 
Also expose hostname verification on libressl
 2018-05-20 12:33:02 -07:00
Steven Fackler d991566f2b Support min/max version in LibreSSL 
Their implementations of the accessors don't behave expected with no
bounds, so we ignore those bits of the tests.
 2018-05-19 19:57:12 -07:00
Benjamin Saunders 69c75a178b Expose early keying material export 2018-05-17 13:16:41 -07:00
Benjamin Saunders d5d414b16f Expose max TLS1.3 early data accessors 2018-05-17 12:02:32 -07:00
Steven Fackler ff2c7ffefd Merge Ssl impl blocks 2018-05-12 16:50:50 +01:00
Steven Fackler c25b6f3e26 Clean up SSL callbacks 
Also add an Arc to avoid a weird use after free edge case if a callback
changes a callback.
 2018-05-12 15:02:53 +01:00
Steven Fackler 5cfbe7ac6a Disable tests that talk to Google on LibreSSL 2.5.0 
They're flickering, and I'm assuming it's just because that version is
so old.
 2018-05-12 13:59:22 +01:00
Steven Fackler e5d65306e7 Change SslContext callback handling 
Use the existing infrastructure!
 2018-05-12 13:19:01 +01:00
Steven Fackler 7a1b59d605 Fix base version for min/max proto accessors 
Closes #911
 2018-05-09 20:04:43 +01:00
Benjamin Saunders 47431f66bb Expose SslSession <-> DER conversion 2018-04-29 01:54:16 -07:00
Steven Fackler aa619c81c0 Some misc cleanup 2018-04-27 15:41:12 -07:00
Steven Fackler e423da2d12
Merge pull request #858 from Ralith/stateless-api 
Introduce SslStreamBuilder
 2018-03-31 11:28:03 -07:00
Steven Fackler 1bbe1b6a8f Clean up a couple of holdovers from old features 2018-03-29 10:20:18 +02:00
Benjamin Saunders f99c101559 Add test for stateless connection 2018-03-28 18:14:48 -07:00
Benjamin Saunders 99fdb2bd0b Introduce SslStreamBuilder 2018-03-28 18:14:48 -07:00
Benjamin Saunders bbb1cb61f6 Update to OpenSSL 1.1.1-pre3 2018-03-28 18:14:44 -07:00
Steven Fackler 7c33346960 Remove version-specific features 
Closes #852
 2018-03-19 00:41:33 -07:00
Benjamin Saunders 09b1fe9a0d Expose additional cipher and digest accessors 2018-03-16 20:33:23 -07:00
Steven Fackler 9f5ef88880 Add a Sync + Send bound to the custom ext type 
It's stored inside of the Ssl, so this is probably tecnically
necessarly?
 2018-03-11 15:36:47 -07:00
Steven Fackler d0329473bd
Merge branch 'master' into custom-extensions 2018-03-11 15:27:28 -07:00
Benjamin Saunders e02dbde2f7 Generic custom extension add fn return type 2018-03-10 22:30:54 -08:00
Steven Fackler 562fe79f4c Add one more set of impls 2018-03-10 08:53:46 -08:00
Benjamin Saunders b0bc1c770e High-level API for OpenSSL 1.1.1 custom extension support 2018-03-09 20:33:49 -08:00
Benjamin Saunders f92de22b8d Add SslOptions::ENABLE_MIDDLEBOX_COMPAT 2018-03-03 14:57:38 -08:00
Steven Fackler b7ba577339 Add min/max protocol version support 2018-02-25 23:20:10 -08:00
Steven Fackler d5dd6575c1 Restore error stack in cookie callback 2018-02-25 22:11:08 -08:00
Benjamin Saunders e04dbfa3ee Expose cookie generate/verify callback setters 2018-02-25 20:05:15 -08:00
Steven Fackler cebfbd9a25
Merge pull request #850 from sfackler/put-error 
Add the ability to push errors back onto the error stack.
 2018-02-24 20:58:07 -08:00
Steven Fackler 5fd23d38d5 Add the ability to push errors back onto the error stack. 2018-02-24 20:46:03 -08:00
Steven Fackler f72f35e9bd Add RFC 5705 support 2018-02-23 22:04:57 -08:00
Steven Fackler 7e0591a377 Actually add version stuff 2018-02-21 23:25:28 -08:00
Steven Fackler 15048f4c02 Inline connector constants 2018-02-21 19:41:06 -08:00
Steven Fackler 6977e9e89f Don't special case 1.0.1 
It appears that 1.0.1's defaults are actually okay.
 2018-02-21 18:44:04 -08:00
Steven Fackler 7192a5291f Update SslConnector cipher list 
Based off of python/cpython#3532, we use OpenSSL's default cipher list
and turn of things we don't like. This can't be used with 1.0.1,
however, which had a poor default set. There, we use the old defaults,
with the bits that aren't implemented in 1.0.1 removed (namely TLSv1.3
suites and ChaCha).
 2018-02-20 22:27:54 -08:00
Steven Fackler 2daaf3fdea Add some debugging-related bindings 2018-02-17 17:49:49 -08:00
Steven Fackler 90d5f85511 Add SSL_version binding 2018-02-17 13:44:21 -08:00
Steven Fackler 3f5e3f095e Fix session cloning 2018-02-17 10:12:47 -08:00
Steven Fackler e5123d266b Bind remove and get session callbacks 2018-02-16 22:24:34 -08:00
Steven Fackler 4dffa0c33f SSL session callbacks have always been around 2018-02-16 21:31:09 -08:00
Steven Fackler af4832e145 Doc tweak 2018-02-15 21:33:39 -08:00