aboutsummaryrefslogtreecommitdiff
path: root/src/IO/tls.c
AgeCommit message (Collapse)Author
2024-11-24Add support to query version in TLS backendsRodrigo Arias Mallo
2024-08-07Make Dillo C99 standard compliantRodrigo Arias Mallo
Reviewed-by: dogma
2024-03-09Use Doxygen comments for C filesRodrigo Arias Mallo
2023-12-30Add support for OpenSSL, mbedTLS 2 and mbedTLS 3Rodrigo Arias Mallo
Brings the previous OpenSSL implementation into src/IO/tls_openssl.c. Now, the TLS functions have the implementation name as prefix, like a_Tls_openssl_connect(). The generic interface at IO/tls.h hides the implementation which is selected at configure time. The appropriate functions of that implementation are called from IO/tls.c to IO/tls_<impl>.c. In this way, support for more TLS libraries can easily be added. In the case of mbedTLS, there are some incompatible changes from version 2 to 3, so we use some ifdefs to fix the differences.
2023-12-30Move mbedTLS implementation to tls_mbedtls.cRodrigo Arias Mallo
2016-07-07MBEDTLS_SSL_SESSION_TICKETS_DISABLEDcorvid
2016-07-07a little renaming in tlscorvid
The handshake stuff should be named handshake. What should you call initialize/setup plus handshake, then? I don't know, but 'connect' for now, anyway.
2016-07-06MSG clarificationcorvid
You can trust an intermediate certificate in a chain, so let's be careful with words here. It would of course be better to tell the user which certificate was trusted in that case, but my understanding is that I would have to go through each certificate in the chain and try to match it against all of the trusted certificates, like mbed tls's verification code does in the first place. This would involve a lot of digging around in mbed tls's structures and using resources...
2016-07-06MSGcorvid
2016-07-04recognize obsolete hash algorithms when complaining about...obsolete hash ↵corvid
algorithms
2016-07-04in some TLS MSGs, don't show port if it's the defaultcorvid
2016-07-03workaround for mbed TLS 2.3.0 include problemcorvid
reported by Nick Warne http://lists.dillo.org/pipermail/dillo-dev/2016-July/010941.html checking mbedtls/ssl.h usability... no checking mbedtls/ssl.h presence... yes configure: WARNING: mbedtls/ssl.h: present but cannot be compiled configure: WARNING: mbedtls/ssl.h: check for missing prerequisite headers? configure: WARNING: mbedtls/ssl.h: see the Autoconf documentation configure: WARNING: mbedtls/ssl.h: section "Present But Cannot Be Compiled" configure: WARNING: mbedtls/ssl.h: proceeding with the compiler's result checking for mbedtls/ssl.h... no configure: WARNING: *** mbed TLS 2 not found. Disabling SSL/HTTPS/TLS support. ***
2016-07-03clean up host:port usage, particularly with ipv6corvid
2016-07-03use mbed TLScorvid
2016-03-08openssl 1.0.2f does not like shutdown to be called during handshakecorvid
thread begins here: http://lists.dillo.org/pipermail/dillo-dev/2016-February/010682.html
2015-07-05wasteful use of strncpycorvid
I never knew that if you give it a small string to copy into a big buffer, it'll waste time filling the rest of it with '\0'.
2015-07-05tls.c a little cleanupcorvid
2015-07-05integrate cert algorithm + key checking code with the other checkscorvid
2015-06-29HTTP Strict Transport Securitycorvid
I'm not including the preload file yet.
2015-06-24add a tls test sitecorvid
2015-06-03show certificate hash algorithm (and complain feebly if it's weak)corvid
2015-06-01constcorvid
2015-06-01TLS servers sortedcorvid
2015-05-30fix warningcorvid
2015-05-30print certificate chaincorvid
2015-05-30let's not print tls alerts for 'close notify'corvid
2015-05-29print out TLS version and cipher agreed upon after first connection with servercorvid
2015-05-29documentation and not-currently-possible error casecorvid
2015-05-29some more information for TLS warning popupscorvid
2015-05-28'ssl' -> 'tls' where reasonable, given that ssl3 is dead and allcorvid
I used 'hg rename' and expected (at least hoped) that 'hg diff' would do what I would naturally want, but no.