History log of /dovecot/src/lib-ssl-iostream/iostream-openssl.h
Revision Date Author Comments Expand
976dee5384c4827dc648c9bc53825390521c388e 11-Dec-2017 Martti Rannanjärvi <martti.rannanjarvi@dovecot.fi>

Replace ssl_protocols config option with ssl_min_protocol Default to TLSv1.
15aa67e8a9dd7fc631d58ce13c54fe004bb4d0c1 07-Nov-2017 Timo Sirainen <timo.sirainen@dovecot.fi>

lib-ssl-iostream: Add io_stream_ssl_global_init()
14a07d2bb34f1d52fce3e3218799f271f118d501 07-Nov-2017 Timo Sirainen <timo.sirainen@dovecot.fi>

lib-ssl-iostream: Add TLS SNI callback and a way to change SSL context
bbafd34da224c399700956db6819643e1d3b3ce7 07-Nov-2017 Timo Sirainen <timo.sirainen@dovecot.fi>

lib-ssl-iostream: openssl_cert_match_name() - add reason_r parameter The returned string explains what exactly matched or why nothing matched.
18344a653fb063e599e24d1e9f7d5db4d8fd7b45 07-Nov-2017 Timo Sirainen <timo.sirainen@dovecot.fi>

lib-ssl-iostream: ssl_iostream_cert_match_name() - Change to return bool The return value makes much more sense as a boolean TRUE/FALSE than 0/-1.
96359599bbd4a2d704c3f343ff4c2fcd03f0dd02 07-Nov-2017 Timo Sirainen <timo.sirainen@dovecot.fi>

lib-ssl-iostream: Add refcounting to ssl_iostream_context
319bc5ff46e9c941efb573b1e00f85fdeb08942d 07-Nov-2017 Timo Sirainen <timo.sirainen@dovecot.fi>

lib-ssl-iostream: Change ssl_iostream_context.set to not be a pointer It's just unnecessary memory usage.
8bcf6fd065a71ae0ca6dc76989250e819d08d7f6 07-Nov-2017 Aki Tuomi <aki.tuomi@dovecot.fi>

iostream-openssl: Refactor stream sync code When doing input or stream sync, specify the type of operation that we are doing to make sure we do IO correctly.
d185226aa3dc88a9ee9f16b4c8b2e38000ac8b96 01-Nov-2017 Timo Sirainen <timo.sirainen@dovecot.fi>

lib-ssl-iostream: Split host to connected_host and sni_host Using the same variable for both was causing confusion.
ca55f7e83f7646060748cfe14fed8ff0e565561b 31-Oct-2017 Aki Tuomi <aki.tuomi@dovecot.fi>

lib-ssl-iostream: Remove input_handler flag It is no longer needed after 87da941c
9f7ba3807f77209a65e0faa56cac8545b06cd116 31-Oct-2017 Aki Tuomi <aki.tuomi@dovecot.fi>

global: Splice cert into separate struct from iostream_ssl_settings
13479101da29577f7789d6f61faa1da3e2f7434a 06-Feb-2017 Timo Sirainen <timo.sirainen@dovecot.fi>

lib-ssl-iostream: Use ASN1_STRING_get0_data() if it exists This avoids deprecation warnings about ASN1_STRING_data() in OpenSSL v1.1.
ecc2fb34641f1bd39e10c774192ca18527ecb953 18-Sep-2016 Timo Sirainen <timo.sirainen@dovecot.fi>

lib-ssl-iostream: Fixed OpenSSL module to be actually initialized.
fe4058e6f01bf0e104c44815b6df7cfefb80634c 16-Sep-2016 Timo Sirainen <timo.sirainen@dovecot.fi>

lib-ssl-iostream: Use more standard _init() & _deinit() to initialize SSL plugin This is mainly to make it easier for test programs to link to the plugin directly.
00b722cca0601adadfbc653711b405b03e017e09 10-Aug-2016 Aki Tuomi <aki.tuomi@dovecot.fi>

dovecot: Remove ssl-params
095481fee84040436ce2dccca472c9bb1df4d5bb 16-Jun-2016 Timo Sirainen <timo.sirainen@dovecot.fi>

lib-ssl-iostream: Changed require_valid_cert -> allow_invalid_cert We should default to being safe.
0dffa25d211be541ee3c953b23566a1a990789df 06-Jun-2016 Timo Sirainen <timo.sirainen@dovecot.fi>

global: unsigned int:1 -> bool:1 perl -i -pe 's/unsigned int ([^,:;]+):1;/bool $1:1;/' **/*.[ch]

/dovecot/src/anvil/anvil-connection.c /dovecot/src/anvil/penalty.c /dovecot/src/auth/auth-client-connection.h /dovecot/src/auth/auth-master-connection.h /dovecot/src/auth/auth-penalty.c /dovecot/src/auth/auth-postfix-connection.c /dovecot/src/auth/auth-request-handler.c /dovecot/src/auth/auth-request.h /dovecot/src/auth/auth-worker-client.c /dovecot/src/auth/auth-worker-server.c /dovecot/src/auth/db-checkpassword.c /dovecot/src/auth/db-passwd-file.h /dovecot/src/auth/db-sql.h /dovecot/src/auth/mech-digest-md5.c /dovecot/src/auth/passdb-pam.c /dovecot/src/auth/userdb-passwd.c /dovecot/src/auth/userdb-sql.c /dovecot/src/auth/userdb-static.c /dovecot/src/config/config-connection.c /dovecot/src/config/config-parser-private.h /dovecot/src/config/doveconf.c /dovecot/src/dict/dict-connection.h /dovecot/src/director/director-connection.c /dovecot/src/director/director-host.h /dovecot/src/director/director.h /dovecot/src/director/doveadm-connection.c /dovecot/src/director/login-connection.c /dovecot/src/director/mail-host.h /dovecot/src/director/user-directory.h /dovecot/src/doveadm/client-connection.h /dovecot/src/doveadm/doveadm-dsync.c /dovecot/src/doveadm/doveadm-mail-index.c /dovecot/src/doveadm/doveadm-mail-mailbox-status.c /dovecot/src/doveadm/doveadm-mail.h /dovecot/src/doveadm/doveadm-print-flow.c /dovecot/src/doveadm/doveadm-print-pager.c /dovecot/src/doveadm/doveadm-print-tab.c /dovecot/src/doveadm/doveadm-print-table.c /dovecot/src/doveadm/doveadm-stats.c /dovecot/src/doveadm/dsync/dsync-brain-private.h /dovecot/src/doveadm/dsync/dsync-ibc-private.h /dovecot/src/doveadm/dsync/dsync-ibc-stream.c /dovecot/src/doveadm/dsync/dsync-mailbox-export.c /dovecot/src/doveadm/dsync/dsync-mailbox-import.c /dovecot/src/doveadm/dsync/dsync-mailbox-tree.h /dovecot/src/doveadm/server-connection.c /dovecot/src/imap-login/imap-login-client.h /dovecot/src/imap-urlauth/imap-urlauth-client.h /dovecot/src/imap-urlauth/imap-urlauth-login.c /dovecot/src/imap-urlauth/imap-urlauth-worker.c /dovecot/src/imap/cmd-append.c /dovecot/src/imap/cmd-idle.c /dovecot/src/imap/cmd-list.c /dovecot/src/imap/cmd-select.c /dovecot/src/imap/cmd-urlfetch.c /dovecot/src/imap/imap-client.h /dovecot/src/imap/imap-fetch-body.c /dovecot/src/imap/imap-fetch.h /dovecot/src/imap/imap-notify.h /dovecot/src/imap/imap-search.h /dovecot/src/imap/imap-sync.c /dovecot/src/indexer/indexer-client.c /dovecot/src/indexer/indexer-queue.h /dovecot/src/indexer/master-connection.c /dovecot/src/indexer/worker-connection.c /dovecot/src/ipc/ipc-connection.h /dovecot/src/lib-auth/auth-client-private.h /dovecot/src/lib-auth/auth-master.c /dovecot/src/lib-auth/auth-master.h /dovecot/src/lib-auth/auth-server-connection.h /dovecot/src/lib-compression/istream-bzlib.c /dovecot/src/lib-compression/istream-lz4.c /dovecot/src/lib-compression/istream-lzma.c /dovecot/src/lib-compression/istream-zlib.c /dovecot/src/lib-compression/ostream-bzlib.c /dovecot/src/lib-compression/ostream-lzma.c /dovecot/src/lib-compression/ostream-zlib.c /dovecot/src/lib-dict/dict-client.c /dovecot/src/lib-dict/dict-private.h /dovecot/src/lib-dict/dict-sql.c /dovecot/src/lib-fs/fs-api-private.h /dovecot/src/lib-http/http-client-private.h /dovecot/src/lib-http/http-header-parser.c /dovecot/src/lib-http/http-message-parser.h /dovecot/src/lib-http/http-request-parser.c /dovecot/src/lib-http/http-request.h /dovecot/src/lib-http/http-response.h /dovecot/src/lib-http/http-server-private.h /dovecot/src/lib-http/http-transfer-chunked.c /dovecot/src/lib-http/http-url.c /dovecot/src/lib-http/http-url.h /dovecot/src/lib-imap-client/imapc-connection.c /dovecot/src/lib-imap-storage/imap-metadata.c /dovecot/src/lib-imap-storage/imap-msgpart-url.c /dovecot/src/lib-imap-storage/imap-msgpart.c /dovecot/src/lib-imap-urlauth/imap-urlauth-connection.c /dovecot/src/lib-imap-urlauth/imap-urlauth-fetch.c /dovecot/src/lib-imap-urlauth/imap-urlauth-fetch.h /dovecot/src/lib-imap-urlauth/imap-urlauth-private.h /dovecot/src/lib-imap/imap-arg.h /dovecot/src/lib-imap/imap-parser.c /dovecot/src/lib-imap/imap-url.c /dovecot/src/lib-imap/imap-url.h /dovecot/src/lib-index/mail-cache-private.h /dovecot/src/lib-index/mail-cache-transaction.c /dovecot/src/lib-index/mail-index-private.h /dovecot/src/lib-index/mail-index-strmap.c /dovecot/src/lib-index/mail-index-sync-private.h /dovecot/src/lib-index/mail-index-sync.c /dovecot/src/lib-index/mail-index-transaction-private.h /dovecot/src/lib-index/mail-index-view-private.h /dovecot/src/lib-index/mail-index-view-sync.c /dovecot/src/lib-index/mail-index.h /dovecot/src/lib-index/mail-transaction-log-private.h /dovecot/src/lib-index/mail-transaction-log-view-private.h /dovecot/src/lib-index/mail-transaction-log.h /dovecot/src/lib-lda/duplicate.c /dovecot/src/lib-lda/lmtp-client.c /dovecot/src/lib-mail/istream-binary-converter.c /dovecot/src/lib-mail/istream-dot.c /dovecot/src/lib-mail/istream-header-filter.c /dovecot/src/lib-mail/message-decoder.c /dovecot/src/lib-mail/message-header-decode.c /dovecot/src/lib-mail/message-header-parser.c /dovecot/src/lib-mail/message-header-parser.h /dovecot/src/lib-mail/message-parser.c /dovecot/src/lib-mail/message-search.c /dovecot/src/lib-master/ipc-server.c /dovecot/src/lib-master/master-instance.c /dovecot/src/lib-master/master-login-auth.c /dovecot/src/lib-master/master-login.c /dovecot/src/lib-master/master-login.h /dovecot/src/lib-master/master-service-private.h /dovecot/src/lib-master/master-service-settings-cache.c /dovecot/src/lib-master/master-service-settings.h /dovecot/src/lib-master/master-service.h /dovecot/src/lib-master/service-settings.h /dovecot/src/lib-sql/driver-cassandra.c /dovecot/src/lib-sql/driver-mysql.c /dovecot/src/lib-sql/driver-pgsql.c /dovecot/src/lib-sql/driver-sqlite.c /dovecot/src/lib-sql/sql-api-private.h iostream-openssl.h /dovecot/src/lib-storage/index/cydir/cydir-save.c /dovecot/src/lib-storage/index/dbox-common/dbox-file.h /dovecot/src/lib-storage/index/dbox-common/dbox-save.h /dovecot/src/lib-storage/index/dbox-multi/mdbox-map-private.h /dovecot/src/lib-storage/index/dbox-multi/mdbox-map.c /dovecot/src/lib-storage/index/dbox-multi/mdbox-storage-rebuild.c /dovecot/src/lib-storage/index/dbox-multi/mdbox-storage.h /dovecot/src/lib-storage/index/imapc/imapc-list.h /dovecot/src/lib-storage/index/imapc/imapc-save.c /dovecot/src/lib-storage/index/imapc/imapc-storage.h /dovecot/src/lib-storage/index/imapc/imapc-sync.h /dovecot/src/lib-storage/index/index-mail.h /dovecot/src/lib-storage/index/index-rebuild.h /dovecot/src/lib-storage/index/index-search-private.h /dovecot/src/lib-storage/index/index-search.c /dovecot/src/lib-storage/index/index-sort-string.c /dovecot/src/lib-storage/index/index-thread-finish.c /dovecot/src/lib-storage/index/index-thread-private.h /dovecot/src/lib-storage/index/index-thread.c /dovecot/src/lib-storage/index/istream-mail.c /dovecot/src/lib-storage/index/maildir/maildir-copy.c /dovecot/src/lib-storage/index/maildir/maildir-keywords.c /dovecot/src/lib-storage/index/maildir/maildir-save.c /dovecot/src/lib-storage/index/maildir/maildir-storage.h /dovecot/src/lib-storage/index/maildir/maildir-sync.c /dovecot/src/lib-storage/index/maildir/maildir-uidlist.c /dovecot/src/lib-storage/index/mbox/istream-raw-mbox.c /dovecot/src/lib-storage/index/mbox/mbox-save.c /dovecot/src/lib-storage/index/mbox/mbox-storage.h /dovecot/src/lib-storage/index/mbox/mbox-sync-private.h /dovecot/src/lib-storage/index/pop3c/pop3c-client.c /dovecot/src/lib-storage/index/pop3c/pop3c-storage.h /dovecot/src/lib-storage/index/raw/raw-storage.h /dovecot/src/lib-storage/list/mailbox-list-fs-iter.c /dovecot/src/lib-storage/list/mailbox-list-index-notify.c /dovecot/src/lib-storage/list/mailbox-list-index-sync.h /dovecot/src/lib-storage/list/mailbox-list-index.h /dovecot/src/lib-storage/list/mailbox-list-iter.c /dovecot/src/lib-storage/list/mailbox-list-none.c /dovecot/src/lib-storage/mail-namespace.h /dovecot/src/lib-storage/mail-search-register.c /dovecot/src/lib-storage/mail-search.h /dovecot/src/lib-storage/mail-storage-private.h /dovecot/src/lib-storage/mail-storage-service.c /dovecot/src/lib-storage/mail-storage-service.h /dovecot/src/lib-storage/mail-storage.h /dovecot/src/lib-storage/mail-user.h /dovecot/src/lib-storage/mailbox-list-private.h /dovecot/src/lib-storage/mailbox-search-result-private.h /dovecot/src/lib-storage/mailbox-tree.c /dovecot/src/lib/buffer.c /dovecot/src/lib/connection.h /dovecot/src/lib/file-dotlock.c /dovecot/src/lib/file-dotlock.h /dovecot/src/lib/ioloop-private.h /dovecot/src/lib/istream-crlf.c /dovecot/src/lib/istream-file-private.h /dovecot/src/lib/istream-jsonstr.c /dovecot/src/lib/istream-mmap.c /dovecot/src/lib/istream-private.h /dovecot/src/lib/istream-tee.c /dovecot/src/lib/istream.h /dovecot/src/lib/mempool.h /dovecot/src/lib/module-dir.h /dovecot/src/lib/ostream-file-private.h /dovecot/src/lib/ostream-private.h /dovecot/src/lib/ostream.h /dovecot/src/lmtp/client.h /dovecot/src/lmtp/lmtp-proxy.c /dovecot/src/log/log-connection.c /dovecot/src/login-common/client-common.h /dovecot/src/login-common/login-proxy.c /dovecot/src/login-common/ssl-proxy-openssl.c /dovecot/src/master/service-process.h /dovecot/src/master/service.h /dovecot/src/plugins/acl/acl-api-private.h /dovecot/src/plugins/acl/acl-api.h /dovecot/src/plugins/acl/acl-backend-vfile.h /dovecot/src/plugins/acl/acl-lookup-dict.c /dovecot/src/plugins/acl/acl-mailbox-list.c /dovecot/src/plugins/expire/expire-plugin.c /dovecot/src/plugins/fts-lucene/fts-backend-lucene.c /dovecot/src/plugins/fts-solr/fts-backend-solr.c /dovecot/src/plugins/fts-solr/solr-connection.c /dovecot/src/plugins/fts-squat/squat-trie-private.h /dovecot/src/plugins/fts-squat/squat-trie.c /dovecot/src/plugins/fts-squat/squat-uidlist.c /dovecot/src/plugins/fts/fts-api-private.h /dovecot/src/plugins/fts/fts-indexer.c /dovecot/src/plugins/fts/fts-storage.c /dovecot/src/plugins/fts/fts-storage.h /dovecot/src/plugins/lazy-expunge/lazy-expunge-plugin.c /dovecot/src/plugins/pop3-migration/pop3-migration-plugin.c /dovecot/src/plugins/quota/quota-fs.c /dovecot/src/plugins/quota/quota-maildir.c /dovecot/src/plugins/quota/quota-private.h /dovecot/src/plugins/quota/quota-storage.c /dovecot/src/plugins/virtual/virtual-mail.c /dovecot/src/plugins/virtual/virtual-storage.h /dovecot/src/plugins/virtual/virtual-sync.c /dovecot/src/pop3/pop3-client.h /dovecot/src/replication/replicator/dsync-client.c /dovecot/src/replication/replicator/notify-connection.c /dovecot/src/replication/replicator/replicator-brain.c /dovecot/src/replication/replicator/replicator-queue.h
78c27af9d04b830afe3df6495d7a1efee556ecb8 07-Dec-2015 Timo Sirainen <tss@iki.fi>

lib-ssl-iostream, login-*: Hide unnecessary "EVP_PKEY_get1_EC_KEY:expecting a ec key" errors.
8b5d186ec2f8b56ded72a7f45a70b7542caad9d0 02-Dec-2015 Timo Sirainen <tss@iki.fi>

login, lib-ssl-iostream: Deduplicate code with shared openssl_iostream_use_certificate_error()
7ef7f34c38954020004e2b25b4ce8f54b4bcf8f3 01-Nov-2014 Timo Sirainen <tss@iki.fi>

lib-ssl-iostream: Added dh_length parameter to ssl_iostream_generate_params() This is an API change, but nobody was actually using this function.
c5b7a9068c637195bae4751f965fc33c203a72d6 01-Nov-2014 Timo Sirainen <tss@iki.fi>

lib-ssl-iostream: Support non-1024bit DH parameters in ssl-parameters.dat.
87da941c0b0a0671997f592a52ee2c0b35d0e41e 03-Apr-2014 Timo Sirainen <tss@iki.fi>

lib-ssl-iostream: Make sure I/O input event is triggered after ostream-ssl has read some data to buffer.
1c6f6f5bef70f16546b3bc8f4cd5f93f373e82a2 19-Sep-2013 Timo Sirainen <tss@iki.fi>

iostreams: Set stream error string when it provides extra information.
b4f4552697bdc8e467955e262ae446dbe2914c14 06-Aug-2013 Timo Sirainen <tss@iki.fi>

lib-ssl-iostream: Deinitialization fixes.
71b60849a773dd68bdc015cb6a8ea1664d16b359 08-Apr-2013 Timo Sirainen <tss@iki.fi>

lib-ssl-iostream: Added ssl_iostream_has_handshake_failed()
3b4bd183cc469f70eb91d82a7f01f60ffc24ca5b 04-Apr-2013 Timo Sirainen <tss@iki.fi>

lib-ssl-iostream: Added support for TLS SNI, which caused some API changes.
ac645fe16c0619771c0a961db91df16485513c52 04-Apr-2013 Timo Sirainen <tss@iki.fi>

lib-ssl-iostream: ssl_iostream_set_handshake_callback() API changed. The callback can now return the error message to caller instead of having to log it itself.
ba1c847d0af4afe4787ed470d0c818e948e184e2 04-Apr-2013 Timo Sirainen <tss@iki.fi>

lib-ssl-iostream: API changes to return error strings if init() functions fail. This also fixed a couple of broken error handlings.
3faa1040e5a3f9f35ffad29110216094ab2f5880 06-Nov-2012 Timo Sirainen <tss@iki.fi>

lib-ssl-iostream now dynamically loads openssl library instead of linking to it. This allowed removing the separate libdovecot-ssl library. In future if GnuTLS/NSS support is added it would also allow switching between them dynamically.
739125f23e3312045e620014812fe2249a309cc4 12-Oct-2012 Timo Sirainen <tss@iki.fi>

lib-ssl-iostream: Make the input buffering behave the same as in file-istream Previously i_stream_read(ssl_input) could have still left some data buffered into the underlying file-istream, which meant that I/O loop didn't detect any new input from the fd and the connection got stuck.
6a4212e6d7c41de83bcac63edec3118e6a7a0f68 28-Jul-2012 Timo Sirainen <tss@iki.fi>

lib-ssl-iostream: Added protocols setting.
831f3bcdde51fa388462eda1daa555e90651ca2e 08-Nov-2011 Timo Sirainen <tss@iki.fi>

login proxy: Verify that remote hostname matches SSL cert, unless ssl=any-cert
ed41ec8aa0efaa50954fd16cb44c86c8350dadcc 20-Sep-2011 Timo Sirainen <tss@iki.fi>

lib-ssl-iostream: Don't require SSL ostream to always have unlimited buffer size. It's important when reading/handshaking wants to write to output buffer, but writing itself can safely have zero sized buffer (e.g. while sending a large input stream).
c2c0c1e5d2e97ae114ad83d8cb486b0aab23ac38 07-Sep-2011 Timo Sirainen <tss@iki.fi>

lib-ssl-iostream: If plain stream disconnects, disconnect SSL stream also.
21fed972adb354b92771eefad27f8ac8cbd5dd45 06-Sep-2011 Timo Sirainen <tss@iki.fi>

lib-ssl-iostream: Code cleanups, fixes, asserts and comments.
e98de01b5644c88b6053e2921eb5e9a506fe263f 31-Jan-2011 Timo Sirainen <tss@iki.fi>

Added lib-ssl-iostream for handling SSL connections more easily.