| 33631b9b711b95ee47bd4ddbdb419f46a12cebe4 |
|
28-Dec-2017 |
Aki Tuomi <aki.tuomi@dovecot.fi> |
lib-ssl-iostream: Add accessors for additional SSL protocol details
This is needed in order to send these details as fields to auth process |
| 976dee5384c4827dc648c9bc53825390521c388e |
|
11-Dec-2017 |
Martti Rannanjärvi <martti.rannanjarvi@dovecot.fi> |
Replace ssl_protocols config option with ssl_min_protocol
Default to TLSv1. |
| 9c04998b7bb4291652b5ea8de1aa82889f1016b5 |
|
07-Nov-2017 |
Timo Sirainen <timo.sirainen@dovecot.fi> |
lib-ssl-iostream: Remove obsolete ssl_iostream_context_deinit() |
| 15aa67e8a9dd7fc631d58ce13c54fe004bb4d0c1 |
|
07-Nov-2017 |
Timo Sirainen <timo.sirainen@dovecot.fi> |
lib-ssl-iostream: Add io_stream_ssl_global_init() |
| 14a07d2bb34f1d52fce3e3218799f271f118d501 |
|
07-Nov-2017 |
Timo Sirainen <timo.sirainen@dovecot.fi> |
lib-ssl-iostream: Add TLS SNI callback and a way to change SSL context |
| 6315f87da1b28578d2deb4d51aa624dc178efb0a |
|
07-Nov-2017 |
Timo Sirainen <timo.sirainen@dovecot.fi> |
lib-ssl-iostream: ssl_iostream_cert_match_name() - add reason_r parameter
The callers were also changed to add the reason to error messages. |
| 18344a653fb063e599e24d1e9f7d5db4d8fd7b45 |
|
07-Nov-2017 |
Timo Sirainen <timo.sirainen@dovecot.fi> |
lib-ssl-iostream: ssl_iostream_cert_match_name() - Change to return bool
The return value makes much more sense as a boolean TRUE/FALSE than 0/-1. |
| 86cc86047bee861a6f7fc3a9cfdb8600b984732e |
|
07-Nov-2017 |
Timo Sirainen <timo.sirainen@dovecot.fi> |
lib-ssl-iostream: Add ssl_iostream_context cache
This can be used to easily get a shared ssl_iostream_context for either
server or client. There's no upper size limit for the cache. |
| 96359599bbd4a2d704c3f343ff4c2fcd03f0dd02 |
|
07-Nov-2017 |
Timo Sirainen <timo.sirainen@dovecot.fi> |
lib-ssl-iostream: Add refcounting to ssl_iostream_context |
| 15d19d6e4daf460d8d2c82b981e23996dbdf7ba5 |
|
07-Nov-2017 |
Timo Sirainen <timo.sirainen@dovecot.fi> |
global: Rename ssl_iostream_context_deinit() to ssl_iostream_context_unref() |
| 25aa88dd96482cb1a135d3e962b7936500dcaab5 |
|
07-Nov-2017 |
Timo Sirainen <timo.sirainen@dovecot.fi> |
lib-ssl-iostream: ssl_iostream_settings_dup() - rewrite using string offsets array
This array will be useful for other purposes as well. |
| cfa1edd025234945720dfd2834710a8bbb24d906 |
|
07-Nov-2017 |
Timo Sirainen <timo.sirainen@dovecot.fi> |
lib-ssl-iostream: Add ssl_iostream_settings_init_from()
This allows duplicating settings to an already existing struct without
having to allocate it. |
| 4c21d44ce3ccbd4f9851a9b87b0b93c5f6e8cf5e |
|
07-Nov-2017 |
Timo Sirainen <timo.sirainen@dovecot.fi> |
lib-ssl-iostream: Add stream/context comments to all ssl_iostream_settings |
| 4584a00276941db3f64c4db1a1bed91fe107af81 |
|
01-Nov-2017 |
Timo Sirainen <timo.sirainen@dovecot.fi> |
lib-ssl-iostream: Verify SSL server's hostname against cert if it's non-NULL
The hostname verification was skipped when handshake-callback wasn't used.
All of the existing code used the callback though, so this doesn't fix
any bugs. |
| 997b30e4099704d2dbe3402b890a892b71b1d640 |
|
31-Oct-2017 |
Aki Tuomi <aki.tuomi@dovecot.fi> |
lib-ssl-iostream: Expose ssl_module_load
We need to load SSL module before we chroot in
login-common. |
| 48e243933060ae3e77abbdc9c0fd0bc2143be26e |
|
31-Oct-2017 |
Aki Tuomi <aki.tuomi@dovecot.fi> |
lib-ssl-iostream: Add get_compression accessor
This is needed by login-common |
| 978edad8fbaebab8cac435ec7e2dbf330b5d1170 |
|
31-Oct-2017 |
Aki Tuomi <aki.tuomi@dovecot.fi> |
lib-ssl-iostream: Allow skipping CRL check |
| 0577701d04beea222fc49a7318851ddcea3b99d3 |
|
31-Oct-2017 |
Aki Tuomi <aki.tuomi@dovecot.fi> |
lib-ssl-iostream: Add alternate certificate support |
| 9f7ba3807f77209a65e0faa56cac8545b06cd116 |
|
31-Oct-2017 |
Aki Tuomi <aki.tuomi@dovecot.fi> |
global: Splice cert into separate struct from iostream_ssl_settings |
| c4d66e8ccbb8440622f1a70791ed2a8f99659af1 |
|
19-Jan-2017 |
Juha Koho <juha.koho@trineco.fi> |
ssl: add ssl_curve_list setting for selecting ECHDE curves |
| 61969c3073f147352a3b99297208e3690080a4d6 |
|
10-Aug-2016 |
Aki Tuomi <aki.tuomi@dovecot.fi> |
lib-ssl-iostream: Read dh parameters from PEM string |
| 00b722cca0601adadfbc653711b405b03e017e09 |
|
10-Aug-2016 |
Aki Tuomi <aki.tuomi@dovecot.fi> |
dovecot: Remove ssl-params |
| 095481fee84040436ce2dccca472c9bb1df4d5bb |
|
16-Jun-2016 |
Timo Sirainen <timo.sirainen@dovecot.fi> |
lib-ssl-iostream: Changed require_valid_cert -> allow_invalid_cert
We should default to being safe. |
| 173d1d74736ec822158165bef66d312bb62f2152 |
|
07-May-2016 |
Martti Rannanjärvi <martti.rannanjarvi@dovecot.fi> |
lib-ssl-iostream: move ssl_iostream_settings_dup to iostream-ssl.c |
| ea6bcfde34e4cced9b42f1b4f5140a47752cb0ab |
|
21-Oct-2015 |
Timo Sirainen <tss@iki.fi> |
ssl_options: Added support for no_ticket |
| 7ef7f34c38954020004e2b25b4ce8f54b4bcf8f3 |
|
01-Nov-2014 |
Timo Sirainen <tss@iki.fi> |
lib-ssl-iostream: Added dh_length parameter to ssl_iostream_generate_params()
This is an API change, but nobody was actually using this function. |
| 9864489d143fafe6f08f6a6d98a478d36458aa98 |
|
03-Jul-2014 |
Phil Carmody <phil@dovecot.fi> |
openssl: optionally disable TLS compression
Make ssl compression optional, but enabled by default. Other ssl options
might be tweakable in the future, so have a single ssl_options string,
and explode it into individual flags. (Compare postfix configuration.)
Based on an idea by Andreas Schulze <sca@andreasschulze.de>
Signed-off-by: Phil Carmody <phil@dovecot.fi> |
| f974134f495e47ba7173f5b0f75fbd5cbacf1fe2 |
|
22-Sep-2013 |
Timo Sirainen <tss@iki.fi> |
Added ssl_prefer_server_ciphers setting. |
| 71b60849a773dd68bdc015cb6a8ea1664d16b359 |
|
08-Apr-2013 |
Timo Sirainen <tss@iki.fi> |
lib-ssl-iostream: Added ssl_iostream_has_handshake_failed() |
| 56d1345c43bbd28c36b7faa85e4163bd9e874290 |
|
07-Apr-2013 |
Timo Sirainen <tss@iki.fi> |
Added ssl_client_ca_file to specify the CA certs as a file instead of as a dir.
This is required for Redhat-based systems where there isn't a CA directory
like in Debian/Ubuntu. |
| b4d850a0ffd519c1c745557568daf7d48e18c820 |
|
04-Apr-2013 |
Timo Sirainen <tss@iki.fi> |
lib-ssl-iostream: Simplified certificate validation. Also give better error messages. |
| 3b4bd183cc469f70eb91d82a7f01f60ffc24ca5b |
|
04-Apr-2013 |
Timo Sirainen <tss@iki.fi> |
lib-ssl-iostream: Added support for TLS SNI, which caused some API changes. |
| ac645fe16c0619771c0a961db91df16485513c52 |
|
04-Apr-2013 |
Timo Sirainen <tss@iki.fi> |
lib-ssl-iostream: ssl_iostream_set_handshake_callback() API changed.
The callback can now return the error message to caller instead of having to
log it itself. |
| ba1c847d0af4afe4787ed470d0c818e948e184e2 |
|
04-Apr-2013 |
Timo Sirainen <tss@iki.fi> |
lib-ssl-iostream: API changes to return error strings if init() functions fail.
This also fixed a couple of broken error handlings. |
| 6a4212e6d7c41de83bcac63edec3118e6a7a0f68 |
|
28-Jul-2012 |
Timo Sirainen <tss@iki.fi> |
lib-ssl-iostream: Added protocols setting. |
| 38f1423a23f6c9a37c01152595ce3ca8a0a65121 |
|
28-Jul-2012 |
Timo Sirainen <tss@iki.fi> |
lib-ssl-iostream: Added ssl_iostream_destroy() to do a clean SSL shutdown. |
| cd5d9e833554e831095d0e52d32f433b674e1e73 |
|
24-Nov-2011 |
Timo Sirainen <tss@iki.fi> |
lib-ssl-iostream: Added crypto_device setting to set OpenSSL engine.
Multiple engines aren't supported, so the first crypto_device value gets
used for all SSL connections. |
| 1c4f8e4c4e5f3a5f05692a2d5c57f96a5b612f3d |
|
06-Sep-2011 |
Timo Sirainen <tss@iki.fi> |
lib-ssl-iostream: Added ssl_iostream_cert_match_name() |
| e98de01b5644c88b6053e2921eb5e9a506fe263f |
|
31-Jan-2011 |
Timo Sirainen <tss@iki.fi> |
Added lib-ssl-iostream for handling SSL connections more easily. |