Tobias Brunner
|
a7f2818832
|
tls-socket: Allow configuring both minimum and maximum TLS versions
|
2021-02-12 11:45:44 +01:00 |
Tobias Brunner
|
c4576a1f57
|
tls: Allow setting both minimum and maximum TLS versions
This allows to increase the initial minimum version and also prevents
sending a list of versions during retries when 1.3 was already
negotiated.
|
2021-02-12 11:45:44 +01:00 |
Tobias Brunner
|
479c85d569
|
libtls: Remove unused variable in TLS socket implementation
Not used anymore since c43e8fdec4 ("Block TLS read when sending data,
but have to wait for the handshake data first").
|
2020-03-06 10:30:16 +01:00 |
Martin Willi
|
4ef819a379
|
libtls: Catch POLLHUP/NVAL in TLS socket splicing
If one of the sockets gets disconnected, some systems return POLLHUP. Signal
the socket as ready to let the read/write call fail properly.
|
2014-11-28 15:53:50 +01:00 |
Martin Willi
|
10743ac9d6
|
libtls: Use poll(2) instead of select() in tls_socket
|
2014-11-21 12:02:07 +01:00 |
Martin Willi
|
e15f64cc81
|
tls: Support a maximum TLS version to negotiate using TLS socket abstraction
|
2014-04-01 14:28:55 +02:00 |
Martin Willi
|
5313880261
|
tls: Support a null encryption flag on TLS socket abstraction
|
2014-04-01 14:28:55 +02:00 |
Andreas Steffen
|
9dc3b2053d
|
Optimize TLS socket buffer for TLS_MAX_FRAGMENT_LEN
|
2013-08-19 09:50:57 +02:00 |
Andreas Steffen
|
5a8dd63433
|
fixed typo
|
2013-03-27 22:56:37 +01:00 |
Tobias Brunner
|
79306b7e6e
|
Use proper integer types when handling TLS exchanges
tls_t.build takes a size_t argument not a ssize_t.
|
2013-03-22 11:40:57 +01:00 |
Martin Willi
|
257c80cb5b
|
Wrap tls_t.get_{server,peer}_id methods in tls_socket_t
|
2013-02-28 16:46:08 +01:00 |
Martin Willi
|
435348f406
|
Send TLS close notify during tls_socket_t destruction
|
2013-01-15 17:43:05 +01:00 |
Martin Willi
|
c43e8fdec4
|
Block TLS read when sending data, but have to wait for the handshake data first
|
2013-01-15 17:43:05 +01:00 |
Martin Willi
|
ee90c78998
|
Use a more POSIXy tls_socket interface with more flexibility.
If an unsufficient read buffer is provided, application data gets cached
for subsequent read() calls.
|
2013-01-15 17:43:05 +01:00 |
Tobias Brunner
|
f05b427265
|
Moved debug.[ch] to utils folder
|
2012-10-24 16:00:51 +02:00 |
Martin Willi
|
3a87c89b1b
|
Added a tls_socket_t.splice method to wrap a file descriptor into TLS
|
2011-12-31 13:14:49 +01:00 |
Martin Willi
|
6a5c86b7ad
|
Implemented TLS session resumption both as client and as server
|
2011-12-31 13:14:49 +01:00 |
Martin Willi
|
6b01216422
|
Added a getter for the tls_socket file descriptor
|
2011-12-24 12:42:25 +01:00 |
Andreas Steffen
|
7e432eff6b
|
renamed tls_reader|writer to bio_* and moved to libstrongswan
|
2011-05-31 15:46:51 +02:00 |
Martin Willi
|
ecd98efa9d
|
Support output fragmentation of TLS records
|
2010-08-31 15:54:37 +02:00 |
Martin Willi
|
17102f7b58
|
Added a simple high level TLS wrapper for sockets
|
2010-08-25 12:52:53 +02:00 |