summaryrefslogtreecommitdiffstats
path: root/tcpd/libcouriertls.c
AgeCommit message (Collapse)Author
2022-01-15Set an ALARM timer to kill libcouriertls.Sam Varshavchik
2021-02-20Add support for ALPN.Sam Varshavchik
2021-02-20Fix access(NULL) call, and a memory leak.Sam Varshavchik
Seems to be harmless. The memory leak is in a standalong couriertls process, which is mostly a nothing-burger.
2020-12-10Fix macros.Sam Varshavchik
2020-12-06LibreSSL compilation error.Sam Varshavchik
2020-12-01Adding special TLS protocol names that disable client renegotiation.Andrej Podzimek
2020-05-12Fix manual hostname checking.Sam Varshavchik
2020-05-09Fix spurious message.Sam Varshavchik
2020-04-20Fix TLS client connections.Sam Varshavchik
2019-12-10Restore OpenSSL 1.1, and earlier support.Sam Varshavchik
Restores code that c8115514b4830a668ce726b2fcb8ab4a3d438ec9 removed, but make it conditionally compiled. Have configure.ac autodetect the openssl version. Correctly UTF8-ize SSL_set_tlsext_host_name()'s parameter.
2019-10-08Use OpenSSL to verify hostnames.Sam Varshavchik
2019-02-03Add subject alternative name checking. Implement override_vars option.Sam Varshavchik
2019-01-08Ignore unreadable cert files.Sam Varshavchik
2018-09-26Additional fixes.Sam Varshavchik
2018-09-12[impl] added TLS_PRIVATE_KEYFILE (OpenSSL)Yoshinari Takaoka
2017-07-25Partially revert de2a130974e1a76daa1893e18442154c7fc90321.Sam Varshavchik
Put back TLS_PROTOCOL, but use only SSLv23_method, replacing deprecated methods with stubs for their + versions.
2017-07-16Finalize openssl 1.1.0 by removing TLS_PROTOCOL altogether.Sam Varshavchik
2017-07-12Another bunch of openssl 1.1.0 fixes.Sam Varshavchik
2017-03-15Fix TLS verification when DNS lookup comes back with CNAMEs.Sam Varshavchik
2017-02-18OpenSSL API update.Sam Varshavchik
2017-02-07OpenSSL API update.Sam Varshavchik
2016-09-20OpenSSL: remove old deinitialization functionsSam Varshavchik
2016-04-30Fix server-side openssl SNI.Sam Varshavchik
Must use SSL_set_SSL_CTX(), instead of loading new certificate into the same CTX. Can't pass the same CTX, because SSL_set_SSL_CTX checks that, and returns without doing anything. Create a 2nd CTX, temporarily attach it to the SSL object, update the certificate in the original CTX, then use SSL_set_SSL_CTX again. Remove redundant call to SSL_CTX_set_session_cache_mode.
2016-04-29Remove debugging message.Sam Varshavchik
2016-04-23Stop using SSL2 and SSL3 openssl configuration methods.Sam Varshavchik
2016-03-04OpenSSL: add support for the TLS SNI extension.Sam Varshavchik
2015-07-31Check if SSLv3 is available.Sam Varshavchik
2015-05-22Drop SSLV3Sam Varshavchik
2014-10-21tcpd/libcouriertls.c: add additional protocol strings, options.Sam Varshavchik
2014-10-15tcpd/libcouriertls.c: disable SSLv3Sam Varshavchik
2014-09-21libcouriertls.c: initialize temporary ecdh parameters.Sam Varshavchik
2014-07-13Minor compilation fixes. Basd on patch from Giovanni Bechis <giovanni@paclan.it>Sam Varshavchik
2013-11-10Update DH parameter configuration scripts.Sam Varshavchik
* libs/tcpd/libcouriergnutls.c, libs/tcpd/libcouriertls.c: remove the TLS_DHCERTFILE setting, and use TLS_CERTFILE for all functionality. Read DH parameters from TLS_CERTFILE, or from the new TLS_DHPARAMS environment variable. * mkdhparams: New script that generates DH parameters into a standalone file. * Remove TLS_DHCERTFILE setting from imapd-ssl, pop3d-ssl, esmtpd and esmtpd-ssl. Add TLS_DHPARAMS. * Update imapd.cnf.openssl, pop3d.cnf.openssl, esmtpd.cnf.openssl, set default number of bits for RSA keys to 4096.
2013-10-142013-10-14 Sam Varshavchik <mrsam@courier-mta.com>Sam Varshavchik
* libs/tcpd/libcouriertls.c (tls_create): Add TLSv1_1_method() and TLSv1_2 method(), based on patch by Rob Austein <sra@hactrn.net>. * pop3d-ssl.dist.in, imapd-ssl.dist.in: Fix up differences in the documentation of TLS options in various config files.
2013-08-25Initial checkinSam Varshavchik
Imported from subversion report, converted to git. Updated all paths in scripts and makefiles, reflecting the new directory hierarchy.
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-30 21:21:17 +0000