Fri, 28 Feb 2020 13:09:52 +0300 |
Sergey Kandaurov |
AEAD routines, introduced ngx_quic_tls_open()/ngx_quic_tls_seal().
quic
|
Fri, 28 Feb 2020 13:09:52 +0300 |
Sergey Kandaurov |
Introduced ngx_quic_secret_t.
quic
|
Fri, 28 Feb 2020 13:09:52 +0300 |
Sergey Kandaurov |
QUIC handshake handler, draft 24 bump.
quic
|
Fri, 28 Feb 2020 13:09:52 +0300 |
Sergey Kandaurov |
PN-aware AEAD nonce, feeding proper CRYPTO length.
quic
|
Fri, 28 Feb 2020 13:09:51 +0300 |
Sergey Kandaurov |
OpenSSL compatibility.
quic
|
Fri, 28 Feb 2020 13:09:51 +0300 |
Sergey Kandaurov |
QUIC add_handshake_data callback, varint routines.
quic
|
Fri, 28 Feb 2020 13:09:51 +0300 |
Sergey Kandaurov |
QUIC set_encryption_secrets callback.
quic
|
Fri, 28 Feb 2020 13:09:51 +0300 |
Sergey Kandaurov |
Initial QUIC support in http.
quic
|
Wed, 08 Mar 2023 22:22:47 +0300 |
Maxim Dounin |
SSL: logging levels of errors observed with BoringSSL.
|
Wed, 08 Mar 2023 22:22:34 +0300 |
Maxim Dounin |
SSL: logging levels of errors observed with tlsfuzzer and LibreSSL.
|
Wed, 08 Mar 2023 22:21:59 +0300 |
Maxim Dounin |
SSL: logging levels of various errors reported with tlsfuzzer.
|
Wed, 08 Mar 2023 22:21:53 +0300 |
Maxim Dounin |
SSL: switched to detect log level based on the last error.
|
Thu, 01 Dec 2022 04:22:31 +0300 |
Maxim Dounin |
SSL: fixed ngx_ssl_recv() to reset c->read->ready after errors.
|
Thu, 24 Nov 2022 23:08:30 +0400 |
Sergey Kandaurov |
SSL: fixed debug logging of SSL_sendfile() return value.
|
Thu, 13 Oct 2022 16:18:56 +0400 |
Sergey Kandaurov |
SSL: removed cast not needed after 5ffd76a9ccf3.
|
Wed, 12 Oct 2022 20:14:57 +0300 |
Maxim Dounin |
SSL: workaround for session timeout handling with TLSv1.3.
|
Wed, 12 Oct 2022 20:14:55 +0300 |
Maxim Dounin |
SSL: optimized rotation of session ticket keys.
|
Wed, 12 Oct 2022 20:14:53 +0300 |
Maxim Dounin |
SSL: automatic rotation of session ticket keys.
|
Wed, 12 Oct 2022 20:14:51 +0300 |
Maxim Dounin |
SSL: shorter debug messages about session tickets.
|
Wed, 12 Oct 2022 20:14:49 +0300 |
Maxim Dounin |
SSL: renamed session ticket key functions and data index.
|
Wed, 12 Oct 2022 20:14:47 +0300 |
Maxim Dounin |
SSL: renamed session ticket key type.
|
Wed, 12 Oct 2022 20:14:43 +0300 |
Maxim Dounin |
SSL: explicit clearing of expired sessions.
|
Wed, 12 Oct 2022 20:14:40 +0300 |
Maxim Dounin |
SSL: single allocation in session cache on 32-bit platforms.
|
Wed, 12 Oct 2022 20:14:39 +0300 |
Maxim Dounin |
SSL: explicit session id length checking.
|
Wed, 12 Oct 2022 20:14:37 +0300 |
Maxim Dounin |
SSL: updated comment about session sizes.
|
Wed, 12 Oct 2022 20:14:36 +0300 |
Maxim Dounin |
SSL: reduced logging of session cache failures (ticket #621).
|
Wed, 12 Oct 2022 20:14:34 +0300 |
Maxim Dounin |
SSL: disabled saving tickets to session cache.
|
Thu, 08 Sep 2022 13:53:49 +0400 |
Sergey Kandaurov |
SSL: silenced GCC warnings when building with BoringSSL.
|
Wed, 07 Sep 2022 00:47:17 +0300 |
Maxim Dounin |
Win32: fixed build on Windows with OpenSSL 3.0.x (ticket #2379).
|
Wed, 07 Sep 2022 00:44:10 +0300 |
Maxim Dounin |
SSL: fixed incorrect usage of #if instead of #ifdef.
|
Tue, 09 Aug 2022 17:13:46 -0300 |
Murilo Andrade |
SSL: logging level of "bad record type" errors.
|
Tue, 12 Jul 2022 15:55:22 +0300 |
Maxim Dounin |
SSL: logging levels of various errors added in OpenSSL 1.1.1.
|
Tue, 08 Feb 2022 17:35:27 +0300 |
Sergey Kandaurov |
SSL: logging level of "application data after close notify".
|
Mon, 24 Jan 2022 17:18:50 +0300 |
Maxim Dounin |
SSL: always renewing tickets with TLSv1.3 (ticket #1892).
|
Mon, 17 Jan 2022 17:05:12 +0300 |
Sergey Kandaurov |
SSL: free pkey on SSL_CTX_set0_tmp_dh_pkey() failure.
|
Mon, 27 Dec 2021 19:49:26 +0300 |
Maxim Dounin |
Support for sendfile(SF_NOCACHE).
|
Mon, 27 Dec 2021 19:48:42 +0300 |
Maxim Dounin |
SSL: SSL_sendfile(SF_NODISKIO) support.
|
Mon, 01 Nov 2021 18:09:34 +0300 |
Sergey Kandaurov |
SSL: $ssl_curve (ticket #2135).
|
Thu, 21 Oct 2021 18:44:07 +0300 |
Maxim Dounin |
SSL: SSL_sendfile() support with kernel TLS.
|
Thu, 21 Oct 2021 18:43:13 +0300 |
Maxim Dounin |
Style: added missing "static" specifiers.
|
Tue, 19 Oct 2021 12:19:59 +0300 |
Vladimir Homutov |
Stream: the "ssl_alpn" directive.
|
Thu, 14 Oct 2021 11:46:23 +0300 |
Vladimir Homutov |
SSL: added $ssl_alpn_protocol variable.
|
Tue, 10 Aug 2021 23:43:17 +0300 |
Sergey Kandaurov |
SSL: removed use of the SSL_OP_MSIE_SSLV2_RSA_PADDING option.
|
Tue, 10 Aug 2021 23:43:17 +0300 |
Sergey Kandaurov |
SSL: removed export ciphers support.
|
Tue, 10 Aug 2021 23:43:17 +0300 |
Sergey Kandaurov |
SSL: use of the SSL_OP_IGNORE_UNEXPECTED_EOF option.
|
Tue, 10 Aug 2021 23:43:16 +0300 |
Sergey Kandaurov |
SSL: ERR_peek_error_line_data() compatibility with OpenSSL 3.0.
|
Tue, 10 Aug 2021 23:43:16 +0300 |
Sergey Kandaurov |
SSL: using SSL_CTX_set0_tmp_dh_pkey() with OpenSSL 3.0 in dhparam.
|
Tue, 10 Aug 2021 23:42:59 +0300 |
Sergey Kandaurov |
SSL: RSA data type is deprecated in OpenSSL 3.0.
|
Wed, 04 Aug 2021 21:27:51 +0300 |
Sergey Kandaurov |
SSL: SSL_CTX_set_tmp_dh() error handling.
|
Tue, 03 Aug 2021 20:50:30 +0300 |
Maxim Dounin |
SSL: set events ready flags after handshake.
|
Tue, 01 Jun 2021 17:37:51 +0300 |
Maxim Dounin |
Fixed SSL logging with lingering close.
|
Tue, 01 Jun 2021 17:37:49 +0300 |
Maxim Dounin |
SSL: ngx_ssl_shutdown() rework.
|
Sat, 20 Feb 2021 18:03:04 +0300 |
Maxim Dounin |
SSL: added check for debugging.
|
Sat, 20 Feb 2021 18:02:54 +0300 |
Maxim Dounin |
SSL: added missed error reporting during variables evaluation.
|
Sat, 20 Feb 2021 18:02:49 +0300 |
Maxim Dounin |
SSL: X509_NAME_oneline() error handling.
|
Tue, 08 Dec 2020 01:43:36 +0300 |
Ruslan Ermilov |
SSL: fixed SSL shutdown on lingering close.
|
Wed, 28 Oct 2020 10:56:11 +0300 |
Vladimir Homutov |
Core: added format specifiers to output binary data as hex.
|
Thu, 22 Oct 2020 18:02:28 +0300 |
Maxim Dounin |
SSL: ssl_reject_handshake directive (ticket #195).
|
Thu, 22 Oct 2020 18:00:22 +0300 |
Maxim Dounin |
SSL: ssl_conf_command directive.
|
Wed, 16 Sep 2020 18:26:25 +0300 |
Maxim Dounin |
SSL: disabled shutdown when there are buffered data.
|
Wed, 16 Sep 2020 18:26:24 +0300 |
Maxim Dounin |
SSL: disabled shutdown after connection errors.
|
Wed, 16 Sep 2020 18:26:23 +0300 |
Maxim Dounin |
SSL: fixed event handling during shutdown.
|
Wed, 16 Sep 2020 18:26:22 +0300 |
Maxim Dounin |
SSL: workaround for incorrect SSL_write() errors in OpenSSL 1.1.1.
|
Mon, 10 Aug 2020 18:52:09 +0300 |
Maxim Dounin |
SSL: fixed shutdown handling.
|
Mon, 29 Jun 2020 17:15:51 +0300 |
Maxim Dounin |
SSL: fixed unexpected certificate requests (ticket #2008).
|
Wed, 03 Jun 2020 19:11:32 +0300 |
Maxim Dounin |
SSL: added verify callback to ngx_ssl_trusted_certificate().
|
Fri, 22 May 2020 17:30:12 +0300 |
Roman Arutyunyan |
SSL: client certificate validation with OCSP (ticket #1534).
|
Fri, 27 Dec 2019 19:43:01 +0300 |
Maxim Dounin |
SSL: reworked posted next events again.
|
Tue, 24 Dec 2019 17:24:59 +0300 |
Maxim Dounin |
SSL: reworked posted next events.
|
Thu, 17 Oct 2019 16:02:24 +0300 |
Maxim Dounin |
SSL: available bytes handling (ticket #1431).
|
Thu, 17 Oct 2019 16:02:13 +0300 |
Maxim Dounin |
SSL: improved ngx_ssl_recv_chain() to stop if c->read->ready is 0.
|
Fri, 16 Aug 2019 18:16:21 +0300 |
Maxim Dounin |
SSL: lowered log level for WSAECONNABORTED errors on Windows.
|
Mon, 11 Apr 2016 15:46:36 +0300 |
Sergey Kandaurov |
SSL: removed OpenSSL 0.9.7 compatibility.
|
Tue, 26 Mar 2019 09:33:57 +0300 |
Nikolay Morozov |
SSL: missing free calls in $ssl_client_s_dn and $ssl_client_i_dn.
|
Sat, 09 Mar 2019 03:03:56 +0300 |
Maxim Dounin |
SSL: support for parsing PEM certificates from memory.
|
Sat, 09 Mar 2019 02:55:43 +0300 |
Maxim Dounin |
SSL: removed redundant "pkey" variable.
|
Sun, 03 Mar 2019 16:49:02 +0300 |
Maxim Dounin |
SSL: use of the SSL_OP_NO_CLIENT_RENEGOTIATION option.
|
Sun, 03 Mar 2019 16:48:06 +0300 |
Maxim Dounin |
SSL: server name callback changed to return fatal errors.
|
Mon, 25 Feb 2019 16:42:54 +0300 |
Maxim Dounin |
SSL: adjusted session id context with dynamic certificates.
|
Mon, 25 Feb 2019 16:42:23 +0300 |
Maxim Dounin |
SSL: passwords support for dynamic certificate loading.
|
Mon, 25 Feb 2019 16:41:44 +0300 |
Maxim Dounin |
SSL: loading of connection-specific certificates.
|
Mon, 25 Feb 2019 16:41:28 +0300 |
Maxim Dounin |
SSL: reworked ngx_ssl_certificate().
|
Mon, 25 Feb 2019 16:41:15 +0300 |
Maxim Dounin |
SSL: removed logging of empty "(SSL:)" in ngx_ssl_error().
|
Thu, 07 Feb 2019 19:39:35 +0300 |
Sergey Kandaurov |
SSL: fixed EVP_DigestFinal_ex() error message.
|
Thu, 31 Jan 2019 19:36:51 +0300 |
Maxim Dounin |
SSL: separate checks for errors in ngx_ssl_read_password_file().
|
Thu, 31 Jan 2019 19:28:07 +0300 |
Ruslan Ermilov |
SSL: explicitly zero out session ticket keys.
|
Tue, 18 Dec 2018 15:15:15 +0300 |
Sergey Kandaurov |
SSL: avoid reading on pending SSL_write_early_data().
|
Tue, 23 Oct 2018 22:11:48 +0300 |
Maxim Dounin |
SSL: explicitly set maximum version (ticket #1654).
stable-1.14
|
Tue, 07 Aug 2018 02:15:28 +0300 |
Maxim Dounin |
SSL: enabled TLSv1.3 with BoringSSL.
stable-1.14
|
Tue, 25 Sep 2018 14:00:04 +0300 |
Maxim Dounin |
SSL: logging level of "no suitable signature algorithm".
stable-1.14
|
Tue, 25 Sep 2018 13:59:53 +0300 |
Maxim Dounin |
SSL: logging level of "no suitable key share".
stable-1.14
|
Mon, 16 Jul 2018 17:47:20 +0300 |
Maxim Dounin |
SSL: fixed SSL_clear_options() usage with OpenSSL 1.1.0+.
stable-1.14
|
Mon, 16 Jul 2018 17:47:18 +0300 |
Maxim Dounin |
SSL: logging levels of "unsupported protocol", "version too low".
stable-1.14
|
Thu, 05 Jul 2018 20:45:29 +0300 |
Maxim Dounin |
SSL: logging level of "https proxy request" errors.
stable-1.14
|
Thu, 15 Nov 2018 21:28:02 +0300 |
Maxim Dounin |
Core: ngx_explicit_memzero().
|
Tue, 23 Oct 2018 22:11:48 +0300 |
Maxim Dounin |
SSL: explicitly set maximum version (ticket #1654).
|
Tue, 25 Sep 2018 14:07:59 +0300 |
Ruslan Ermilov |
SSL: fixed unlocked access to sess_id->len.
|
Tue, 25 Sep 2018 14:00:04 +0300 |
Maxim Dounin |
SSL: logging level of "no suitable signature algorithm".
|
Tue, 25 Sep 2018 13:59:53 +0300 |
Maxim Dounin |
SSL: logging level of "no suitable key share".
|
Fri, 21 Sep 2018 20:49:12 +0300 |
Sergey Kandaurov |
SSL: support for TLSv1.3 early data with OpenSSL.
|
Fri, 21 Sep 2018 20:31:32 +0300 |
Maxim Dounin |
SSL: disabled renegotiation checks with SSL_OP_NO_RENEGOTIATION.
|
Mon, 10 Sep 2018 18:57:39 +0300 |
Maxim Dounin |
SSL: restore handlers after blocking.
|
Mon, 10 Sep 2018 18:57:19 +0300 |
Maxim Dounin |
SSL: corrected SSL_ERROR_WANT_WRITE / SSL_ERROR_WANT_READ logging.
|
Tue, 07 Aug 2018 02:16:07 +0300 |
Maxim Dounin |
SSL: support for TLSv1.3 early data with BoringSSL.
|
Tue, 07 Aug 2018 02:15:28 +0300 |
Maxim Dounin |
SSL: enabled TLSv1.3 with BoringSSL.
|
Tue, 17 Jul 2018 12:53:23 +0300 |
Sergey Kandaurov |
SSL: save sessions for upstream peers using a callback function.
|
Mon, 16 Jul 2018 17:47:48 +0300 |
Maxim Dounin |
SSL: use of the SSL_OP_NO_RENEGOTIATION option (ticket #1376).
|
Mon, 16 Jul 2018 17:47:20 +0300 |
Maxim Dounin |
SSL: fixed SSL_clear_options() usage with OpenSSL 1.1.0+.
|
Mon, 16 Jul 2018 17:47:18 +0300 |
Maxim Dounin |
SSL: logging levels of "unsupported protocol", "version too low".
|
Thu, 05 Jul 2018 20:45:29 +0300 |
Maxim Dounin |
SSL: logging level of "https proxy request" errors.
|
Wed, 06 Jun 2018 13:31:05 +0300 |
Sergey Kandaurov |
SSL: removed extra prototype.
|
Tue, 22 Aug 2017 17:36:12 +0300 |
Maxim Dounin |
SSL: fixed possible use-after-free in $ssl_server_name.
|
Tue, 22 Aug 2017 15:18:10 +0300 |
Maxim Dounin |
SSL: the $ssl_client_escaped_cert variable (ticket #857).
|
Wed, 09 Aug 2017 15:03:27 +0300 |
Sergey Kandaurov |
Fixed calls to ngx_open_file() in certain places.
|
Wed, 09 Aug 2017 14:59:46 +0300 |
Sergey Kandaurov |
Style.
|
Tue, 25 Jul 2017 17:21:59 +0300 |
Sergey Kandaurov |
SSL: fixed typo in the error message.
|
Wed, 03 May 2017 15:15:56 +0300 |
Sergey Kandaurov |
SSL: allowed renegotiation in client mode with OpenSSL < 1.1.0.
|
Tue, 18 Apr 2017 16:08:46 +0300 |
Sergey Kandaurov |
SSL: compatibility with OpenSSL master branch.
|
Tue, 18 Apr 2017 16:08:44 +0300 |
Sergey Kandaurov |
SSL: disabled renegotiation detection in client mode.
|
Tue, 18 Apr 2017 15:12:38 +0300 |
Sergey Kandaurov |
SSL: added support for TLSv1.3 in ssl_protocols directive.
|