isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,198 Commits 1 Branch 0 Tags
edf30c727398f8de75f5b366c47cc4ebe7ee25d0
Commit Graph

7 Commits

Author SHA1 Message Date
Todd C. Miller
4e0b77be4b tls_init.c: use SSL_CTX_set0_tmp_dh_pkey if present. 
Fixes a warning on OpenSSL 3.0 and plugs a memory leak of dhparams
on config reload.
 2021-09-17 10:55:06 -06:00
Todd C. Miller
aee82efe45 Display the correct error message if X509_verify_cert() fails. 
We must use X509_STORE_CTX_get_error() and X509_verify_cert_error_string()
instead of the generic OpenSSL error functions.
 2021-07-27 14:49:28 -06:00
Todd C. Miller
36fbb13c4c Use TLS_method() instead of TLS_client_method() throughout. 
OpenSSL returns an error for SSL_accept() if TLS_client_method()
was used to generate the context (LibreSSL doesn't care).

Prior to sudo 1.9.7, TLS_client_method() and TLS_server_method()
were used in the TLS client and server initialization code respectively.
This was refactored in sudo 1.9.7 to allow the code to be shared.
Bug #988
 2021-07-26 13:40:25 -06:00
Todd C. Miller
5a3bbba12b Use sudo_warnx?() instead of sudo_debug_printf for errors. 
We now hook the warn functions so the messages are logged.
The messages still show up in the debug log too.
 2021-06-15 13:58:12 -06:00
Todd C. Miller
8f0c16f06e Only initialize the SSL library once. 2021-04-08 15:14:13 -06:00
Todd C. Miller
d92610ee43 Rename LOGSRVD_DEFAULT_CIPHER_LST13 to DEFAULT_CIPHER_LST13 2021-04-06 17:03:30 -06:00
Todd C. Miller
71e5275a1c Move common TLS initialization code to tls_init.c. 2021-03-10 16:29:27 -07:00