aboutsummaryrefslogtreecommitdiff
path: root/src/supplemental/tls/mbedtls/mbedtls.c
Commit message (Collapse)AuthorAge
* refactor/dtls: Use message oriented send/receive for DTLS.Garrett D'Amore2025-11-10
| | | | The protocol here needs to know and respect message boundaries.
* fixes #2173 New TLS cert API - replaces the properties for CN and ALTNAMES.Garrett D'Amore2025-10-05
| | | | | | This will replace the NNG_OPT_TLS_PEER_ALTNAMES and NNG_OPT_TLS_PEER_CN properties, and gives a bit more access to the certificate, as well as direct access to the raw DER form, which should allow use in other APIs.
* Various header file fixes... also fix compilation errors when HTTP is disabled.v2.0.0-alpha.6Garrett D'Amore2025-10-05
| | | | | | Also, some instances nni_aio are changed to nng_aio. We think we want to harmonize some of these types going forward as it will reduce the need to include headers hopefully letting us get away with just "defs.h" in more places.
* mbedtls: reduce logging for debug crypto to debug logGarrett D'Amore2025-09-14
| | | | Warning level was just too noisy.
* MbedTLS: CLOSE NOTIFY is not not really an error.Garrett D'Amore2025-08-25
| | | | The ECONNREFUSED result was causing consternation for some consumers.
* TLS: Remove support for dynamic engine initialization.Garrett D'Amore2025-06-21
| | | | | This saves some atomic lookups, and avoids possible races when the engine is not yet initialized or being torn down.
* Drop mbedtls CTR_DRBG pseudo-random number generator.Garrett D'Amore2025-06-21
| | | | | We never use or test this code, and its better to not have it if nobody is using it.
* fixes mbedtls 3.6.3 handshake with NULL server nameelijahr2025-06-02
| | | | | | | | | | | | | | | | An explicit call to `mbedtls_ssl_set_hostname(NULL)` is now required if the hostname should not be verified in handshake. From the mbedtls changelog: ``` = Mbed TLS 3.6.3 branch released 2025-03-24 Default behavior changes * In TLS clients, if mbedtls_ssl_set_hostname() has not been called, mbedtls_ssl_handshake() now fails with MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME if certificate-based authentication of the server is attempted. This is because authenticating a server without knowing what name to expect is usually insecure. To restore the old behavior, either call mbedtls_ssl_set_hostname() with NULL as the hostname, or enable the new compile-time option MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME. ```
* Introduce DTLS transport for NNG.Garrett D'Amore2025-06-01
This introduces a new experimental transport for DTLS, that provides encryption over UDP. It has a simpler protocol than the current UDP SP protocol (but we intend to fix that by making the UDP transport simpler in a follow up!) There are a few other fixes in the TLS layer itself, and in the build, that were needed to accomplish this work. Also there was an endianness bug in the UDP protocol handling, which is fixed here.
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2026-01-19 21:58:04 +0000