summaryrefslogtreecommitdiff
path: root/cups/tls-darwin.c
Commit message (Collapse)AuthorAgeFilesLines
* Fix potential deadlock (OpenPrinting #243)Michael R Sweet2021-09-071-2/+3
|
* Sandboxed applications were not able to get the default printer (Issue #5676)Michael R Sweet2019-11-141-3/+4
| | | | | - Add "home" global pointing to the user's home directory. - Use it instead of getenv("HOME") everywhere we needed it.
* Clean up versioning and API documentation.Michael R Sweet2019-08-231-26/+1
|
* Fix whitespace errors (again).Michael R Sweet2019-04-251-17/+18
|
* Fix broken indentation.Michael R Sweet2019-04-171-1/+1
|
* Clean up some build issues on certain platforms.Michael R Sweet2019-03-211-106/+106
|
* Eliminate use of private macOS security headers/APIs (Issue #5516)Michael R Sweet2019-02-141-25/+11
| | | | | | | | Eliminate use of deprecated cssmErrorString function. Switch to using SecCertificateCreateWithData. Clean out unused private header availability checks.
* Fix some build issues with the "core" component selection (rdar://47394086)Michael R Sweet2019-01-231-38/+41
| | | | | | | | | | - Availability macros were incorrect. - Some driver headers/definitions were installed even when the core library does not contain them. - Fix up the macOS/iOS detection of keychain/API availability - just need to use the TARGET_OS_xxx macros instead. - When installing private headers, install config.h so that the private headers actually work.
* Fix iOS libcups builds (rdar://47386169)Michael R Sweet2019-01-181-1/+7
|
* Move private header includes to tls-darwin.c.Michael R Sweet2018-09-281-1/+44
|
* Don't set maximum TLS version unless it is <max. Support TLS 1.3.Michael R Sweet2018-06-151-5/+7
|
* Add issuer and signature algorithm to certificate string, show it in ↵Michael R Sweet2018-04-241-7/+68
| | | | tlscheck output.
* Setting the timeout should also timeout the TLS negotiationMichael R Sweet2018-02-201-4/+31
| | | | (rdar://34938533)
* Update HTTP implementation to support field values larger than HTTP_MAX_VALUEMichael R Sweet2018-01-101-2/+2
| | | | | | | | | | | | | | | | | | | | bytes (Issue #5216) cups/http-private.h: - Move all char * shadow variables to new fields array, rename old fields array to _fields (binary compatibility). cups/http.c: - Add new http_add_field that can handle appending values and allocating or clearing strings as needed. - Update httpSetField to use http_add_field. - Update _httpUpdate to use http_add_field instead of httpSetField. cups/request.c: - Fix checks for header fields. cups/tls-*.c: - Fix checks for Host header field.
* Fix TLS on macOS.Michael R Sweet2017-12-151-2/+2
|
* License change: Apache License, Version 2.0.Michael R Sweet2017-11-071-7/+1
|
* Support the latest HTTP Digest authentication specification (Issue #4862)Michael R Sweet2017-11-061-4/+1
| | | | | | | | | | | | | | | | | | | | | | | Also deprecates all httpMD5* functions. - cgi-bin/var.c: Use cupsHashData to compute SID hash. - cups/auth.c: Rewrite WWW-Authenticate parser to support multiple auth schemes and the new RFC 7616 version of HTTP Digest. - cups/cups.h: Add cupsHashString function to get a hex version of a hash. - cups/hash.c: Add MD5 support. - cups/http.c: Track WWW-Authenticate in a long string, concatenate new set values. - cups/http.h: Deprecate httpMD5* and recommend cupsDoAuth and cupsHash*. - cups/http-private.h: Pull MD5 stuff, nonce_count is unsigned, track WWW-Authenticate header as a potentially long string. - cups/http-support.c: Use cupsHashData to compute UUID hash. - cups/md5.c: Comment everything out if we have an OS-supplied MD5 hash function. - cups/md5passwd.c: Use cupsHash* functions. - cups/tls-*.c: Use cupsHash* functions. - cups/versioning.h: Add CUPS_API_2_3 definition. - scheduler/client.c: Update WWW-Authenticate header to include AuthRef, Local, and PeerCred schemes with parameters as needed.
* Add support for MinTLS and MaxTLS options (Issue #5119)Michael R Sweet2017-11-031-17/+26
| | | | | | | | | | | - cups/http-private.h: Move TLS/SSL version options to separate version constants, make _httpTLSSetOptions take min/max version numbers. - cups/tls-*.c: Update _httpTLSSetOptions and _httpTLSStart to use new min/max version numbers. - cups/tlscheck.c: Update _httpTLSSetOptions call. - cups/usersys.c: Support new SSLOptions values, update _httpTLSSetOptions call. - scheduler/conf.c: Support new SSLOptions values, update _httpTLSSetOptions calls.
* Fix cipher suite selection with GNU TLS (Issue #5145)Michael Sweet2017-10-191-1/+2
| | | | | | | | | | | | | | Also make sure that client.conf SSLOptions do not override cupsd.conf SSLOptions, and document the (hopefully obvious) fact that Allow* is less secure and Deny* is more secure. - cups/http-private.h: Add "_HTTP_TLS_SET_DEFAULT" flag for options set from client.conf. - cups/tls-*.c: Use new flag. - cups/tls-gnutls.c: Fix CBC cipher suite exclusion logic, and always disable anonymous DH. - cups/usersys.c: Pass new flag when calling _httpTLSSetOptions. - man/*: Update documentation.
* Support internal "only TLS/1.0" option for tlscheck.Michael Sweet2017-08-251-0/+9
| | | | | | Expand CBC filter on macOS. Add support for --tls10 and --no-cbc options with tlscheck.
* Update copyright.Michael Sweet2017-08-011-1/+1
|
* The `SSLOptions` directive in "client.conf" and "cupsd.conf" now supports ↵Michael R Sweet2017-06-261-4/+24
| | | | | | `DenyCBC` and `DenyTLS1.0` options (Issue #5037)
* Documentation updates.Michael Sweet2017-05-311-1/+1
|
* Unlock CUPS keychain as needed (appears that the CUPS keychain gets re-lockedMichael R Sweet2017-03-131-2/+16
| | | | after some random period of inactivity).
* Fix source file header text duplication text duplication.Michael R Sweet2017-01-161-1/+1
| | | | Bump copyright to 2017 in web interface and README files.
* Support site CA cert ("/etc/cups/ssl/site.crt" for Linux, "site" cert on ↵Michael Sweet2016-08-301-2/+40
| | | | macOS) for validating printer certs.
* Use private keychain to store temporary certificates and keys, system keychainMichael Sweet2016-08-261-25/+199
| | | | for system-wide trust of printer certs.
* Sync up GNU TLS and Darwin TLS certificate validation code.Michael Sweet2016-08-251-7/+39
|
* Update all references to OS X to macOS.Michael R Sweet2016-06-201-7/+7
|
* Implement TrustOnFirstUse option and CRLs (GNU TLS) to allow for printing onlyMichael Sweet2016-05-181-2/+11
| | | | | | | | | to trusted printers/servers (<rdar://problem/25711658>) This change also makes the default value of AllowExpiredCerts NO instead of YES. Finally, add support for loading most client.conf options (NOT ServerName or User) from /Library/Printers/org.cups.PrintingPrefs.plist on OS X.
* Fix some bugs in the new server-side TLS support code.Michael R Sweet2016-04-131-16/+74
|
* Work around undocumented side-effect of SecItemAdd...Michael R Sweet2016-04-111-1/+1
|
* Update cert code to not require a keychain. Default keychain works on all ↵Michael R Sweet2016-04-111-62/+81
| | | | platforms...
* Add missing prototypes/definitions and do a first pass at fixing up the ↵Michael R Sweet2016-04-111-4/+10
| | | | self-signed cert code.
* Created certificate should be RSA, not ECDSA.Michael R Sweet2016-04-111-1/+1
|
* Add debug info on failed keychain open.Michael R Sweet2016-04-071-2/+3
|
* Changes to eliminate warnings from new Clang.Michael Sweet2016-03-231-9/+9
|
* Back off on ECDSA for now, just use RSA as before, but now with SHA256 formsweet2016-02-161-2/+2
| | | | | | | signing. git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@13094 a1ca3aef-8c08-0410-bb20-df032aa958be
* Switch to ECDSA and SHA256 for self-signed certs on OS Xmsweet2016-02-161-12/+5
| | | | | | | (<rdar://problem/24535828>) git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@13091 a1ca3aef-8c08-0410-bb20-df032aa958be
* Fix builds on some Darwin platforms.msweet2015-05-281-2/+2
| | | | git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12675 a1ca3aef-8c08-0410-bb20-df032aa958be
* Update list of blacklisted DH/DHE cipher suites.msweet2015-05-211-5/+5
| | | | | | | Expand what tlscheck can do/report. git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12649 a1ca3aef-8c08-0410-bb20-df032aa958be
* More tweaks for cipher suite restrictions.msweet2015-05-201-2/+14
| | | | git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12647 a1ca3aef-8c08-0410-bb20-df032aa958be
* Add SSLOptions to enable Diffie-Hellman key exchange and disable TLS/1.0.msweet2015-05-201-12/+53
| | | | | | | | | | | | | | DH/DHE support is being made optional because of known security issues with short DH parameters. Since there is no way to conditionally use DH/DHE with a minimum number of bits, we just have to disable it by default. TLS/1.0 support can now be disabled due to known security issues with TLS/1.0. However, since TLS/1.1 and TLS/1.2 support is not universally available, we cannot simply disable TLS/1.0 like we did for SSL/3.0. git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12645 a1ca3aef-8c08-0410-bb20-df032aa958be
* Fix several issues with client.conf, CUPS_SERVER, and the "-h" option of mostmsweet2015-02-031-1/+4
| | | | | | | | | | commands (STR #4528) Load default client.conf values in the proper order, and then allow them to be overridden. git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12480 a1ca3aef-8c08-0410-bb20-df032aa958be
* Remove a debug printf.msweet2014-10-201-2/+0
| | | | git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12214 a1ca3aef-8c08-0410-bb20-df032aa958be
* Implement SSLOptions in cupsd.conf and client.conf to allow admins to enablemsweet2014-10-201-2/+123
| | | | | | | | | SSL 3.0 and RC4 (STR #4476) (currently RC4 cipher restrictions are not implemented on OS X or Windows) git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12211 a1ca3aef-8c08-0410-bb20-df032aa958be
* Fix some code comments in tls-xxx.c.msweet2014-09-231-1/+1
| | | | | | | Update USB quirks for MX310 and MX320 (STR #4482) git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12159 a1ca3aef-8c08-0410-bb20-df032aa958be
* Update "since CUPS 2.0" into to mention OS X 10.10.msweet2014-08-191-8/+8
| | | | git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12094 a1ca3aef-8c08-0410-bb20-df032aa958be
* Initial work on SSPI support in 2.0.msweet2014-07-151-15/+16
| | | | git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12029 a1ca3aef-8c08-0410-bb20-df032aa958be
* Save work.msweet2014-07-091-60/+28
| | | | git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12008 a1ca3aef-8c08-0410-bb20-df032aa958be
View Lorry Controller Status