kernel/linux.git/include/net/handshake.h, branch v6.6.131

net/handshake: Add helpers for parsing incoming TLS Alerts

2023-07-28T21:07:59+00:00

Kernel TLS consumers can replace common TLS Alert parsing code with these helpers. Signed-off-by: Chuck Lever Link: https://lore.kernel.org/r/169047942074.5241.13791647439480672048.stgit@oracle-102.nfsv4bat.org Signed-off-by: Jakub Kicinski

net/handshake: Add API for sending TLS Closure alerts

2023-07-28T21:07:59+00:00

This helper sends an alert only if a TLS session was established. Signed-off-by: Chuck Lever Link: https://lore.kernel.org/r/169047936730.5241.618595693821012638.stgit@oracle-102.nfsv4bat.org Signed-off-by: Jakub Kicinski

net/handshake: Enable the SNI extension to work properly

2023-05-25T05:05:24+00:00

Enable the upper layer protocol to specify the SNI peername. This avoids the need for tlshd to use a DNS lookup, which can return a hostname that doesn't match the incoming certificate's SubjectName. Fixes: 2fd5532044a8 ("net/handshake: Add a kernel API for requesting a TLSv1.3 handshake") Reviewed-by: Simon Horman Signed-off-by: Chuck Lever Signed-off-by: Jakub Kicinski

net/handshake: Add a kernel API for requesting a TLSv1.3 handshake

2023-04-20T01:48:48+00:00

To enable kernel consumers of TLS to request a TLS handshake, add support to net/handshake/ to request a handshake upcall. This patch also acts as a template for adding handshake upcall support for other kernel transport layer security providers. Signed-off-by: Chuck Lever Signed-off-by: Jakub Kicinski