Define _GNU_SOURCE instead of _DEFAULT_SOURCE
We also need [v]asprintf for tls.c, and glibc doesn't declare these
functions without _GNU_SOURCE.
Issue reported by Issam E. Maghni.
tls_config: Include strings.h for strcasecmp
Import libtls from LibreSSL 3.1.0
Treat write_cb() == 0 as an error
Otherwise, we'll end up infinite looping when trying to write a
ffmpeg will return 0 if the connection is interrupted via the AVIO
interrupt callback, triggering this behavior.
Remove trailing whitespace
This was the wrong place to check for BearSSL engine errors, and
EOF handling is only needed for the read callback.
Make tls_write save buffered length, and attempt to write the full record
Fix a few more issues with I/O functions
- tls_write should return -1 when it called read_cb and that returned
- tls_close does not need to manually discard application data after
br_ssl_engine_close, BearSSL does this automatically.
- Reinstate TLS_SSL_IN_SHUTDOWN, since we don't want to read or
write records if a handshake was never started.
- tls_write should not return 0 or TLS_WANT_POLLIN if the data was
successfully buffered, but could not be fully written. Actually,
it look like tls_write should not return a positive value unless
it completed wrote the application data record, but that's a task
for a future commit.
Fix tls_handshake return value
Fix some issues with EOF and connection shutdown
Now it supports prefixes like '+', '-', and '!', and keeps track
of the order of unavailable ciphers.
tls_peer_cert_subject now works
Retrieve certificate subject string
Detect when we are decoding a secret key object
Don't check exponent when sanity checking public/private key
Checking the modulus alone is enough to check that the key and
certificate are compatible, and BearSSL isn't able to compute the
public exponent for RSA private keys with p and q that are not 3
Allow key files to contain other PEM objects as well
Set error message when we couldn't parse the cipher list