From fb48d1308d2f63f8e9b23c5d1d921783fa0dacbe Mon Sep 17 00:00:00 2001 From: Gab Virebent Date: Fri, 26 Jun 2026 19:20:00 +0200 Subject: Serve CA full chain (Let's Encrypt), TLS 1.3, fix handshake buffer overflow - tls.c/config.h: read full PEM chain into STACK_OF(X509), send via SSL_set1_chain - tls.c: minimum protocol TLS 1.2 -> TLS 1.3 - server.c: drain handshake output via local buffer loop instead of staging into the fixed 4 KB client buffer (a full CA chain overflowed it -> assert) - FORK.md: describe the fork --- include/config.h | 1 + 1 file changed, 1 insertion(+) (limited to 'include/config.h') diff --git a/include/config.h b/include/config.h index f893b20..071c253 100644 --- a/include/config.h +++ b/include/config.h @@ -38,6 +38,7 @@ struct gmnisrv_host { char *hostname; X509 *x509; EVP_PKEY *pkey; + STACK_OF(X509) *chain; struct gmnisrv_route *routes; -- cgit v1.2.3