A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_6_1_BASE 2017-02-05T02:33:21+00:00 2017-02-05T02:33:21+00:00 beck 2017-02-05T02:33:21+00:00 urn:sha1:f71ca67a0db026e4122227bdfb78b501c3959263 ok jsing@ 2017-01-29T17:49:23+00:00 beck 2017-01-29T17:49:23+00:00 urn:sha1:d1f47bd292f36094480caa49ada36b99a69c59b0 as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@ 2017-01-21T01:09:54+00:00 beck 2017-01-21T01:09:54+00:00 urn:sha1:d89d1ebb99d29f9fd1375b97b984e7093cf083db ok jsing@ 2017-01-21T01:07:25+00:00 beck 2017-01-21T01:07:25+00:00 urn:sha1:ba0fcad847ab1c8a18e417694f580450cb73ce38 with the caveat that we force V_OK when a user provided callback has us returning success. ok inoguchi@ jsing@ 2017-01-20T00:37:40+00:00 beck 2017-01-20T00:37:40+00:00 urn:sha1:c3138c510097b9e2e5fa6d7ddbe246a9ad9c517b towards cleaning up the V_OK stuff. ok kinichiro@ 2017-01-07T13:49:07+00:00 jsing 2017-01-07T13:49:07+00:00 urn:sha1:e164832cc18d3c2332a46cbde9d3fc8f2043edeb (slightly) more readable. 2017-01-07T06:45:24+00:00 jsing 2017-01-07T06:45:24+00:00 urn:sha1:f207076b9d7709285481055787f6336fb6a00d48 returning ok == 1, with ctx->error not being X509_V_OK. Hopefully we can restore this behaviour once these are ironed out. Discussed with beck@ 2017-01-03T05:52:28+00:00 beck 2017-01-03T05:52:28+00:00 urn:sha1:0576d53d5e90ceb7245e7ad4eedd3bb13b32a0b8 and X509_verify_cert - We at least make it so an an init'ed ctx is not "valid" until X509_verify_cert has actually been called, And we make it impossible to return success without having the error set to ERR_V_OK. ok jsing@ 2017-01-03T05:34:48+00:00 beck 2017-01-03T05:34:48+00:00 urn:sha1:9c1a1015b0e9cebcce01d2f3fcbf8883aa60fa38 when we went to alternate cert chains. this correctly does not clobber the ctx->error when using an alt chain. ok jsing@ 2016-12-30T15:24:51+00:00 jsing 2016-12-30T15:24:51+00:00 urn:sha1:3d32963b322889e88515bd7a094bff2bf45065d6