openbsd/src/lib, branch libressl-v2.6.0

update the little endian processor list to give it a chance of matching

2017-07-08T21:45:35+00:00

what the reader is using.

Only access offset if canaries are enabled and size > 0, otherwise offset

2017-07-07T19:14:46+00:00

is not initialized. Problem spotted by Carlin Bingham; ok phessler@ tedu@

Document tls_config_set_crl_file() and tls_config_set_crl_mem().

2017-07-06T17:27:19+00:00

Based on a diff from Jack Burton , thanks!

Bump minor due to symbol addition.

2017-07-06T17:12:44+00:00

Add support for providing CRLs to libtls - once a CRL is provided we

2017-07-06T17:12:22+00:00

enable CRL checking for the full certificate chain. Based on a diff from Jack Burton , thanks! Discussed with beck@

The 0x (or 0X) prefix in base 16 is optional so only skip over the

2017-07-06T16:23:11+00:00

prefix if the character following it is a valid hex char. The C99 standard is clear that given the string "0xy" zero should be returned and endptr set to point to the "x". OK deraadt@ espie@

fix broken cross references; found with mandoc -Tlint

2017-07-06T15:42:04+00:00

RFC 6066 states that IP literals are not permitted in "HostName" for a

2017-07-05T15:38:35+00:00

TLS Server Name extension, however seemingly several clients (including Python, Ruby and Safari) violate the RFC. Given that this is a fairly widespread issue, if we receive a TLS Server Name extension that contains an IP literal, pretend that we did not receive the extension rather than causing a handshake failure. Issue raised by jsg@ ok jsg@

nits about trailing punctuation found with mandoc -Tlint

2017-07-05T12:23:46+00:00

void functions don't return 0

2017-07-05T11:44:35+00:00

From Klemens Nanni