openbsd/src/usr.sbin/ocspcheck, branch libressl-v4.0.0 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v4.0.0 2024-03-24T11:30:12+00:00 Convert libressl to use the BoringSSL style time conversions 2024-03-24T11:30:12+00:00 beck 2024-03-24T11:30:12+00:00 urn:sha1:0f167a53fa3e19b7e6bb0620e16c6d11f07f10ca This gets rid of our last uses of timegm and gmtime in the library and things that ship with it. It includes a bit of refactoring in ocsp_cl.c to remove some obvious ugly. ok tb@ Replace ASN1_time_parse() with ASN1_TIME_to_tm() 2023-11-13T11:46:24+00:00 tb 2023-11-13T11:46:24+00:00 urn:sha1:a0154b770d70f850d122c9cc2abd1ed36ea2f25f Like in libtls, we use ASN1_GENERALIZEDTIME_check() to ensure we actually have a GeneralizedTime. ok beck remove duplicate includes 2023-04-19T12:58:16+00:00 jsg 2023-04-19T12:58:16+00:00 urn:sha1:66b857bfb31c84024d348c1b47c595ee2d24262f spelling fixes; from paul tagliamonte 2022-12-28T21:30:17+00:00 jmc 2022-12-28T21:30:17+00:00 urn:sha1:99447cbc42f558725184ccdb10e0a8d9abe1c418 any parts of his diff not taken are noted on tech The argument to ctype functions must be EOF or representable as an 2022-12-15T08:07:03+00:00 florian 2022-12-15T08:07:03+00:00 urn:sha1:4ea33cbd5b1bd5d90283a46d371d5642fc8e7894 unsigned char. Casting to int is particularly useless because that's what the compiler already does. We need to prevent sign extension, not write down that we want sign extension. OK deraadt, kn, miod, op Add missing void to definition of http_init(). 2021-09-14T16:37:20+00:00 tb 2021-09-14T16:37:20+00:00 urn:sha1:754c6031403524bc1e6720ad57276c759275f554 ok deraadt florian Remove unneeded calls to tls_init(3) 2021-07-14T13:33:57+00:00 kn 2021-07-14T13:33:57+00:00 urn:sha1:f50b4db1e7622eb89cc64abe1c046266ba811bf1 As per the manual and lib/libtls/tls.c revision 1.79 from 2018 "Automatically handle library initialisation for libtls." initialisation is handled automatically by other tls_*(3) functions. Remove explicit tls_init() calls from base to not give the impression of it being needed. Feedback tb OK Tests mestre Change the error reporting pattern throughout the tree when unveil 2021-07-12T15:09:21+00:00 beck 2021-07-12T15:09:21+00:00 urn:sha1:23bd7adafc11c1870dc8edc89acb37fbc272ca9e fails to report the path that the failure occured on. Suggested by deraadt@ after some tech discussion. Work done and verified by Ashton Fagg <ashton@fagg.id.au> ok deraadt@ semarie@ claudio@ Walk over all results from getaddrinfo() instead of giving up after the 2021-02-09T16:55:51+00:00 claudio 2021-02-09T16:55:51+00:00 urn:sha1:8af47ee279457970b421d64595b54a8cce5042e1 first entry. This way ocspcheck will try all returned IPs to contact the OCSP server. Found by the regress test and a resolv.conf file with 'family inet6 inet4'. OK kn@ deraadt@ Refactor a bunch of oscpcheck for single return to clean it up, 2020-10-16T01:16:55+00:00 beck 2020-10-16T01:16:55+00:00 urn:sha1:fe78fdfa282adc6ae8665a1b7ebec62cb7171079 and add the ability to parse a port in the specified ocsp url. Since this will now pass them, enable regress tests previously committed for ocspcheck. mostly by me with some cleanup by tb after an obvious yak was found to shave in the OCSP routines in libcrypto ok tb@