summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* This commit was manufactured by cvs2git to create branch 'OPENBSD_4_9'.OPENBSD_4_9cvs2svn2011-02-12932-296990/+0
|
* fix from pr 6207. a bit more of an explanation: we write the correctokan2011-02-121-4/+18
| | | | | | | | | | number of bits when connecting via a SOCKS 5 proxy over ipv6, but we also need to read the same number depending on the received address type. this issue is not noticeable with ssh's SOCKS 5 support since it always set the address type as ipv4. this fixes connections via SOCKS 5 proxies which set their address type as ipv6 when using ipv6. after review with, and ok, nicm@
* fix for CVE-2011-0014 "OCSP stapling vulnerability";djm2011-02-102-2/+14
| | | | | | ok markus@ jasper@ miod@ AFAIK nothing in base uses this, though apache2 from ports may be affected.
* Put -I${includedir} back into Cflags so configure script tests likenaddy2011-01-251-4/+8
| | | | | | | test -n "`pkg-config --cflags openssl`" don't assume that OpenSSL isn't available. ok miod@, sthen@, ajacoutot@, djm@
* Correctly escape a literal colon in an enclosure;schwarze2011-01-241-3/+3
| | | | the \: roff escape is an optional line break.
* - simplify, krb5 handling is not needed.jasper2011-01-212-27/+8
| | | | prompted by brad
* a a -> alum2011-01-201-3/+3
| | | | ok jmc@
* superceded -> superseded;jmc2011-01-141-3/+3
|
* Minor tweaks to nc(1) man page and usage.jeremy2011-01-092-16/+23
| | | | OK jmc@, nicm@, tedu@
* Enable unix datagram support by treating ENOBUFS like EAGAIN.jeremy2011-01-081-2/+2
| | | | | | Separate commit requested by deraadt@. OK nicm@
* Support unix domain sockets in nc(1) with -Uu.jeremy2011-01-082-25/+83
| | | | | | | | | | | | | | | | | | | | | Previously, using -U with -u was an error that was not documented in the man page. Now it will use a unix socket in datagram mode. Bidirectional unix datagram communication requires a socket at both ends, so in client mode (without -l), a temporary socket is created so that responses from the server can be received. If -s is specified with -U and -u, it specifies the location of the temporary socket to create. This was mostly written way back in 2007. Since then, various improvements implemented based on suggestions from guenther@, tedu@, and nicm@. Man page help from nicm@ and jmc@. Unix datagram support requires a small change to atomicio.c in order to function correctly, this will be committed separately shortly. OK nicm@
* Remove an extraneous return statement with the wrong return value.millert2011-01-071-8/+6
| | | | Fix some gcc warnings.
* - adjust krb5 directoriesjasper2011-01-031-8/+5
| | | | - zap a trailing tab
* - ensure ${DESTDIR}/usr/lib/pkgconfig/ as running make distrib-dirs is notjasper2010-12-281-2/+3
| | | | common/encouraged practice
* - generate and install pkg-config files for openssl, which more and morejasper2010-12-282-1/+122
| | | | | | | | projects depend on being present (e.g. various ports). as discussed with various porters in a hungarian spa help/feedback from ingo@ and also OK halex@ no objections from djm@
* remove comment that hasn't been true for quite a while now;otto2010-12-221-6/+1
| | | | ok deraadt@ djm@
* avoid pointer arithmetic on void *dhill2010-12-161-5/+5
| | | | | | tested for a while by me. ok otto@
* move CRYPTO_VIAC3_MAX out of cryptodev.h and into the onlyjsg2010-12-162-0/+4
| | | | | | file it will be used from. requested by/ok mikeb@
* The VIA ciphers are added to an array of CRYPTO_ALGORITHM_MAX lengthjsg2010-12-162-4/+4
| | | | | | | which should have been declared as CRYPTO_ALGORITHM_MAX + 1, fix this and reserve enough space for the VIA additions as well. ok/comments from mikeb & deraadt
* Security fix for CVE-2010-4180 as mentioned in ↵jasper2010-12-154-0/+16
| | | | | | | | | | | http://www.openssl.org/news/secadv_20101202.txt. where clients could modify the stored session cache ciphersuite and in some cases even downgrade the suite to weaker ones. This code is not enabled by default. ok djm@
* overriden -> overridden;jmc2010-12-121-4/+4
|
* involes -> involves; from Carlos Alberto Pereira Gomesjmc2010-11-301-1/+1
|
* - Apply security fix for CVE-2010-3864 (+commit 19998 which fixes the fix).jasper2010-11-172-36/+84
| | | | ok djm@ deraadt@
* remove skipjack and cast from the libc; ok deraadtmikeb2010-10-283-1053/+2
|
* print the pointer value that caused the error (if available); okotto2010-10-211-47/+54
| | | | deraadt@ nicm@ (on an earlier version)
* Disable use of dladdr() on a.out arches, they do not provide it (yet); ok djm@miod2010-10-182-2/+2
|
* various tweaks for consistency;jmc2010-10-171-92/+62
|
* use standard list width;jmc2010-10-151-29/+29
|
* nicer formatting for the various synopses;jmc2010-10-151-276/+344
|
* document "openssl ts";jmc2010-10-151-4/+629
|
* probabalistic -> probabilistic; from naddyjmc2010-10-141-2/+2
|
* for openssl prime, note that results are probabalistic; from djmjmc2010-10-141-2/+5
|
* document "openssl prime";jmc2010-10-131-1/+47
|
* document "openssl pkeyparam";jmc2010-10-131-6/+54
|
* document "openssl pkeyutl";jmc2010-10-121-2/+212
|
* document "openssl pkey";jmc2010-10-091-1/+127
|
* document "openssl genpkey";jmc2010-10-091-2/+176
|
* document "openssl engine";jmc2010-10-081-1/+51
|
* document "openssl ecparam";jmc2010-10-081-1/+182
|
* supply the correct value of ciphers DEFAULT; from djmjmc2010-10-081-3/+3
|
* document "openssl ec";jmc2010-10-081-3/+209
|
* OpenSSL grows another undocumented header, apparently needed on armishdjm2010-10-071-1/+2
|
* More OpenSSL fixes:djm2010-10-067-26/+30
| | | | | | | | | - Update local engines for the EVP API change (len u_int => size_t) - Use hw_cryptodev.c instead of eng_cryptodev.c - Make x86_64-xlate.pl always write to the output file and not stdout, fixing "make -j" builds (spotted by naddy@) ok naddy@
* Retire Skipjackmikeb2010-10-064-4/+0
| | | | | | | | | | | There's not much use for the declassified cipher from the 80's with a questionable license these days. According to the FIPS drafts, Skipjack reaches its EOL in December 2010. The libc portion will be removed after the ports hackathon. djm and thib agree, no objections from deraadt Thanks to jsg for digging up FIPS drafts.
* catch up to openssl-1.0.0a; there's some new commands, as yet undocumented,jmc2010-10-061-214/+650
| | | | but i'll get to those shortly...
* Our make already uses sh -e when executing commands.naddy2010-10-041-7/+7
| | | | Revert the "set -e" additions and kill unneeded subshells. ok djm@
* don't use non-standard CFLAGS; ok miod@, deraadt@naddy2010-10-031-2/+2
|
* DES_LONG should be u_int on all platforms, it was spuriouslydjm2010-10-031-1/+1
| | | | u_long on i386. suggested by deraadt@ and kettenis@
* percolate up errors from perl asm scripts, correctly enable SHA-256 asm ondjm2010-10-021-9/+9
| | | | amd64
* fix -Wall due to API changedjm2010-10-012-6/+6
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-16 12:05:04 +0000