summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* Add AI_FQDN flag to getaddrinfo(3). Prompted by discussions with djm@matthew2011-04-052-22/+46
| | | | | | | | | | about cert checking in OpenSSH. Man page wording tweaks thanks to jmc@. ok henning@, jmc@; positive feedback from djm@, ajacoutat@ Committing now to reuse guenther@'s libc minor bump instead of cranking it again, as suggested by deraadt@.
* Add a wcswidth man page (based on FreeBSD), and fix the implementationstsp2011-04-043-5/+68
| | | | | to return -1 in case of an unprintable character. ok nicm jmc
* back out previous commit.beck2011-03-251-665/+0
| | | | | | | | | | | "if you have checked this I am ok with it" does not mean 1) not to pay attention to breaking news after I tell you that and 2) not to get ok's from the others this had been shown to. I am absolutely not ok with thig going in with only *my* ok. There's a reason why we want more than one ok on important commits ok deraadt@ for the backout
* Add the following certs:dhill2011-03-251-0/+665
| | | | | | | | | | | | | | DigiCert High Assurance CA-3 Go Daddy Secure Certification Authority COMODO High-Assurance Secure Server CA Equifax Secure Certificate Authority VeriSign Class 3 Public Primary Certification Authority - G5 Entrust Certification Authority - L1C Entrust.net Secure Server Certification Authority cross checked with mozilla ok beck@
* This script doesn't need write access to $curdir. Just check existence.matthieu2011-03-241-3/+3
| | | | Fixes build on NFS src with no root access. ok jasper@
* tweak for clarity, ok millert@, jmc@espie2011-03-211-4/+4
|
* add a regress test for the vis and unvis functions. after finding onederaadt2011-03-131-4/+90
| | | | | bug, this then found a 2nd bug.. worked on with guenther
* wrong type for variable; spotted by christian.siebert@cs.tu-chemnitz.dederaadt2011-03-061-3/+3
| | | | ok guenther
* Fix PR 6267: recheck POSIXLY_CORRECT each time getopt_long() starts a newguenther2011-03-053-44/+16
| | | | | | | | argv and don't suppress the handling of leading '-' in optstring when POSIXLY_CORRECT is set. Based on patch from Eric Blake. ok and manpage update from millert@, manpage ok jmc@
* Remove expired certs.dhill2011-03-031-174/+0
| | | | ok beck@ fgsch@
* Fix __cxa_finalize() so that calling __cxa_finalize(NULL) properlymatthew2011-03-021-2/+2
| | | | | | invokes handlers registered with __cxa_atexit(). "seems right" deraadt@
* fix from pr 6207. a bit more of an explanation: we write the correctokan2011-02-121-4/+18
| | | | | | | | | | number of bits when connecting via a SOCKS 5 proxy over ipv6, but we also need to read the same number depending on the received address type. this issue is not noticeable with ssh's SOCKS 5 support since it always set the address type as ipv4. this fixes connections via SOCKS 5 proxies which set their address type as ipv6 when using ipv6. after review with, and ok, nicm@
* fix for CVE-2011-0014 "OCSP stapling vulnerability";djm2011-02-102-2/+14
| | | | | | ok markus@ jasper@ miod@ AFAIK nothing in base uses this, though apache2 from ports may be affected.
* Put -I${includedir} back into Cflags so configure script tests likenaddy2011-01-251-4/+8
| | | | | | | test -n "`pkg-config --cflags openssl`" don't assume that OpenSSL isn't available. ok miod@, sthen@, ajacoutot@, djm@
* Correctly escape a literal colon in an enclosure;schwarze2011-01-241-3/+3
| | | | the \: roff escape is an optional line break.
* - simplify, krb5 handling is not needed.jasper2011-01-212-27/+8
| | | | prompted by brad
* a a -> alum2011-01-201-3/+3
| | | | ok jmc@
* superceded -> superseded;jmc2011-01-141-3/+3
|
* Minor tweaks to nc(1) man page and usage.jeremy2011-01-092-16/+23
| | | | OK jmc@, nicm@, tedu@
* Enable unix datagram support by treating ENOBUFS like EAGAIN.jeremy2011-01-081-2/+2
| | | | | | Separate commit requested by deraadt@. OK nicm@
* Support unix domain sockets in nc(1) with -Uu.jeremy2011-01-082-25/+83
| | | | | | | | | | | | | | | | | | | | | Previously, using -U with -u was an error that was not documented in the man page. Now it will use a unix socket in datagram mode. Bidirectional unix datagram communication requires a socket at both ends, so in client mode (without -l), a temporary socket is created so that responses from the server can be received. If -s is specified with -U and -u, it specifies the location of the temporary socket to create. This was mostly written way back in 2007. Since then, various improvements implemented based on suggestions from guenther@, tedu@, and nicm@. Man page help from nicm@ and jmc@. Unix datagram support requires a small change to atomicio.c in order to function correctly, this will be committed separately shortly. OK nicm@
* Remove an extraneous return statement with the wrong return value.millert2011-01-071-8/+6
| | | | Fix some gcc warnings.
* - adjust krb5 directoriesjasper2011-01-031-8/+5
| | | | - zap a trailing tab
* - ensure ${DESTDIR}/usr/lib/pkgconfig/ as running make distrib-dirs is notjasper2010-12-281-2/+3
| | | | common/encouraged practice
* - generate and install pkg-config files for openssl, which more and morejasper2010-12-282-1/+122
| | | | | | | | projects depend on being present (e.g. various ports). as discussed with various porters in a hungarian spa help/feedback from ingo@ and also OK halex@ no objections from djm@
* remove comment that hasn't been true for quite a while now;otto2010-12-221-6/+1
| | | | ok deraadt@ djm@
* avoid pointer arithmetic on void *dhill2010-12-161-5/+5
| | | | | | tested for a while by me. ok otto@
* move CRYPTO_VIAC3_MAX out of cryptodev.h and into the onlyjsg2010-12-162-0/+4
| | | | | | file it will be used from. requested by/ok mikeb@
* The VIA ciphers are added to an array of CRYPTO_ALGORITHM_MAX lengthjsg2010-12-162-4/+4
| | | | | | | which should have been declared as CRYPTO_ALGORITHM_MAX + 1, fix this and reserve enough space for the VIA additions as well. ok/comments from mikeb & deraadt
* Security fix for CVE-2010-4180 as mentioned in ↵jasper2010-12-154-0/+16
| | | | | | | | | | | http://www.openssl.org/news/secadv_20101202.txt. where clients could modify the stored session cache ciphersuite and in some cases even downgrade the suite to weaker ones. This code is not enabled by default. ok djm@
* overriden -> overridden;jmc2010-12-121-4/+4
|
* involes -> involves; from Carlos Alberto Pereira Gomesjmc2010-11-301-1/+1
|
* - Apply security fix for CVE-2010-3864 (+commit 19998 which fixes the fix).jasper2010-11-172-36/+84
| | | | ok djm@ deraadt@
* remove skipjack and cast from the libc; ok deraadtmikeb2010-10-283-1053/+2
|
* print the pointer value that caused the error (if available); okotto2010-10-211-47/+54
| | | | deraadt@ nicm@ (on an earlier version)
* Disable use of dladdr() on a.out arches, they do not provide it (yet); ok djm@miod2010-10-182-2/+2
|
* various tweaks for consistency;jmc2010-10-171-92/+62
|
* use standard list width;jmc2010-10-151-29/+29
|
* nicer formatting for the various synopses;jmc2010-10-151-276/+344
|
* document "openssl ts";jmc2010-10-151-4/+629
|
* probabalistic -> probabilistic; from naddyjmc2010-10-141-2/+2
|
* for openssl prime, note that results are probabalistic; from djmjmc2010-10-141-2/+5
|
* document "openssl prime";jmc2010-10-131-1/+47
|
* document "openssl pkeyparam";jmc2010-10-131-6/+54
|
* document "openssl pkeyutl";jmc2010-10-121-2/+212
|
* document "openssl pkey";jmc2010-10-091-1/+127
|
* document "openssl genpkey";jmc2010-10-091-2/+176
|
* document "openssl engine";jmc2010-10-081-1/+51
|
* document "openssl ecparam";jmc2010-10-081-1/+182
|
* supply the correct value of ciphers DEFAULT; from djmjmc2010-10-081-3/+3
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-16 21:58:15 +0000