| Commit message (Expand) | Author | Age | Files | Lines |
* | MFC.OPENBSD_6_0 | jsing | 2017-04-30 | 1 | -5/+5 |
* | Bump for LibreSSL 2.4.5libressl-v2.4.5 | bcook | 2017-01-07 | 1 | -3/+3 |
* | MFC: Avoid a side-channel cache-timing attack that can leak the ECDSA | jsing | 2017-01-05 | 1 | -1/+3 |
* | MFC: In ssl3_read_bytes(), do not process more than three consecutive TLSlibressl-v2.4.4 | jsing | 2016-11-03 | 1 | -4/+24 |
* | Check for and handle failure of HMAC_{Update,Final} or EVP_DecryptUpdate() | bcook | 2016-10-03 | 1 | -5/+11 |
* | Detect zero-length encrypted session data early, instead of when malloc(0) | bcook | 2016-10-03 | 1 | -2/+2 |
* | Check for packet with truncated DTLS cookie. | bcook | 2016-10-03 | 1 | -12/+17 |
* | Improve ticket validity checking when tlsext_ticket_key_cb() callback | bcook | 2016-10-03 | 1 | -4/+25 |
* | In X509_cmp_time(), pass asn1_time_parse() the tag of the field being | bcook | 2016-10-03 | 1 | -2/+3 |
* | bump to 2.4.4 | bcook | 2016-10-02 | 1 | -3/+3 |
* | MFC: Avoid falling back to a weak digest for (EC)DH when using SNI withlibressl-v2.4.3 | jsing | 2016-09-22 | 1 | -3/+10 |
* | MFC: Avoid unbounded memory growth in libssl, which can be triggered by a | jsing | 2016-09-22 | 1 | -9/+20 |
* | bump version for 2.4.3 | bcook | 2016-09-22 | 1 | -3/+3 |
* | back out calls to EVP_CIPHER_CTX_cleanup() in EVP_Encrypt/DecryptFinal | bcook | 2016-09-22 | 1 | -3/+1 |
* | This commit was manufactured by cvs2git to create branch 'OPENBSD_6_0'.libressl-v2.4.2 | cvs2svn | 2016-07-23 | 1187 | -380610/+0 |
* | rework crl2pkcs7; with help from jsing | jmc | 2016-07-23 | 1 | -57/+18 |
* | rework DESCRIPTION a little: no-command seems clearer than no-XXX; | jmc | 2016-07-21 | 1 | -17/+12 |
* | rename NOTES to COMMON SYNTAX (explains itself better); rework the | jmc | 2016-07-21 | 1 | -43/+44 |
* | strip back openssl crl somewhat: remove the examples | jmc | 2016-07-21 | 1 | -41/+21 |
* | strip back openssl ciphers: | jmc | 2016-07-20 | 1 | -106/+60 |
* | strip back openssl ca: in particular remove some excessively wordy sections, | jmc | 2016-07-19 | 1 | -337/+120 |
* | don't mix code and decls, ok tedu@ | bcook | 2016-07-18 | 2 | -4/+6 |
* | use memset to initialize the union | bcook | 2016-07-17 | 2 | -4/+8 |
* | remove unused OPENSSL_NO_OBJECT case | bcook | 2016-07-17 | 2 | -28/+2 |
* | Initialize buffers before use, noted by Kinichiro Inoguchi. | bcook | 2016-07-17 | 2 | -14/+14 |
* | strip back asn1parse; ok beck jsing | jmc | 2016-07-17 | 1 | -108/+27 |
* | Clean up OCSP_check_validity() a bit more. | beck | 2016-07-16 | 2 | -22/+20 |
* | since we no longer pull source directly from openssl, the time is | jmc | 2016-07-16 | 1 | -427/+57 |
* | Limit the support of the "backward compatible" ssl2 handshake to only be | beck | 2016-07-16 | 2 | -2/+18 |
* | Adjust existing tls_config_set_cipher() callers for TLS cipher group | jsing | 2016-07-13 | 1 | -2/+2 |
* | Split the existing TLS cipher suite groups into four: | jsing | 2016-07-13 | 3 | -11/+22 |
* | Fix usage() output and getopt sorting | guenther | 2016-07-13 | 1 | -6/+6 |
* | zero the read buffer after copying data to user so it doesn't linger. | tedu | 2016-07-10 | 2 | -2/+4 |
* | Revert previous since the libtls change has been reverted. | jsing | 2016-07-07 | 1 | -16/+24 |
* | Revert previous - it introduces problems with a common privsep use case. | jsing | 2016-07-07 | 3 | -72/+35 |
* | add ca cert error check and make the path configurable | bcook | 2016-07-07 | 1 | -1/+9 |
* | call BN_init on temporaries to avoid use-before-set warnings | bcook | 2016-07-07 | 6 | -6/+28 |
* | J/j is a three valued option, document and fix code to actuall support that | otto | 2016-07-06 | 1 | -3/+5 |
* | Check that the given ciphers string is syntactically valid and results in | jsing | 2016-07-06 | 1 | -1/+17 |
* | Remove manual file loading (now that libtls does this for us) and adjust | jsing | 2016-07-06 | 1 | -24/+16 |
* | Always load CA, key and certificate files at the time the configuration | jsing | 2016-07-06 | 3 | -35/+72 |
* | Correctly handle an EOF that occurs prior to the TLS handshake completing. | jsing | 2016-07-06 | 1 | -3/+6 |
* | remove extra assignment of s from 1.11, fix regression test | bcook | 2016-07-05 | 1 | -2/+1 |
* | remove unneeded duplicate call - spotted by jsing@ | beck | 2016-07-05 | 2 | -6/+2 |
* | On systems where we do not have BN_ULLONG defined (most 64-bit systems), | bcook | 2016-07-05 | 8 | -26/+111 |
* | Add several fixes from OpenSSL to make OCSP work with intermediate | beck | 2016-07-05 | 2 | -20/+48 |
* | make less awful.. test against cloudflare too | beck | 2016-07-05 | 2 | -9/+19 |
* | Add a nasty little ocsp regress test in the hope pedants will make it better. | beck | 2016-07-04 | 3 | -1/+140 |
* | do not uppercase "hop limit"; | jmc | 2016-07-02 | 1 | -4/+4 |
* | Simplify IP proto-specific sockopt error handling. | bcook | 2016-07-01 | 1 | -34/+26 |