summaryrefslogtreecommitdiff
Commit message (Expand)AuthorAgeFilesLines
* MFC.OPENBSD_6_0jsing2017-04-301-5/+5
* Bump for LibreSSL 2.4.5libressl-v2.4.5bcook2017-01-071-3/+3
* MFC: Avoid a side-channel cache-timing attack that can leak the ECDSAjsing2017-01-051-1/+3
* MFC: In ssl3_read_bytes(), do not process more than three consecutive TLSlibressl-v2.4.4jsing2016-11-031-4/+24
* Check for and handle failure of HMAC_{Update,Final} or EVP_DecryptUpdate()bcook2016-10-031-5/+11
* Detect zero-length encrypted session data early, instead of when malloc(0)bcook2016-10-031-2/+2
* Check for packet with truncated DTLS cookie.bcook2016-10-031-12/+17
* Improve ticket validity checking when tlsext_ticket_key_cb() callbackbcook2016-10-031-4/+25
* In X509_cmp_time(), pass asn1_time_parse() the tag of the field beingbcook2016-10-031-2/+3
* bump to 2.4.4bcook2016-10-021-3/+3
* MFC: Avoid falling back to a weak digest for (EC)DH when using SNI withlibressl-v2.4.3jsing2016-09-221-3/+10
* MFC: Avoid unbounded memory growth in libssl, which can be triggered by ajsing2016-09-221-9/+20
* bump version for 2.4.3bcook2016-09-221-3/+3
* back out calls to EVP_CIPHER_CTX_cleanup() in EVP_Encrypt/DecryptFinalbcook2016-09-221-3/+1
* This commit was manufactured by cvs2git to create branch 'OPENBSD_6_0'.libressl-v2.4.2cvs2svn2016-07-231187-380610/+0
* rework crl2pkcs7; with help from jsingjmc2016-07-231-57/+18
* rework DESCRIPTION a little: no-command seems clearer than no-XXX;jmc2016-07-211-17/+12
* rename NOTES to COMMON SYNTAX (explains itself better); rework thejmc2016-07-211-43/+44
* strip back openssl crl somewhat: remove the examplesjmc2016-07-211-41/+21
* strip back openssl ciphers:jmc2016-07-201-106/+60
* strip back openssl ca: in particular remove some excessively wordy sections,jmc2016-07-191-337/+120
* don't mix code and decls, ok tedu@bcook2016-07-182-4/+6
* use memset to initialize the unionbcook2016-07-172-4/+8
* remove unused OPENSSL_NO_OBJECT casebcook2016-07-172-28/+2
* Initialize buffers before use, noted by Kinichiro Inoguchi.bcook2016-07-172-14/+14
* strip back asn1parse; ok beck jsingjmc2016-07-171-108/+27
* Clean up OCSP_check_validity() a bit more.beck2016-07-162-22/+20
* since we no longer pull source directly from openssl, the time isjmc2016-07-161-427/+57
* Limit the support of the "backward compatible" ssl2 handshake to only bebeck2016-07-162-2/+18
* Adjust existing tls_config_set_cipher() callers for TLS cipher groupjsing2016-07-131-2/+2
* Split the existing TLS cipher suite groups into four:jsing2016-07-133-11/+22
* Fix usage() output and getopt sortingguenther2016-07-131-6/+6
* zero the read buffer after copying data to user so it doesn't linger.tedu2016-07-102-2/+4
* Revert previous since the libtls change has been reverted.jsing2016-07-071-16/+24
* Revert previous - it introduces problems with a common privsep use case.jsing2016-07-073-72/+35
* add ca cert error check and make the path configurablebcook2016-07-071-1/+9
* call BN_init on temporaries to avoid use-before-set warningsbcook2016-07-076-6/+28
* J/j is a three valued option, document and fix code to actuall support thatotto2016-07-061-3/+5
* Check that the given ciphers string is syntactically valid and results injsing2016-07-061-1/+17
* Remove manual file loading (now that libtls does this for us) and adjustjsing2016-07-061-24/+16
* Always load CA, key and certificate files at the time the configurationjsing2016-07-063-35/+72
* Correctly handle an EOF that occurs prior to the TLS handshake completing.jsing2016-07-061-3/+6
* remove extra assignment of s from 1.11, fix regression testbcook2016-07-051-2/+1
* remove unneeded duplicate call - spotted by jsing@beck2016-07-052-6/+2
* On systems where we do not have BN_ULLONG defined (most 64-bit systems),bcook2016-07-058-26/+111
* Add several fixes from OpenSSL to make OCSP work with intermediatebeck2016-07-052-20/+48
* make less awful.. test against cloudflare toobeck2016-07-052-9/+19
* Add a nasty little ocsp regress test in the hope pedants will make it better.beck2016-07-043-1/+140
* do not uppercase "hop limit";jmc2016-07-021-4/+4
* Simplify IP proto-specific sockopt error handling.bcook2016-07-011-34/+26