summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* check return value from CBB_initbeck2017-08-271-2/+3
|
* Make the symbol for ASN1_time_tm_clamp_notafter visible so libtlsbeck2017-08-274-5/+10
| | | | | can get at it, so libtls can also deal with notafter's past the realm of 32 bit time in portable
* Rewrite ALPN extension using CBB/CBS and the new extension framework.doug2017-08-265-144/+540
| | | | | ok bcook@ beck@ input + ok jsing@
* Work around bug in F5's handling of the supported elliptic curves extension.doug2017-08-231-2/+16
| | | | | | | | | | RFC 4492 only defines elliptic_curves for ClientHello. However, F5 is sending it in ServerHello. We need to skip over it since our TLS extension parsing code is now more strict. Thanks to Armin Wolfermann and WJ Liu for reporting the issue. input + ok jsing@
* import SSL_export_keying_material(3) from OpenSSLschwarze2017-08-213-3/+132
|
* merge the applicable parts of SSL_set_tlsext_host_name(3) documentation;schwarze2017-08-211-4/+28
| | | | | from Paul Yang <yang dot yang at baishancloud dot com> via OpenSSL commit 190b9a03 Jun 28 15:46:13 2017 +0800
* Selectively merge OpenSSL commit e091367d May 5 11:56:45 2017 +0100schwarze2017-08-211-16/+15
| | | | | | | from Matt Caswell <matt at openssl dot org>. In particular, stop talking about SSL 2.0 and SSL 3.0, but do not start talking about TLS 1.3 just yet.
* Mention three functions related to protocol selection by the clientschwarze2017-08-211-3/+48
| | | | | that are deprecated no-ops in LibreSSL, but that OpenSSL explicitly documented on April 19, 2017, without deprecating them.
* Delete non-existent function SSL_flush_sessions();schwarze2017-08-211-12/+4
| | | | | from Rich Salz <rsalz at openssl dot org> via OpenSSL commit 1722496f Jun 8 15:18:38 2017 -0400.
* Delete non-existent functions SSL_add_session() and SSL_remove_session() andschwarze2017-08-211-18/+6
| | | | | | | | | clarify that SSL_CTX_remove_session(3) marks the session as non-resumable. From Rich Salz <rsalz at openssl dot org> via OpenSSL commit 1722496f Jun 8 15:18:38 2017 -0400 and from Matt Caswell <matt at openssl dot org> via OpenSSL commit b8964668 Apr 26 15:16:18 2017 +0100.
* New manual page X509_check_private_key(3), using informationschwarze2017-08-203-4/+69
| | | | | | | | from the OpenSSL manual and from code inspection. Use my own Copyright and license because no Copyright-worthy amount of text from OpenSSL remains. And, no, these functions do *NOT* check private keys, not at all.
* fix a pasto in the description of UI_get0_result_string(3);schwarze2017-08-201-4/+4
| | | | | from Richard Levitte <levitte at openssl dot org> via OpenSSL commit e9c9971b Jul 1 18:28:50 2017 +0200
* Add a BUGS section stating that RSA_PKCS1_PADDING is weak by design;schwarze2017-08-201-3/+11
| | | | | from Emilia Kasper <emilia at openssl dot org> via OpenSSL commit 1e3f62a3 Jul 17 16:47:13 2017 +0200.
* Add a BUGS sectionschwarze2017-08-201-3/+10
| | | | | | stating that RSA_padding_check_PKCS1_type_2(3) is weak by design; from Emilia Kasper <emilia at openssl dot org> via OpenSSL commit 1e3f62a3 Jul 17 16:47:13 2017 +0200.
* import PEM_bytes_read_bio(3) from OpenSSL,schwarze2017-08-204-7/+124
| | | | dropping the secmem stuff that we don't want
* mention CRYPTO_mem_leaks_cb(3) because OpenSSLschwarze2017-08-201-4/+18
| | | | now also documents it, in OPENSSL_malloc.pod
* import EVP_PKEY_meth_get_count.pod from OpenSSL, pruning the functions weschwarze2017-08-202-1/+75
| | | | don't have, which implies renaming the file to EVP_PKEY_meth_get0_info.3
* fix wrong function name;schwarze2017-08-201-6/+7
| | | | | from Rich Salz <rsalz at openssl dot org> via OpenSSL commit 1722496f Jun 8 15:18:38 2017 -0400
* sync with OpenSSL:schwarze2017-08-201-4/+14
| | | | | | | | | | | | | | 1. mention three additional functions for stitched ciphers from Steven Collison <steven at raycoll dot com> via OpenSSL commit 209fac9f Mar 28 12:46:07 2017 -0700 2. fix wrong data type of an automatic variable in an example from Paul Yang <paulyang dot inf at gmail dot com> via OpenSSL commit 719b289d May 22 23:18:45 2017 +0800 3. fix memory leak in sample encryption code and check return value of fopen from Greg Zaverucha <gregz at microsoft dot com> via OpenSSL commit 519a5d1e Jun 27 17:38:25 2017 -0700
* zap trailing whitespace;jmc2017-08-201-2/+2
|
* sprinkle a few missing dependencies on perl scripts internal bits.espie2017-08-203-11/+17
| | | | 'it works' deraadt@
* remove a duplicate BIO_do_accept() call from an example;schwarze2017-08-201-12/+6
| | | | | from Beat Bolli <dev at drbeat dot li> via OpenSSL commit 7a67a3ba Jan 18 23:49:43 2017 +0100
* Sync with OpenSSL: document several new functions, plus some additionalschwarze2017-08-201-48/+227
| | | | | minor improvements. Mostly from Todd Short <tshort at akamai dot com> via OpenSSL commit cf37aaa3 Aug 4 11:24:03 2017 +1000.
* clarify deprecation notice;schwarze2017-08-201-6/+7
| | | | from Rich Salz, OpenSSL commit a95d7574, July 2, 2017
* New ASN1_STRING_TABLE_add(3) manual page, based on information fromschwarze2017-08-202-1/+94
| | | | | | | | | the OpenSSL manual page committed on July 27, 2017, and on source code inspection. Use my own Copyright and license because no copyright-worthy amount of text from OpenSSL remains. NOTA BENE: BUGS Most aspects of the semantics considerably differ from OpenSSL.
* two MALLOC_STATS only tweaks; one from David CARLIER, the other found by clangotto2017-08-201-8/+4
|
* fix .Xr ordering, found with mandoc -Tlintschwarze2017-08-192-6/+6
|
* Import SSL_CTX_set_min_proto_version(3) from OpenSSL, suggested by jsing@.schwarze2017-08-195-7/+134
| | | | | | | | | While importing: * Fix the prototypes, they all contained wrong datatypes. * Delete SSL3_VERSION which is no longer supported. * Delete TLS1_3_VERSION and DTLS1_2_VERSION, not yet supported. * Delete the lie that these would be macros. * Improve SEE ALSO and HISTORY sections.
* fix a typo and mention OpenBSD in HISTORY;schwarze2017-08-191-3/+5
| | | | both pointed out by jsing@
* test locale priorities and overridesschwarze2017-08-161-1/+36
|
* test isalpha_l(3), tolower_l(3), wctype_l(3), iswctype_l(3),schwarze2017-08-161-4/+149
| | | | | wctrans_l(3), towctrans_l(3), wcscasecmp_l(3), wcsncasecmp_l(3), and strerror_l(3)
* test nl_langinfo_l(3), iswalpha_l(3), towupper_l(3)schwarze2017-08-162-3/+44
|
* refactor in preparation for testing more functions; no functional changeschwarze2017-08-152-114/+117
|
* Use sendsyslog() directly instead of syslog_r() for the "backwards memcpy"guenther2017-08-141-3/+12
| | | | | | | messages, to avoid pulling in piles of other machinery unnecessarily problem observed by schwarze@ ok deraadt@ millert@
* fix missing bracket on ARMbcook2017-08-141-15/+15
| | | | ok beck@
* match function implementation with declaration, ok beck@, doug@bcook2017-08-131-2/+2
|
* Add ability to clamp a notafter to values representable in a 32 bit time_tbeck2017-08-133-7/+41
| | | | | | This will only be used in portable. As noted, necessary to make us conformant to RFC 5280 4.1.2.5. ok jsing@ bcook@
* Switch to -Werror with clang for libressl.doug2017-08-134-8/+8
| | | | | Discussed with beck@ and jsing@ ok beck@
* move endian/word size checks from runtime to compile timebcook2017-08-134-325/+340
| | | | ok guenther@
* Make SSL{,_CTX}_set_alpn_protos() do atomic updates and handle NULL.doug2017-08-131-10/+38
| | | | | | | | | | | Previously, the code would accept NULL and 0 length and try to malloc/memcpy it. On OpenBSD, malloc(0) does not return NULL. It could also fail in malloc and leave the old length. Also, add a note that this public API has backwards semantics of what you would expect where 0 is success and 1 is failure. input + ok jsing@ beck@
* Convert the sigma and tau initialisers to byte arrays, rather than usingjsing2017-08-131-3/+12
| | | | | | | | | strings. The original code is perfectly valid C, however it causes some compilers to complain since it lacks room for a string NUL terminator and the compiler is not smart enough to realise that these are only used as byte arrays and never treated as strings. ok bcook@ beck@ inoguchi@
* Remove support for the TLS padding extension.jsing2017-08-132-39/+4
| | | | | | | | This was added as a workaround for broken F5 TLS termination, which then created issues talking to broken IronPorts. The size of the padding is hardcoded so it cannot be used in any generic sense. ok bcook@ beck@ doug@
* Nuke SSL_OP_CRYPTOPRO_TLSEXT_BUG.jsing2017-08-132-27/+4
| | | | | | | This was a workaround for a server that needed to talk GOST to old/broken CryptoPro clients. This has no impact on TLS clients that are using GOST. ok bcook@ beck@ doug@
* Rewrite the TLS status request extension to use the new TLS extension framework.beck2017-08-124-178/+307
| | | | ok jsing@
* Minimize #includes, particularly to avoid thread_private.hguenther2017-08-122-7/+3
| | | | ok tedu@
* Add regress coverage for the TLS signature algorithms extension.jsing2017-08-121-1/+163
|
* Convert TLS signature algorithms extension handling to the new framework.jsing2017-08-126-63/+99
| | | | ok beck@ doug@
* bump to 2.6.1bcook2017-08-121-3/+3
|
* Rewrite session ticket TLS extension handling using CBB/CBS and the newdoug2017-08-124-66/+447
| | | | | | extension framework. ok jsing@ beck@
* Remove NPN test coverage.jsing2017-08-122-129/+1
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-16 21:58:14 +0000