summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* | | | Regenerate the text information for all certificates with recent opensslsthen2012-11-301-439/+465
| | | | | | | | | | | | | | | | | | | | | | | | and include sha1 signatures for all certs (some were missing). No certificate changes, this is just for consistency. ok beck@
* | | | Remove retired Thawte/Verisign certificates.sthen2012-11-301-499/+0
| | | | | | | | | | | | | | | | | | | | | | | | Remove intermediate GoDaddy certificate, this file should just contain roots. ok beck@ phessler@
* | | | Document a known bug in the DES crypt cipher implementation which we'restsp2012-11-301-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | not going to fix in order to stay compatible with legacy password data. Nobody should use DES crypt anyway these days. See http://www.freebsd.org/security/advisories/FreeBSD-SA-12:02.crypt.asc for details about this bug. Discussed with deraadt and beck about half a year ago (I'm pruning Ms from my tree).
* | | | - put the various options into the same order as those in resolv.hjmc2012-11-291-17/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - sync RES_DEBUG with resolv.conf.5 - document RES_PRIMARY, but mark it unsupported (like we already do for RES_AAAONLY) - use the exact same text (about being enabled by default) for RES_RECURSE as for the other two defaults - document RES_INSECURE{1,2} - description lifted from resolv.conf.5 - document RES_NOALIASES - mostly sync the RES_USE_EDNS0 text with resolv.conf.5 - RES_USE_DNSSEC not documented for now. something to come... ok sthen
* | | | remove some useless Tn and double punctuation;jmc2012-11-191-16/+7
| | | |
* | | | RES_IGNTC is no longer ignored; ok sthenjmc2012-11-191-4/+4
| | | |
* | | | Ensure that the base provided to strtol(3) is between 2 and 36 inclusive,jsing2012-11-181-1/+12
| | | | | | | | | | | | | | | | | | | | | | | | or the special value of 0. ok deraadt@ otto@
* | | | Add a regress test for strtol, which currently fails.jsing2012-11-183-2/+86
| | | | | | | | | | | | | | | | ok otto@
* | | | Per POSIX, fix raise() and abort() to send the signal to the current thread.guenther2012-11-101-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | Should make coredumps from abort() easier to debug too. ok kurt@
* | | | Add a new malloc option 'U' => "Free unmap" that does the guarding/djm2012-11-022-18/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | unmapping of freed allocations without disabling chunk randomisation like the "Freeguard" ('F') option does. Make security 'S' option use 'U' and not 'F'. Rationale: guarding with no chunk randomisation is great for debugging use-after-free, but chunk randomisation offers better defence against "heap feng shui" style attacks that depend on carefully constructing a particular heap layout so we should leave this enabled when requesting security options.
* | | | On amd64 OPENSSL_cpuid_setup and OPENSSL_ia32cap_P are now hidden so we don'tkettenis2012-10-318-18/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | have to go through the PLT/GOT to get at them anymore. In fact going through the GOT now fails since we no longer have a GOT entry for OPENSSL_ia32cap_P. Fixes the problem spotted by jasper@ and sthen@. Based on a diff from mikeb@ who did most of the actual work of tracking down the issue. ok millert@, mikeb@
* | | | Restore r1.10, lost during last update:miod2012-10-222-2/+2
| | | | | | | | | | | | | | | | Disable use of dladdr() on a.out arches, they do not provide it (yet);
* | | | Makefile and header changes for OpenSSL-1.0.1cdjm2012-10-1320-139/+361
| | | | | | | | | | | | | | | | major cranks
* | | | import files that CVS missed; sighdjm2012-10-1310-0/+1498
| | | |
* | | | resolve conflictsdjm2012-10-13504-7535/+33760
| | | |
* | | | This commit was generated by cvs2git to track changes on a CVS vendordjm2012-10-1342-591/+570
|\| | | | | | | | | | | branch.
| * | | import OpenSSL-1.0.1cdjm2012-10-13339-4357/+15664
| | | |
* | | | This commit was generated by cvs2git to track changes on a CVS vendordjm2012-10-13219-1382/+57417
|\ \ \ \ | | |/ / | |/| | branch.
| * | | import OpenSSL-1.0.1cdjm2012-10-13248-2332/+62631
| | | |
* | | | This commit was generated by cvs2git to track changes on a CVS vendordjm2012-10-13160-1420/+48653
|\ \ \ \ | | |_|/ | |/| | branch.
| * | | import OpenSSL-1.0.1cdjm2012-10-13359-4455/+63120
| | | |
* | | | last stage of rfc changes, using consistent Rs/Re blocks, and moving thejmc2012-09-279-88/+91
| | | | | | | | | | | | | | | | references into a STANDARDS section;
* | | | last stage of rfc changes, using consistent Rs/Re blocks, and moving thejmc2012-09-261-19/+45
| | | | | | | | | | | | | | | | references into a STANDARDS section;
* | | | Make setenv(3) consistent with unsetenv(3), giving EINVAL if passedjeremy2012-09-232-20/+10
| | | | | | | | | | | | | | | | | | | | | | | | an empty name, NULL pointer, or a name containing an '=' character. OK millert@, guenther@
* | | | remove some wacky Xo/Xc;jmc2012-09-161-3/+3
| | | |
* | | | remove tahoe-specific makefile machinery, no such hardware is known to bemiod2012-09-151-5/+1
| | | | | | | | | | | | | | | | | | | | in working condition anymore (assuming there would be interest in running on it).
* | | | Document that strtod functions accept INF, NAN, NAN(). From Michal Mazurek.martynas2012-09-151-3/+28
| | | |
* | | | specify the bounds of the dst to strlcat (both values were static andderaadt2012-09-131-2/+2
| | | | | | | | | | | | | | | | | | | | equal, but it is more correct) from Michal Mazurek
* | | | Fix precedence bug (& has lower precedence than !=).pirofti2012-09-131-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | Okay otto@. Found by Michal Mazurek <akfaew at jasminek dot net>, thanks!
* | | | run regress with the local env tooeric2012-09-051-2/+2
| | | |
* | | | use LDSTATIC for building static executableseric2012-09-051-2/+2
| | | |
* | | | arc4random_buf is the easy way to fill a buffer now. ok deraadttedu2012-09-041-10/+3
| | | |
* | | | remove lint leftovers; ok guenther@okan2012-09-041-5/+1
| | | |
* | | | rfc 2553 (not 2533) has been replaced by rfc 3493;jmc2012-08-221-5/+6
| | | |
* | | | When deciding whether we're PIC in a (generated) asm file, check for both PICpascal2012-08-212-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | and __PIC__ defines. Makes things easier for PIE. ok djm@
* | | | - remove inconsistent/obsolete commentsjmc2012-08-214-48/+35
| | | | | | | | | | | | | | | | | | | | - update rfc references - make the Rs/Re blocks more consistent
* | | | flesh out the rfc section;jmc2012-08-211-10/+33
| | | | | | | | | | | | | | | | rfc 5321 replaces 974 and 2821;
* | | | rfc 4291 replaces rfcs 2373 and 3513;jmc2012-08-201-9/+16
| | | |
* | | | use Lk for links;jmc2012-08-151-4/+4
| | | |
* | | | allow to choose an alternate regress scripteric2012-08-071-2/+3
| | | |
* | | | remove leftover NOLINT, WANTLINT, LINTFLAGS, LOBJ vars and lint targets.okan2012-08-023-25/+3
| | | | | | | | | | | | | | | | ok guenther@
* | | | add a flag to choose between gethostbyname and gethostbyaddreric2012-07-292-12/+13
| | | |
* | | | remove reference to no longer existing description of nonexistent devices;naddy2012-07-261-7/+4
| | | | | | | | | | | | | | | | ok deraadt@ tedu@, wording tweaks jmc@
* | | | import regression suite for asreric2012-07-1323-0/+2464
| | | |
* | | | Use same (lame) verbiage to explain ifa_dstaddr as is used forkrw2012-07-131-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ifa_broadaddr. i.e. make it make clear that this field is only valid for P2P. (Hint: one's a field, and one's a #define giving a new name to said field) ok guenther@
* | | | put back the Key-Arg field - sess_id still prints it;jmc2012-07-131-2/+5
| | | |
* | | | remove (hopefully) all traces of sslv2; ok sthenjmc2012-07-121-55/+23
| | | |
* | | | Skip printing another SSLv2-only command in s_client's usage text.sthen2012-07-121-0/+2
| | | | | | | | | | | | | | | | jmc@ noticed this in the manpage while updating it, but it applies here too.
* | | | Disable SSLv2 in OpenSSL. No objections from djm.sthen2012-07-1120-8/+96
| | | | | | | | | | | | | | | | Brad, jasper and naddy helped with test builds, fixing ports, etc.
* | | | catch off-by-one errors in stpncpy(); ok guenther@naddy2012-07-113-6/+33
| | | |
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-08 20:57:23 +0000