summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Remove ssl3_undef_enc_method - if we have internal bugs we want to segfaultjsing2017-01-265-36/+8
| | | | | | | so that we can debug it, rather than adding a "should not be called" error to the stack. Discussed with beck@
* Remove a sess_cert reference from a comment in the public header.jsing2017-01-261-5/+2
| | | | Noted by zhuk@
* split the tls_init(3) that had grown fat to allow healthy future growth;schwarze2017-01-2515-888/+1474
| | | | suggested by jsing@; "i would just chuck it in" jmc@
* Fix array initialization syntax for ocspcheck.cinoguchi2017-01-251-1/+1
| | | | | Conformance to C99, and avoiding build break on VisualStudio and HP-UX. OK millert@
* document BN_asc2bn(3);schwarze2017-01-251-3/+27
| | | | jsing@ confirmed that it is a public function worth documenting
* remove __BEGIN_DECLS and __END_DECLS from http.hinoguchi2017-01-251-5/+1
| | | | | sync with ocspcheck and acme-client ok benno@
* bring changes from acme-client over here.benno2017-01-251-56/+54
| | | | ok beck@
* Update ssl versions regress to handle min/max configured versions andjsing2017-01-251-47/+201
| | | | the cover the ssl_supported_version_range() function.
* Limit enabled version range by the versions configured on the SSL_CTX/SSL,jsing2017-01-253-23/+84
| | | | | | | provide an ssl_supported_versions_range() function which also limits the versions to those supported by the current method. ok beck@
* Add start of a regress for cert gen and validation. not clean, won'tbeck2017-01-255-0/+394
| | | | hook it up yet
* link in rsa testbeck2017-01-251-1/+2
|
* Add rsa test from openssl, since it has a license nowbeck2017-01-252-0/+344
|
* Change the SSL_IS_DTLS() macro to check the version, rather than using ajsing2017-01-252-7/+4
| | | | | | | flag in the encryption methods. We can do this since there is currently only one DTLS version. This makes upcoming changes easier. ok beck@
* Construct a BN_gcd_nonct, based on BN_mod_inverse_no_branch, as suggestedbeck2017-01-256-10/+170
| | | | | | | | | | | by Alejandro Cabrera <aldaya@gmail.com> to avoid the possibility of a sidechannel timing attack during RSA private key generation. Modify BN_gcd to become not visible under LIBRESSL_INTERNAL and force the use of the _ct or _nonct versions of the function only within the library. ok jsing@
* Provide ssl3_packet_read() and ssl3_packet_extend() functions that improvejsing2017-01-253-35/+59
| | | | | | | the awkward API provided by ssl3_read_n(). Call these when we need to read or extend a packet. ok beck@
* Provide defines for SSL_CTRL_SET_CURVES/SSL_CTRL_SET_CURVES_LIST for thingsjsing2017-01-251-1/+15
| | | | | | | | that are conditioning on these. From BoringSSL. ok beck@
* fix make clean and warningsotto2017-01-242-1/+3
|
* make sure realloc preserves dataotto2017-01-241-17/+45
|
* use ${.OBJDIR}otto2017-01-241-8/+8
|
* BUF_MEM_free(), X509_STORE_free() and X509_VERIFY_PARAM_free() all checkjsing2017-01-242-18/+10
| | | | for NULL, as does lh_free() - do not do the same from the caller.
* sk_free() checks for NULL so do not bother doing it from the callers.jsing2017-01-244-10/+9
|
* sk_pop_free() checks for NULL so do not bother doing it from the callers.jsing2017-01-247-50/+31
|
* Within libssl a SSL_CTX * is referred to as a ctx - fix this forjsing2017-01-241-29/+29
| | | | SSL_CTX_free().
* correct usage format; ok beck claudio bennoderaadt2017-01-241-2/+3
|
* in resolver(3), document that _EDNS0 and _DNSSEC are no ops;jmc2017-01-241-6/+17
| | | | | | | diff from kirill miazine while here, bump all the no op texts to one standard blurb; help/ok jca
* fix mode on open() and ftruncate(), noticed bybeck2017-01-241-2/+4
| | | | bcook@
* #if 0 the ecformats_list and eccurves_list - these are currently unused butjsing2017-01-241-2/+5
| | | | will be revisited at some point in the near future.
* Remove unused cert variable.jsing2017-01-241-3/+1
| | | | Found by bcook@
* Say no to two line error messages on failurebeck2017-01-241-4/+3
|
* s/returns/exits/beck2017-01-241-2/+2
|
* Break run-on sentence into two.beck2017-01-241-3/+4
|
* string terminator is called a NULderaadt2017-01-242-5/+5
|
* Actually load the cafile when providede, and error message cleanupbeck2017-01-241-4/+4
|
* use warn, I have errno here. noticed by theobeck2017-01-241-1/+1
|
* Yes the "if (const == val" idiom provides some safety, but it grates onderaadt2017-01-241-58/+58
| | | | | us too much. ok beck jsing
* knfbeck2017-01-241-1/+2
|
* revert accidental commit of theo diffbeck2017-01-241-58/+58
|
* Just don't bother with OpenSSL error strings, they are mostlybeck2017-01-242-77/+71
| | | | irrelevant and look gross here anyway.. we don't need them
* various cleanup;jmc2017-01-242-29/+28
|
* Bump libssl and libtls minors due to symbol additions.jsing2017-01-242-2/+2
|
* slight cleanupsderaadt2017-01-241-4/+3
|
* Add a -groups option to openssl s_client, which allows supported EC curvesjsing2017-01-241-7/+17
| | | | | | to be specified as a colon separated list. ok beck@
* Update client tests for changes in default EC formats/curves.jsing2017-01-241-52/+31
|
* Add support for setting the supported EC curves viajsing2017-01-247-26/+197
| | | | | | | | | | | | | SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names. This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself. Inspired by parts of BoringSSL and OpenSSL. ok beck@
* s/exit/exist/ typobeck2017-01-241-2/+2
|
* New ocspcheck utility to validate a certificate against its ocsp responderbeck2017-01-245-0/+1634
| | | | | | and save the reply for stapling ok deraadt@ jsing@
* Correct bounds checks used when generating the EC curves extension.jsing2017-01-241-3/+3
| | | | ok beck@
* accross -> across;jmc2017-01-241-2/+2
|
* Use prime256v1 for tests unless otherwise specified.jsing2017-01-241-4/+0
|
* Fix typo in brainpool curve name within a comment.jsing2017-01-241-2/+2
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-29 10:33:30 +0000