summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Stop setting enc.modified manually. It's no longer needed.tb2021-10-222-4/+2
|
* Simplify the description of RETURN VALUES.schwarze2021-10-211-10/+4
| | | | | | After tb@'s commit x509/x509_lu.c rev. 1.33, it is no longer necessary to talk about X509_LU_* constants as return values from these functions. Feedback and OK from tb@.
* Simplify a return value check for X509_STORE_get_by_subject() nowtb2021-10-211-18/+7
| | | | | | | that we know that it only returns 0 or 1. Eliminate the last uses of X509_LU_{FAIL,RETRY}. ok jsing
* Set enc.modified if the X509_REQ is going to be modified.tb2021-10-211-1/+4
| | | | ok jsing
* new manual page X509_ATTRIBUTE_set1_object(3)schwarze2021-10-214-6/+276
| | | | documenting five X.501 Attribute write accessors
* Sync parts of X509_STORE_get_by_subject() with OpenSSLtb2021-10-211-13/+7
| | | | | | | | | | | Initialize stmp.type and stmp.data.ptr so that a user-defined lookup method need not take responsibility of initializing those. Get rid of current_method, which was never really used. Stop potentially returning a negative value since most callers assume Boolean return values already. In addition, garbage collect the pointless j variable. ok jsing
* Prepare to make X509 opaque.tb2021-10-211-4/+7
| | | | ok jsing
* libtls: Don't reach into X509_STORE_CTX.tb2021-10-211-12/+20
| | | | ok jsing
* Switch from X509_VERIFY_PARAM_set_flags() to X509_STORE_set_flags().tb2021-10-211-2/+2
| | | | | | This reduces the number of reacharounds into libcrypto internals. ok jsing
* Add XKU_ANYEKU #define and use it to cache the anyExtendedKeyUsagetb2021-10-212-3/+8
| | | | | | | extension. This is part of OpenSSL commit df4c395c which didn't make it into our tree for some reason. ok jsing
* Prepare to provide X509_get_X509_PUBKEY() as a function.tb2021-10-212-5/+15
| | | | ok jsing
* Bump to LibreSSL 3.5.0tb2021-10-211-3/+3
|
* Eliminate a dead assignment and a weird cast. Adjust a comment totb2021-10-211-6/+3
| | | | | | reality while there. ok jsing
* Print uid with %u instead of %i.tb2021-10-211-2/+2
| | | | | | Prompted by a diff by Jonas Termansen, discussed with deraadt, millert ok jsing
* Use *printf %d instead of %itb2021-10-211-2/+2
| | | | ok jsing
* Avoid potential NULL dereferences in dtls1_free()tb2021-10-211-2/+7
| | | | ok jsing
* document ASN1_STRING_set_by_NID(3)schwarze2021-10-202-5/+129
| | | | and the three functions related to the global mask
* new manual page ASN1_mbstring_copy(3)schwarze2021-10-204-5/+182
| | | | also documenting ASN1_mbstring_ncopy(3)
* new manual page X509_ATTRIBUTE_get0_object(3)schwarze2021-10-203-2/+139
| | | | documenting the four X.501 Attribute read accessors
* document X509_ATTRIBUTE_create(3) and X509_ATTRIBUTE_dup(3)schwarze2021-10-201-6/+60
|
* document X509_get_pubkey_parameters(3) in a new manual pageschwarze2021-10-195-7/+114
|
* more precision, fewer wordsschwarze2021-10-191-28/+43
|
* document i2d_PrivateKey_bio(3) and i2d_PrivateKey_fp(3)schwarze2021-10-191-12/+37
|
* install X509_PKEY_new(3)schwarze2021-10-191-1/+2
|
* document X509_PKEY_new(3) and X509_PKEY_free(3)schwarze2021-10-194-8/+103
|
* document X509_VERIFY_PARAM_inherit(3) and X509_VERIFY_PARAM_set1(3)schwarze2021-10-184-8/+159
|
* split seven functions out of the page X509_VERIFY_PARAM_set_flags(3), whichschwarze2021-10-185-134/+175
| | | | | is becoming excessively long, into a new page X509_VERIFY_PARAM_new(3); no content change
* Pull in ssl_locl.h so that we can keep reaching into libssl internals.jsing2021-10-152-1/+4
|
* Move various structs from ssl.h/tls1.h to ssl_locl.h.jsing2021-10-153-140/+128
| | | | | | These were already under LIBRESSL_INTERNAL hence no ABI change. ok tb@
* Use unsigned char instead of u_char for two prototypes (like everywheretb2021-10-141-4/+4
| | | | else in libcrypto's manuals and headers).
* ssltest.c does not need param.htb2021-10-131-1/+0
| | | | From Jonas Termansen
* Remove __dead from usage() to reduce the diff needed to build LibreSSLtb2021-10-131-3/+3
| | | | | | on sortix. Prompted by a diff by Jonas Termansen
* Provide realpath(1)kn2021-10-131-2/+3
| | | | | | | A tiny realpath(3) wrapper to make a porter's life easier. Feedback kettenis deraadt cheloha sthen OK cheloha martijn deraadt
* does not need arpa/nameser.hderaadt2021-10-111-2/+1
|
* X509_STORE_CTX_init() allows the store to be NULL on init. Add checksclaudio2021-10-061-1/+11
| | | | | | | | for a NULL ctx->ctx in the lookup functions using X509_STORE_CTX. This affects X509_STORE_get1_certs(), X509_STORE_get1_crls(), X509_STORE_CTX_get1_issuer() and X509_STORE_get_by_subject(). With this X509_verify_cert() no longer crashes with a NULL store. With and OK tb@
* Use SSL_CTX_get0_param() rather than reaching into the SSL_CTX.jsing2021-10-021-2/+2
|
* Mark another test as failing with the legacy verifier.jsing2021-09-302-2/+4
| | | | | This test now fails with the legacy verifier, due to X509_V_FLAG_TRUSTED_FIRST being enabled by default.
* Enable X509_V_FLAG_TRUSTED_FIRST by default in the legacy verifier.jsing2021-09-301-1/+2
| | | | | | | | | | | | In order to work around the expired DST Root CA X3 certficiate, enable X509_V_FLAG_TRUSTED_FIRST in the legacy verifier. This means that the default chain provided by Let's Encrypt will stop at the ISRG Root X1 intermediate, rather than following the DST Root CA X3 intermediate. Note that the new verifier does not suffer from this issue, so only a small number of things will hit this code path. ok millert@ robert@ tb@
* delete expired DST Root CA X3 to work around bugs various librariesderaadt2021-09-301-44/+1
| | | | ok sthen, beck, jsing, tb, etc etc
* Remove recent changes used to unblock the signal undergoing testing, I solved itanton2021-09-282-30/+2
| | | | | by changing my regress environment instead. This reduces the delta to the NetBSD upstream.
* Mark "failures" volatile to avoid a problem with sigsetjmp/siglongjmp.millert2021-09-272-4/+4
| | | | | | This makes the test pass on sparc64 where the compiler may otherwise store the variable in the strlcpy/strlcat function's delay slot. OK kettenis@
* These tests pass in a few seconds. Remove REGRESS_SLOW_TARGETS.bluhm2021-09-271-3/+1
|
* Make t_gettimeofday pass on sparc64.mbuhl2021-09-271-1/+3
| | | | OK bluhm@
* Simplify runAesCmacTest() by using EVP_DigestSign().tb2021-09-241-16/+3
|
* Avoid a potential overread in x509_constraints_parse_mailbox()jsing2021-09-231-5/+9
| | | | | | | | | | The length checks need to be >= rather than > in order to ensure the string remains NUL terminated. While here consistently check wi before using it so we have the same idiom throughout this function. Issue reported by GoldBinocle on GitHub. ok deraadt@ tb@
* Remove an unused variable and a pointless label.tb2021-09-231-7/+1
| | | | ok inoguchi
* Fix appstest.sh for testing with OpenSSL 3.0inoguchi2021-09-201-2/+5
| | | | | - Fix 'Server Temp Key' check to work with both words "P-384" and "secp384r1". - Test TLSv1 and TLSv1.1 only if OpenSSL version is 1.x.
* Switch two calls from memset() to explicit_bzero()tb2021-09-191-3/+3
| | | | | | | This matches the documented behavior more obviously and ensures that these aren't optimized away, although this is unlikely. Discussed with deraadt and otto
* At least t_fork and t_vfork tests need coredumps enabled to succeed.claudio2021-09-191-1/+2
| | | | | | Add ulimit -c unlimited before running the tests like it is done in other places in regress. OK bluhm@
* Implement flushing for TLSv1.3 handshakes.jsing2021-09-165-7/+69
| | | | | | | | | | | | | | | When we finish sending a flight of records, flush the record layer output. This effectively means calling BIO_flush() on the wbio. Some things (such as apache2) have custom BIOs that perform buffering and do not actually send on BIO_write(). Without BIO_flush() the server thinks it has sent data and starts receiving records, however the client never sends records since it never received those that the server should have sent. Joint work with tb@ ok tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-10 01:32:34 +0000