| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Spotted by egcc. ok tb@
|
| |
|
|
| |
Spotted by egcc and probably clang 13. ok tb@
|
| | |
|
| |
|
|
|
|
|
|
| |
This is effectively the same record processing limit that was previously
added to the legacy TLS stack - without this a single session can be made
to spin on a stream of alerts or other similar records.
ok beck@ tb@
|
| |
|
|
|
|
| |
Also mop up some mostly unhelpful comments while here.
ok beck@ tb@
|
| |
|
|
| |
ok beck@ tb@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
3rd (variadic) mode_t parameter is irrelevant. Many developers in the past
have passed mode_t (0, 044, 0644, or such), which might lead future people
to copy this broken idiom, and perhaps even believe this parameter has some
meaning or implication or application. Delete them all.
This comes out of a conversation where tb@ noticed that a strange (but
intentional) pledge behaviour is to always knock-out high-bits from
mode_t on a number of system calls as a safety factor, and his bewilderment
that this appeared to be happening against valid modes (at least visually),
but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef.
ok millert
|
| |
|
|
| |
from the OpenSSL 1.1.1 branch, which is still under a free license
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
|
|
|
|
|
|
|
| |
and since CMS_ReceiptRequest_get0_values(3) uses it, add it to the
list of STACK_OF(3) types.
While here, also add the missing CMS_RecipientInfo, CMS_SignerInfo,
OPENSSL_STRING, SRTP_PROTECTION_PROFILE, SSL_CIPHER, SSL_COMP and
X509_NAME to the list of stack types used by the API, drop
STACK_OF(X509_PURPOSE) which is only used internally, and list those
STACK_OF(*) types separately that are obfuscated with typedef.
|
| |
|
|
| |
ok mpi@ deraadt@
|
| |
|
|
| |
ok beck inoguchi jsing
|
| |
|
|
| |
spotted by and ok jsing@
|
| | |
|
| |
|
|
|
|
| |
symbol will be exposed with tb@'s forthcoming bump
ok tb@
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
while here, also apply some minor wording improvements
|
| |
|
|
|
|
|
|
|
| |
Since we don't support session tickets in LibreSSL at the moment
these functions currently do not have any effect.
Again, symbols will appear with tb@'s reptar sized bump..
ok tb@
|
| | |
|
| | |
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
|
|
|
| |
X509_get_extended_key_usage from OpenSSL. Will be linked to the build
after the bump.
input/lgtm schwarze
|
| |
|
|
|
|
| |
to the build after the bump.
tweak & lgtm schwarze
|
| |
|
|
| |
pointed out by schwarze
|
| |
|
|
|
|
|
|
|
|
| |
As these still meet the usual expectations for special, I will leave
it up to ingo to decide to either document separately or in one man
page like OpenSSL did.
Will also need Symbols.list additions by tb@ when he starts the rapture
ok tb@ jsing@
|
| |
|
|
|
|
|
| |
X509_get_extended_key_usage from OpenSSL. Will be linked to the build
after the bump.
input/lgtm schwarze
|
| |
|
|
|
|
| |
to the build after the bump.
tweak & lgtm schwarze
|
| |
|
|
|
|
|
| |
These are no longer public, so we can mop them up along with the machinery
needed to set/clear them.
ok beck@ tb@
|
| |
|
|
| |
the vicinity.
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
get_cert_chain() needs some error checking. return X509_V_ errors
instead of trying to overload the NULL and then whine in a comment that
this won't really work.
Fix a bug that printed only the first attribute by factoring out the
thing that did the actual printing.
Sprinkle a few changes to accessors here and there.
This is loosely based on what OpenSSL did with some simplifications by
jsing.
ok beck jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the introduction of TLSv1.3, we need the ability to determine our
maximum legacy version and to track our peer's maximum legacy version.
This is needed for both the TLS record layer when using TLSv1.3, plus
it is needed for RSA key exhange in TLS prior to TLSv1.3, where the
maximum legacy version is incorporated in the pre-master secret to
avoid downgrade attacks.
This unbreaks RSA KEX for the TLS client when the non-version specific
method is used with TLSv1.0 or TLSv1.1 (clearly no one does this).
ok tb@
|
| |
|
|
|
|
|
|
|
| |
This currently exercises various combinations of TLS versions and their
associated key exchange mechanisms. Note that this currently fails for
TLSv1.0/TLSv1.1 with RSA KEX (to be fixed shortly).
Over time all of the ssl regress should be moved into the dtls and tls
regress tests.
|
| |
|
|
| |
and fix some weird typos in comments (duplicate '@' signs)
|
| | |
|
| |
|
|
|
|
|
| |
Now that DTLS1_STATE is opaque, fold DTLS1_STATE_INTERNAL back into
DTLS1_STATE and remove D1I() usage.
ok tb@
|
| |
|
|
| |
plus .Dv NULL, SEE ALSO, HISTORY
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
|
|
|
| |
X509_STORE_CTX and use accessors instead of reaching directly
into the struct.
ok jsing
|
| |
|
|
|
|
| |
out of the X509_STORE_CTX.
ok jsing
|
| | |
|
| |
|
|
|
|
|
| |
This code will soon be used in the DTLSv1.2 and TLSv1.2 stack. Also
introduce tls_internal.h and move/rename the read/write/flush callbacks.
ok beck@ tb@
|
| |
|
|
| |
"just commit it" beck
|
