summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Prepare to make many of the structs in x509.h opaque.tb2021-10-231-76/+86
| | | | ok beck jsing
* Change ssl_verify_cert_chain() for compatibility with opaquetb2021-10-231-16/+19
| | | | | | | X509_STORE_CTX and use accessors instead of reaching directly into the struct. ok jsing
* Use X509_STORE_CTX_get0_chain() instead of grabbing the chain directlytb2021-10-232-4/+4
| | | | | | out of the X509_STORE_CTX. ok jsing
* Revise regress test for tls13_buffer rename.jsing2021-10-231-14/+16
|
* Rename tls13_buffer to tls_buffer.jsing2021-10-237-69/+111
| | | | | | | This code will soon be used in the DTLSv1.2 and TLSv1.2 stack. Also introduce tls_internal.h and move/rename the read/write/flush callbacks. ok beck@ tb@
* Stop reaching into structs that will become opaque in ca.ctb2021-10-231-5/+3
| | | | "just commit it" beck
* Prepare to provide X509_re_X509*_tbs()tb2021-10-234-4/+35
| | | | ok beck jsing
* Prepare to provide X509_get_extension_flags()tb2021-10-232-2/+13
| | | | ok beck jsing
* Add SSL_CTX_set_keylog_callback and SSL_CTX_get_keylog_callbackbeck2021-10-235-4/+67
| | | | | | | | Some things in ports care about calling these functions. Since we will not provide private key logging functionality they are documented as being for compatibility and that they don't do anything. ok tb@
* Prepare to provide X509_SIG_get{0,m}.tb2021-10-232-2/+28
| | | | ok beck jsing
* Nuke the asn1-kludge. This was a workaround for CAs with broken PCKS#10tb2021-10-232-35/+5
| | | | | | encoders many moons ago. OpenSSL removed it in 2015. ok beck jsing
* Add back the fips mode test functions, new stuff requires this.beck2021-10-233-3/+83
| | | | | Symbols.list changes to follow with tb's upcoming bump ok jsing@
* Untangle ssl3_get_message() return values.jsing2021-10-236-166/+139
| | | | | | | | | | | | | | | This function currently has a long return type that may be <= 0 on error/retry (which is then cast to an int in order to return it up the stack), or it returns the length of the handshake message (on success). This obviously means that 0 can be returned for both success and failure, which is the reason why a separate 'ok' argument has to exist. Untangle this mess by changing the return value to an int that indicates success (1) or error/retry (<= 0). The length never needs to actually be returned as it is already stored in s->internal->init_num (which is where the return value is read from anyway). ok tb@
* Revise regress for tlsext_tick_lifetime_hint changing type.jsing2021-10-231-2/+2
|
* Add a length check before NUL-terminating target. From Jonas Termansen.tb2021-10-231-1/+5
| | | | ok jsing
* Change tlsext_tick_lifetime_hint to uint32_t.jsing2021-10-234-17/+11
| | | | | | | | Now that SSL_SESSION is opaque, change tlsext_tick_lifetime_hint from long to uint32_t (matching RFC4507), rather than continuing to work around an inappropriate type choice. ok tb@
* Prepare to provide X509_get_{extended_,}key_usage()tb2021-10-222-2/+32
| | | | ok beck jsing
* Switch from u_int and u_char to u32 and u8 to avoid portability issues.tb2021-10-221-17/+14
| | | | | | Prompted by a diff by Jonas Termansen. ok jsing
* Prepare to provide X509_REQ_pubkey_get0()tb2021-10-222-2/+13
| | | | ok jsing
* new manual page EVP_PKEY_add1_attr(3) documenting nine functionsschwarze2021-10-227-8/+202
| | | | for associating X.501 Attributes with private keys
* new manual page X509at_add1_attr(3)schwarze2021-10-224-6/+140
| | | | describing five functions to change arrays of X.501 Attribute objects
* fix a gratuitiously different argument nameschwarze2021-10-221-3/+3
|
* new manual page X509at_get_attr(3)schwarze2021-10-223-4/+163
| | | | documenting five X.501 Attribute read accessors
* Put back sys/types.h and sys/socket.h. The latter was unintentionallytb2021-10-221-1/+3
| | | | removed and the former is still needed, as pointed out by kettenis
* Fix some ghastly whitespace. From Martin Vahlensiecktb2021-10-221-6/+6
|
* Use unsigned char instead of u_char in base64.c. This is a mildtb2021-10-221-9/+6
| | | | | | | | | portability annoyance since not all systems have u_char. Remove the now unused includes sys/types.h and stdio.h. u_char diff from Jonas Termansen ok deraadt
* Garbage collect an unused variable.tb2021-10-221-4/+2
|
* Stop setting enc.modified manually. It's no longer needed.tb2021-10-222-4/+2
|
* Simplify the description of RETURN VALUES.schwarze2021-10-211-10/+4
| | | | | | After tb@'s commit x509/x509_lu.c rev. 1.33, it is no longer necessary to talk about X509_LU_* constants as return values from these functions. Feedback and OK from tb@.
* Simplify a return value check for X509_STORE_get_by_subject() nowtb2021-10-211-18/+7
| | | | | | | that we know that it only returns 0 or 1. Eliminate the last uses of X509_LU_{FAIL,RETRY}. ok jsing
* Set enc.modified if the X509_REQ is going to be modified.tb2021-10-211-1/+4
| | | | ok jsing
* new manual page X509_ATTRIBUTE_set1_object(3)schwarze2021-10-214-6/+276
| | | | documenting five X.501 Attribute write accessors
* Sync parts of X509_STORE_get_by_subject() with OpenSSLtb2021-10-211-13/+7
| | | | | | | | | | | Initialize stmp.type and stmp.data.ptr so that a user-defined lookup method need not take responsibility of initializing those. Get rid of current_method, which was never really used. Stop potentially returning a negative value since most callers assume Boolean return values already. In addition, garbage collect the pointless j variable. ok jsing
* Prepare to make X509 opaque.tb2021-10-211-4/+7
| | | | ok jsing
* libtls: Don't reach into X509_STORE_CTX.tb2021-10-211-12/+20
| | | | ok jsing
* Switch from X509_VERIFY_PARAM_set_flags() to X509_STORE_set_flags().tb2021-10-211-2/+2
| | | | | | This reduces the number of reacharounds into libcrypto internals. ok jsing
* Add XKU_ANYEKU #define and use it to cache the anyExtendedKeyUsagetb2021-10-212-3/+8
| | | | | | | extension. This is part of OpenSSL commit df4c395c which didn't make it into our tree for some reason. ok jsing
* Prepare to provide X509_get_X509_PUBKEY() as a function.tb2021-10-212-5/+15
| | | | ok jsing
* Bump to LibreSSL 3.5.0tb2021-10-211-3/+3
|
* Eliminate a dead assignment and a weird cast. Adjust a comment totb2021-10-211-6/+3
| | | | | | reality while there. ok jsing
* Print uid with %u instead of %i.tb2021-10-211-2/+2
| | | | | | Prompted by a diff by Jonas Termansen, discussed with deraadt, millert ok jsing
* Use *printf %d instead of %itb2021-10-211-2/+2
| | | | ok jsing
* Avoid potential NULL dereferences in dtls1_free()tb2021-10-211-2/+7
| | | | ok jsing
* document ASN1_STRING_set_by_NID(3)schwarze2021-10-202-5/+129
| | | | and the three functions related to the global mask
* new manual page ASN1_mbstring_copy(3)schwarze2021-10-204-5/+182
| | | | also documenting ASN1_mbstring_ncopy(3)
* new manual page X509_ATTRIBUTE_get0_object(3)schwarze2021-10-203-2/+139
| | | | documenting the four X.501 Attribute read accessors
* document X509_ATTRIBUTE_create(3) and X509_ATTRIBUTE_dup(3)schwarze2021-10-201-6/+60
|
* document X509_get_pubkey_parameters(3) in a new manual pageschwarze2021-10-195-7/+114
|
* more precision, fewer wordsschwarze2021-10-191-28/+43
|
* document i2d_PrivateKey_bio(3) and i2d_PrivateKey_fp(3)schwarze2021-10-191-12/+37
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-01 12:48:02 +0000