summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Remove unnecessary type assignments - M_ASN1_INTEGER_new() already setsjsing2015-09-302-6/+2
| | | | | | the type to V_ASN1_INTEGER. ok doug@
* fix two typos.sobrado2015-09-301-2/+2
|
* Fix a bug in the regress, and be much more pedantic about what is allowedbeck2015-09-301-22/+46
| | | | | | | per RFC 5380 in an X509. RFC 5280 states that all times before 2050 must be specified as a UTCtime, not a Generalized time, and all times after must be a UTC time. By extension this also means the smallest time allowed per RFC 5280 is 500101000000Z and the largest is 99991231235959Z..
* Remove support for NO_ASN1_TYPEDEFS.doug2015-09-302-42/+2
| | | | | | | This ifdef was introduced 15 years ago and was known to cause problems with STACK_OF() back then. ok jsing@, beck@, jca@
* convert "last_time" to a time_t, to handle beyond Y2038deraadt2015-09-292-14/+14
| | | | ok guenther miod
* Replace remaining M_ASN1_BIT_STRING_(new|free) macros with calls tojsing2015-09-296-18/+18
| | | | | | ASN1_BIT_STRING_(new|free). ok beck@ doug@
* Instead of declaring a union in multiple places, move it to tls_internal.h.jsing2015-09-293-15/+14
| | | | ok deraadt@
* clean some ugly intendation wartsderaadt2015-09-295-12/+21
|
* Add an rfc5280 test suite to test x509_cmp_time.beck2015-09-292-2/+362
| | | | | | Note some of these will yet fail with the current libcrypto as the current X509_cmp_time is not RFC5280 compliant ok jsing@
* Fix sha2 regression test for libcrypto.doug2015-09-291-2/+2
| | | | | | | | | By default, "openssl sha" used SHA-0. However, it was possible to use the form "openssl sha -sha256" to run SHA-256 instead. The regression test used this form. Since we removed SHA-0 support, the regress tests should now call "openssl <digest>". ok guenther@, bcook@
* remove excessive brackets on pointer mathderaadt2015-09-282-16/+16
|
* Explicit NULL checks and style(9) tweaks.jsing2015-09-281-7/+7
|
* Redo 1.25, without the NULL deref.miod2015-09-272-44/+62
| | | | ok sthen@ bcook@
* check if openssl(1) actually works before proceedingbcook2015-09-271-0/+2
| | | | | It was possible for this test to pass even if the openssl command itself was missing.
* bump to 2.3.1bcook2015-09-272-6/+6
|
* Use ASN1_item_dup() instead of ASN1_dup().jsing2015-09-264-14/+10
| | | | ok bcook@
* lint is dead: delete useless LINTLIBRARY commentsguenther2015-09-262-4/+2
| | | | ok millert@
* We don't need no stinking "EXAMPLE OF THE DSA" or README (the credits arejsing2015-09-264-252/+0
| | | | | | already in the code). ok beck@ miod@
* Add DER encoding/decoding coverage for ASN.1 GENERALIZEDTIME and UTCTIME.jsing2015-09-251-39/+158
|
* Add initial regress tests for ASN.1 times.jsing2015-09-253-1/+372
|
* avoid trailing .Ns, reduce .Xo and .Sm, drop redundant .Bkschwarze2015-09-251-12/+4
|
* typos in documentation; better wording, suggested by jmc@libressl-v2.3.0sobrado2015-09-2251-88/+88
| | | | ok jmc@
* add a missing NULL checkbcook2015-09-211-1/+5
| | | | noted by Bill Parker (dogbert2) on github
* add a couple of missing NULL checksbcook2015-09-211-3/+3
| | | | noted by Bill Parker (dogbert2) on github
* remove vestigial bits of sha-0 and md2 from openssl(1)bcook2015-09-215-23/+17
| | | | | | | | Noted by kinichiro on github. We probably need a better way to indicate the list of message digests that are allowed, as the current ones are nowhere near exhaustive (sigh - guenther@) OK guenther@ jmc@
* Pack the algorithm numbers, to avoid printing a useless (null) 0 0 0 0miod2015-09-201-34/+34
| | | | line in the summary.
* Don't wrap initialized variables: binutils appears to be mishandling themguenther2015-09-191-1/+3
| | | | | | on arm and m88k problems with optind observed by jsg@
* avoid void * pointer arithmeticbcook2015-09-182-4/+4
| | | | ok miod@
* Revert bn_print.c:r1.25 ("handle negative-zero in BN_bn2dec() too") forsthen2015-09-182-62/+44
| | | | now, it has a NULL deref. Segfault reported by Mikolaj Kucharski, ok bcook
* Remove more EVP_sha() SHA-0 references.bcook2015-09-173-6/+5
|
* Re-add missing comma from SHA-0 removal which breaks mlinks generation.sthen2015-09-172-2/+2
| | | | Worked out by bcook@
* include stdint.h for uint64_tbcook2015-09-172-2/+4
| | | | noted by Bernard Spil
* Zap RANDFILE.lteo2015-09-162-5/+3
|
* tweak previous;jmc2015-09-141-2/+2
|
* Provide tls_config_insecure_noverifytime() in order to be able to disablejsing2015-09-146-6/+29
| | | | | | certificate validity checking. ok beck@
* Add support for disabling certificate and CRL validity checking.jsing2015-09-144-22/+30
| | | | | | Loosely based on changes in OpenSSL. ok beck@
* delete bogus trailing .Ns from SYNOPSIS .Ft macrosschwarze2015-09-142-12/+12
|
* fix formatting by adding the required quotes to .Fa in the SYNOPSISschwarze2015-09-144-22/+22
|
* Remove useless quoting from .Fo and .Fn function names, to preventschwarze2015-09-143-10/+10
| | | | | | development of a cargo cult in case people look at existing files for examples. This achieves a consistent .Fo and .Fn quoting style across the whole tree.
* some conn_version and conn_cipher bits;jmc2015-09-142-9/+10
|
* Only two of the *rand48.c files need <math.h>, so just #include it in themguenther2015-09-143-4/+5
|
* use .Va for global variables, and .Vt where the type is includedschwarze2015-09-141-4/+3
|
* Expose EOF without close-notify via tls_close().jsing2015-09-142-6/+14
| | | | | | | | | | | Make tls_read(3)/tls_write(3) follow read(2)/write(2) like semantics and return 0 on EOF with and without close-notify. However, if we saw an EOF from the underlying file descriptors without getting a close-notify, save this and make it visible when tls_close(3) is called. This keeps the semantics we want, but makes it possible to detect truncation at higher layers, if necessary. ok beck@ guenther@
* Return an error if tls_handshake() or tls_close() is called on a contextjsing2015-09-141-2/+13
| | | | | | for which they are not valid operations. ok beck@
* add missing function return typesschwarze2015-09-141-2/+3
|
* Wrap <ifaddrs.h>, <netinet/in.h>, and <netinet/if_ether.h> so internalguenther2015-09-143-3/+7
| | | | calls go direct and all the symbols are weak
* Wrap <net/if.h> and <net/if_dl.h> so internal calls go direct and all theguenther2015-09-142-2/+4
| | | | symbols are weak
* Remove cast of int* to int*guenther2015-09-141-2/+2
|
* Finish wrapping <netdb.h> so that calls go direct and the symbols are all weakguenther2015-09-149-9/+24
|
* Test the exported strsignal() API, not the (now hidden) internal APIguenther2015-09-141-8/+2
| | | | noted by daniel@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-24 15:10:34 +0000