openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	Use freezero() for X25519 keys - same result with more readable code.	jsing	2017-04-10	1	-7/+3
\|
*	document three additional functions;	schwarze	2017-04-10	1	-7/+60
\| \| \| \|	from Emilia Kasper <emilia at openssl dot org>, OpenSSL commit 4ac139b4
*	Rework and significantly extend TLS name verification tests to match	jsing	2017-04-10	1	-99/+377
\| \| \| \|	changes in libtls.
*	Rework name verification code so that a match is indicated via an argument,	jsing	2017-04-10	5	-47/+76
\| \| \| \| \| \| \| \| \| \|	rather than return codes. More strictly follow RFC 6125, in particular only check the CN if there are no SAN identifiers present in the certificate (per section 6.4.4). Previous behaviour questioned by Daniel Stenberg <daniel at haxx dot se>. ok beck@ jca@
*	freezero() the key block; simpler code and less of it.	jsing	2017-04-10	1	-7/+3
\|
*	Use freezero() for i2d_SSL_SESSION() - one line of code instead of three.	jsing	2017-04-10	1	-5/+2
\| \| \| \| \| \|	In this case the memory allocated can also be significant, in which case freezero() will have less overhead than explicit_bzero() (munmap instead of touching all of the memory to write zeros).
*	fix some .Xr errors that jmc@ found with mdoclint(1)	schwarze	2017-04-10	3	-12/+13
\|
*	new manual page SSL_get_server_tmp_key(3)	schwarze	2017-04-10	3	-2/+88
\| \| \| \|	from Matt Caswell <matt@openssl.org>, OpenSSL commit 508fafd8
*	Additional SSL_SESSION documentation	schwarze	2017-04-10	11	-16/+349
\| \| \| \| \|	from Matt Caswell <matt at openssl dot org>, OpenSSL commit b31db505. Improve crosslinking while here.
*	for pure *_ctrl() wrapper macros, move the reference from ssl(3)	schwarze	2017-04-10	14	-49/+54
\| \| \| \|	to SSL_CTX_ctrl(3) to make ssl(3) slightly more palatable
*	new manual page SSL_CTX_set_tlsext_servername_callback(3) for SNI;	schwarze	2017-04-10	2	-1/+126
\| \| \| \| \|	from <Jon dot Spillett at oracle dot com> via OpenSSL commit 8c55c461
*	tweak previous;	jmc	2017-04-10	1	-4/+4
\|
*	Convert various client key exchange functions to freezero(3). The memory	jsing	2017-04-10	1	-14/+5
\| \| \| \| \|	contents needs to be made inaccessible - this is simpler and less error prone than the current "if not NULL, explicit_bzero(); free()" dance.
*	Introducing freezero(3) a version of free that guarantees the process	otto	2017-04-10	2	-36/+130
\| \| \| \| \| \|	no longer has access to the content of a memmory object. It does this by either clearing (if the object memory remains cached) or by calling munmap(2). ok millert@, deraadt@, guenther@
*	pasto; from <Jon dot Spillett at oracle dot com> via OpenSSL commit 3aaa1bd0	schwarze	2017-04-10	1	-3/+3
\|
*	typo fix; from <Jon dot Spillett at oracle dot com>	schwarze	2017-04-10	1	-5/+5
\| \| \| \|	via OpenSSL commit 7bd27895
*	Simplify/clean up BUF_MEM_grow_clean().	jsing	2017-04-09	1	-17/+16
\| \| \| \|	ok beck@
*	With recallocarray() BUF_MEM_grow() is essentially the same as	jsing	2017-04-09	1	-28/+2
\| \| \| \| \| \| \|	BUF_MEM_grow_clean() (the only difference is clearing on internal down sizing), so make it a wrapper. ok beck@ deraadt@
*	Explicitly test for NULL.	jsing	2017-04-09	1	-4/+4
\| \| \| \|	ok beck@
*	Improve unknown protocol version handling.	jsing	2017-04-09	1	-2/+3
\|
*	In ssl.h TLS 1.0 is called TLSv1. Adapt name in test to make it pass.	bluhm	2017-04-07	1	-1/+1
\| \| \| \|	OK jsing@
*	Use uint8_t instead of u_int8_t - for consistency and to make things easier	jsing	2017-04-07	1	-2/+2
\| \| \| \| \| \|	for portable. From Raphael Hittich.
*	trailing ; on end of macro definition is wrong; ok guenther	deraadt	2017-04-06	1	-4/+4
\|
*	Consistentcy between nmembers and size order. From Christopher Hettrick;	otto	2017-04-06	1	-8/+8
\| \| \| \|	ok deraadt@
*	bump version for new development branch	bcook	2017-04-06	1	-3/+3
\|
*	first print size in meta-data then supplied arg size when an inconsistency is	otto	2017-04-06	1	-3/+3
\| \| \| \|	detected wrt recallocarray()
*	- -Z before -z in options list	jmc	2017-04-05	2	-7/+9
\| \| \| \|	- add -Z to help and usage()
*	Allow nc to save the peer certificate and chain in a pem file specified	beck	2017-04-05	2	-4/+39
\| \| \| \| \|	with -Z ok jsing@
*	Add tls_peer_cert_chain_pem - To retreive the peer certificate and chain	beck	2017-04-05	7	-6/+77
\| \| \| \| \| \| \|	as PEM format. This allows for it to be used or examined with tools external to libtls bump minor ok jsing@
*	Internal changes to allow for relayd engine privsep. sends the hash of the	beck	2017-04-05	5	-29/+87
\| \| \| \| \| \|	public key as an identifier to RSA, and adds an function for relayd to use to disable private key checking when doing engine privsep. ok jsing@
*	Fix silly code that printfs NULL when there are no fractional seconds	beck	2017-04-03	1	-2/+2
\| \| \| \| \| \|	on a GENREALIZEDTIME (which there should really never be for anything remotely standards compliant) ok jsing@
*	rephrase more enumerations of functions	otto	2017-03-29	1	-13/+10
\|
*	tweak previous;	jmc	2017-03-29	1	-3/+5
\|
*	Fix typo in function name;	schwarze	2017-03-28	1	-4/+5
\| \| \| \| \|	from Markus Triska <triska at metalevel dot at> via OpenSSL commit 1f164c6f.
*	After i wrote SSL_renegotiate(3) from scratch, OpenSSL also	schwarze	2017-03-28	1	-12/+109
\| \| \| \| \| \| \|	documented the function. Merge the more detailed descriptions and the additional documentation of SSL_renegotiate_abbreviated(3) and SSL_renegotiate_pending(3). From Matt Caswell, OpenSSL commit 39820637.
*	small cleanup & optimization; ok deraadt@ millert@	otto	2017-03-28	1	-2/+5
\|
*	repair knf & whitespace that jumped out of the screen during review	deraadt	2017-03-27	1	-23/+18
\| \| \| \|	ok beck
*	use a path of "/" if the URL does not include a trailing / - since	beck	2017-03-27	1	-2/+5
\| \| \| \| \| \|	the web server probably doesn't like it, even though you published the url without the trailing / in the certificate. (hello digicert!) ok claudio@
*	Fail early if an ocep server returns a non-200 http response, there is no	beck	2017-03-27	1	-1/+4
\| \| \| \|	point in trying to parse error pages as an ocsp response.
*	reinstate the capitalisation from previous, as advised by schwarze;	jmc	2017-03-27	1	-3/+3
\|
*	recallocarray() for data buffer from the net.	deraadt	2017-03-26	1	-3/+5
\| \| \| \|	ok beck
*	tweak previous;	jmc	2017-03-26	3	-9/+9
\|
*	Stop enumeration all allocation functions, just say "allocation functions"libressl-v2.5.2	otto	2017-03-26	1	-32/+13
\| \| \| \|	ok jmc@ deraadt@
*	merge new UI documentation from OpenSSL	schwarze	2017-03-26	5	-13/+651
\|
*	document X509_Digest(3) and friends;	schwarze	2017-03-25	2	-1/+135
\| \| \| \|	from Rich Salz <rsalz@openssl.org>, OpenSSL commit 3e5d9da5 etc.
*	document the public function X509_cmp_time(3);	schwarze	2017-03-25	2	-1/+88
\| \| \| \| \|	from Emilia Kasper <emilia@openssl.org>, OpenSSL commit 80770da3, tweaked by me
*	correct RETURN VALUES;	schwarze	2017-03-25	1	-7/+13
\| \| \| \|	from Richard Levitte <levitte@openssl.org>, OpenSSL commit cdd6c8c5
*	fix two more prototypes;	schwarze	2017-03-25	1	-5/+5
\| \| \| \|	from Matt Caswell <matt@openssl.org>, OpenSSL commit b41f6b64
*	correct prototypes;	schwarze	2017-03-25	1	-5/+5
\| \| \| \|	from Matt Caswell <matt@openssl.org>, OpenSSL commit b41f6b64
*	complete description of RETURN VALUES;	schwarze	2017-03-25	1	-6/+8
\| \| \| \|	from Alexander Koeppe via OpenSSL commit bb6c5e7f