| Commit message (Collapse) | Author | Files | Lines | ||
|---|---|---|---|---|---|
| 2016-11-04 | MALLOC_STATS tweaks, by default not compiled in | otto | 1 | -13/+29 | |
| 2016-11-04 | There's not much point in casting a void * to a specific type just before | jsing | 1 | -4/+2 | |
| calling free(). ok beck@ ingo@ | |||||
| 2016-11-04 | new sentence, new line, and zap trailing whitespace; | jmc | 1 | -3/+4 | |
| 2016-11-04 | bump minor for ocsp_require_stapling addition | beck | 1 | -1/+1 | |
| 2016-11-04 | Add ocsp_require_stapling config option for tls - allows a connection | beck | 7 | -12/+37 | |
| to indicate that it requires the peer to provide a stapled OCSP response with the handshake. Provide a "-T muststaple" for nc that uses it. ok jsing@, guenther@ | |||||
| 2016-11-03 | small tweak to also check canaries if F is in effect | otto | 1 | -3/+5 | |
| 2016-11-03 | In ssl3_read_bytes(), do not process more than three consecutive TLS | jsing | 1 | -4/+24 | |
| records, otherwise a peer can potentially cause us to loop indefinately. Return with an SSL_ERROR_WANT_READ instead, so that the caller can choose when they want to handle further processing for this connection. ok beck@ miod@ | |||||
| 2016-11-03 | make OCSP_URL only show up when an OCSP url is actually present in the cert | beck | 1 | -2/+3 | |
| 2016-11-03 | Make OCSP Stapling: only appear if there is stapling info present. | beck | 1 | -5/+3 | |
| 2016-11-03 | convert RAND manuals from pod to mdoc | schwarze | 11 | -196/+204 | |
| 2016-11-03 | zap the overview manual page of the RAND subsystem | schwarze | 2 | -36/+1 | |
| that contained nothing but duplicate and misleading information; OK jsing@ | |||||
| 2016-11-03 | convert PEM and PKCS manuals from pod to mdoc | schwarze | 27 | -1380/+2231 | |
| 2016-11-03 | Split ssl3_get_key_exchange() into separate functions for DHE/ECDHE. | jsing | 1 | -205/+256 | |
| ok beck@ (who was struggling to keep lunch down while reviewing the diff) | |||||
| 2016-11-03 | Don't do OCSP validation when we have disabled certificate verification | beck | 2 | -5/+8 | |
| or certificate validation. ok jsing@ | |||||
| 2016-11-03 | convert configuration manuals from pod to mdoc | schwarze | 9 | -305/+340 | |
| 2016-11-03 | convert remaining ASN1 object manuals from pod to mdoc | schwarze | 5 | -175/+299 | |
| 2016-11-03 | Only set an error from libssl related code, if an error has not already | jsing | 2 | -7/+47 | |
| been set by libtls code. This avoids the situation where a libtls callback has set an error, only to have it replaced by a less useful libssl based error. ok beck@ | |||||
| 2016-11-03 | convert HMAC and MD5 manuals from pod to mdoc | schwarze | 5 | -210/+393 | |
| 2016-11-03 | convert EVP manuals from pod to mdoc | schwarze | 49 | -2724/+4229 | |
| 2016-11-03 | Fix handshake failures: | beck | 1 | -20/+26 | |
| split out internals of OCSP verification to allow callback to verify before TLS handshake is complete | |||||
| 2016-11-03 | Clean up the TLS handshake digest handling - this refactors some of the | jsing | 2 | -30/+43 | |
| code for improved readability, however it also address two issues. The first of these is a hard-to-hit double free that will occur if EVP_DigestInit_ex() fails. To avoid this and to be more robust, ensure that tls1_digest_cached_records() either completes successfully and sets up all of the necessary digests, or it cleans up and frees everything that was allocated. The second issue is that EVP_DigestUpdate() can fail - detect and handle this in tls1_finish_mac() and change the return type to an int so that a failure can be propagated to the caller (the callers still need to be fixed to handle this, in a later diff). The double-free was reported by Matthew Dillon. ok beck@ doug@ miod@ | |||||
| 2016-11-02 | bit more cleanup; | jmc | 1 | -9/+9 | |
| 2016-11-02 | fix shadow declaration of time in parameter list. | beck | 1 | -2/+2 | |
| ok jsing@ | |||||
| 2016-11-02 | Ensure handshake is complete before processing an ocsp response for a ctx | beck | 1 | -0/+3 | |
| ok jsing@ | |||||
| 2016-11-02 | tweak previous; | jmc | 1 | -32/+26 | |
| 2016-11-02 | convert ERR manuals from pod to mdoc; while reading this, | schwarze | 23 | -705/+963 | |
| i wtfed, laughed, puked, and cried in more or less that order... | |||||
| 2016-11-02 | bump minor for ocsp api additions | beck | 1 | -1/+1 | |
| 2016-11-02 | Add OCSP client side support to libtls. | beck | 8 | -9/+641 | |
| - Provide access to certificate OCSP URL - Provide ability to check a raw OCSP reply against an established TLS ctx - Check and validate OCSP stapling info in the TLS handshake if a stapled OCSP response is provided.` Add example code to show OCSP URL and stapled info into netcat. ok jsing@ | |||||
| 2016-11-02 | convert DSA and EC manuals from pod to mdoc | schwarze | 33 | -1241/+2658 | |
| 2016-11-02 | Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FN | jsing | 2 | -7/+13 | |
| macros. Only change in generated assembly is due to line numbering. | |||||
| 2016-11-02 | Expand another LHASH_OF macro. | jsing | 1 | -2/+2 | |
| 2016-11-02 | Expand DECLARE_LHASH_OF and LHASH_OF macros. | jsing | 1 | -3/+5 | |
| 2016-11-02 | Expand DECLARE_PEM_rw macro. | jsing | 1 | -2/+7 | |
| 2016-11-02 | Expand IMPLEMENT_LHASH_COMP_FN/IMPLEMENT_LHASH_HASH_FN macros - the only | jsing | 1 | -5/+17 | |
| change to generated assembly results from a difference in line numbers. | |||||
| 2016-11-02 | Wrap some >80 char lines. | jsing | 1 | -9/+9 | |
| 2016-11-02 | convert DES and DH manuals from pod to mdoc | schwarze | 15 | -715/+1244 | |
| 2016-10-31 | remove some old option letters and also make P non-settable. It has | otto | 1 | -24/+6 | |
| been the default for ages, and I see no valid reason to be able to disable it. ok natano@ | |||||
| 2016-10-31 | bump to LibreSSL 2.5.1 | bcook | 1 | -3/+3 | |
| 2016-10-28 | Pages in the malloc cache are either reused quickly or unmapped | otto | 1 | -14/+1 | |
| quickly. In both cases it does not make sense to set hints on them. So remove that option, which is just a remainder of old times when malloc used to hold on to pages. ok stefan@ | |||||
| 2016-10-22 | $OpenBSD$ | tb | 3 | -0/+3 | |
| 2016-10-22 | - fix MALLOC_STATS compile | otto | 1 | -3/+6 | |
| - redundant cast is redundant | |||||
| 2016-10-21 | fix some void * arithmetic by casting | otto | 1 | -4/+4 | |
| 2016-10-21 | and recommit with fixed GC | otto | 1 | -103/+112 | |
| 2016-10-20 | backout for now; flag combination GC is not ok | otto | 1 | -110/+103 | |
| 2016-10-20 | avoid sentence splicing; | jmc | 1 | -2/+2 | |
| 2016-10-20 | canary corruption message changed a bit | otto | 1 | -5/+5 | |
| 2016-10-20 | Also place canaries in > page sized objects (if C is in effect); ok tb@ | otto | 1 | -103/+110 | |
| 2016-10-19 | unifdef OPENSSL_NO_CMS | jsing | 8 | -123/+8 | |
| 2016-10-19 | Update client hello messages to follow the removal of fixed ECDH. | jsing | 1 | -89/+65 | |
| 2016-10-19 | Remove support for fixed ECDH cipher suites - these is not widely supported | jsing | 7 | -466/+42 | |
| and more importantly they do not provide PFS (if you want to use ECDH, use ECDHE instead). With input from guenther@. ok deraadt@ guenther@ | |||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |