| Commit message (Collapse) | Author | Files | Lines | ||
|---|---|---|---|---|---|
| 2017-01-24 | use warn, I have errno here. noticed by theo | beck | 1 | -1/+1 | |
| 2017-01-24 | Yes the "if (const == val" idiom provides some safety, but it grates on | deraadt | 1 | -58/+58 | |
| us too much. ok beck jsing | |||||
| 2017-01-24 | knf | beck | 1 | -1/+2 | |
| 2017-01-24 | revert accidental commit of theo diff | beck | 1 | -58/+58 | |
| 2017-01-24 | Just don't bother with OpenSSL error strings, they are mostly | beck | 2 | -77/+71 | |
| irrelevant and look gross here anyway.. we don't need them | |||||
| 2017-01-24 | various cleanup; | jmc | 2 | -29/+28 | |
| 2017-01-24 | Bump libssl and libtls minors due to symbol additions. | jsing | 2 | -2/+2 | |
| 2017-01-24 | slight cleanups | deraadt | 1 | -4/+3 | |
| 2017-01-24 | Add a -groups option to openssl s_client, which allows supported EC curves | jsing | 1 | -7/+17 | |
| to be specified as a colon separated list. ok beck@ | |||||
| 2017-01-24 | Update client tests for changes in default EC formats/curves. | jsing | 1 | -52/+31 | |
| 2017-01-24 | Add support for setting the supported EC curves via | jsing | 7 | -26/+197 | |
| SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names. This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself. Inspired by parts of BoringSSL and OpenSSL. ok beck@ | |||||
| 2017-01-24 | s/exit/exist/ typo | beck | 1 | -2/+2 | |
| 2017-01-24 | New ocspcheck utility to validate a certificate against its ocsp responder | beck | 5 | -0/+1634 | |
| and save the reply for stapling ok deraadt@ jsing@ | |||||
| 2017-01-24 | Correct bounds checks used when generating the EC curves extension. | jsing | 1 | -3/+3 | |
| ok beck@ | |||||
| 2017-01-24 | accross -> across; | jmc | 1 | -2/+2 | |
| 2017-01-24 | Use prime256v1 for tests unless otherwise specified. | jsing | 1 | -4/+0 | |
| 2017-01-24 | Fix typo in brainpool curve name within a comment. | jsing | 1 | -2/+2 | |
| 2017-01-24 | There is no point returning then breaking... | jsing | 1 | -2/+1 | |
| 2017-01-24 | unifdef OPENSSL_NO_BIO - we do not support this in any form. | jsing | 1 | -15/+1 | |
| ok beck@ | |||||
| 2017-01-24 | Introduce ticket support. To enable them it is enough to set a positive | claudio | 6 | -14/+251 | |
| lifetime with tls_config_set_session_lifetime(). This enables tickets and uses an internal automatic rekeying mode for the ticket keys. If multiple processes are involved the following functions can be used to make tickets work accross all instances: - tls_config_set_session_id() sets the session identifier - tls_config_add_ticket_key() adds an encryption and authentication key For now only the last 4 keys added will be used (unless they are too old). If tls_config_add_ticket_key() is used the caller must ensure to add new keys regularly. It is best to do this 4 times per session lifetime (which is also the ticket key lifetime). Since tickets break PFS it is best to minimize the session lifetime according to needs. With a lot of help, input and OK beck@, jsing@ | |||||
| 2017-01-24 | ssl_cert_free() checks for NULL itself. | jsing | 1 | -10/+5 | |
| 2017-01-24 | Remove a "free up if allocated" comment that exists before code that frees | jsing | 1 | -2/+1 | |
| things if they are allocated. ok captainobvious@ | |||||
| 2017-01-24 | sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same from | jsing | 4 | -27/+16 | |
| the callers. | |||||
| 2017-01-24 | ssl_sess_cert_free() checks for NULL, so do not bother doing it at the | jsing | 2 | -6/+8 | |
| call sites. | |||||
| 2017-01-24 | There is no point in zeroing fields that exist within a struct that is | jsing | 1 | -3/+1 | |
| about to be explicit_bzero'd and freed. | |||||
| 2017-01-24 | Add missing documentation for tls_config_set_verify_depth | claudio | 1 | -1/+5 | |
| Done together with jsing@ | |||||
| 2017-01-24 | Shuffle the deck chairs to bring them back in order. | claudio | 1 | -9/+9 | |
| 2017-01-24 | tls_config_add_keypair_mem is the function to add additional keypairs and | claudio | 1 | -5/+5 | |
| ocsp_staple functions set the OCSP response they don't add them (which implies you can call them multiple times). Discussed with jsing@ beck@ | |||||
| 2017-01-23 | move default_passwd_cb and default_passwd_cb_userdata back into | beck | 4 | -30/+35 | |
| the ssl_ctx from internal - these are used directly by python and openvpn and a few other things - we have the set accessors but the get accessors were added in 1.1 and these roll their own caveat OPENSSL_VERSION chickenpluckery | |||||
| 2017-01-23 | Move options and mode from SSL_CTX and SSL to internal, since these can be | jsing | 12 | -66/+70 | |
| set and cleared via existing functions. | |||||
| 2017-01-23 | Split most of SSL_METHOD out into an internal variant, which is opaque. | jsing | 23 | -303/+378 | |
| Discussed with beck@ | |||||
| 2017-01-23 | hook malloc_general to the tests | otto | 1 | -2/+2 | |
| 2017-01-23 | test malloc/realloc/free with some flag combo's | otto | 2 | -0/+122 | |
| 2017-01-23 | Remove ssl_ctrl, ssl_ctx_ctrl, ssl_callback_ctrl and ssl_ctx_callback_ctrl | jsing | 8 | -76/+14 | |
| from SSL_METHOD, replacing usage with direct calls to the appropriate functions. ok beck@ | |||||
| 2017-01-23 | send state and rstate from ssl_st into internal. There are accessors | beck | 16 | -295/+296 | |
| so these should not be diddled with directly ok jsing@ | |||||
| 2017-01-23 | move back read_hash and enc_read_ctx into ssl_st. wpa_supplicant and | beck | 8 | -52/+57 | |
| other perversions touches them sickly and unnaturally. | |||||
| 2017-01-23 | Fix regress to handle movement of ssl structures to internal | beck | 1 | -2/+4 | |
| 2017-01-23 | Move a large part of ssl_st into internal, so we can see what squeals. | beck | 22 | -888/+892 | |
| ok jsing@ | |||||
| 2017-01-23 | Move ex_data, next and prev from SSL_SESSION to internal. | jsing | 3 | -31/+32 | |
| ok beck@ | |||||
| 2017-01-23 | Move most of the fields in SSL_CTX to internal - the ones that remain are | jsing | 11 | -202/+209 | |
| known to be in use. ok beck@ | |||||
| 2017-01-23 | move the callbacks from ssl_st to internal | beck | 19 | -230/+237 | |
| ok jsing@ | |||||
| 2017-01-23 | Move callback function pointers and argument pointers from SSL_CTX to | jsing | 16 | -200/+210 | |
| internal. ok beck@ | |||||
| 2017-01-23 | Move not_resumable and sess_cert from SSL_SESSION to internal. | jsing | 7 | -47/+50 | |
| ok beck@ | |||||
| 2017-01-23 | Remove heartbeat related fields from the SSL_CTX, which are unused | jsing | 1 | -9/+1 | |
| (thankfully). | |||||
| 2017-01-23 | Move the stats struct from SSL_CTX to internal. | jsing | 10 | -65/+64 | |
| ok beck@ | |||||
| 2017-01-22 | Move most of the SSL3_STATE fields to internal - the ones that remain are | jsing | 18 | -681/+690 | |
| known to be used by ports. ok beck@ | |||||
| 2017-01-22 | Disable session cache and tickets by default. | claudio | 1 | -1/+5 | |
| OK beck@ jsing@ | |||||
| 2017-01-22 | Update the TLS ALPN unit tests to work with internal/opaque data. | jsing | 2 | -13/+11 | |
| 2017-01-22 | Move most of DTLS1_STATE to internal. | beck | 11 | -273/+272 | |
| ok jsing@ | |||||
| 2017-01-22 | Move ALPN and NPN fields from SSL/SSL_CTX to internal. | jsing | 7 | -125/+129 | |
| ok beck@ | |||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |