openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Files	Lines
2017-08-20	sprinkle a few missing dependencies on perl scripts internal bits.	espie	3	-11/+17
	'it works' deraadt@
2017-08-20	remove a duplicate BIO_do_accept() call from an example;	schwarze	1	-12/+6
	from Beat Bolli <dev at drbeat dot li> via OpenSSL commit 7a67a3ba Jan 18 23:49:43 2017 +0100
2017-08-20	Sync with OpenSSL: document several new functions, plus some additional	schwarze	1	-48/+227
	minor improvements. Mostly from Todd Short <tshort at akamai dot com> via OpenSSL commit cf37aaa3 Aug 4 11:24:03 2017 +1000.
2017-08-20	clarify deprecation notice;	schwarze	1	-6/+7
	from Rich Salz, OpenSSL commit a95d7574, July 2, 2017
2017-08-20	New ASN1_STRING_TABLE_add(3) manual page, based on information from	schwarze	2	-1/+94
	the OpenSSL manual page committed on July 27, 2017, and on source code inspection. Use my own Copyright and license because no copyright-worthy amount of text from OpenSSL remains. NOTA BENE: BUGS Most aspects of the semantics considerably differ from OpenSSL.
2017-08-20	two MALLOC_STATS only tweaks; one from David CARLIER, the other found by clang	otto	1	-8/+4

2017-08-19	fix .Xr ordering, found with mandoc -Tlint	schwarze	2	-6/+6

2017-08-19	Import SSL_CTX_set_min_proto_version(3) from OpenSSL, suggested by jsing@.	schwarze	5	-7/+134
	While importing: * Fix the prototypes, they all contained wrong datatypes. * Delete SSL3_VERSION which is no longer supported. * Delete TLS1_3_VERSION and DTLS1_2_VERSION, not yet supported. * Delete the lie that these would be macros. * Improve SEE ALSO and HISTORY sections.
2017-08-19	fix a typo and mention OpenBSD in HISTORY;	schwarze	1	-3/+5
	both pointed out by jsing@
2017-08-16	test locale priorities and overrides	schwarze	1	-1/+36

2017-08-16	test isalpha_l(3), tolower_l(3), wctype_l(3), iswctype_l(3),	schwarze	1	-4/+149
	wctrans_l(3), towctrans_l(3), wcscasecmp_l(3), wcsncasecmp_l(3), and strerror_l(3)
2017-08-16	test nl_langinfo_l(3), iswalpha_l(3), towupper_l(3)	schwarze	2	-3/+44

2017-08-15	refactor in preparation for testing more functions; no functional change	schwarze	2	-114/+117

2017-08-14	Use sendsyslog() directly instead of syslog_r() for the "backwards memcpy"	guenther	1	-3/+12
	messages, to avoid pulling in piles of other machinery unnecessarily problem observed by schwarze@ ok deraadt@ millert@
2017-08-14	fix missing bracket on ARM	bcook	1	-15/+15
	ok beck@
2017-08-13	match function implementation with declaration, ok beck@, doug@	bcook	1	-2/+2

2017-08-13	Add ability to clamp a notafter to values representable in a 32 bit time_t	beck	3	-7/+41
	This will only be used in portable. As noted, necessary to make us conformant to RFC 5280 4.1.2.5. ok jsing@ bcook@
2017-08-13	Switch to -Werror with clang for libressl.	doug	4	-8/+8
	Discussed with beck@ and jsing@ ok beck@
2017-08-13	move endian/word size checks from runtime to compile time	bcook	4	-325/+340
	ok guenther@
2017-08-13	Make SSL{,_CTX}_set_alpn_protos() do atomic updates and handle NULL.	doug	1	-10/+38
	Previously, the code would accept NULL and 0 length and try to malloc/memcpy it. On OpenBSD, malloc(0) does not return NULL. It could also fail in malloc and leave the old length. Also, add a note that this public API has backwards semantics of what you would expect where 0 is success and 1 is failure. input + ok jsing@ beck@
2017-08-13	Convert the sigma and tau initialisers to byte arrays, rather than using	jsing	1	-3/+12
	strings. The original code is perfectly valid C, however it causes some compilers to complain since it lacks room for a string NUL terminator and the compiler is not smart enough to realise that these are only used as byte arrays and never treated as strings. ok bcook@ beck@ inoguchi@
2017-08-13	Remove support for the TLS padding extension.	jsing	2	-39/+4
	This was added as a workaround for broken F5 TLS termination, which then created issues talking to broken IronPorts. The size of the padding is hardcoded so it cannot be used in any generic sense. ok bcook@ beck@ doug@
2017-08-13	Nuke SSL_OP_CRYPTOPRO_TLSEXT_BUG.	jsing	2	-27/+4
	This was a workaround for a server that needed to talk GOST to old/broken CryptoPro clients. This has no impact on TLS clients that are using GOST. ok bcook@ beck@ doug@
2017-08-12	Rewrite the TLS status request extension to use the new TLS extension framework.	beck	4	-178/+307
	ok jsing@
2017-08-12	Minimize #includes, particularly to avoid thread_private.h	guenther	2	-7/+3
	ok tedu@
2017-08-12	Add regress coverage for the TLS signature algorithms extension.	jsing	1	-1/+163

2017-08-12	Convert TLS signature algorithms extension handling to the new framework.	jsing	6	-63/+99
	ok beck@ doug@
2017-08-12	bump to 2.6.1	bcook	1	-3/+3

2017-08-12	Rewrite session ticket TLS extension handling using CBB/CBS and the new	doug	4	-66/+447
	extension framework. ok jsing@ beck@
2017-08-12	Remove NPN test coverage.	jsing	2	-129/+1

2017-08-12	Remove NPN support - the -nextprotoneg options now become no-ops.	jsing	4	-113/+13
	ok bcook@ beck@ doug@
2017-08-12	Remove NPN support.	jsing	7	-377/+28
	NPN was never standardised and the last draft expired in October 2012. ALPN was standardised in July 2014 and has been supported in LibreSSL since December 2014. NPN has also been removed from Chromium in May 2016. TLS clients and servers that try to use/enable NPN will fail gracefully and fallback to the default protocol, since it will essentially appear that the otherside does not support NPN. At some point in the future we will actually remove the NPN related symbols entirely. ok bcook@ beck@ doug@
2017-08-12	errant whitespace	beck	1	-3/+3

2017-08-12	fix resource leaks, ok @guenther	bcook	1	-3/+7

2017-08-12	Import the SSL_CTX_set1_groups(3) manual page from OpenSSL, deleting	schwarze	5	-6/+173
	the read accessors we don't have and fixing the prototypes - the data type of each and every argument differs in the OpenSSL manuals. Reference the new page from SSL_set_tmp_ecdh(3) as suggested by jsing@.
2017-08-12	New manual page SSL_set_tmp_ecdh(3) written from scratch.	schwarze	4	-7/+112
	Feedback and OK jsing@.
2017-08-12	Remove lots of outdated information found by jsing@.	schwarze	1	-192/+14
	OK jsing.
2017-08-12	Document tls_config_set_dheparams().	jsing	1	-4/+13

2017-08-12	Document tls_reset().	jsing	1	-2/+13

2017-08-12	Update the TLSv1.2 Client Hello messages, due to the removal of DSA	jsing	1	-20/+18
	sigalgs.
2017-08-12	Remove support for DSS/DSA, since we removed the cipher suites a while	jsing	9	-85/+16
	back. ok guenther@
2017-08-12	Clear the child pointer in CBB_cleanup(), so that we have fewer pointers	jsing	1	-1/+2
	hanging around to potentially invalid address space. Discussed with beck@ and doug@
2017-08-11	remove bogus ".POD" from .Dt name; noticed by jsing@	schwarze	1	-3/+3

2017-08-11	Be consistent with goto labels, failure flag and use of FAIL macro.	jsing	1	-128/+105

2017-08-11	doug@ added code in here as well.	jsing	1	-1/+2

2017-08-11	Sort by extension/function name.	jsing	1	-577/+576

2017-08-11	I don't think eay will ever fix this...	jsing	1	-2/+2

2017-08-11	style(9) in ssl_set_cert_masks().	jsing	1	-7/+7

2017-08-11	Rewrite EllipticCurves TLS extension handling using CBB/CBS and the new	doug	5	-77/+472
	extension framework. input + ok jsing@
2017-08-11	Convert ssl3_send_certificate_request() to CBB.	jsing	3	-63/+73
	ok beck@ doug@