| Commit message (Collapse) | Author | Files | Lines | ||
|---|---|---|---|---|---|
| 2016-08-17 | wrterror() is fatal, delete dead code; ok tom@ natano@ tedu@ | otto | 1 | -61/+22 | |
| 2016-08-16 | shorten genrsa; ok jsing | jmc | 1 | -42/+18 | |
| 2016-08-15 | The tls_conninfo serial is also unused. | jsing | 1 | -2/+1 | |
| 2016-08-15 | Group conninfo fields by connection and peer cert based information, | jsing | 1 | -5/+6 | |
| sort and remove unused fingerprint. | |||||
| 2016-08-15 | Fix some style(9) issues. | jsing | 1 | -3/+6 | |
| 2016-08-15 | Explicitly pass in an SSL_CTX * to the functions that operate on one, | jsing | 4 | -37/+38 | |
| instead of assuming that they should use the one associated with the TLS context. This allows these functions to be used with the additional SSL contexts that are needed to support server-side SNI. Also rename tls_configure_keypair() to tls_configure_ssl_keypair(), so that these functions have a common prefix. ok reyk@ | |||||
| 2016-08-15 | add a bit of spacing to previous, to keep the notes about deprecated | jmc | 2 | -4/+6 | |
| functions out the way of the main body; ok guenther | |||||
| 2016-08-14 | Reduce qabs() and qdiv() to aliases of llabs() and lldiv(). | guenther | 12 | -228/+36 | |
| Merge the manual pages and call them deprecated there. ok and manpage tweak jmc@, ok natano@ | |||||
| 2016-08-14 | shorten genpkey; ok guenther | jmc | 1 | -78/+23 | |
| 2016-08-13 | shorten gendsa; | jmc | 1 | -20/+12 | |
| 2016-08-13 | Avoid leaking memory if tls_config_set_alpn() is called multiple times | jsing | 1 | -4/+5 | |
| (this was in the original commit, but got reverted in the recommit). | |||||
| 2016-08-13 | Let libtls load the CA, certificate and key files for nc(1), now that it | jsing | 1 | -22/+15 | |
| does this at the time the tls_config_set_*_file() function is called. ok bluhm@ | |||||
| 2016-08-13 | Load CA, certificate and key files into memory when the appropriate | jsing | 3 | -44/+98 | |
| tls_config_set_*_file() function is called. This allows us to immediately propagate useful error messages, play more nicely with privsep/pledge and have a single code path. Instead of always loading the default CA when tls_config_new() is called, defer and only load the default CA when tls_configure() is invoked, if a CA has not already been specified. ok beck@ bluhm@ | |||||
| 2016-08-12 | Bump libtls minor due to symbol additions. | jsing | 1 | -1/+1 | |
| 2016-08-12 | Add ALPN support to libtls. | jsing | 7 | -16/+168 | |
| ok beck@ doug@ | |||||
| 2016-08-12 | trim errstr, and zap gendh (deprecated) entirely; | jmc | 1 | -26/+1 | |
| 2016-08-12 | shorten openssl enc, with help from jsing; | jmc | 1 | -201/+39 | |
| ok jsing beck | |||||
| 2016-08-10 | shorten ecparam; | jmc | 1 | -102/+50 | |
| 2016-08-09 | trim the ec text; | jmc | 1 | -92/+39 | |
| 2016-08-08 | trim the dsaparam section; ok guenther | jmc | 1 | -56/+36 | |
| 2016-08-07 | Update the link for the getentropy(2) manual to man.openbsd.org/ | tb | 16 | -32/+32 | |
| ok deraadt@ | |||||
| 2016-08-05 | Do not *printf %s NULL | deraadt | 2 | -4/+6 | |
| ok bcook | |||||
| 2016-08-05 | Obvious minor fixes: | schwarze | 2 | -36/+57 | |
| * Add missing .Dv, .Ev, and .Fa macros. * Delete deprecated .Tn macros. * Mark up global variable names with .Va, not with .Fa or .Li. * Mark up config file commands with .Ic, not with .Fa. * Fix HISTORY, trivial to verify from the CSRG archive CD. | |||||
| 2016-08-05 | shorten the openssl dsa text; | jmc | 1 | -69/+35 | |
| 2016-08-05 | Make RES_OPTIONS point directly to resolv.conf(5) instead of going through | martijn | 1 | -3/+3 | |
| resolver(3). OK jmc@ | |||||
| 2016-08-03 | shorten the openssl dhparam text; | jmc | 1 | -84/+32 | |
| guenther helped rewrite the -dsaparam parts. | |||||
| 2016-08-02 | Revert previous since it adds new symbols. | jsing | 8 | -170/+16 | |
| Requested by deraadt@ | |||||
| 2016-08-01 | Bump TLS_API for addition of ALPN support. | jsing | 1 | -2/+2 | |
| 2016-08-01 | Add ALPN support to libtls. | jsing | 7 | -15/+168 | |
| ok beck@ doug@ | |||||
| 2016-08-01 | shorten the openssl dgst text; in particular, do not try to | jmc | 1 | -53/+24 | |
| list all the available digests; | |||||
| 2016-07-31 | bump for LibreSSL 2.5.x | bcook | 2 | -6/+6 | |
| 2016-07-30 | use the style from the man page examples for getaddrinfo, which makes a | halex | 1 | -21/+19 | |
| bit more sense ok jung@ deraadt@ | |||||
| 2016-07-28 | remove HISTORY: it was a nonsense; | jmc | 1 | -25/+1 | |
| 2016-07-28 | some text cutting, after feedback from jsing; | jmc | 1 | -12/+12 | |
| 2016-07-23 | rework crl2pkcs7; with help from jsing | jmc | 1 | -57/+18 | |
| 2016-07-21 | rework DESCRIPTION a little: no-command seems clearer than no-XXX; | jmc | 1 | -17/+12 | |
| 2016-07-21 | rename NOTES to COMMON SYNTAX (explains itself better); rework the | jmc | 1 | -43/+44 | |
| passphrase section a little; move the DER|PEM stuff in there to help avoid text repetition, and prefer the lowercase (less keys to press); adjust ENVIRONMENT to format a little more nicely; | |||||
| 2016-07-21 | strip back openssl crl somewhat: remove the examples | jmc | 1 | -41/+21 | |
| and move any relevant text into the main body; | |||||
| 2016-07-20 | strip back openssl ciphers: | jmc | 1 | -106/+60 | |
| - rearrange the descriptions of -V and -v to read more logically - move the cipherlist text into the cipherlist description - zap examples | |||||
| 2016-07-19 | strip back openssl ca: in particular remove some excessively wordy sections, | jmc | 1 | -337/+120 | |
| move some other sections into more relevant places, and remove the example ca file; | |||||
| 2016-07-18 | don't mix code and decls, ok tedu@ | bcook | 2 | -4/+6 | |
| 2016-07-17 | use memset to initialize the union | bcook | 2 | -4/+8 | |
| 2016-07-17 | remove unused OPENSSL_NO_OBJECT case | bcook | 2 | -28/+2 | |
| ok tedu@ | |||||
| 2016-07-17 | Initialize buffers before use, noted by Kinichiro Inoguchi. | bcook | 2 | -14/+14 | |
| ok beck@ | |||||
| 2016-07-17 | strip back asn1parse; ok beck jsing | jmc | 1 | -108/+27 | |
| description of -out altered on jsing's advice | |||||
| 2016-07-16 | Clean up OCSP_check_validity() a bit more. | beck | 2 | -22/+20 | |
| - Return on first failure rather than continuing. - Don't compare times by comparing strings that possibly were not parsable as a time. ok deraadt@ | |||||
| 2016-07-16 | since we no longer pull source directly from openssl, the time is | jmc | 1 | -427/+57 | |
| right to try and trim some of the excess from this page. begin now by cutting some of the fluff from the start. the section on pass phrase arguments goes to the end of the page: it;s in the way for now. | |||||
| 2016-07-16 | Limit the support of the "backward compatible" ssl2 handshake to only be | beck | 2 | -2/+18 | |
| used if TLS 1.0 is enabled. Sugessted/discussed with jsing@ and bcook@. ok guenther@ sthen@ | |||||
| 2016-07-13 | Adjust existing tls_config_set_cipher() callers for TLS cipher group | jsing | 1 | -2/+2 | |
| changes - map the previous configuration to the equivalent in the new groups. This will be revisited post release. Discussed with beck@ | |||||
| 2016-07-13 | Split the existing TLS cipher suite groups into four: | jsing | 3 | -11/+22 | |
| "secure" (TLSv1.2+AEAD+PFS) "compat" (HIGH:!aNULL) "legacy" (HIGH:MEDIUM:!aNULL) "insecure" (ALL:!aNULL:!eNULL) This allows for flexibility and finer grained control, rather than having two extremes (an issue raised by Marko Kreen some time ago). ok beck@ tedu@ | |||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |