openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Files	Lines
2015-09-10	Replace TLS_{READ,WRITE}_AGAIN with TLS_WANT_POLL{IN,OUT} and correctly	jsing	1	-20/+13
	document the calling requirements. ok beck@
2015-09-10	Update libtls man page to reflect tls_handshake() related changes.	jsing	1	-35/+37
	ok beck@
2015-09-10	revert accidental commit	beck	1	-4/+4

2015-09-10	comment for errno clobbering, to indicate why we do this.	beck	2	-5/+9
	ok deraadt@ jsing@
2015-09-10	bump major	beck	1	-1/+1
	ok jsing@
2015-09-10	change TLS_READ_AGAIN to TLS_WANT_POLLIN and TLS_WRITE_AGAIN to TLS_WANT_POLLOUT	beck	2	-7/+7
	to make it more clear to users of this api what needs to be done in these error cases. Discussed extensively with bluhm@ and jsing@ and others. ok jsing@
2015-09-10	Change tls_read and tls_write semantics to return an ssize_t to better	beck	2	-21/+14
	match read() and write() semantics to make porting existing code using read/write easier.. requested by bluhm@ who convinced jsing and I to break the api ok jsing@ bluhm@
2015-09-10	Split tls_handshake() out from tls_accept/tls_connect. By doing this the	jsing	5	-59/+120
	tls_accept/tls_connect functions can be guaranteed to succeed or fail and will no longer return TLS_READ_AGAIN/TLS_WRITE_AGAIN. This also resolves the semantics of tls_accept_*. The tls_handshake() function now does I/O and can return TLS_READ_AGAIN/TLS_WRITE_AGAIN. Calls to tls_read() and tls_write() will trigger the handshake if it has not already completed, meaning that in many cases existing code will continue to work. Discussed over many coffees at l2k15. ok beck@ bluhm@
2015-09-10	tweak Nd after previous; ok mpi	jmc	1	-2/+2

2015-09-10	add MLINKS for _prefer_ciphers_*	jmc	1	-1/+3

2015-09-10	Add support for preferring the server's cipher list or the client's cipher	jsing	5	-8/+47
	list. Prefer the server's cipher list by default. Based on a diff from Kyle Thompson <jmp at giga dot moe>. ok beck@ bcook@
2015-09-10	Remove link_addr(3). A function to encode the name of an interface in	mpi	3	-136/+8
	a sockaddr_dl is a questionnable interface. But now it makes it harder to properly reference ifp becauses of this. Set sdl_index to the index of the corresponding interface when constructing a routing message. Ridding previous libc crank. ok guenther@, deraadt@, dlg@
2015-09-10	Fix an incorrect error check in DSA verify.	bcook	2	-8/+4
	From Matt Caswell's OpenSSL commit "RT3192: spurious error in DSA verify". https://github.com/openssl/openssl/commit/eb63bce040d1cc6147d256f516b59552c018e29b
2015-09-10	Fix shadowed verify_error in s_server by removing the unused global.	bcook	4	-10/+8
	's_time -verify 1' will now actually verify the peer certificate. ok beck@
2015-09-10	Remove SOCKET_PROTOCOL, a redundant define that was only used once.	lteo	1	-4/+2
	No binary change. ok millert@ miod@
2015-09-10	Remove unused defines. No binary change.	lteo	2	-9/+2
	ok deraadt@ miod@
2015-09-09	Add missing CVS Mdocdate tags. No text change, except for the change	schwarze	16	-16/+16
	of date that can't be helped.
2015-09-09	Indent labels with a space so that diff -p is more friendly.	jsing	6	-18/+18
	Requested by bluhm@
2015-09-09	Check handshake_func against NULL rather than 0, since it is a function	jsing	2	-14/+14
	pointer. ok bcook@ miod@
2015-09-09	Add client certificate support. Still needs a few tweaks but this will	beck	6	-34/+76
	ride upcoming minor bump ok jsing@
2015-09-09	always clear errno when coming back from tls_read tls_write, and tls_close.	beck	1	-9/+20
	this avoids the problem of people checking for return values < 0 and then checking for errno before checking for TLS_READ_AGAIN TLS_WRITE_AGAIN - since we can not guarantee what errno will be set to from the underlying library calls
2015-09-09	nuke trailing whitespace	beck	1	-4/+3
	ok jsing@