| Commit message (Collapse) | Author | Files | Lines | ||
|---|---|---|---|---|---|
| 2021-10-29 | In x509/x509_purp.c rev. 1.11, tb@ fixed X509_check_purpose(3) | schwarze | 1 | -8/+18 | |
| to fail if parsing of a certificate extension failed. Adjust the documentation accordingly. OK tb@ | |||||
| 2021-10-29 | Actually error in X509_check_purpose() if x509v3_cache_extensions() | tb | 1 | -2/+2 | |
| indicates failure. The previous "error return" X509_V_ERR_UNSPECIFIED translates to 1, i.e., success. This changes to the intended behavior of x509_purp.c r1.3 and matches OpenSSL. This will need various adjustments in the documentation. ok jsing | |||||
| 2021-10-29 | document the horrifying function X509_TRUST_set_default(3) | schwarze | 1 | -3/+43 | |
| 2021-10-29 | add missing .h file include | deraadt | 1 | -2/+3 | |
| from Emil Engler | |||||
| 2021-10-29 | document X509_EXTENSION_dup(3); | schwarze | 1 | -8/+20 | |
| while here, add the missing const qualifier to the obj argument of X509_EXTENSION_create_by_OBJ(3) and correct a typo in the argument name of X509_EXTENSION_get_data(3) | |||||
| 2021-10-29 | new manual page X509_REQ_print_ex(3), | schwarze | 4 | -6/+184 | |
| also documenting X509_REQ_print(3) and X509_REQ_print_fp(3) | |||||
| 2021-10-28 | document X509_REQ_to_X509(3) | schwarze | 1 | -7/+38 | |
| 2021-10-28 | unwrap a line | tb | 1 | -3/+2 | |
| 2021-10-28 | document X509_to_X509_REQ(3) | schwarze | 1 | -4/+26 | |
| 2021-10-28 | sort | tb | 1 | -2/+2 | |
| 2021-10-28 | Mechanical KNF in preparation for changing | beck | 12 | -1583/+1653 | |
| 2021-10-28 | Add headers normally contained in include/openssl, verbatim from 1.1.1 | beck | 2 | -0/+554 | |
| 2021-10-28 | Import Certificate Transparency verbatim from OpenSSL 1.1.1 | beck | 13 | -0/+2321 | |
| This is not yet hooked up and will not compile. Follow on commits will KNF and then make it build. ok jsing@ tb@ | |||||
| 2021-10-28 | openssl-ruby tests: rework for x509_alt.c r1.3 and r1.5. | tb | 1 | -6/+9 | |
| ruby can no longer generate certs with bogus wildcards in it to check that they will fail to verify when creating TLS connections. It will throw an error. This change needs openssl-ruby-tests-20211024p0 or later to work. | |||||
| 2021-10-28 | Bring back r1.3, ok beck | tb | 1 | -3/+47 | |
| Original commit message from beck: Validate Subject Alternate Names when they are being added to certificates. With this change we will reject adding SAN DNS, EMAIL, and IP addresses that are malformed at certificate creation time. ok jsing@ tb@ | |||||
| 2021-10-27 | Fix HISTORY section: 6.9 -> 7.0 | tb | 1 | -3/+3 | |
| 2021-10-27 | new manual page X509_REQ_add_extensions(3) | schwarze | 4 | -4/+148 | |
| documenting six functions for extensions in certification requests | |||||
| 2021-10-27 | add some .Xrs involving recently added pages | schwarze | 7 | -15/+22 | |
| 2021-10-27 | minor tweaks to wording and punctuation, | schwarze | 1 | -10/+19 | |
| and add .Xrs to relevant objects | |||||
| 2021-10-27 | Minor tweaks: | schwarze | 1 | -9/+12 | |
| * Say "number of bytes" instead of "length of bytes". * Remove mention of a BUGS section that exists neither here nor in OpenSSL. * List all authors who contributed Copyright-worthy amounts of text. * Remove years from the Copyright line that saw no non-trivial changes. * Add the year 2014: that's when Emilia wrote the i2d_re_X509_tbs() text. * Improve merge comments. | |||||
| 2021-10-27 | Revert version 1.3 - not allowing the creation of bogus certificates | beck | 1 | -47/+3 | |
| breaks the ruby regression tests that expect to make bogus certificates and see that they are rejected :( I am reverting this for now to make the regress tests pass, and will bring it back if we decide to patch the regress tests to remove the problem cases | |||||
| 2021-10-27 | Fix to correctly parse the 'to' time into the to_tm | beck | 1 | -2/+2 | |
| 2021-10-27 | Add ASN1_TIME_diff from OpenSSL. | beck | 4 | -5/+106 | |
| The symbol is not yet exposed and will show up with tb@'s forthcoming bump ok tb@ jsing@ | |||||
| 2021-10-26 | Merge documentation for i2d_re_X509*_tbs(3) from OpenSSL 1.1 | tb | 1 | -4/+67 | |
| 2021-10-26 | spelling fixes; | jmc | 2 | -4/+4 | |
| 2021-10-26 | install X509_get_extension_flags.3 and X509_SIG_get0.3 | tb | 1 | -1/+3 | |
| 2021-10-26 | Remove a line documenting that X509_get_X509_PUBKEY(3) is missing | tb | 1 | -2/+1 | |
| discussed with schwarze | |||||
| 2021-10-26 | Document X509_get0_pubkey.3 | tb | 1 | -3/+14 | |
| 2021-10-26 | Document new signature of X509_get_X509_PUBKEY() and remove claim | tb | 1 | -5/+3 | |
| that the API is implemented as a macro. This will change in an upcoming bump. | |||||
| 2021-10-26 | Add tlsfeature NID | job | 2 | -0/+2 | |
| OK beck@ tb@ | |||||
| 2021-10-26 | Add RFC 3779 checks to both legacy and new verifier | job | 2 | -2/+20 | |
| OK beck@ | |||||
| 2021-10-26 | Free memory on text exit to make asan quieter | beck | 1 | -53/+83 | |
| ok tb@ | |||||
| 2021-10-26 | new manual page X509_REQ_add1_attr(3) documenting nine functions | schwarze | 6 | -8/+199 | |
| for X.501 Attributes in PKCS#10 certification requests | |||||
| 2021-10-26 | correct a wrong function name below RETURN VALUES | schwarze | 1 | -3/+3 | |
| 2021-10-26 | document X509_REQ_dup(3) | schwarze | 1 | -5/+20 | |
| 2021-10-26 | document d2i_X509_PUBKEY(3) and i2d_X509_PUBKEY(3); | schwarze | 1 | -23/+57 | |
| while here, apply the usual conventions for naming d2i and i2d arguments | |||||
| 2021-10-26 | Validate Subject Alternate Names when they are being added to certificates. | beck | 3 | -9/+61 | |
| With this change we will reject adding SAN DNS, EMAIL, and IP addresses that are malformed at certificate creation time. ok jsing@ tb@ | |||||
| 2021-10-26 | Revise regress for removal of SSL_SESSION_INTERNAL. | jsing | 1 | -27/+27 | |
| 2021-10-25 | sort | tb | 1 | -17/+17 | |
| 2021-10-25 | sort. alphanumerics have lower ASCII values than '_' | tb | 1 | -5/+5 | |
| 2021-10-25 | Install SSL_read_early_data.3. I should have done this during the last | tb | 1 | -4/+2 | |
| libssl bump. | |||||
| 2021-10-25 | Revert accidental change. | jca | 1 | -1/+2 | |
| Dunno why this ended up here, cvs is always full of surprises. | |||||
| 2021-10-25 | Make brk() and sbrk() weak again as intended. | jca | 1 | -2/+1 | |
| Apparently spotted by mortimer@ while working on clang 13 and amd64. No actual change on sparc64 as this architecture still uses ld.bfd. ok kettenis@ | |||||
| 2021-10-25 | new manual page EVP_PKCS82PKEY(3), also documenting EVP_PKEY2PKCS8(3) | schwarze | 6 | -10/+77 | |
| 2021-10-25 | new manual page PKCS8_pkey_set0(3) | schwarze | 6 | -9/+177 | |
| documenting four PKCS#8 PrivateKeyInfo accessors | |||||
| 2021-10-25 | Add missing RCS markers | tb | 2 | -0/+2 | |
| 2021-10-25 | Zap two unused includes | jca | 2 | -4/+0 | |
| Spotted by egcc. ok tb@ | |||||
| 2021-10-25 | Garbage collect another unused variable. | jca | 1 | -4/+1 | |
| Spotted by egcc and probably clang 13. ok tb@ | |||||
| 2021-10-25 | document ASN1_STRING_set0(3) | schwarze | 1 | -6/+29 | |
| 2021-10-25 | Add record processing limit to DTLS code. | jsing | 2 | -3/+18 | |
| This is effectively the same record processing limit that was previously added to the legacy TLS stack - without this a single session can be made to spin on a stream of alerts or other similar records. ok beck@ tb@ | |||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |