| Commit message (Collapse) | Author | Files | Lines | ||
|---|---|---|---|---|---|
| 2021-09-06 | The default Ruby has switched to 3.0 | tb | 1 | -2/+2 | |
| 2021-09-05 | new sentence, new line, and tweak wording of previous; | jmc | 1 | -2/+3 | |
| 2021-09-05 | Remove unused variable tmptm in do_body of openssl(1) ca | inoguchi | 1 | -8/+2 | |
| 2021-09-05 | Using serial number instead as subject if it is empty in openssl(1) ca | inoguchi | 2 | -3/+36 | |
| This allows multiple entries without a subject even if unique_subject == yes. Referred to OpenSSL commit 5af88441 and arranged for our codebase. ok tb@ | |||||
| 2021-09-05 | Check extensions before setting version to v3 | inoguchi | 1 | -5/+10 | |
| Referred to OpenSSL commit 4881d849 and arranged for our codebase. comment and ok from tb@ | |||||
| 2021-09-05 | Use accessor method rather than direct X509 structure access | inoguchi | 1 | -20/+10 | |
| Referred to OpenSSL commit a8d8e06b and arranged for our codebase. comment and ok from tb@ | |||||
| 2021-09-04 | Factor out the TLSv1.3 code that handles content from TLS records. | jsing | 6 | -80/+238 | |
| Currently, the plaintext content from opened TLS records is handled via the rbuf code in the TLSv1.3 record layer. Factor this out and provide a separate struct tls_content, which knows how to track and manipulate the content. This makes the TLSv1.3 code cleaner, however it will also soon also be used to untangle parts of the legacy record layer. ok beck@ tb@ | |||||
| 2021-09-04 | Refactor ssl_update_cache. This now matches the logic used for TLS 1.3 | beck | 1 | -22/+106 | |
| in Openssl 1.1.1 for when to call the session callbacks. I believe it to also generates a lot less eye bleed, confirmed by tb@ ok jsing@ tb@ | |||||
| 2021-09-04 | Improve DTLS hello request handling code. | jsing | 1 | -2/+8 | |
| Rather than manually checking multiple bytes, actually parse the DTLS handshake message header, then check the values against what we parsed. ok inoguchi@ tb@ | |||||
| 2021-09-04 | Change dtls1_get_message_header() to take a CBS. | jsing | 3 | -22/+21 | |
| The callers know the actual length and can initialise a CBS correctly. ok inoguchi@ tb@ | |||||
| 2021-09-04 | Improve DTLS record header parsing. | jsing | 1 | -7/+7 | |
| Rather than pulling out the epoch and then six bytes of sequence number, pull out SSL3_SEQUENCE_SIZE for the sequence number, then pull the epoch off the start of the sequence number. ok inoguchi@ tb@ | |||||
| 2021-09-04 | Disable tests that don't work in bluhms regress framework. | mbuhl | 1 | -1/+7 | |
| 2021-09-03 | Add X509 Extensions for IP Addresses and AS Identifiers | job | 1 | -1/+2 | |
| (subordinate code paths are include guarded) OK tb@ | |||||
| 2021-09-03 | * add the missing STANDARDS section as noticed by tb@ | schwarze | 1 | -3/+20 | |
| * mention that the *optionp input string will be modified * clarify that the array of tokens is expected to be NULL-terminated OK millert@ tb@, and the first half of STANDARDS also OK jmc@ | |||||
| 2021-09-03 | Implement a -h option that allows specifying a target host that | tb | 1 | -9/+13 | |
| will be passed to the test scripts. | |||||
| 2021-09-03 | Now that the issue is fixed, enable test-extensions.py | tb | 1 | -6/+2 | |
| 2021-09-03 | Use SSL3_HM_HEADER_LENGTH instead of the magic number 4. | jsing | 1 | -13/+14 | |
| ok beck@ | |||||
| 2021-09-03 | Ensure that a server hello does not have trailing data. | jsing | 1 | -1/+4 | |
| Found by tlsfuzzer. ok beck@ | |||||
| 2021-09-03 | Ensure that a client hello does not have trailing data. | jsing | 1 | -1/+4 | |
| Found by tlsfuzzer. ok beck@ | |||||
| 2021-09-03 | Set message_size correctly when switching to the legacy stack. | jsing | 1 | -2/+2 | |
| The message_size variable is not actually the handshake message size, rather the number of bytes contained within the handshake message, hence we have to subtract the length of the handshake message header. ok beck@ | |||||
| 2021-09-03 | Make Bob happy. | bluhm | 1 | -1/+5 | |
| 2021-09-03 | Call the callback on success in new verifier in a compatible way | beck | 4 | -19/+56 | |
| when we succeed with a chain, and ensure we do not call the callback twice when the caller doesn't expect it. A refactor of the end of the legacy verify code in x509_vfy is probably overdue, but this should be done based on a piece that works. the important bit here is this allows the perl regression tests in tree to pass. Changes the previously committed regress tests to test the success case callbacks to be known to pass. ok bluhm@ tb@ | |||||
| 2021-09-02 | Unroll ASN1_ITEM_ref() | job | 1 | -1/+1 | |
| OK @tb | |||||
| 2021-09-02 | Change OPENSSL_strdup() to strdup() | job | 1 | -1/+1 | |
| OK tb@ | |||||
| 2021-09-02 | Change OPENSSL_malloc to calloc() | job | 1 | -1/+2 | |
| OK tb@ | |||||
| 2021-09-02 | Repair unrolling of static ASN1_ITEM IPAddrBlocks_it | job | 1 | -0/+11 | |
| The conversion tool didn't handle 'static_ASN1_ITEM_TEMPLATE_END' OK tb@ | |||||
| 2021-09-02 | Make v3_addr and v3_asid extern const | job | 1 | -2/+2 | |
| OK tb@ | |||||
| 2021-09-02 | Add err.h for X509error() and friends | job | 2 | -0/+2 | |
| OK tb@ | |||||
| 2021-09-02 | Fix OPENSSL_assert() and assert() | job | 2 | -35/+17 | |
| OK tb@ | |||||
| 2021-09-02 | Unroll ASN1_EX_TEMPLATE_TYPE IPAddrBlocks | job | 1 | -4/+7 | |
| OK tb@ | |||||
| 2021-09-02 | Change the OPENSSL_strdup() to strdup() | job | 1 | -3/+4 | |
| OK beck@ tb@ | |||||
| 2021-09-02 | Fix header file includes | job | 2 | -8/+9 | |
| OK tb@ | |||||
| 2021-09-02 | Move the error put functions from X509V3err() to X509V3error() | job | 2 | -52/+32 | |
| OK tb@ | |||||
| 2021-09-02 | Unroll ASN1_SEQUENCE() ASN1_CHOICE() ASN1_ITEM_TEMPLATE() | job | 2 | -46/+218 | |
| OK jsing@ | |||||
| 2021-09-02 | Add -f to usage | tb | 1 | -2/+2 | |
| 2021-09-02 | OPENSSL_assert() is not appropriate in this context | job | 1 | -2/+3 | |
| Feedback from tb@ OK tb@ | |||||
| 2021-09-02 | Replace ossl_assert()/assert() with OPENSSL_assert() | job | 2 | -14/+14 | |
| OK tb@ | |||||
| 2021-09-02 | Enable vfork syscall test. Disable SIGSTOP test as it is masked until | mbuhl | 5 | -6/+45 | |
| exec/exit with vfork. OK bluhm@ | |||||
| 2021-09-02 | We need to allow for either a CERTIFICATE or CERTIFICATE_STATUS message | beck | 1 | -2/+3 | |
| here or we break the handshake with BAD_MESSAGE ok tb@ | |||||
| 2021-09-02 | Replace OPENSSL_free() with free() | job | 2 | -7/+7 | |
| OK tb@ | |||||
| 2021-09-02 | Unroll IMPLEMENT_ASN1_FUNCTIONS() | job | 2 | -8/+197 | |
| OK jsing@ | |||||
| 2021-09-02 | Unroll DECLARE_ASN1_FUNCTIONS() | job | 1 | -9/+56 | |
| OK jsing@ | |||||
| 2021-09-02 | Rename DEFINE_STACK_OF() to DECLARE_STACK_OF() | job | 1 | -4/+4 | |
| OK tb@ jsing@ | |||||
| 2021-09-02 | Lay groundwork to support X.509 v3 extensions for IP Addresses and AS ↵ | job | 7 | -5/+2386 | |
| Identifiers These extensions are defined in RFC 3779 and used in the RPKI (RFC 6482, RFC 8360). Imported from OpenSSL 1.1.1j (aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf) This changeset is a no-op, as there are 10+ issues and at least 2 security issues. Work will continue in-tree. OK tb@, discussed with beck@ | |||||
| 2021-09-02 | Import more NetBSD system call regression tests. | mbuhl | 17 | -50/+2350 | |
| OK bluhm@ | |||||
| 2021-09-02 | Call the ocsp callback if present and we get no response, instead of | beck | 1 | -3/+2 | |
| succeeding unconditionally. Makes muststaple work with tls1.3 in nc ok tb@ | |||||
| 2021-09-02 | Use defined constants | inoguchi | 1 | -16/+16 | |
| 2021-09-02 | Add DB_TYPE_SUSP | inoguchi | 1 | -1/+2 | |
| 2021-09-02 | Correct the is_server flag in the call to the debug callback to be correct. | beck | 1 | -2/+2 | |
| ok tb@ | |||||
| 2021-09-02 | Move subject check process after the subject edit process | inoguchi | 1 | -105/+106 | |
| Referred to OpenSSL commit 2cedf794 and arranged for our codebase. ok tb@ | |||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |