| Commit message (Collapse) | Author | Files | Lines | ||
|---|---|---|---|---|---|
| 2017-04-10 | Use freezero() for the internal opaque structures, instead of the current | jsing | 3 | -18/+9 | |
| explicit_bzero()/free(). Less code and potentially less overhead. | |||||
| 2017-04-10 | Use freezero() for X25519 keys - same result with more readable code. | jsing | 1 | -7/+3 | |
| 2017-04-10 | document three additional functions; | schwarze | 1 | -7/+60 | |
| from Emilia Kasper <emilia at openssl dot org>, OpenSSL commit 4ac139b4 | |||||
| 2017-04-10 | Rework and significantly extend TLS name verification tests to match | jsing | 1 | -99/+377 | |
| changes in libtls. | |||||
| 2017-04-10 | Rework name verification code so that a match is indicated via an argument, | jsing | 5 | -47/+76 | |
| rather than return codes. More strictly follow RFC 6125, in particular only check the CN if there are no SAN identifiers present in the certificate (per section 6.4.4). Previous behaviour questioned by Daniel Stenberg <daniel at haxx dot se>. ok beck@ jca@ | |||||
| 2017-04-10 | freezero() the key block; simpler code and less of it. | jsing | 1 | -7/+3 | |
| 2017-04-10 | Use freezero() for i2d_SSL_SESSION() - one line of code instead of three. | jsing | 1 | -5/+2 | |
| In this case the memory allocated can also be significant, in which case freezero() will have less overhead than explicit_bzero() (munmap instead of touching all of the memory to write zeros). | |||||
| 2017-04-10 | fix some .Xr errors that jmc@ found with mdoclint(1) | schwarze | 3 | -12/+13 | |
| 2017-04-10 | new manual page SSL_get_server_tmp_key(3) | schwarze | 3 | -2/+88 | |
| from Matt Caswell <matt@openssl.org>, OpenSSL commit 508fafd8 | |||||
| 2017-04-10 | Additional SSL_SESSION documentation | schwarze | 11 | -16/+349 | |
| from Matt Caswell <matt at openssl dot org>, OpenSSL commit b31db505. Improve crosslinking while here. | |||||
| 2017-04-10 | for pure *_ctrl() wrapper macros, move the reference from ssl(3) | schwarze | 14 | -49/+54 | |
| to SSL_CTX_ctrl(3) to make ssl(3) slightly more palatable | |||||
| 2017-04-10 | new manual page SSL_CTX_set_tlsext_servername_callback(3) for SNI; | schwarze | 2 | -1/+126 | |
| from <Jon dot Spillett at oracle dot com> via OpenSSL commit 8c55c461 | |||||
| 2017-04-10 | tweak previous; | jmc | 1 | -4/+4 | |
| 2017-04-10 | Convert various client key exchange functions to freezero(3). The memory | jsing | 1 | -14/+5 | |
| contents needs to be made inaccessible - this is simpler and less error prone than the current "if not NULL, explicit_bzero(); free()" dance. | |||||
| 2017-04-10 | Introducing freezero(3) a version of free that guarantees the process | otto | 2 | -36/+130 | |
| no longer has access to the content of a memmory object. It does this by either clearing (if the object memory remains cached) or by calling munmap(2). ok millert@, deraadt@, guenther@ | |||||
| 2017-04-10 | pasto; from <Jon dot Spillett at oracle dot com> via OpenSSL commit 3aaa1bd0 | schwarze | 1 | -3/+3 | |
| 2017-04-10 | typo fix; from <Jon dot Spillett at oracle dot com> | schwarze | 1 | -5/+5 | |
| via OpenSSL commit 7bd27895 | |||||
| 2017-04-09 | Simplify/clean up BUF_MEM_grow_clean(). | jsing | 1 | -17/+16 | |
| ok beck@ | |||||
| 2017-04-09 | With recallocarray() BUF_MEM_grow() is essentially the same as | jsing | 1 | -28/+2 | |
| BUF_MEM_grow_clean() (the only difference is clearing on internal down sizing), so make it a wrapper. ok beck@ deraadt@ | |||||
| 2017-04-09 | Explicitly test for NULL. | jsing | 1 | -4/+4 | |
| ok beck@ | |||||
| 2017-04-09 | Improve unknown protocol version handling. | jsing | 1 | -2/+3 | |
| 2017-04-07 | In ssl.h TLS 1.0 is called TLSv1. Adapt name in test to make it pass. | bluhm | 1 | -1/+1 | |
| OK jsing@ | |||||
| 2017-04-07 | Use uint8_t instead of u_int8_t - for consistency and to make things easier | jsing | 1 | -2/+2 | |
| for portable. From Raphael Hittich. | |||||
| 2017-04-06 | trailing ; on end of macro definition is wrong; ok guenther | deraadt | 1 | -4/+4 | |
| 2017-04-06 | Consistentcy between nmembers and size order. From Christopher Hettrick; | otto | 1 | -8/+8 | |
| ok deraadt@ | |||||
| 2017-04-06 | bump version for new development branch | bcook | 1 | -3/+3 | |
| 2017-04-06 | first print size in meta-data then supplied arg size when an inconsistency is | otto | 1 | -3/+3 | |
| detected wrt recallocarray() | |||||
| 2017-04-05 | - -Z before -z in options list | jmc | 2 | -7/+9 | |
| - add -Z to help and usage() | |||||
| 2017-04-05 | Allow nc to save the peer certificate and chain in a pem file specified | beck | 2 | -4/+39 | |
| with -Z ok jsing@ | |||||
| 2017-04-05 | Add tls_peer_cert_chain_pem - To retreive the peer certificate and chain | beck | 7 | -6/+77 | |
| as PEM format. This allows for it to be used or examined with tools external to libtls bump minor ok jsing@ | |||||
| 2017-04-05 | Internal changes to allow for relayd engine privsep. sends the hash of the | beck | 5 | -29/+87 | |
| public key as an identifier to RSA, and adds an function for relayd to use to disable private key checking when doing engine privsep. ok jsing@ | |||||
| 2017-04-03 | Fix silly code that printfs NULL when there are no fractional seconds | beck | 1 | -2/+2 | |
| on a GENREALIZEDTIME (which there should really never be for anything remotely standards compliant) ok jsing@ | |||||
| 2017-03-29 | rephrase more enumerations of functions | otto | 1 | -13/+10 | |
| 2017-03-29 | tweak previous; | jmc | 1 | -3/+5 | |
| 2017-03-28 | Fix typo in function name; | schwarze | 1 | -4/+5 | |
| from Markus Triska <triska at metalevel dot at> via OpenSSL commit 1f164c6f. | |||||
| 2017-03-28 | After i wrote SSL_renegotiate(3) from scratch, OpenSSL also | schwarze | 1 | -12/+109 | |
| documented the function. Merge the more detailed descriptions and the additional documentation of SSL_renegotiate_abbreviated(3) and SSL_renegotiate_pending(3). From Matt Caswell, OpenSSL commit 39820637. | |||||
| 2017-03-28 | small cleanup & optimization; ok deraadt@ millert@ | otto | 1 | -2/+5 | |
| 2017-03-27 | repair knf & whitespace that jumped out of the screen during review | deraadt | 1 | -23/+18 | |
| ok beck | |||||
| 2017-03-27 | use a path of "/" if the URL does not include a trailing / - since | beck | 1 | -2/+5 | |
| the web server probably doesn't like it, even though you published the url without the trailing / in the certificate. (hello digicert!) ok claudio@ | |||||
| 2017-03-27 | Fail early if an ocep server returns a non-200 http response, there is no | beck | 1 | -1/+4 | |
| point in trying to parse error pages as an ocsp response. | |||||
| 2017-03-27 | reinstate the capitalisation from previous, as advised by schwarze; | jmc | 1 | -3/+3 | |
| 2017-03-26 | recallocarray() for data buffer from the net. | deraadt | 1 | -3/+5 | |
| ok beck | |||||
| 2017-03-26 | tweak previous; | jmc | 3 | -9/+9 | |
| 2017-03-26 | Stop enumeration all allocation functions, just say "allocation functions"libressl-v2.5.2 | otto | 1 | -32/+13 | |
| ok jmc@ deraadt@ | |||||
| 2017-03-26 | merge new UI documentation from OpenSSL | schwarze | 5 | -13/+651 | |
| 2017-03-25 | document X509_Digest(3) and friends; | schwarze | 2 | -1/+135 | |
| from Rich Salz <rsalz@openssl.org>, OpenSSL commit 3e5d9da5 etc. | |||||
| 2017-03-25 | document the public function X509_cmp_time(3); | schwarze | 2 | -1/+88 | |
| from Emilia Kasper <emilia@openssl.org>, OpenSSL commit 80770da3, tweaked by me | |||||
| 2017-03-25 | correct RETURN VALUES; | schwarze | 1 | -7/+13 | |
| from Richard Levitte <levitte@openssl.org>, OpenSSL commit cdd6c8c5 | |||||
| 2017-03-25 | fix two more prototypes; | schwarze | 1 | -5/+5 | |
| from Matt Caswell <matt@openssl.org>, OpenSSL commit b41f6b64 | |||||
| 2017-03-25 | correct prototypes; | schwarze | 1 | -5/+5 | |
| from Matt Caswell <matt@openssl.org>, OpenSSL commit b41f6b64 | |||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |