summaryrefslogtreecommitdiff
path: root/src/lib/libc/stdlib/system.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2017-01-24fix make clean and warningsotto2-1/+3
2017-01-24make sure realloc preserves dataotto1-17/+45
2017-01-24use ${.OBJDIR}otto1-8/+8
2017-01-24BUF_MEM_free(), X509_STORE_free() and X509_VERIFY_PARAM_free() all checkjsing2-18/+10
for NULL, as does lh_free() - do not do the same from the caller.
2017-01-24sk_free() checks for NULL so do not bother doing it from the callers.jsing4-10/+9
2017-01-24sk_pop_free() checks for NULL so do not bother doing it from the callers.jsing7-50/+31
2017-01-24Within libssl a SSL_CTX * is referred to as a ctx - fix this forjsing1-29/+29
SSL_CTX_free().
2017-01-24correct usage format; ok beck claudio bennoderaadt1-2/+3
2017-01-24in resolver(3), document that _EDNS0 and _DNSSEC are no ops;jmc1-6/+17
diff from kirill miazine while here, bump all the no op texts to one standard blurb; help/ok jca
2017-01-24fix mode on open() and ftruncate(), noticed bybeck1-2/+4
bcook@
2017-01-24#if 0 the ecformats_list and eccurves_list - these are currently unused butjsing1-2/+5
will be revisited at some point in the near future.
2017-01-24Remove unused cert variable.jsing1-3/+1
Found by bcook@
2017-01-24Say no to two line error messages on failurebeck1-4/+3
2017-01-24s/returns/exits/beck1-2/+2
2017-01-24Break run-on sentence into two.beck1-3/+4
2017-01-24string terminator is called a NULderaadt2-5/+5
2017-01-24Actually load the cafile when providede, and error message cleanupbeck1-4/+4
2017-01-24use warn, I have errno here. noticed by theobeck1-1/+1
2017-01-24Yes the "if (const == val" idiom provides some safety, but it grates onderaadt1-58/+58
us too much. ok beck jsing
2017-01-24knfbeck1-1/+2
2017-01-24revert accidental commit of theo diffbeck1-58/+58
2017-01-24Just don't bother with OpenSSL error strings, they are mostlybeck2-77/+71
irrelevant and look gross here anyway.. we don't need them
2017-01-24various cleanup;jmc2-29/+28
2017-01-24Bump libssl and libtls minors due to symbol additions.jsing2-2/+2
2017-01-24slight cleanupsderaadt1-4/+3
2017-01-24Add a -groups option to openssl s_client, which allows supported EC curvesjsing1-7/+17
to be specified as a colon separated list. ok beck@
2017-01-24Update client tests for changes in default EC formats/curves.jsing1-52/+31
2017-01-24Add support for setting the supported EC curves viajsing7-26/+197
SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names. This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself. Inspired by parts of BoringSSL and OpenSSL. ok beck@
2017-01-24s/exit/exist/ typobeck1-2/+2
2017-01-24New ocspcheck utility to validate a certificate against its ocsp responderbeck5-0/+1634
and save the reply for stapling ok deraadt@ jsing@
2017-01-24Correct bounds checks used when generating the EC curves extension.jsing1-3/+3
ok beck@
2017-01-24accross -> across;jmc1-2/+2
2017-01-24Use prime256v1 for tests unless otherwise specified.jsing1-4/+0
2017-01-24Fix typo in brainpool curve name within a comment.jsing1-2/+2
2017-01-24There is no point returning then breaking...jsing1-2/+1
2017-01-24unifdef OPENSSL_NO_BIO - we do not support this in any form.jsing1-15/+1
ok beck@
2017-01-24Introduce ticket support. To enable them it is enough to set a positiveclaudio6-14/+251
lifetime with tls_config_set_session_lifetime(). This enables tickets and uses an internal automatic rekeying mode for the ticket keys. If multiple processes are involved the following functions can be used to make tickets work accross all instances: - tls_config_set_session_id() sets the session identifier - tls_config_add_ticket_key() adds an encryption and authentication key For now only the last 4 keys added will be used (unless they are too old). If tls_config_add_ticket_key() is used the caller must ensure to add new keys regularly. It is best to do this 4 times per session lifetime (which is also the ticket key lifetime). Since tickets break PFS it is best to minimize the session lifetime according to needs. With a lot of help, input and OK beck@, jsing@
2017-01-24ssl_cert_free() checks for NULL itself.jsing1-10/+5
2017-01-24Remove a "free up if allocated" comment that exists before code that freesjsing1-2/+1
things if they are allocated. ok captainobvious@
2017-01-24sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same fromjsing4-27/+16
the callers.
2017-01-24ssl_sess_cert_free() checks for NULL, so do not bother doing it at thejsing2-6/+8
call sites.
2017-01-24There is no point in zeroing fields that exist within a struct that isjsing1-3/+1
about to be explicit_bzero'd and freed.
2017-01-24Add missing documentation for tls_config_set_verify_depthclaudio1-1/+5
Done together with jsing@
2017-01-24Shuffle the deck chairs to bring them back in order.claudio1-9/+9
2017-01-24tls_config_add_keypair_mem is the function to add additional keypairs andclaudio1-5/+5
ocsp_staple functions set the OCSP response they don't add them (which implies you can call them multiple times). Discussed with jsing@ beck@
2017-01-23move default_passwd_cb and default_passwd_cb_userdata back intobeck4-30/+35
the ssl_ctx from internal - these are used directly by python and openvpn and a few other things - we have the set accessors but the get accessors were added in 1.1 and these roll their own caveat OPENSSL_VERSION chickenpluckery
2017-01-23Move options and mode from SSL_CTX and SSL to internal, since these can bejsing12-66/+70
set and cleared via existing functions.
2017-01-23Split most of SSL_METHOD out into an internal variant, which is opaque.jsing23-303/+378
Discussed with beck@
2017-01-23hook malloc_general to the testsotto1-2/+2
2017-01-23test malloc/realloc/free with some flag combo'sotto2-0/+122
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-21 20:06:07 +0000