openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	Merge X509_VERIFY_PARAM_ID into X509_VERIFY_PARAM	tb	2023-05-28	1	-13/+9
\| \| \| \| \| \| \| \| \| \|	Back in the day when essentially every struct was open to all applications, X509_VERIFY_PARAM_ID provided a modicum of opacity. This indirection is now no longer needed with X509_VERIFY_PARAM being opaque itself, so stop using X509_VERIFY_PARAM_ID and merge it into X509_VERIFY_PARAM. This is a first small step towards cleaning up the X509_VERIFY_PARAM mess. ok jsing
*	Rename the other_ctx in X509_STORE_CTX into trusted	tb	2023-05-08	1	-2/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	The other_ctx is a strong contender for the worst name of a struct member in OpenSSL. It's a void * member whose only purpose ever was to be set to a STACK_OF(X509) * via X509_STORE_CTX_trusted_stack() (yes, this is obviously a setter, why do you ask?) and then to be used by the get_issuer() callback (which of course isn't there to find any old issuer, but only to look for issuers among the 'trusted' certs). Anyway, we may want to rename untrusted into intermediates and trusted into roots later on, but for now let's match the lovely public API. While there rename get_issuer_sk() into get_trusted_issuer() which is a more accurate and slightly less silly name. ok jsing
*	Unifdef LIBRESSL_HAS_POLICY_DAG and remove it from the Makefile	tb	2023-04-28	1	-22/+1
\| \| \| \|	with beck
*	Make the new policy code in x509_policy.c to be selectable at compile time.	beck	2023-04-26	1	-5/+16
\| \| \| \| \| \| \|	The old policy codes remains the default, with the new policy code selectable by defining LIBRESSL_HAS_POLICY_DAG. ok tb@ jsing@
*	Move the policy tree code to internal-only	tb	2023-04-25	1	-1/+13
\| \| \| \| \|	A few hooks remain in the legacy validator, which will soon be replaced with something better. The rest of the tentacles are now largely contained.
*	Move X509_VERIFY_PARAM_st from vpm_int.h to x509_local.h	tb	2023-04-16	1	-1/+12
\|
*	Remove the now unused ex_pcpathlen from the X509 struct	tb	2023-04-16	1	-2/+1
\| \| \| \|	ok jsing
*	Make header guards of internal headers consistent	tb	2022-11-26	1	-4/+4
\| \| \| \| \|	Not all of them, only those that didn't leak into a public header... Yes.
*	Make internal header file names consistent	tb	2022-11-26	1	-0/+380
	Libcrypto currently has a mess of _lcl.h, _locl.h, and _local.h names used for internal headers. Move all these headers we inherited from OpenSSL to _local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook