openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	Remove proxy cert remnants	tb	2023-04-25	1	-25/+1
\|
*	Remove SXNET	tb	2023-04-25	1	-41/+1
\| \| \| \|	Unused and no authorative information was found online in 2016
*	Move the policy tree code to internal-only	tb	2023-04-25	1	-7/+1
\| \| \| \| \|	A few hooks remain in the legacy validator, which will soon be replaced with something better. The rest of the tentacles are now largely contained.
*	Use proper fix for the recent x400Address issue	tb	2023-04-25	1	-3/+2
\| \| \| \| \| \|	From David Benjamin (BoringSSL) ok beck
*	Future users of libcrypto will also have to do without strong extranet	tb	2023-04-24	1	-1/+5
\| \| \| \| \| \|	support. discussed with beck and jsing
*	Mark remaining policy tree public API for removal	tb	2023-04-16	1	-1/+4
\| \| \| \|	ok jsing
*	Mark proxy policy API for removal in upcoming bump	tb	2023-04-16	1	-1/+5
\| \| \| \|	ok jsing
*	Fix indentation of structs and unions in x509v3.h	tb	2023-04-10	1	-87/+87
\| \| \| \|	No change according to diff -w
*	White space KNF, no code change:	schwarze	2022-11-07	1	-15/+12
\| \| \| \| \| \| \|	- line breaking and indentation in three struct declarations - removal of trailing whitespace Found while working on /usr/src/regress/lib/libcrypto/man/check_complete.pl . OK tb@
*	Remove mkerr.pl remnants from LibreSSL	kn	2022-07-12	1	-5/+1
\| \| \| \| \| \| \|	This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config. Feedback OK jsing tb
*	Remove header guard around RFC 3779 declarations	tb	2022-01-14	1	-3/+1
\| \| \| \|	ok inoguchi jsing
*	Remove name_cmp from public visibility	tb	2022-01-14	1	-2/+1
\| \| \| \|	ok inoguchi jsing
*	Undo commenting of OPENSSL_NO_RFC3779	tb	2021-12-24	1	-4/+4
\| \| \| \| \| \| \| \| \| \| \|	The define implies that we have the RFC 3779 API and corresponding symbols publicly exposed. We don't do that since there are still concerns about its suitability and security. oss-fuzz has code depending on this define and this broke its build as tracked down by jsing. This commit gets us oss-fuzz builds back while keeping job happy since the extension pretty printing will continue to work. ok jsing
*	Fix some KNF issues in the RFC 3779 section that have bothered me for	tb	2021-12-24	1	-54/+55
\| \| \| \|	way too long.
*	Unifdef LIBRESSL_NEW_API. Now that the library is bumped, this is	tb	2021-11-01	1	-3/+1
\| \| \| \| \| \|	no longer needed. ok jsing
*	Declare STACK_OF(GENERAL_NAMES)	tb	2021-10-23	1	-3/+4
\| \| \| \|	ok jsing
*	Prepare to provide X509_get_extension_flags()	tb	2021-10-23	1	-1/+2
\| \| \| \|	ok beck jsing
*	Prepare to provide X509_get_{extended_,}key_usage()	tb	2021-10-22	1	-1/+5
\| \| \| \|	ok beck jsing
*	Add XKU_ANYEKU #define and use it to cache the anyExtendedKeyUsage	tb	2021-10-21	1	-2/+3
\| \| \| \| \| \| \|	extension. This is part of OpenSSL commit df4c395c which didn't make it into our tree for some reason. ok jsing
*	Unroll DECLARE_ASN1_FUNCTIONS()	job	2021-09-02	1	-9/+56
\| \| \| \|	OK jsing@
*	Rename DEFINE_STACK_OF() to DECLARE_STACK_OF()	job	2021-09-02	1	-4/+4
\| \| \| \|	OK tb@ jsing@
*	Lay groundwork to support X.509 v3 extensions for IP Addresses and AS ↵	job	2021-09-02	1	-1/+144
\| \| \| \| \| \| \| \| \| \| \|	Identifiers These extensions are defined in RFC 3779 and used in the RPKI (RFC 6482, RFC 8360). Imported from OpenSSL 1.1.1j (aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf) This changeset is a no-op, as there are 10+ issues and at least 2 security issues. Work will continue in-tree. OK tb@, discussed with beck@
*	Add new x509 certificate chain validator in x509_verify.c	beck	2020-09-13	1	-1/+3
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	The new validator finds multiple validated chains to handle the modern PKI cases which may frequently have multiple paths via different intermediates to different roots. It is loosely based on golang's x509 validator This includes integration so that the new validator can be used via X509_verify_cert() as well as a new api x509_verify() which will return multiple chains (similar to go). The new validator is not enabled by default with this commit, this will be changed in a follow on commit. The new public API is not yet exposed, and will be finalized and exposed with a man page and a library minor bump later. ok tb@ inoguchi@ jsing@
*	Collapse the x509v3 directory into x509.	jsing	2020-06-04	1	-0/+992
	This avoids the need to grep across directories to find functions and prepares for further rototilling and chainsawing. Discussed with tb@ (who also tested the release build)