openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	Remove SSL_add_compression_method	tb	2024-08-31	1	-2/+1
\|
*	Prepare to provide SSL_CTX_set1_cert_store()	tb	2024-08-03	1	-1/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	SSL_CTX_set_cert_store() should have been called SSL_CTX_set0_cert_store() since it takes ownership of the store argument. Apparently a few people ran into the issue of not bumping the refcount themselves, leading to use after frees about 10 years ago. This is a quite rarely used API and there are no misuses in the ports tree, but since someone did the work of writing a diff, we can still add it. Needless to say that SSL_CTX_get_cert_store() obviously has the exact same issue and nobody seems to have thought of adding a get0 or get1 version to match... Fixes https://github.com/libressl/openbsd/issues/71 From Kenjiro Nakayama
*	Prepare to provide SSL_CIPHER_get_handshake_digest()	tb	2024-07-14	1	-1/+2
\| \| \| \| \| \| \|	Needed by newer freeradius. This is a straightforward implementation that essentially duplicates tls13_cipher_hash(). ok jsing
*	Remove SSL_debug	tb	2024-03-02	1	-2/+1
\| \| \| \| \| \| \|	The garbage truck is quite full by now. Collect the last symbol straggler for this bump. ok jsing
*	Remove SSL_CIPHER_get_by_{id,value}()	tb	2024-03-02	1	-3/+1
\| \| \| \| \| \| \| \| \|	While this undocumented API would have been much nicer and saner than SSL_CIPHER_find(), nothing used this except for the exporter test. Let's get rid of it again. libssl uses ssl3_get_cipher_by_{id,value}() directly. ok jsing
*	Export SSL_get_{peer_,}signature_type_nid()	tb	2024-03-02	1	-1/+3
\| \| \| \| \| \| \| \| \|	Also move the prototypes to the correct header. Oversight reported by Frank Lichtenheld, thanks! Fixes https://github.com/libressl/openbsd/issues/147 ok jsing
*	Set OPENSSL_NO_ENGINE, remove engine code	tb	2023-07-28	1	-2/+1
\| \| \| \| \| \| \| \| \| \|	ENGINE was special. It's horrible code even by the low standards of this library. Some ports may now try to use the stubs which will fail, but the fallout from this should be minimal. Of course there are various language bindings that expose the ENGINE API. OpenSSL 3 disabling ENGINE by default will likely help fixing this at some point. ok jsing
*	Hide all public symbols in libssl	beck	2023-07-08	3	-8/+423
\| \| \| \| \| \|	With the guentherizer 9000 ok tb@
*	upstream hidden file #include_next workaround for MS C compilers	bcook	2023-07-05	1	-1/+5
\| \| \| \|	ok beck@, tb@
*	Add support for symbol hiding disabled by default.	beck	2022-11-11	1	-0/+31
	Fully explained in libcrypto/README. TL;DR make sure libcrypto and libssl's function calls internally and to each other are via symbol names that won't get overridden by linking other libraries. Mostly work by guenther@, which will currently be gated behind a build setting NAMESPACE=yes. once we convert all the symbols to this method we will do a major bump and pick up the changes. ok tb@ jsing@