summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Crank major version due to removal of SHA-0 and MD4 from libcrypto.doug2015-09-131-2/+2
|
* Mechanical minor bump to follow libcrypto.miod2015-09-131-1/+1
|
* Merge the remnants of s3_enc.c into t1_enc.c.jsing2015-09-111-2/+2
| | | | ok beck@
* Put the *method* data structures and functions in the same place.jsing2015-09-111-2/+2
| | | | | | | We can also now nuke ssl23_get_method() since it is the same as tls1_get_method(). And the empty file can bite the dust. ok bcook@ miod@
* Remove SSLv3 method data structs and unlink s3_meth.c from the build.doug2015-08-291-2/+2
| | | | ok jsing@
* Crank major version for libssl and libtls due to SSLv3 removal.doug2015-08-271-1/+1
|
* Remove OpenSSL engine RSAX.doug2015-07-191-1/+1
| | | | | | | | | OpenSSL stopped building it last year and removed it this year. Based on OpenSSL commit c436e05bdc7f49985a750df64122c960240b3ae1. Also cranked major version in libcrypto, libssl and libtls. "fine with me" bcook@ miod@
* Crank major and remove legacy variables.doug2015-07-191-1/+1
| | | | | | Libtls is riding this crank. ok miod@ bcook@
* Fix pointer to unsigned long conversion.doug2015-06-271-2/+2
| | | | | | | bcook@ notes that this check really only impacted 64-bit Windows. Also, changed the check to be unsigned for consistency. ok bcook@
* Crank major for libcrypto, ssl and tls due to MDC-2DES removal.doug2015-06-201-1/+1
| | | | ok miod@ jsing@
* Fix library search path so we link against the freshly built libcrypto.sotobiasu2015-06-051-2/+2
| | | | | | instead of a stale one. ok miod@ mpi@
* Use a relative path against BSDOBJDIR to pick libcrypto; makes cross-libmiod2015-05-261-2/+2
| | | | work again.
* Record inter-library dependencies between libcrypto, libssl and libtlskettenis2015-05-172-1/+4
|
* Bump libcrypto and libssl majors, due to various recent churn.jsing2015-02-221-1/+1
| | | | Discussed with/requested by deraadt@ at the conclusion of s2k15.
* Crank libssl major due to the recent changes and removals.jsing2015-02-071-2/+2
| | | | ok beck@ deraadt@ miod@
* Stop defining TERMIOS, ANSI_SOURCE and OPENSSL_NO_RC5 for libssl builds.jsing2015-02-071-3/+1
| | | | | | | The first two are unused in libssl/libcrypto and OPENSSL_NO_RC5 is already defined via openssl/opensslfeatures.h. ok beck@ doug@ miod@
* Import BoringSSL's crypto bytestring and crypto bytebuilder APIs.doug2015-02-061-1/+2
| | | | | | | | | | | | | | This is imported with as few changes as possible for the initial commit. I removed OPENSSL_EXPORT, replaced OPENSSL_malloc() etc with malloc() and changed a few header includes. BoringSSL has this as part of their public API. We're leaving it internal to libssl for now. Based on BoringSSL's CBB/CBS API as of commit c5cc15b4f5b1d6e9b9112cb8d30205a638aa2c54. input + ok jsing@, miod@
* Support CA verification in chroot'ed processes without direct filereyk2015-01-221-1/+1
| | | | | | | | | | access to the certificates. SSL_CTX_load_verify_mem() is a frontend to the new X509_STORE_load_mem() function that allows to load the CA chain from a memory buffer that is holding the PEM-encoded files. This function allows to handle the verification in privsep'ed code. Adopted for LibreSSL based on older code from relayd (by pyr@ and myself) With feedback and OK bluhm@
* libssl major++jsing2014-12-101-1/+1
|
* Update the GOST code in libssl, as contributed by Dmitry Eremin-Solenikov.miod2014-11-181-1/+1
| | | | | This causes a libssl major version bump as this affects the layout of some internal-but-unfortunately-made-visible structs.
* Crank libssl major due to recent additions, removals and changes.jsing2014-10-311-2/+2
|
* Bump minor version for ECDH auto.jsing2014-10-031-1/+1
| | | | | While there are no additional symbols, there is an additional command that clients will potentially depend on.
* Bump minor after adding SSL_CTX_use_certificate_chain().reyk2014-09-281-1/+1
| | | | ok jsing@ miod@
* -DOPENSSL_NO_KRB5 is no longer neededderaadt2014-07-121-2/+2
| | | | ok guenther
* enough churn, a crank is advised by guenther..deraadt2014-07-121-1/+1
|
* crank major for decompression featuretedu2014-07-101-1/+1
|
* Remove support for the `opaque PRF input' extension, which draft has expiredmiod2014-06-131-2/+2
| | | | | | | | 7 years ago and never made it into an RFC. That code wasn't compiled in anyway unless one would define the actual on-the-wire extension id bytes; crank libssl major. With help and enlightenment from Brendan MacDonell.
* Make make includes work again without kssl.hbeck2014-05-291-2/+2
|
* define LIBRESSL_INTERNAL, and use it to hide the bad stuff from ourselvestedu2014-05-251-1/+2
| | | | ok beck
* Omit -Werror if building with gcc3, for it triggers "redefinition of `pqueue'"miod2014-05-181-2/+6
| | | | warnings now that pqueue.h has been removed from public scope.
* No longer make pqueue.h a public (and installed) header file. Replace itsmiod2014-05-151-2/+2
| | | | | | | | | inclusion in <ssl/dtls1.h> by the benign `struct _pqueue; typedef struct _pqueue *pqueue;'. Note that said dtls1.h should probably be considered a private header as well... ok beck@
* Move the `pqueue' part of libcrypto, which is a glorified sorted linked listmiod2014-05-122-4/+5
| | | | | | | | | | | | | of 64-bit data, and only used by DTLS, to libssl where it belongs. Remove pqueue_print() which is a debugging interface and serves no useful purpose, except for the regress test, which grows its own pqueue_print() routine. Bump libcrypto major and libssl minor. WARNING: do not update your tree right now, more changes are coming, which will ride the libcrypto major bump.
* Remove SRP and Kerberos support from libssl. These are complex protocolstedu2014-05-051-2/+2
| | | | | all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
* Make libssl and libcrypto compile with -Werrorbeck2014-04-231-2/+2
| | | | ok miod@
* Chop off more SSLv2 tentacles and start fixing and noting y2038 issues.guenther2014-04-201-1/+1
| | | | | | | APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl. ok tedu@
* -Walltedu2014-04-171-1/+2
|
* TANSTAAFL - delete the buf freelist code. if you need a better malloc, gettedu2014-04-161-2/+1
| | | | a better malloc. ok beck deraadt
* add back SRP. i was being too greedy.tedu2014-04-161-2/+2
|
* disentangle SRP code from TLStedu2014-04-161-2/+2
|
* remove ssl2 support even more completely.tedu2014-04-151-3/+1
| | | | | | in the process, always include ssl3 and tls1, we don't need config options for them. when the time comes to expire ssl3, it will be with an ax. checked by miod
* Crank major for libcrypto and libssl; more symbol removals to occur during themiod2014-04-151-1/+1
| | | | | next few moments, don't rush your update. Requested by deraadt@
* o_dir.c has a questionable odor.. now that we got rid of OPENSSL_DIR_XXXbeck2014-04-141-2/+1
| | | | | | remove it from the build.. we can cvs rm it and the files it includes once we know for sure ports are good. ok deraadt@
* make OPENSSL_NO_HEARTBLEED the default and only option. ok deraadt miodtedu2014-04-141-2/+2
|
* Move undocumented internal OPENSSL_DIR interface from libcrypto to libssl,miod2014-04-131-2/+3
| | | | | | so that libssl no longer need to access the non-external headers of libcrypto to build. No library bump, riding upon the recent update.
* Crank libcrypto minor (addition of BN_consttime_swap and CRYPTO_memcmp)miod2014-04-131-1/+1
| | | | and libssl major (ssl_check_clienthello_tlsext split into two functions)
* Move build machinery for libcrypto from libssl/crypto to libcrypto, as wellmiod2014-04-111-5/+4
| | | | | | | | | as configuration files; split manpages and .pc files between libcrypto and libssl. No functional change, only there to make engineering easier, and libcrypto sources are still found in libssl/src/crypto at the moment. ok reyk@, also discussed with deraadt@ beck@ and the usual crypto suspects.
* oops, typo, spotted by Matthias Schelerderaadt2014-04-101-2/+2
|
* crank major; struct ssl_ctx_st changes; ok teduderaadt2014-04-101-1/+1
|
* Disable Segglemann's RFC520 hearbeat.deraadt2014-04-101-2/+2
| | | | | | | | | | | | I am completely blown away that the same IETF that cannot efficiently allocate needed protocol, service numbers, or other such things when they are needed, can so quickly and easily rubber stamp the addition of a 64K Covert Channel in a critical protocol. The organization should look at itself very carefully, find out how this this happened, and everyone who allowed this to happen on their watch should be evicted from the decision making process. IETF, I don't trust you. ok tedu markus
* disable buf freelists. we'll see what happens next.tedu2014-04-101-1/+2
| | | | ok deraadt
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-31 17:40:44 +0000