summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_cert.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Move a large part of ssl_st into internal, so we can see what squeals.beck2017-01-231-6/+6
| | | | ok jsing@
* Move most of the fields in SSL_CTX to internal - the ones that remain arejsing2017-01-231-5/+5
| | | | | | known to be in use. ok beck@
* move the callbacks from ssl_st to internalbeck2017-01-231-3/+3
| | | | ok jsing@
* Move callback function pointers and argument pointers from SSL_CTX tojsing2017-01-231-3/+4
| | | | | | internal. ok beck@
* Move most of the SSL3_STATE fields to internal - the ones that remain arejsing2017-01-221-2/+2
| | | | | | known to be used by ports. ok beck@
* Add support for ECDHE with X25519.jsing2016-12-211-1/+2
| | | | | | Testing of an earlier revision by naddy@. ok beck@
* X509_free(3) is NULL-safe, so remove NULL checks before its calls.mmcc2016-03-111-13/+7
| | | | ok doug@
* Nuke ssl_set_peer_cert_type().jsing2015-09-111-8/+1
| | | | ok "flensing knife"
* readdir() is thread-safe when DIR handles aren't shared, so delete the lock.guenther2015-04-061-3/+1
| | | | | | | (POSIX is fixing its description: readdir_r() was a botch) Patch from Carlos Mart�n Nieto (cmn (at) dwim.me) no -portable concerns bcook@
* Remove trailing whitespace.jsing2014-12-141-9/+9
|
* Remove support for GOST R 34.10-94 signature authentication, along withjsing2014-12-101-2/+1
| | | | | | | the two ciphersuites that use it. GOST94 public/private keys have been long obsoleted and libcrypto does not have support for them anyway. Discussed with Dmitry Eremin-Solenikov.
* Remove client handling of RSA in ServerKeyExchange messages, along withjsing2014-12-061-2/+1
| | | | | | | | | the associated peer_rsa_tmp goop. This was only needed for export cipher handling and intentional RFC violations. The export cipher suites have already been removed and previous cleanup means that we will never send ServerKeyExchange messages from the server side for RSA.
* Update the GOST code in libssl, as contributed by Dmitry Eremin-Solenikov.miod2014-11-181-1/+5
| | | | | This causes a libssl major version bump as this affects the layout of some internal-but-unfortunately-made-visible structs.
* Sort and group includes.jsing2014-11-161-6/+7
|
* Add support for automatic DH ephemeral keys.jsing2014-10-311-1/+2
| | | | | | | This allows an SSL server to enable DHE ciphers with a single setting, which results in an DH key being generated based on the server key length. Partly based on OpenSSL.
* Remove support for ephemeral/temporary RSA private keys.jsing2014-10-311-9/+1
| | | | | | | | | The only use for these is via SSL_OP_EPHEMERAL_RSA (which is effectively a standards violation) and for RSA sign-only, should only be possible if you are using an export cipher and have an RSA private key that is more than 512 bits in size (however we no longer support export ciphers). ok bcook@ miod@
* Add support for automatic ephemeral EC keys.jsing2014-10-031-1/+2
| | | | | | | | | | This allows an SSL server to enable ECDHE ciphers with a single setting, which results in an EC key being generated using the first preference shared curve. Based on OpenSSL with inspiration from boringssl. ok miod@
* KNF comments, reflowing and moving out of the middle of argument lists inguenther2014-07-101-16/+25
| | | | | | places ok jsing@
* tedu the SSL export cipher handling - since we do not have enabled exportjsing2014-07-091-3/+1
| | | | | | ciphers we no longer need the flags or code to support it. ok beck@ miod@
* Fix memory leak in error path.logan2014-06-211-2/+2
| | | | OK from miod@
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* No, we will not be building with OPENSSL_NO_X509_VERIFY. Nuke it andjsing2014-06-081-14/+8
| | | | | | do some other clean up while here. ok deraadt@
* BIO_free has an implicit NULL check, so do not bother checking for NULLjsing2014-06-071-4/+2
| | | | before calling it.
* The DH_free, EC_KEY_free, EVP_PKEY_free and RSA_free functions all havejsing2014-06-071-22/+12
| | | | | implicit NULL checks, so there is no point ensuring that the pointer is non-NULL before calling them.
* More KNF.jsing2014-06-071-19/+22
|
* remove some #if 0 code. we don't need any more reminders that we're usingtedu2014-05-301-14/+0
| | | | a not quite appropriate data structure. ok jsing
* Any sane platform has stdio. Stop pretending we will ever use a platformbeck2014-05-291-2/+0
| | | | | that does not. "fire bomb" tedu@
* unidef DH, ECDH, and ECDSA. there's no purpose to a libssl without them.tedu2014-05-291-22/+0
| | | | ok deraadt jsing
* We don't really to keep history in constructs such as:miod2014-05-261-6/+1
| | | | | | | | #if 1 /* new with openssl 0.9.4 */ current code; #else obsolete code; #endif
* There are two actual uses of e_os2.h in libssl - an OPENSSL_GLOBAL (anjsing2014-05-221-1/+0
| | | | | | | | | empty define) and an OPENSSL_EXTERN (which is defined as, well... extern). The use of OPENSSL_EXTERN is already inconsistent since the lines above and below just use plain old "extern". Expand the two uses of these macros and stop including e_os2.h in libssl. ok miod@
* Replace all use of ERR_add_error_data with ERR_asprintf_error_data.beck2014-04-261-1/+1
| | | | | | | | This avoids a lot of ugly gymnastics to do snprintfs before sending the bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c where it was being called with the incorrect number of arguments and using random things off the stack as addresses of strings. ok krw@, jsing@
* more malloc/realloc/calloc cleanups; ok beck kettenisderaadt2014-04-211-9/+3
|
* More KNF and style consistency tweaksguenther2014-04-191-14/+14
|
* always build in RSA and DSA. ok deraadt miodtedu2014-04-171-12/+0
|
* kill REF_PRINT/REF_CHECK debugging framework noone would usederaadt2014-04-171-18/+0
| | | | ok miod
* Change library to use intrinsic memory allocation functions instead ofbeck2014-04-171-5/+5
| | | | | | | | OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
* o_dir.c had a very funny odor. all users of this now use standard functions.beck2014-04-151-1/+0
| | | | | consign it to the Attic. ok deraadt@
* convert the use of OPENSSL_DIR_XXX functions to opendir() and frends.beck2014-04-141-30/+20
| | | | ok deraadt@
* First pass at applying KNF to the OpenSSL code, which almost makes itjsing2014-04-141-329/+320
| | | | | readable. This pass is whitespace only and can readily be verified using tr and md5.
* Remove vms support stuff.beck2014-04-131-5/+0
| | | | ok deraadt@
* Do not include "e_os.h" anymore. Simply pull in the necessary headers.mpi2014-04-131-6/+6
| | | | ok miod@, deraadt@
* Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.miod2014-04-131-2/+2
|
* resolve conflictsdjm2012-10-131-1/+20
|
* resolve conflicts, fix local changesdjm2010-10-011-6/+11
|
* resolve conflictsdjm2008-09-061-156/+87
|
* resolve conflictsdjm2006-06-271-3/+13
|
* resolve conflictsdjm2005-04-291-38/+66
|
* merge 0.9.7dmarkus2004-04-081-6/+6
|
* merge 0.9.7b with local changes; crank majors for libssl/libcryptomarkus2003-05-121-1/+29
|
* Merge openssl-0.9.7-stable-SNAP-20020519beck2002-05-211-1/+0
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 19:02:34 +0000