| Commit message (Collapse) | Author | Files | Lines |
|---|
|
the correct return value. Prefer memcmp() anyway for portability.
ok jsing@ tedu@
|
|
that includes all currently supported protocols (TLSv1.0, TLSv1.1 and
TLSv1.2). Change all users of libtls to use TLS_PROTOCOLS_ALL so that they
maintain existing behaviour.
Discussed with tedu@ and reyk@.
|
|
ok tedu@
|
|
however it is not likely to be removed any time soon.
ok beck@ miod@
|
|
ok jsing@
|
|
to avoid swamping it;
|
|
as tls_connect(), however allows the name to use for verification to be
explicitly provided, rather than being inferred from the host value.
Requested by reyk@
ok reyk@ tedu@
|
|
to an actual host and use "servername" when referring to the name of the
TLS server that we expect to be indentified in the server certificate.
Likewise, rename verify_host to verify_name and use the term "name"
throughout the verification code (rather than host or hostname).
Requested by and ok tedu@
|
|
have this property.
Instead, skip the malloc and memcmp if their size is zero.
Per bcook@ request in order to run on AIX
|
|
|
|
|
|
Minor changes in generated assembly due to the compiler swapping from
.quad 0/.long 0 to .zero, along with changes due to line numbering.
|
|
ok miod@
|
|
jajaja miod@
|
|
structures visible and easier to review, without having to wade through
layers and layers of asn1t.h macros.
Change has been scripted and the generated assembly only differs by changes
to line numbers.
Discussed with beck@ miod@ tedu@
|
|
If you didn't enable deprecated code, there were missing err.h and
bn.h includes. This commit allows building with or without deprecated
code.
This was not derived from an OpenSSL commit. However, they recently
enabled OPENSSL_NO_DEPRECATED in git and fixed these header problems
in a different way.
Verified with clang that this only changes line numbers in the generated
asm.
ok miod@
|
|
Spotted by beck@
|
|
This is effectively a reimplementation of the functionality provided by
the previously removed c_rehash Perl script. The c_rehash script had a
number of known issues, including the fact that it needs to run openssl(1)
multiple times and that it starts by removing all symlinks before
putting them back, creating atomicity issues/race conditions, even when
nothing has changed.
certhash is self-contained and is intended to be stable - no changes
should be made unless something has actually changed. This means it can
be run regularly in a production environment without causing certificate
lookup failures.
Further testing and improvements will happen in tree.
Discussed with tedu@
|
|
be enabled, mostly since people use SANs instead.
ok beck@ guenther@
|
|
ok miod@
|
|
|
|
be enabled.
Removes one symbol from libcrypto, however there is no ABI change.
ok beck@ miod@ tedu@
|
|
15 years.
|
|
This code is not compiled in and OPENSSL_NO_STORE is already defined in
opensslfeatures.h. No symbol removal for libcrypto.
ok beck@
|
|
if EVP_DigestInit_ex() fails.
|
|
Careful review, feedback & ok doug@ jsing@
|
|
assembly due to switches between .quad and .zero for structs.
|
|
|
|
for libraries in OpenBSD is to deliberately let NULL pointers cause a SIGSEGV.
ok doug@ jsing@
|
|
|
|
noops around 15 years ago. Remove multiple occurances of both that still
exist in the code today.
|
|
LIBRESSL_INTERNAL - we do not need them any more.
|
|
macros so that the code is visible and functions can be readily located.
Change has been scripted and there is no change to the generated assembly.
Discussed with beck@ miod@ tedu@
|
|
|
|
and functions can be readily located.
Change has been scripted and the generated assembly only differs by changes
to line numbers.
Discussed with beck@ miod@ tedu@
|
|
the IMPLEMENT_ASN1_DUP_FUNCTION macro.
|
|
the code is visible and functions can be readily located.
Change has been scripted and there is no change to the generated assembly.
Discussed with beck@ miod@ tedu@
|
|
and functions can be readily located.
Change has been scripted and the generated assembly only differs by changes
to line numbers.
Discussed with beck@ miod@ tedu@
|
|
code is visible and functions can be readily located.
Change has been scripted and the generated assembly only differs by changes
to line numbers.
Discussed with beck@ miod@ tedu@
|
|
functions can be readily located.
Change has been scripted and there is no change to the generated assembly.
Discussed with beck@ miod@ tedu@
|
|
functions can be readily located.
Change has been scripted and the generated assembly only differs by changes
to line numbers.
Discussed with beck@ miod@ tedu@
|
|
There are currently cases where the return from each call is checked,
the return from only the last call is checked and cases where it is not
checked at all (including code in bn, ec and engine).
Checking the last return value is valid as once the function fails it will
continue to return NULL. However, in order to be consistent check each
call with the same idiom. This makes it easy to verify.
Note there are still a handful of cases that do not follow the idiom -
these will be handled separately.
ok beck@ doug@
|
|
functions can be readily located.
Change has been scripted and the generated assembly only differs by changes
to line numbers.
Discussed with beck@ miod@ tedu@
|
|
OpenBSD does not have SCTP support and it sees little use in the wild.
OPENSSL_NO_SCTP is already specified via opensslfeatures.h, hence this
is a code removal only and symbols should remain unchanged.
ok beck@ miod@ tedu@
|
|
OpenBSD does not have SCTP support and it sees little use in the wild.
OPENSSL_NO_SCTP is already specified via opensslfeatures.h, hence this
is a code removal only and symbols should remain unchanged.
ok beck@ miod@ tedu@
|
|
IPv4 or IPv6 address before trying to resolve the address with the
AI_ADDRCONFIG flag set. This makes sure that attempts to connect to
numeric IPs or loopback addresses are always possible and not
prevented by AI_ADDRCONFIG.
OK jsing@ tedu@
|
|
OpenSSL added this change to avoid an out-of-bounds write since
they're accessing p[-1]. We initialize buf and use strrchr() so we
aren't subject to the same OOB write.
However, we should return NULL rather than an empty string when there
are no shared ciphers.
Also, KNF a particularly bad section above here that miod noticed.
Based on OpenSSL commits:
4ee356686f72ff849f6f3d58562224ace732b1a6
308505b838e4e3ce8485bb30f5b26e2766dc7f8b
ok miod@
|
|
|
|
|
|
This has the same functionality as the previous version, however uses the
new option handling code, uses SSL_CIPHER_get_value() since we no longer
care about SSlv2 cipher suites and uses standard I/O functions instead of
BIO functions.
ok beck@ doug@
|
