summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* bump to 3.1.0bcook2020-01-141-3/+3
|
* Document how to make getopt_long(3) process arguments in order and stopstsp2020-01-131-2/+18
| | | | | at the first non-option argument. I had to read source code to figure it out.
* Avoid leak in error path of PKCS5_PBE_keyivgeninoguchi2020-01-121-1/+2
| | | | ok jsing@ tb@
* Avoid leak in error path of asn1_parse2inoguchi2020-01-091-17/+21
| | | | ok tb@
* Avoid leak in error path of dh_priv_decodeinoguchi2020-01-041-1/+2
| | | | ok jsing@ tb@
* In ssl.h rev. 1.167 and s3_lib.c rev. 1.188, jsing@ providedschwarze2020-01-021-4/+21
| | | | | | | | the new function SSL_CTX_get_extra_chain_certs_only(3) and changed the semantics of the existing SSL_CTX_get_extra_chain_certs(3) API from the former OpenSSL 1.0.1 behaviour to the new, incompatible OpenSSL 1.0.2 behaviour. Adjust the documentation. OK jsing@ beck@ inoguchi@
* Revise SSL_CTX_get_extra_chain_certs() to match OpenSSL behaviour.jsing2020-01-022-8/+23
| | | | | | | | | | | | | | In OpenSSL, SSL_CTX_get_extra_chain_certs() really means return extra certs, unless there are none, in which case return the chain associated with the certificate. If you really just want the extra certs, including knowing if there are no extra certs, then you need to call SSL_CTX_get_extra_chain_certs_only()! And to make this even more entertaining, these functions are not documented in any OpenSSL release. Reported by sephiroth-j on github, since the difference in behaviour apparently breaks OCSP stapling with nginx. ok beck@ inoguchi@ tb@
* Provide TLSEXT_TYPE_* aliases for TLS 1.3.jsing2020-01-021-1/+10
| | | | | | | | | | | OpenSSL decided to use their own names for two of the TLS 1.3 extensions, rather than using the names given in the RFC. Provide aliases for these so that code written to work with OpenSSL also works with LibreSSL (otherwise everyone gets to provide their own workarounds). Issue noted by d3x0r on github. ok inoguchi@ tb@
* drand48(3) returns values in [0.0, 1.0).tb2019-12-201-3/+3
| | | | | | From j@bitminer.ca with input from Andras Farkas, deraadt, joerg@netbsd "fix however you feel best!" jmc
* spelling; from bryan stensonjmc2019-12-191-3/+3
|
* Fix documented signatures of HMAC(3) and HMAC_Update(3). The n and lentb2019-12-141-4/+4
| | | | | arguments were changed from int to size_t with the import of OpenSSL 0.9.8h in 2008.
* The file passed to realpath(3) must exists, adjust man page to newbluhm2019-12-111-3/+3
| | | | | behavior. noticed by hshoexer@; OK beck@
* Document X509_STORE_CTX_set_flags() which is a handy way to change theclaudio2019-12-051-3/+18
| | | | | | | verification param flags of a context. While this function is marked as likely to be deprecated in OpenSSL it seems that this may not happen. This is why we decided to still document it. OK and input from ingo@ tb@
* Add missing RCS tag.tb2019-12-031-0/+1
|
* Fix typo: ECHD -> ECDH.tb2019-12-031-4/+4
| | | | From Michael Forney, thanks!
* Add support for TLS 1.3 post handshake messages and key updating.beck2019-11-263-20/+217
| | | | | | tested against openssl 1.1's server. ok jsing@ tb@
* gcc3, like clang and unlike our gcc4, doesn't support redirecting builtinsguenther2019-11-251-6/+12
| | | | | | | like mem{set,cpy,move} or __stack_smash_handler using asm() renaming. So treat gcc3 like clang and mark such functions as protected instead. ok ayoma@
* A touch of style(9)tim2019-11-211-6/+6
| | | | OK tb@ tedu@
* Use explicit_bzero() to clear key materialtim2019-11-211-1/+2
| | | | OK tb@ tedu@
* Add accessors to change the buffer in a handshake message.beck2019-11-203-3/+20
| | | | | | Needed for doing TLS 1.3 Post Handshake Handshake messages. ok jsing@
* Fix rsa key output formatinoguchi2019-11-201-5/+12
| | | | | | This fixes openssl(1) rsa -text output format ok tb@
* Add prototypes for the functions that update application secretsbeck2019-11-181-1/+3
| | | | so that the regress tests will work for them
* Provide a clean interface for sending TLSv1.3 alerts.jsing2019-11-182-5/+17
| | | | ok beck@
* Change tls13_record_layer_phh() to take a CBS as this avoids ownershipjsing2019-11-172-8/+6
| | | | | | issues and makes call sites cleaner. ok beck@
* Correct update of application traffic secrets to use an empty contextbeck2019-11-171-3/+7
| | | | | | rather than the hash of an empty context ok jsing@
* Bring back the ssl_shutdown internal method pointer.jsing2019-11-173-4/+21
| | | | | | | For now ssl3_shutdown() is called in all cases, however TLSv1.3 will soon get its own version. ok beck@
* Add a reference for the non-standard post-handshake handshake (PHH).tb2019-11-171-2/+2
| | | | ok beck, jsing
* Ensure that we are never operating in plaintext mode once the handshakejsing2019-11-171-1/+7
| | | | | | is complete, which should never occur. ok beck@
* Provide framework for sending alerts and post-handshake handshake messages.jsing2019-11-172-15/+174
| | | | | | Discussed at length with beck@ ok beck@ tb@
* indent with a tab instead of 8 spacestb2019-11-171-2/+2
|
* Move the TLSv1.3 server message handling stubs.jsing2019-11-172-125/+125
|
* Add the initial framework for the TLSv1.3 server.jsing2019-11-173-3/+84
| | | | ok beck@
* tls13_connect() should be static.jsing2019-11-171-2/+2
|
* Fix backoff to legacy when in client auth mode.beck2019-11-171-2/+2
| | | | ok jsing@
* Drop back to the legacy tls method if we are doing client authenticaitonbeck2019-11-171-1/+7
| | | | | | from a tls 1.3 connection, for now. ok jsing@
* Separate the callbacks for recieved and completed post handshake messagesbeck2019-11-173-10/+22
| | | | | | from the record layer ok jsing@
* Allow 1.3 ciphers in libtls.beck2019-11-161-2/+2
| | | | ok jsing@
* Revert previous deduplication diff, I broke portable in a strange way.beck2019-11-161-47/+58
| | | | | I'll figure it out a bit later. Found and diagnosed by inoguchi@
* Allow portable to override the default CA bundle locationbeck2019-11-162-3/+7
| | | | ok kinichiro@ jsing@
* Deduplicate some extension processing code.beck2019-11-151-58/+47
| | | | ok tb@ inoguchi@
* Add missing cross-reference to NOTES section.millert2019-11-141-3/+3
| | | | OK kn@ tb@
* Allow ip addresses as argument to SSL_set1_host() but be careful to nototto2019-11-041-2/+14
| | | | poison the context. ok and help jsing@ tb@
* Reshuffle RSA_PSS_PARAMS and RSA_OAEP_PARAMS to avoid duplicate typedef.jsing2019-11-041-21/+19
| | | | | | Issue spotted by bcook@ ok bcook@ inoguchi@
* Sort standard_methods by pkey_id.inoguchi2019-11-021-4/+4
| | | | ok jsing@
* CMS didn't make the 6.6 release: adjust the text in the HISTORY sectionsschwarze2019-11-0223-69/+69
|
* .Xr CMS_ContentInfo_new 3schwarze2019-11-021-2/+3
|
* .Xr BIO_new_CMS 3schwarze2019-11-021-2/+3
|
* document PEM_read_CMS(3), PEM_read_bio_CMS(3), PEM_write_CMS(3), andschwarze2019-11-021-3/+46
| | | | PEM_write_bio_CMS(3) which jsing@ just enabled in Symbols.list rev. 1.91
* In Symbols.list rev. 1.91, jsing enabled many CMS functions.schwarze2019-11-021-1/+24
| | | | Install the new manual pages documenting the majority of them.
* Bring back some icky buffer allocation code so that pkey_rsa_print()jsing2019-11-021-9/+41
| | | | | | works again with the horrific API that is ASN1_bn_print(). Issue spotted by inoguchi@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-08 17:29:36 +0000