summaryrefslogtreecommitdiff
path: root/src/usr.bin/openssl/apps.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Fix UTF-8 issuer printingtb2023-04-221-2/+6
| | | | | | | | | | | | | If no field separator is specified, default to using the comma plus space separation, unless the compat flag is set. Fixes an a bug with printing issuers and other things that contain UTF-8 Reported by Jean-Luc Duprat The very simple fix ix is a joint effort by Henson and Levitte Fixes libressl/portable issue #845 ok jsing
* Drop policy printing from openssltb2023-04-141-42/+1
| | | | | | | | | | | | Nothing really uses the policy tree. It's desgined with built-in DoS capabilities directly from the RFC. It will be removed from the attack surface and replaced with something equivalent that doesn't grow exponentially with the depth. This removes the only reason the policy tree itself ever leaked out of the library. ok jsing
* Implement openssl pkey -{,pub}check and pkeyparam -checktb2022-01-101-1/+29
| | | | | | | These expose EVP_PKEY_{,public_,param_}check() to the command line. They are currently noops and will be enabled in the upcoming bump. ok inoguchi jsing
* openssl(1): drop support for netscape certificates and server gated keys.tb2021-11-261-80/+2
| | | | ok inoguchi jsing
* Remove workarounds for SSL_is_dtls()tb2021-03-311-8/+1
| | | | Reminded by inoguchi jsing
* Add option type OPTION_ORDERinoguchi2021-03-241-1/+5
| | | | | | | | | | To handle incremental order value, added new option type OPTION_ORDER. openssl(1) x509 requires this option handling, since, - -CA and -signkey require to set both filename and incremental 'num'. - -dates requires to set two variables in a row, startdate and enddate. and this couldn't be solved by OPTION_FLAG_ORD. ok tb@ and "I'd move forward with your current plan." from jsing@
* Add DTLSv1.2 support to openssl(1) s_client/s_server.jsing2021-03-171-3/+9
| | | | ok inoguchi@ tb@
* Add a -legacy_verify flag to force use of the old validator for debuggingtb2020-10-261-1/+3
| | | | | | and testing purposes. ok beck inoguchi jsing
* no need to initialize i if it's re-initialized a few lines downtb2020-10-141-2/+1
|
* Add option type OPTION_UL_VALUE_ORinoguchi2020-09-091-1/+5
| | | | ok tb@
* Mark the initialized struct options arrays as both static and const.guenther2019-07-141-4/+4
| | | | | | This moves them from .data to .data.rel.ro ok deraadt@ inoguchi@
* snprintf/vsnprintf return < 0 on error, rather than -1.deraadt2019-07-031-2/+2
|
* When system calls indicate an error they return -1, not some arbitraryderaadt2019-06-281-14/+14
| | | | | | value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
* Fix weird wrap showing cipher list in interactive modeinoguchi2019-02-091-3/+3
| | | | ok jsing@ tb@
* Summarize the 4 same name functions and move it to apps.cinoguchi2019-02-091-1/+13
| | | | ok tb@ jsing@
* Revert previous, which was wrong as noted by schwarze. Also revert a hunktb2018-08-161-4/+7
| | | | | | from r1.45 and thereby avoid a use-after-free spotted by schwarze. ok schwarze
* Remove unused variable.rob2018-08-161-5/+3
| | | | From Nan at chinadtrace dot org. Thanks!
* Restore a check before BN_free() that needs to exist and write it such thatjsing2018-02-071-2/+3
| | | | the intent is more obvious.
* Indent labels with a single space so that diff prototypes are more useful.jsing2018-02-071-22/+22
|
* Remove guards around *_free() calls since these functions handle NULL.jsing2018-02-071-27/+15
|
* Remove NPN support - the -nextprotoneg options now become no-ops.jsing2017-08-121-2/+3
| | | | ok bcook@ beck@ doug@
* use freezero() instead of 4-line conditional explicit_bzero + freederaadt2017-04-181-5/+2
|
* whitespacederaadt2017-01-211-2/+2
|
* Expand ASN1_ITEM_rptr macros here as well... used with NETSCAPE_X509 of alljsing2016-12-301-2/+2
| | | | things...
* Options that take a time argument....take an argumentguenther2016-09-041-2/+3
| | | | diff from Kinichiro Inoguchi (kinichiro.inoguchi (at) gmail.com)
* Add OPTION_ARG_TIME for parsing a (64 bit if needed) time_tderaadt2016-08-301-1/+11
| | | | prodding & ok jsing
* Repeated occurances of the idiom buf[5][BUFSIZ] -- ridiculous. Give eachderaadt2016-08-261-86/+87
| | | | | | buf a special name, recognize that most are PATH_MAX, and remove a few that are not needed at all. ok jsing beck
* mutli -> multimiod2015-11-141-2/+2
|
* Factor out setup_up / destroy_ui functions.bcook2015-09-131-52/+25
| | | | | | | | | This pulls out and renames setup_ui/destroy_ui so we have something that can be replaced as-needed, moving the the console setup code for Windows to app_win.c in -portable, instead of needing a local patch to enable binary console mode ui_read/write are also simplified.
* Remove engine command and parameters from openssl(1).bcook2015-09-111-92/+11
| | | | | | | We do not have any builtin or dynamic engines, meaning openssl(1) has no way to use the engine command or parameters at all. ok jsing@
* Correct spelling of OPENSSL_cleanse.jsing2015-09-101-4/+4
|
* remove superfluous strings.hbcook2015-07-211-2/+1
|
* app_tminterval moved to apps_posix.c, we don't need sys/times.hbcook2015-07-201-2/+1
|
* Check return value for ENGINE_ctrl and ENGINE_ctrl_cmd.doug2015-07-201-4/+15
| | | | | | Fixes Coverity issue 21645. ok bcook@
* Warn when rename() fails in openssl(1) apps.doug2015-07-201-8/+36
| | | | | | Fixes Coverity issues 78795 and 78803. ok bcook@
* kill leak, found by coverity, ID 105348beck2015-07-161-2/+5
| | | | ok miod@
* Add OPTION_ARG_LONG for handling of options with a long type.jsing2015-07-151-2/+13
| | | | ok doug@
* Remove fallback dynamic engine loading support.bcook2015-06-191-18/+2
| | | | | | | | | | | | | | | | | | | | | | | Since we no longer have dynamic engines, don't bother falling back to them if a builtin engine is not found first. Before: $ openssl dgst -engine unknown invalid engine "unknown" 27256010481532:error:2606A074:engine routines:ENGINE_by_id:no such engine:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/engine/eng_list.c:384:id=unknown 27256010481532:error:2606A074:engine routines:ENGINE_by_id:no such engine:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/engine/eng_list.c:384:id=dynamic After: $ openssl dgst -engine unknown invalid engine "unknown" 27256010481532:error:2606A074:engine routines:ENGINE_by_id:no such engine:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/engine/eng_list.c:384:id=unknown ok doug@
* Add support for OPTION_DISCARD.doug2015-06-161-1/+4
| | | | ok jsing@
* Modify BSIZE to BUFLEN to avoid redefinition on HP-UX.bcook2015-02-071-12/+12
| | | | | | | | | | HP-UX defines BSIZE in its <sys/param.h>, and there is a route where its getting included as a side-effect. I tracked back to at least from HP-UX 9.0 ca. 1993, up to the latest, so the user namespace is polluted. from kinichiro <kinichiro.inoguchi@gmail.com> ok miod@, jsing@
* Check the return values of several reallocarray() calls. While here,lteo2015-01-031-1/+3
| | | | | | also check the return value of an adjacent malloc() call. ok jsing@
* Provide option types for binary AND, binary OR and silently discarding anjsing2015-01-011-1/+9
| | | | option.
* Fix subtle typo.jsing2014-12-281-2/+2
|
* Allow a default option to be specified by having a NULL name, but a validjsing2014-12-281-4/+4
| | | | option type. In this case process the option as per normal.
* Provide an option type that allows for a callback function to consume anjsing2014-12-281-2/+9
| | | | | arbitrary number of arguments. This will allow for more complex option handling as required by some of the openssl(1) applications.
* Teach option parsing that a single hyphen denotes the end of named optionsjsing2014-12-281-2/+14
| | | | (as currently only implemented by some of the openssl(1) applications).
* Provide a mechanism for option parsing to return the number of argumentsjsing2014-12-281-2/+9
| | | | | that it has consumed. This allows for the handling of multiple unnamed arguments, including lists of filenames.
* Only accept a single unnamed argument - the existing behaviour is tojsing2014-12-281-1/+12
| | | | | | | silently accept multiple unnamed arguments, ignoring all except the last. This behaviour was already inconsistent between openssl(1) applications; apply the principal of least surprise. This will also simplify the addition of upcoming functionality.
* Slightly simplify options parsing logic.jsing2014-12-281-65/+58
|
* Provide two different function pointers for option function callbacks. Thisjsing2014-12-281-3/+3
| | | | | allows for simpler code in the common cases and will allow for further extension to support the complex cases.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-21 13:34:26 +0000