openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	Mark the initialized struct options arrays as both static and const.	guenther	2019-07-14	1	-1/+1
\| \| \| \| \| \|	This moves them from .data to .data.rel.ro ok deraadt@ inoguchi@
*	Indent labels with a single space so that diff prototypes are more useful.	jsing	2018-02-07	1	-8/+8
\|
*	rearrange pledge promises into the canonical order; easier to eyeball	deraadt	2017-01-20	1	-1/+1
\|
*	do not need sys/param.h	deraadt	2015-11-20	1	-1/+0
\|
*	Exit if a pledge call fails in non-interactive mode.	doug	2015-10-17	1	-1/+3
\| \| \| \|	ok semarie@
*	Initial support for pledges in openssl(1) commands.	doug	2015-10-10	1	-0/+5
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	openssl(1) has two mechanisms for operating: either a single execution of one command (looking at argv[0] or argv[1]) or as an interactive session than may execute any number of commands. We already have a top level pledge that should cover all commands and that's what interactive mode must continue using. However, we can tighten up the pledges when only executing one command. This is an initial stab at support and may contain regressions. Most commands only need "stdio rpath wpath cpath". The pledges could be further restricted by evaluating the situation after parsing options. deraadt@ and beck@ are roughly fine with this approach.
*	avoid sys/param.h, by using PATH_MAX	deraadt	2015-10-02	1	-1/+1
\|
*	Remove all duplicate prototypes for *_main functions (these are already	jsing	2015-08-22	1	-2/+0
\| \| \| \| \| \| \| \| \|	provided by progs.h). Also, move the FUNCTION type (and flags) into openssl.c since that is the only place of use. Lastly, remove pointless 'extern' from the prototypes and use char *argv instead of char argv[] (the former is used elsewhere). ok deraadt@ doug@
*	Fix coverity 105339, by correctly checking return from strtoll	beck	2015-07-19	1	-1/+1
\| \| \| \|	ok miod@ bcook@
*	subtraction is not comparison. the difference of two longs is not good	tedu	2015-03-05	1	-1/+1
\| \| \| \| \|	to place in an int. from Christian Neukirchen ok deraadt
*	No need to use O_DIRECTORY when opening ".", O_RDONLY will suffice.	millert	2015-02-25	1	-1/+1
\| \| \| \|	OK guenther@
*	Avoid NULL pointer deref in hashinfo_free() when calling from error paths.	doug	2015-02-25	1	-2/+3
\| \| \| \| \| \|	Also, nuke debugging printfs per jsing and bcook. ok bcook@, jsing@
*	While slick, this isn't accessing multiple directories concurrently, so	guenther	2015-02-22	1	-29/+35
\| \| \| \| \| \| \| \|	using *at functions is equivalent to chdir()ing, which eases portability. Tested with mixes of absolute and relative paths. Eliminate a FILE leak too. prodded by jsing@
*	fix coverity 105350 and 10345	beck	2015-02-18	1	-1/+2
\| \| \| \|	ok miod@, doug@
*	qsort() compare functions MUST use memcmp() instead of bcmp() to have	guenther	2015-02-12	1	-2/+4
\| \| \| \| \| \|	the correct return value. Prefer memcmp() anyway for portability. ok jsing@ tedu@
*	swap limits.h for sys/limits.h	bcook	2015-02-12	1	-1/+1
\| \| \| \|	ok jsing@
*	Introduce an openssl(1) certhash command.	jsing	2015-02-10	1	-0/+674
	This is effectively a reimplementation of the functionality provided by the previously removed c_rehash Perl script. The c_rehash script had a number of known issues, including the fact that it needs to run openssl(1) multiple times and that it starts by removing all symlinks before putting them back, creating atomicity issues/race conditions, even when nothing has changed. certhash is self-contained and is intended to be stable - no changes should be made unless something has actually changed. This means it can be run regularly in a production environment without causing certificate lookup failures. Further testing and improvements will happen in tree. Discussed with tedu@