| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
discussed with jsing
|
| |
|
|
|
|
| |
The options were already removed from the manual in 91e7614a.
From Renaud Allard (hand-applied since patch was mangled)
|
| |
|
|
|
|
|
|
|
| |
All the structs are static and we need to reach into them many times.
Having a shorter name is more concise and results in less visual clutter.
It also avoids many overlong lines and we will be able to get rid of some
unfortunate line wrapping down the road.
Discussed with jsing
|
| |
|
|
|
| |
These are per-app, so per-file. Most of them already are static, adjust
the rest of them.
|
| |
|
|
|
|
|
|
| |
This removes the legacy interactive mode from openssl(1) since it is
rarely used, complicates the code, and has also been removed from
OpenSSL in version 3.x.x.
ok tb@ jsing@
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Instead of only using the default client method, allow selecting a
specific protocol version and display the supported ciphers accordingly.
This removes the noop status of -tls1 and adds -tls1_{1,2,3} as in
other commands.
ok jsing
|
| |
|
|
|
|
| |
output. The option wasn't documented in the manpage.
pointed out by jsing
|
| |
|
|
|
|
|
|
|
| |
Apparently, TLSv1_client_method() is used for historical reasons.
This behavior is no longer helpful if we want to know what ciphers
a TLS connection could use. This could change again after further
investigation of what the behavior should be...
ok beck jsing
|
| |
|
|
|
|
|
| |
With this option, the command only shows the ciphers supported by the
SSL method.
ok beck jsing
|
| |
|
|
|
|
| |
This moves them from .data to .data.rel.ro
ok deraadt@ inoguchi@
|
| | |
|
| |
|
|
| |
ok semarie@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.
We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.
This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.
deraadt@ and beck@ are roughly fine with this approach.
|
| |
|
|
|
| |
out of .h file
ok jsing
|
| |
|
|
| |
ok miod@ bcook@
|
| |
|
|
| |
ok jsing@
|
| | |
|
| |
|
|
|
|
|
|
|
| |
This has the same functionality as the previous version, however uses the
new option handling code, uses SSL_CIPHER_get_value() since we no longer
care about SSlv2 cipher suites and uses standard I/O functions instead of
BIO functions.
ok beck@ doug@
|
|
|
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.
ok deraadt@ miod@
|
