openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	sync x509v3_add_value with x509_utl.c	tb	2024-08-31	1	-19/+32
\|
*	Add and use local copy of X509V3_add_value()	tb	2024-08-30	1	-2/+41
\| \| \| \|	The public API will be removed. This fixes its only consumer.
*	ocsp.c: zap trailing whitespace	tb	2024-08-29	1	-2/+2
\|
*	Rename struct ${app}_config to plain cfg	tb	2023-03-06	1	-178/+178
\| \| \| \| \| \| \| \| \|	All the structs are static and we need to reach into them many times. Having a shorter name is more concise and results in less visual clutter. It also avoids many overlong lines and we will be able to get rid of some unfortunate line wrapping down the road. Discussed with jsing
*	Remove the legacy interactive mode from openssl(1).	joshua	2022-11-11	1	-6/+4
\| \| \| \| \| \| \| \|	This removes the legacy interactive mode from openssl(1) since it is rarely used, complicates the code, and has also been removed from OpenSSL in version 3.x.x. ok tb@ jsing@
*	Make sure an OCSP query sends a host header	tb	2020-10-13	1	-4/+13
\| \| \| \| \| \| \| \| \| \| \|	While OCSP uses HTTP/1.0 where a host header is optional, some widely used OCSP responders will return 400 bad request if it is missing. Add such a header unless it's already provided in the user's custom headers. OpenSSL did something similar in ff4a9394a23 and 76e0cd12f68 (both commits are under the old license) ok inoguchi
*	set SO_REUSEADDR on the server socket when we play oscp server.	beck	2020-10-08	1	-1/+2
\| \| \| \|	ok inoguchi@ tb@ deraadt@
*	Wrap long lines, add space in front of goto label in openssl(1) ocsp.c	inoguchi	2020-09-09	1	-93/+118
\|
*	Change SSLv23_client_method to TLS_client_method openssl(1) ocsp	inoguchi	2020-09-09	1	-2/+2
\|
*	Remove space between pointer '*' and variable name in ocsp.c	inoguchi	2020-09-09	1	-39/+39
\|
*	Convert openssl(1) ocsp option handling	inoguchi	2020-09-09	1	-443/+725
\| \| \| \|	input and ok tb@
*	Nuke some more free NULL guards.	jsing	2018-02-07	1	-9/+5
\|
*	Indent labels with a single space so that diff prototypes are more useful.	jsing	2018-02-07	1	-8/+8
\|
*	Mixing -url with any of -host, -port, or -path should be a usage error	guenther	2017-11-29	1	-7/+8
\| \| \| \| \| \| \|	instead of trying to work and then triggering a double-free(). problem noted by trondd (trondd (at) kagu-tsuchi.com) ok beck@
*	whitespace	deraadt	2017-01-21	1	-3/+3
\|
*	rearrange pledge promises into the canonical order; easier to eyeball	deraadt	2017-01-20	1	-2/+2
\|
*	fix pledge for openssl ocsp - we will need tty to ask for a cert pw	beck	2017-01-20	1	-2/+2
\|
*	fix openssl ocsp to not report sucess when the ocsp responder rejects us	beck	2017-01-19	1	-3/+3
\| \| \| \|	ok deraadt@ krw@
*	add "dns" to openssl ocsp	semarie	2016-04-26	1	-2/+2
\| \| \| \| \| \|	problem reported by Alexandre (kAworu) ok beck@ deraadt@ sthen@
*	Exit if a pledge call fails in non-interactive mode.	doug	2015-10-17	1	-2/+4
\| \| \| \|	ok semarie@
*	Initial support for pledges in openssl(1) commands.	doug	2015-10-10	1	-1/+6
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	openssl(1) has two mechanisms for operating: either a single execution of one command (looking at argv[0] or argv[1]) or as an interactive session than may execute any number of commands. We already have a top level pledge that should cover all commands and that's what interactive mode must continue using. However, we can tighten up the pledges when only executing one command. This is an initial stab at support and may contain regressions. Most commands only need "stdio rpath wpath cpath". The pledges could be further restricted by evaluating the situation after parsing options. deraadt@ and beck@ are roughly fine with this approach.
*	BIO_get_fd() could return fd 0; fix error condition. Found at	deraadt	2015-10-03	1	-2/+2
\| \| \| \| \|	http://marc.info/?l=openssl-dev&m=144374015404899&w=2 ok doug
*	Remove engine command and parameters from openssl(1).	bcook	2015-09-11	1	-12/+11
\| \| \| \| \| \| \|	We do not have any builtin or dynamic engines, meaning openssl(1) has no way to use the engine command or parameters at all. ok jsing@
*	Remove all duplicate prototypes for *_main functions (these are already	jsing	2015-08-22	1	-4/+1
\| \| \| \| \| \| \| \| \|	provided by progs.h). Also, move the FUNCTION type (and flags) into openssl.c since that is the only place of use. Lastly, remove pointless 'extern' from the prototypes and use char *argv instead of char argv[] (the former is used elsewhere). ok deraadt@ doug@
*	Conversion of braindead select() path to braindead poll() path.	deraadt	2014-12-02	1	-17/+17
\| \| \| \|	Also looked at by bcook
*	Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not	jsing	2014-08-26	1	-0/+1217
	a system/superuser binary. At the same time, move the source code from its current lib/libssl/src/apps location to a more appropriate home under usr.bin/openssl. ok deraadt@ miod@