| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
- Check NCONF_new() return value
- Remove unnecessary 'i'
comments from jsing@
|
| |
|
|
|
|
| |
First step of adding -addext option to openssl(1) req from OpenSSL 1.1.1d.
ok jsing@
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok semarie@
|
| |
|
|
|
|
|
|
|
|
|
| |
it is needed in order to let libssl UI_* function plays with echo on/off when
asking for password on terminal.
passwd subcommand needs additionnal "wpath cpath" in order to let it calls
fopen("/dev/tty", "w") (O_WRONLY with O_CREAT | O_TRUNC).
problem reported by several
with and ok doug@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.
We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.
This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.
deraadt@ and beck@ are roughly fine with this approach.
|
| | |
|
| |
|
|
|
|
|
|
| |
MD4 should have been removed a long time ago. Also, RFC 6150 moved it to
historic in 2011. Rides the major crank from removing SHA-0.
Discussed with many including beck@, millert@, djm@, sthen@
ok jsing@, input + ok bcook@
|
| |
|
|
|
|
|
| |
We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.
ok jsing@
|
| |
|
|
|
|
|
|
|
| |
provided by progs.h). Also, move the FUNCTION type (and flags) into
openssl.c since that is the only place of use. Lastly, remove pointless
'extern' from the prototypes and use char **argv instead of char *argv[]
(the former is used elsewhere).
ok deraadt@ doug@
|
| |
|
|
| |
ok deraadt@ jsing@ miod@
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
keys by default (instead of SHA1/3DES) and update documentation to match.
Another way to do this is s/NID_sha1/NID_sha256/ in src/crypto/rsa/rsa_ameth.c
("case ASN1_PKEY_CTRL_DEFAULT_MD_NID") but going with the more targetted method
above that only affects "openssl req" for now.
Help/OK jsing@. OKs on earlier diffs changing openssl.cnf from phessler@ aja@
|
| |
|
|
|
| |
ERR_load_crypto_strings() - as such, we do not need to call the same
function from most of the applications.
|
|
|
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.
ok deraadt@ miod@
|
