summaryrefslogtreecommitdiff
path: root/src/usr.bin/openssl/verify.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Only print the certificate file once on verifification failure.jsing2021-02-151-4/+2
| | | | | | Noted by Steffen Ullrich. ok tb@
* Wrap remaining overlong lines.tb2020-11-031-7/+7
|
* garbage collect an essentially unused variable and wrap some overlongtb2020-11-031-8/+10
| | | | lines
* * ptr -> *ptrtb2020-11-031-5/+5
|
* X509_verify_cert()'s return value is not reliable if the callbacktb2020-11-031-20/+22
| | | | | | | | | | | | | returns 1. verify.c's cb() ignores a bunch of things to display as much info as possible. Thus, check the error code on the store ctx as well, similar to OpenSSL commit d9e309a6 (old licence). This makes openssl verify error on expired certs, at least with the legacy verify code. While here, fix a number of style issues, simplify and plug a leak. ok inoguchi
* Add a -legacy_verify flag to force use of the old validator for debuggingtb2020-10-261-1/+5
| | | | | | and testing purposes. ok beck inoguchi jsing
* Convert option handling for openssl(1) verify.jsing2020-07-141-88/+220
| | | | ok inoguchi@, tb@
* Indent labels with a single space so that diff prototypes are more useful.jsing2018-02-071-3/+3
|
* Exit if a pledge call fails in non-interactive mode.doug2015-10-171-2/+4
| | | | ok semarie@
* Initial support for pledges in openssl(1) commands.doug2015-10-101-1/+6
| | | | | | | | | | | | | | | | openssl(1) has two mechanisms for operating: either a single execution of one command (looking at argv[0] or argv[1]) or as an interactive session than may execute any number of commands. We already have a top level pledge that should cover all commands and that's what interactive mode must continue using. However, we can tighten up the pledges when only executing one command. This is an initial stab at support and may contain regressions. Most commands only need "stdio rpath wpath cpath". The pledges could be further restricted by evaluating the situation after parsing options. deraadt@ and beck@ are roughly fine with this approach.
* Remove engine command and parameters from openssl(1).bcook2015-09-111-27/+9
| | | | | | | We do not have any builtin or dynamic engines, meaning openssl(1) has no way to use the engine command or parameters at all. ok jsing@
* Remove all duplicate prototypes for *_main functions (these are alreadyjsing2015-08-221-3/+1
| | | | | | | | | provided by progs.h). Also, move the FUNCTION type (and flags) into openssl.c since that is the only place of use. Lastly, remove pointless 'extern' from the prototypes and use char **argv instead of char *argv[] (the former is used elsewhere). ok deraadt@ doug@
* openssl_setup() calls SSL_load_error_strings(), which happens to calljsing2014-08-281-3/+1
| | | | | ERR_load_crypto_strings() - as such, we do not need to call the same function from most of the applications.
* Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is notjsing2014-08-261-0/+339
a system/superuser binary. At the same time, move the source code from its current lib/libssl/src/apps location to a more appropriate home under usr.bin/openssl. ok deraadt@ miod@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-11 01:26:22 +0000