summaryrefslogtreecommitdiff
path: root/src/usr.bin/openssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* rework DESCRIPTION a little: no-command seems clearer than no-XXX;jmc2016-07-211-17/+12
|
* rename NOTES to COMMON SYNTAX (explains itself better); rework thejmc2016-07-211-43/+44
| | | | | | passphrase section a little; move the DER|PEM stuff in there to help avoid text repetition, and prefer the lowercase (less keys to press); adjust ENVIRONMENT to format a little more nicely;
* strip back openssl crl somewhat: remove the examplesjmc2016-07-211-41/+21
| | | | and move any relevant text into the main body;
* strip back openssl ciphers:jmc2016-07-201-106/+60
| | | | | | - rearrange the descriptions of -V and -v to read more logically - move the cipherlist text into the cipherlist description - zap examples
* strip back openssl ca: in particular remove some excessively wordy sections,jmc2016-07-191-337/+120
| | | | | move some other sections into more relevant places, and remove the example ca file;
* strip back asn1parse; ok beck jsingjmc2016-07-171-108/+27
| | | | description of -out altered on jsing's advice
* since we no longer pull source directly from openssl, the time isjmc2016-07-161-427/+57
| | | | | | | | right to try and trim some of the excess from this page. begin now by cutting some of the fluff from the start. the section on pass phrase arguments goes to the end of the page: it;s in the way for now.
* Fix a bug loading the default certificate path locations.bcook2016-06-211-9/+7
| | | | | | | | | The files would only be loaded if the CAfile or CApath locations were succesfully loaded first. Original patch from OpenSSL: https://github.com/openssl/openssl/commit/fe9b85c3cb79f1e29e61f01de105b34ce8177190 ok beck@
* add "dns" to openssl ocspsemarie2016-04-261-2/+2
| | | | | | problem reported by Alexandre (kAworu) ok beck@ deraadt@ sthen@
* hexidecimal->hexadecimal; from mmccjmc2016-04-071-4/+4
| | | | ok beck
* word fix from previous; ok sthenjmc2016-02-121-3/+3
|
* sslv3 has been removed;jmc2016-02-081-16/+21
| | | | | prompted by a mail from jiri navratil help/ok sthen
* more e-mail -> emailmmcc2015-12-242-5/+5
|
* remove NULL-check before free()mmcc2015-12-231-3/+2
|
* s_server also needs DNS; reported by tb@jca2015-12-011-2/+2
|
* Undo previous, pledge("dns") was already present. The problem was in s_server.jca2015-12-012-4/+4
|
* pledge dns so openssl can use dns.. noticed and fix by todd@beck2015-12-012-4/+4
| | | | ok jcs@ deraadt@ theo@
* In pledge(), put "dns" right after "inet".jca2015-11-212-4/+4
|
* Unbreak s_client, which should be allowed by pledge(2) to do DNS requests.jca2015-11-212-4/+4
| | | | From todd@
* do not need sys/param.hderaadt2015-11-201-1/+0
|
* mutli -> multimiod2015-11-142-4/+4
|
* Exit if a pledge call fails in non-interactive mode.doug2015-10-1745-89/+179
| | | | ok semarie@
* add "tty" for several subcommands of opensslsemarie2015-10-1724-48/+48
| | | | | | | | | | | it is needed in order to let libssl UI_* function plays with echo on/off when asking for password on terminal. passwd subcommand needs additionnal "wpath cpath" in order to let it calls fopen("/dev/tty", "w") (O_WRONLY with O_CREAT | O_TRUNC). problem reported by several with and ok doug@
* Implement real "flock" request and add it to userland programs thatmillert2015-10-161-2/+2
| | | | use pledge and file locking. OK deraadt@
* Initial support for pledges in openssl(1) commands.doug2015-10-1047-46/+281
| | | | | | | | | | | | | | | | openssl(1) has two mechanisms for operating: either a single execution of one command (looking at argv[0] or argv[1]) or as an interactive session than may execute any number of commands. We already have a top level pledge that should cover all commands and that's what interactive mode must continue using. However, we can tighten up the pledges when only executing one command. This is an initial stab at support and may contain regressions. Most commands only need "stdio rpath wpath cpath". The pledges could be further restricted by evaluating the situation after parsing options. deraadt@ and beck@ are roughly fine with this approach.
* normalize the ordering of tame requests (particularily, "rpath wpath cpath",deraadt2015-10-101-2/+2
| | | | | | | which i have put in that order). this is not important, but helps look for outliers which might be strange. it hints that "ioctl" should be reassessed in a few places, to see if "tty" is better; that "unix" may be used in some places where "route" could now work.
* Change all tame callers to namechange to pledge(2).deraadt2015-10-091-3/+3
|
* tame "stdio inet rpath cpath wpath proc" seems to be sufficient forderaadt2015-10-071-1/+7
| | | | | all the wading in here. "proc" is for the speed command, which fork()'s. ok doug
* these do not use ioctl.hderaadt2015-10-062-4/+2
|
* BIO_get_fd() could return fd 0; fix error condition. Found atderaadt2015-10-031-2/+2
| | | | | http://marc.info/?l=openssl-dev&m=144374015404899&w=2 ok doug
* avoid sys/param.h, by using PATH_MAXderaadt2015-10-021-1/+1
|
* Another s/M_ASN1_INTEGER_free/ASN1_INTEGER_free/.jsing2015-10-011-2/+2
| | | | Found the hard way by Mark Patruck.
* add a missing NULL checkbcook2015-09-211-1/+5
| | | | noted by Bill Parker (dogbert2) on github
* add a couple of missing NULL checksbcook2015-09-211-3/+3
| | | | noted by Bill Parker (dogbert2) on github
* remove vestigial bits of sha-0 and md2 from openssl(1)bcook2015-09-215-23/+17
| | | | | | | | Noted by kinichiro on github. We probably need a better way to indicate the list of message digests that are allowed, as the current ones are nowhere near exhaustive (sigh - guenther@) OK guenther@ jmc@
* Pack the algorithm numbers, to avoid printing a useless (null) 0 0 0 0miod2015-09-201-34/+34
| | | | line in the summary.
* Temporarily revive MD4 for MS CHAP support.doug2015-09-145-16/+49
|
* Remove MD4 support from LibreSSL.doug2015-09-135-48/+15
| | | | | | | | MD4 should have been removed a long time ago. Also, RFC 6150 moved it to historic in 2011. Rides the major crank from removing SHA-0. Discussed with many including beck@, millert@, djm@, sthen@ ok jsing@, input + ok bcook@
* nc(1) seems worth an Xr in SEE ALSO now;jmc2015-09-131-1/+2
|
* Factor out setup_up / destroy_ui functions.bcook2015-09-134-58/+58
| | | | | | | | | This pulls out and renames setup_ui/destroy_ui so we have something that can be replaced as-needed, moving the the console setup code for Windows to app_win.c in -portable, instead of needing a local patch to enable binary console mode ui_read/write are also simplified.
* document extra algorithms available with openssl speed commandbcook2015-09-131-1/+4
| | | | ok jmc@
* tweak STANDARDS;jmc2015-09-131-3/+3
|
* Nuke SSLEAY_CONF -- a backwards compatibility environment variable thatlteo2015-09-124-14/+5
| | | | | | | | | | has been superseded by OPENSSL_CONF and discouraged from use for almost 16 years. "Definately ok" jsing@ "burn it" deraadt@ "Kill it with fire" miod@ "KILL IT WITH FIRE!!! BURN!!!!" beck@
* Add openssl(1) speed support for AEAD algorithms.bcook2015-09-121-17/+96
| | | | | | | This adds aes-128-gcm aes-256-gcm chacha20-poly1305 from Adam Langley's original patch for OpenSSL ok beck@ jsing@
* Fix the openssl(1) prime command: When checking a decimal number forlteo2015-09-121-3/+2
| | | | | | | | | primality, do not unnecessarily convert the original decimal number to hex in the output. Hex numbers explicitly specified with -hex remain unchanged. ok beck@ deraadt@ jsing@ miod@
* unifdef -DOPENSSL_NO_RC5jsing2015-09-112-42/+2
|
* kill evil commentbeck2015-09-111-3/+1
| | | | ok deraadt@
* fix unchecked mallocs - coverity 130454 and 130455beck2015-09-111-6/+15
| | | | ok jsing@
* "Shutdown" should be "Shut down" in the usage for s_time's -no_shutdownlteo2015-09-111-2/+2
| | | | flag. Pointed out by jmc@'s commit to the openssl(1) man page.
* Remove engine command and parameters from openssl(1).bcook2015-09-1140-1726/+184
| | | | | | | We do not have any builtin or dynamic engines, meaning openssl(1) has no way to use the engine command or parameters at all. ok jsing@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-05 19:36:19 +0000