summaryrefslogtreecommitdiff
path: root/src/usr.bin/openssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Display TLSv1.3 extension type with openssl(1) -tlsextdebuginoguchi2020-04-261-7/+49
| | | | | | | | Add TLSv1.3 extension type, and sort by the definition order in tls1.h. This helps that openssl(1) s_server and s_client with -tlsextdebug displays the TLS extension type instead of "unknown". ok beck@ jsing@ tb@
* s_client: fix use of possibly uninitialized valuesinoguchi2020-04-261-2/+2
| | | | | | | | | | Set initial value to variable 'p' and 'pending'. Reported and fix requested from leonklingele by GitHub pull request. https://github.com/libressl-portable/portable/issues/577 https://github.com/libressl-portable/openbsd/pull/114 ok bcook@ jsing@ tb@
* In s_server.c rev. 1.33, jsing added support for "openssl s_server -groups";schwarze2020-04-251-6/+18
| | | | | | | | document it and deprecate "openssl s_server -named_curve". While here, fix the error in the synopsis for "openssl s_client -groups" and use unified argument naming and similar wording like in SSL_CTX_set1_groups_list(3). OK jsing@
* Add -groups option to openssl(1) s_server.jsing2020-04-192-35/+31
| | | | | | | | | | This allows supported EC groups to be configured, which will also control which TLSv1.3 key shares we'll accept. While here, deprecate the rather useless -named_curve option, which is effectively the same as -groups with a single group. Also stop setting a single default group of P-256 via SSL_CTX_set_tmp_ecdh() - use the library defaults instead. ok beck@ inoguchi@
* Tag subcommand sectionskn2020-02-191-2/+44
| | | | | | | | | Allow semantic lookup by manually tagging sections (.Sh) for which no automatic tagging has been implemented; this thereby also eliminates false positives such that ":tx509<Enter>" now jumps to the X509 section. feedback remi inoguchi schwarze OK tb
* Add -tls1_3 and -notls1_3 options to openssl(1) s_client.jsing2020-02-162-23/+37
| | | | | | | | | Also stop using version pinned methods, instead setting the min and max protocol versions. Requested by inoguchi@ ok inoguchi@ tb@
* add a couple of XXX for future cleanuptb2020-01-251-1/+4
|
* Teach openssl s_client a bit about TLSv1.3.tb2020-01-241-2/+17
| | | | ok beck jsing
* Make -peekaboo mode also use SSL_pending after peeking, to ensurebeck2020-01-231-2/+9
| | | | | | SSL_pending implementation is correct. annoying jsing@
* Simplify the peekaboo code.jsing2020-01-221-35/+6
| | | | ok beck@
* Add -peekaboo option to s_client, to test SSL_peekbeck2020-01-221-4/+66
| | | | | | peeks data before reading, compares to subsequent read. ok jsing@
* Check CMS API return value in openssl(1) cmsinoguchi2020-01-041-11/+21
| | | | ok jsing@
* use "Currently" in the doc for "openssl enc" when talking about defaultsthen2019-12-181-2/+2
| | | | | md, to hint that it might not always be the case (e.g. if dealing with files from a different version of the tool). ok tb@
* In January, the default digest used in the openssl enc command wastb2019-12-181-7/+4
| | | | | | | | changed from md5 to sha256. Update manual to reflect that. From Fabio Scotoni ok jmc
* Add manual for openssl(1) cmsinoguchi2019-11-281-2/+518
| | | | ok and comments jmc@
* More return value check in openssl(1) cmsinoguchi2019-11-191-23/+29
| | | | | | Checking return value of sk_.*_new_null(). ok beck@ jsing@
* Add manual descriptions for openssl(1) req -addextinoguchi2019-11-191-2/+10
| | | | ok jmc@
* Remove typedef and check sk_push return value in openssl(1) cmsinoguchi2019-11-181-23/+33
| | | | | | | | - Remove typedef and use 'struct cms_key_param' instead - Check return value of sk_X509_push and sk_OPENSSL_STRING_push - Add a blank line to separate variable declarations from code comments from jsing@
* Add -keyopt opiton to openssl(1) cms subcommandinoguchi2019-11-181-8/+128
| | | | | | | This provides rsa_padding_mode:oaep for cms -encrypt, and rsa_padding_mode:pss for cms -sign. ok jsing@
* Check return value and remove unnecessary variableinoguchi2019-11-061-7/+7
| | | | | | | - Check NCONF_new() return value - Remove unnecessary 'i' comments from jsing@
* Add -addext option to openssl(1) req subcommandinoguchi2019-11-061-3/+133
| | | | | | First step of adding -addext option to openssl(1) req from OpenSSL 1.1.1d. ok jsing@
* Indent labels for diffability.jsing2019-11-041-5/+5
|
* Remove spaces between * and variable names.jsing2019-11-041-25/+25
|
* Remove explicit NULL checks before *_free() calls.jsing2019-11-041-21/+14
|
* Hook openssl(1) cms back up.jsing2019-11-043-4/+8
|
* Currently we need to include pem.h before cms.h...jsing2019-11-041-2/+3
|
* Remove engine argument from load_cert() calls.jsing2019-11-041-8/+8
| | | | This was cleaned up after cms went to the attic.
* Bring openssl(1) cms back from the attic.jsing2019-11-041-0/+1142
|
* Avoid a path traversal bug in s_server on Windows.bcook2019-10-041-3/+3
| | | | | | | | openssl s_server has an arbitrary read vulnerability on Windows when run with the -WWW or -HTTP options, due to an incomplete path check logic. Thanks to Jobert Abma for reporting. ok tb@
* the formatting for the mini synopses in this page did not render welljmc2019-10-041-115/+179
| | | | | | | on html or groff. the solution, to replace the non-standard .nr macros with a hang list, was provided by ingo - thanks! ok schwarze
* Remove unnecessary NULL check before free function in openssl(1) dgstinoguchi2019-08-301-11/+6
|
* Wrap lines over 80 cols and put space before goto label in openssl(1) dgstinoguchi2019-08-301-20/+30
|
* Simplify checking and more readable descriptions in openssl(1) dgstinoguchi2019-08-301-8/+8
| | | | suggested from jsing@
* Convert openssl(1) dgst to the newer style of option handlinginoguchi2019-08-301-99/+216
| | | | | | | | Adapt openssl(1) dgst command to new option handling. Added dgst_options struct and option handlers, and replaced for-if-strcmp handling with options_parse(). ok bcook@ jsing@
* Remove -port option from s_server since it is same as -acceptinoguchi2019-08-051-4/+3
| | | | ok schwarze@
* Moving variables into struct in openssl(1) dgstinoguchi2019-07-291-86/+99
| | | | | | | | First step to adapt openssl(1) dgst command to new option handling. There is no functional changes by this diff, and just moving variables into dgst_config struct. ok bcook@
* Code clean up openssl(1) pkcs12inoguchi2019-07-261-61/+86
| | | | | | - Add a space before 'export_end:' - Remove space after '*' - Wrap lines by 80 columns
* Remove unnecessary NULL checks before free in openssl(1) pkcs12inoguchi2019-07-261-14/+7
| | | | ok bcook@ tb@
* remove superfluous commentbcook2019-07-251-2/+1
|
* zero tmpkeyiv buffer after use when encryptingbcook2019-07-251-2/+4
| | | | from Steven Roberts
* Capitalize cipher name and mode in help message as sync with pkcs12inoguchi2019-07-242-20/+20
|
* Convert openssl(1) pkcs12 to the newer style of option handlinginoguchi2019-07-241-214/+409
| | | | | | | | Adapt openssl(1) pkcs12 command to new option handling. Added pkcs12_options struct, and replaced for-if-strcmp handling with options_parse(). ok and comments jsing@
* Moving variables into struct in openssl(1) pkcs12inoguchi2019-07-231-125/+136
| | | | | | | | | First step to adapt openssl(1) pkcs12 command to new option handling. There is no functional changes by this diff, and just moving variables into pkcs12_config struct. I still keep long lines more than 80 for this review to minimize diffs. ok jsing@ tb@
* Fix long line by wrapping with 80 charsinoguchi2019-07-161-6/+9
|
* Move option handlers up to option definition struct in gendsa.cinoguchi2019-07-161-53/+50
| | | | | As we did in other openssl sub command, move up option handlers above option definition struct. No functional changes and just move up and remove prototype.
* Fix typo and -keyform argument in openssl(1) manualinoguchi2019-07-161-6/+8
| | | | | | - s/outputed/outputted/ - s/trused/trusted/ - add der as argument and describe pem is the default
* Mark the initialized struct options arrays as both static and const.guenther2019-07-1434-71/+71
| | | | | | This moves them from .data to .data.rel.ro ok deraadt@ inoguchi@
* Fix manual openssl(1) s_serverinoguchi2019-07-121-18/+94
| | | | | | | | | | | | | | | | | | | - Add undocumented options below. -alpn, -cert2, -certform, -dcertform, -dkeyform, -dpass, -dtls1, -key2, -keyform, -keymatexport, -keymatexportlen, -mtu, -named_curve, -no_cache, -no_ecdhe, -no_ticket, -pass, -port, -servername, -servername_fatal, -status, -status_timeout, -status_url, -status_verbose, -timeout, -tlsextdebug, -use_srtp, -verify_return_error - Remove -hack, -psk and -psk_hint since not exist in source code. I didn't add these 5 options since these were no-op. -chain, -legacy_renegotiation, -nextprotoneg, -no_comp, -no_ssl2 This option was removed from manual in the past. -no_ssl3 ok and suggestions from jmc@
* Fix manual openssl(1) s_clientinoguchi2019-07-111-14/+80
| | | | | | | | | | | | | | | | | | - Add undocumented options below. -alpn, -certform, -dtls1, -host, -keyform, -keymatexport, -keymatexportlen, -legacy_server_connect, -mtu, -no_ign_eof, -no_legacy_server_connect, -pass -port, -serverpref, -sess_in, -sess_out, -status, -timeout, -use_srtp, -verify_return_error - Remove -psk and -psk_identity since not exist in source code. I didn't add these 4 options since these were no-op. -nextprotoneg, -legacy_renegotiation, -no_comp, -no_ssl2 This option was removed from manual in the past. -no_ssl3 ok jmc@
* Add missing option openssl dsa -modulusinoguchi2019-07-101-2/+8
| | | | ok bcook@ jsing@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 02:50:26 +0000