summaryrefslogtreecommitdiff
path: root/src/usr.bin/openssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Document the openssl s_client -proxy feature.bluhm2015-01-131-2/+14
| | | | OK jmc@
* Add the possibility to use the openssl s_client tool with an httpbluhm2015-01-131-4/+24
| | | | | | proxy. Implement the -proxy feature in the same hackish way as -starttls. OK jsing@
* Implement more thorough error checks:lteo2015-01-131-12/+38
| | | | | | | | | | | | - Check the return value of every relevant function call. - If BIO_new() returns NULL instead of a valid BIO, do not attempt to blindly use the NULL value as a BIO throughout the rest of the code. - Ensure that bio_out is freed by BIO_free_all() at the end of all error paths. ok doug@
* Convert spkac.c to the new option handling code.doug2015-01-081-100/+137
| | | | input + ok jsing@
* Convert pkcs8.c to the new option handling code.doug2015-01-081-157/+220
| | | | | Minor KNF in a few places too. input + ok jsing@
* Convert asn1pars.c to the new option handling.doug2015-01-081-137/+206
| | | | | | | Also, removed a few useless if null checks. input from bcook@ input + ok jsing@
* Convert openssl(1) passwd to new option handling.jsing2015-01-051-119/+151
| | | | ok doug@
* Zap a reference to .rnd, which is likely the last RANDFILE remnant onlteo2015-01-051-3/+2
| | | | | | this man page. ok jsing@
* Check the return values of several reallocarray() calls. While here,lteo2015-01-033-3/+17
| | | | | | also check the return value of an adjacent malloc() call. ok jsing@
* Remove ifdef statements for TIMES and USE_TOD; they don't do anything,lteo2015-01-021-5/+1
| | | | | | | apart from introducing a bug where the -elapsed option is not listed in the usage output when it should be. feedback/ok bcook@ jsing@
* Provide option types for binary AND, binary OR and silently discarding anjsing2015-01-012-2/+13
| | | | option.
* Convert the openssl(1) enc command to the new option parsing and usage.jsing2015-01-011-250/+382
| | | | With input from doug@
* Fix subtle typo.jsing2014-12-281-2/+2
|
* Allow a default option to be specified by having a NULL name, but a validjsing2014-12-281-4/+4
| | | | option type. In this case process the option as per normal.
* Provide an option type that allows for a callback function to consume anjsing2014-12-282-3/+12
| | | | | arbitrary number of arguments. This will allow for more complex option handling as required by some of the openssl(1) applications.
* Teach option parsing that a single hyphen denotes the end of named optionsjsing2014-12-281-2/+14
| | | | (as currently only implemented by some of the openssl(1) applications).
* Provide a mechanism for option parsing to return the number of argumentsjsing2014-12-287-14/+22
| | | | | that it has consumed. This allows for the handling of multiple unnamed arguments, including lists of filenames.
* Only accept a single unnamed argument - the existing behaviour is tojsing2014-12-281-1/+12
| | | | | | | silently accept multiple unnamed arguments, ignoring all except the last. This behaviour was already inconsistent between openssl(1) applications; apply the principal of least surprise. This will also simplify the addition of upcoming functionality.
* Slightly simplify options parsing logic.jsing2014-12-281-65/+58
|
* Provide two different function pointers for option function callbacks. Thisjsing2014-12-284-13/+14
| | | | | allows for simpler code in the common cases and will allow for further extension to support the complex cases.
* Clean up CIPHERS and related sections:lteo2014-12-241-154/+10
| | | | | | | | | | | | | | - Sync cipher strings with the ones that are actually implemented. - Remove CIPHERS SUITE NAMES (the actual cipher suites can be obtained via "openssl ciphers -v"), CIPHERS NOTES, and CIPHERS HISTORY sections. - Stop mentioning export cipher suites since they have already been removed. feedback from deraadt@ and jmc@ ok jmc@
* CA.sh and CA.pl are gonelteo2014-12-191-6/+1
|
* Sync message digest algorithms with the ones actually implemented inlteo2014-12-191-9/+29
| | | | | | "openssl dgst". feedback/ok jmc@
* Remove redundant NULL checks before free - BN_free(), BIO_free_all() andjsing2014-12-141-17/+12
| | | | EC_GROUP_free() all have implicit NULL checks.
* unifdef OPENSSL_NO_NEXTPROTONEGjsing2014-12-144-41/+4
|
* Add ALPN support to openssl(1).jsing2014-12-102-11/+95
| | | | Based on OpenSSL.
* Remove unused variable.jsing2014-12-071-5/+1
| | | | From Benjamin Baier <programmer at netzbasis.de>
* Handle GF(2^m) EC curves for C code generation.jsing2014-12-071-5/+7
| | | | From Minux Ma.
* Move Windows OS-specific functions to make porting easier.bcook2014-12-034-31/+165
| | | | | | | | | | | | Several functions that need to be redefined for a Windows port are right in the middle of other code that is relatively portable. This patch isolates the functions that need Windows-specific implementations so they can be built conditionally in the portable tree. Add calls to BIO_sock_init() as-needed to openssl(1) so that socket IO works on Windows. Sorry, these are no-op on other platforms. ok jsing@ deraadt@
* convert select() to poll(). This is one of the most complicatedderaadt2014-12-022-40/+63
| | | | | | conversions in the tree, because the original code is very rotten and fragile. Please test and report any failures. Assistance from millert, bcook, and jsing.
* Conversion of braindead select() path to braindead poll() path.deraadt2014-12-021-17/+17
| | | | Also looked at by bcook
* Mention the -no_tls1_[12] optionsguenther2014-11-231-6/+10
|
* Nuke more obvious #include duplications.krw2014-11-181-2/+1
| | | | ok deraadt@ millert@ tedu@
* More OPENSSL_NO_TLSEXT clean up.jsing2014-11-073-11/+11
|
* Document the -servername option for openssl(1) s_client.jsing2014-11-071-2/+7
| | | | Based on a diff from Rusty (rustyl at outband dot net) and OpenSSL.
* TLS is pretty boring without TLS extensions... unifdef OPENSSL_NO_TLSEXT,jsing2014-11-062-76/+2
| | | | which was already done for libssl some time back.
* ssl_sock_init() does nothing, so remove it...jsing2014-11-061-17/+1
|
* simple select() to poll() conversion; reviewed by millert and dougderaadt2014-11-041-9/+9
|
* Remove ephemeral RSA key handling.jsing2014-10-311-43/+4
|
* Use automatic DH ephemeral parameters instead of fixed 512 bit.jsing2014-10-311-38/+23
| | | | Based on OpenSSL.
* Use arc4random_buf() instead of RAND(_pseudo)?_bytes().jsing2014-10-228-36/+19
| | | | ok bcook@
* None of these need <openssl/rand.h>jsing2014-10-223-6/+3
|
* s_client: don't call shutdown on a non-existent socket descriptor.bcook2014-10-201-3/+1
| | | | | from Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> ok beck@, deraadt@
* Repair BUF_strdup() breakage.jsing2014-10-162-4/+6
|
* prefer C99 array initialization syntax.bcook2014-10-135-10/+10
| | | | | | | | use C99 array initialization syntax for strict C compilers. from kinichiro, found building with HP/UX compiler ok deraadt@, guenther@
* Use O_NONBLOCK over FIONBIO.bcook2014-10-132-11/+7
| | | | | | | | | Prefer this because it is the POSIX standard and has consistent behavior across platforms. Use BIO_socket_nbio consistently across the tree. from Jonas 'Sortie' Termansen, ok deraadt@
* fix an indentation that makes me upsetderaadt2014-10-081-2/+2
|
* Switch "openssl req" to using SHA256 for hashes and AES256 to encrypt on-disksthen2014-10-012-12/+12
| | | | | | | | | | keys by default (instead of SHA1/3DES) and update documentation to match. Another way to do this is s/NID_sha1/NID_sha256/ in src/crypto/rsa/rsa_ameth.c ("case ASN1_PKEY_CTRL_DEFAULT_MD_NID") but going with the more targetted method above that only affects "openssl req" for now. Help/OK jsing@. OKs on earlier diffs changing openssl.cnf from phessler@ aja@
* Remove unused #define.lteo2014-09-171-3/+1
| | | | ok jsing@
* a little less sendmail specific;jmc2014-09-161-4/+3
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-22 17:36:47 +0000