| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
ok miod@ bcook@
|
| |
|
|
|
|
| |
Fixes Coverity issue 21693.
ok beck@ bcook@
|
| |
|
|
| |
ok miod@ jsing@
|
| |
|
|
| |
ok miod@ bcook@ beck@
|
| |
|
|
| |
ok miod@ bcook@ beck@
|
| |
|
|
| |
ok miod@ bcook@ beck@
|
| |
|
|
| |
ok miod@ bcook@
|
| |
|
|
|
|
|
|
|
| |
OpenSSL doesn't remember which clients were impacted and the
functionality has been broken in their stable releases for 2 years.
Based on OpenSSL commit a8e4ac6a2fe67c19672ecf0c6aeafa15801ce3a5.
ok jsing@
|
| |
|
|
| |
ok miod@, bcook@
|
| |
|
|
| |
ok miod@
|
| |
|
|
| |
ok doug@
|
| |
|
|
|
|
| |
Previously, it returned '1' regardless of whether is succeeded or failed. This is now fixed in the OpenSSL master branch as well. Thanks to Kinichiro Inoguchi for pointing it out.
ok @deraadt
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
| |
This also removes support for -timebomb related code which was only
enabled for GENCB_TEST.
ok jsing@
|
| |
|
|
| |
input + ok jsing@
|
| |
|
|
| |
ok doug@
|
| | |
|
| | |
|
| |
|
|
| |
From OpenSSL.
|
| | |
|
| |
|
|
| |
ok deraadt@ jsing@ miod@
|
| |
|
|
|
|
| |
Diff from kinichiro via github.
ok doug@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since we no longer have dynamic engines, don't bother falling back to them
if a builtin engine is not found first.
Before:
$ openssl dgst -engine unknown
invalid engine "unknown"
27256010481532:error:2606A074:engine routines:ENGINE_by_id:no such
engine:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/engine/eng_list.c:384:id=unknown
27256010481532:error:2606A074:engine routines:ENGINE_by_id:no such
engine:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/engine/eng_list.c:384:id=dynamic
After:
$ openssl dgst -engine unknown
invalid engine "unknown"
27256010481532:error:2606A074:engine routines:ENGINE_by_id:no such
engine:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/engine/eng_list.c:384:id=unknown
ok doug@
|
| | |
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
| |
This was imported into OpenSSL from SSLeay. It was recently deleted
in OpenSSL commit 7a4dadc3a6a487db92619622b820eb4f7be512c9
|
| |
|
|
|
|
|
| |
value from SSL_CTX_set_cipher_list(). Also remove pointless getenv()
handling.
ok bcook@ doug@
|
| | |
|
| |
|
|
| |
ok doug@
|
| |
|
|
|
|
|
|
|
| |
- Use BIO_new_fp() instead of BIO_new()/BIO_set_fp() and handle NULL
return value in a more appropriate manner.
- Use stroul() instead of sscanf() with appropriate error checking.
ok doug@
|
| |
|
|
| |
ok bcook@ doug@
|
| |
|
|
| |
Spotted by doug@
|
| | |
|
| |
|
|
|
|
|
|
|
| |
functions, and ocsp and s_time need networking enabled too, this just moves
BIO_sock_init() up into main() as a catch-all for all of the commands.
Of course, it is a no-op on any other platform.
ok @guenther
|
| |
|
|
|
| |
to place in an int. from Christian Neukirchen
ok deraadt
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
|
|
|
|
| |
Predefined strings are not very portable across troff implementations,
and they make the source much harder to read. Usually the intended
character can be written directly.
No output changes, except for two instances where the incorrect escape
was used in the first place.
tweaks + ok schwarze@
|
| |
|
|
| |
OK guenther@
|
| |
|
|
|
|
| |
Also, nuke debugging printfs per jsing and bcook.
ok bcook@, jsing@
|
| |
|
|
|
|
|
|
| |
using *at functions is equivalent to chdir()ing, which eases portability.
Tested with mixes of absolute and relative paths.
Eliminate a FILE leak too.
prodded by jsing@
|
| |
|
|
| |
ok miod@, doug@
|
| |
|
|
|
|
|
| |
Aq is not the same as <> in non-ASCII situations, so this caused
incorrect output in some places. And it provided no semantics besides.
ok schwarze@
|
| |
|
|
|
|
| |
the correct return value. Prefer memcmp() anyway for portability.
ok jsing@ tedu@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If you didn't enable deprecated code, there were missing err.h and
bn.h includes. This commit allows building with or without deprecated
code.
This was not derived from an OpenSSL commit. However, they recently
enabled OPENSSL_NO_DEPRECATED in git and fixed these header problems
in a different way.
Verified with clang that this only changes line numbers in the generated
asm.
ok miod@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is effectively a reimplementation of the functionality provided by
the previously removed c_rehash Perl script. The c_rehash script had a
number of known issues, including the fact that it needs to run openssl(1)
multiple times and that it starts by removing all symlinks before
putting them back, creating atomicity issues/race conditions, even when
nothing has changed.
certhash is self-contained and is intended to be stable - no changes
should be made unless something has actually changed. This means it can
be run regularly in a production environment without causing certificate
lookup failures.
Further testing and improvements will happen in tree.
Discussed with tedu@
|
| | |
|
