| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
This moves them from .data to .data.rel.ro
ok deraadt@ inoguchi@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Add undocumented options below.
-alpn, -cert2, -certform, -dcertform, -dkeyform, -dpass, -dtls1, -key2,
-keyform, -keymatexport, -keymatexportlen, -mtu, -named_curve, -no_cache,
-no_ecdhe, -no_ticket, -pass, -port, -servername, -servername_fatal,
-status, -status_timeout, -status_url, -status_verbose, -timeout,
-tlsextdebug, -use_srtp, -verify_return_error
- Remove -hack, -psk and -psk_hint since not exist in source code.
I didn't add these 5 options since these were no-op.
-chain, -legacy_renegotiation, -nextprotoneg, -no_comp, -no_ssl2
This option was removed from manual in the past.
-no_ssl3
ok and suggestions from jmc@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Add undocumented options below.
-alpn, -certform, -dtls1, -host, -keyform, -keymatexport, -keymatexportlen,
-legacy_server_connect, -mtu, -no_ign_eof, -no_legacy_server_connect, -pass
-port, -serverpref, -sess_in, -sess_out, -status, -timeout, -use_srtp,
-verify_return_error
- Remove -psk and -psk_identity since not exist in source code.
I didn't add these 4 options since these were no-op.
-nextprotoneg, -legacy_renegotiation, -no_comp, -no_ssl2
This option was removed from manual in the past.
-no_ssl3
ok jmc@
|
| |
|
|
| |
ok bcook@ jsing@
|
| |
|
|
|
|
| |
Add missing -camellia*/-idea description to genrsa section.
ok jmc@
|
| |
|
|
| |
ok tb@ jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- dsa : add missing -pvk-none, -pvk-strong and -pvk-weak
add pvk format to -inform and -outform
- ocsp : add missing -header, -ignore_err, -no_explicit and -timeout
- rsa : add missing -pvk-none, -pvk-strong and -pvk-weak
add missing -RSAPublicKey_in and -RSAPublicKey_out
add pvk format to -inform and -outform
- smime : add missing -nosmimecap
- add pvk description at common format part
ok jmc@
|
| |
|
|
|
|
|
|
|
|
| |
- For pkcs12, add -camellia*/-idea, -LMK and -password
- For req, add -multivalue-rdn, -pkeyopt and -sigopt
- For verify, add -CRLfile and -trusted, and down -check_ss_sig description
- For x509, add -next_serial and -sigopt
- Remove the escape in -multivalue-rdn from ca section
ok jmc@
|
| |
|
|
|
|
|
|
| |
- For ec, add -param_out description
- For enc, add -v usage and description
- For pkcs7, add -print usage and description
ok jmc@
|
| |
|
|
|
|
| |
- Add undocumented option -r
ok jmc@
|
| |
|
|
|
|
| |
- Add undocumented options -crlnumber, -hash_old, -nameopt and -verify
ok jmc@
|
| |
|
|
|
|
|
| |
- Add undocumented options -crlsec and -sigopt
- Sync argument name between usage and options description
ok jmc@
|
| | |
|
| |
|
|
|
|
| |
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.
|
| |
|
|
|
|
|
| |
- Move local variables in genrsa_main() to struct genrsa_config
- Leave long lines more than 80, still
ok bcook@
|
| | |
|
| |
|
|
|
|
|
|
| |
- Adapt openssl(1) gendsa command to new option handling.
- Add lacking ciphers and passout description in openssl.1 manpage.
- Describe paramfile as argument in openssl.1 manpage.
ok bcook@
|
| | |
|
| |
|
|
| |
Diff from Steven Roberts <sroberts at fenderq dot com> - thanks!
|
| |
|
|
|
| |
Patch from Daniel Wyatt
ok inoguchi, jsing
|
| |
|
|
| |
ok jsing@ tb@
|
| |
|
|
| |
ok jsing@ tb@
|
| |
|
|
| |
ok tb@ jsing@
|
| |
|
|
|
| |
suggested by jsing@
ok tb@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok jsing, "looks good!" jmc
|
| | |
|
| |
|
|
| |
ok beck@ inoguchi@ tb@
|
| |
|
|
|
|
| |
from code and manual in 2017).
Reported by KEINOS in github issue #101.
|
| | |
|
| |
|
|
|
|
|
| |
Found thanks to BoringSSL's commit 53409ee3d7595ed37da472bc73b010cd2c8a5ffd
by David Benjamin.
ok djm, jsing
|
| |
|
|
|
|
|
|
| |
openssl x509 -fingerprint
openssl crl -fingerprint
from sha1 to sha256
ok jsing@
|
| |
|
|
| |
ok deraadt@
|
| |
|
|
|
|
| |
Reorder option descriptions so -iter and -pbkdf2 show up alphabetically.
Add missing argument name for -iter.
ok jmc@
|
| | |
|
| | |
|
| |
|
|
|
| |
pbkdf2 with OpenSSL compatible flags
ok jsing@
|
| |
|
|
| |
ok jmc@, jsing@
|
| |
|
|
| |
From Edgar Pettijohn III
|
| |
|
|
| |
ok beck inoguchi
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This implements automatic thread support initialization in libcrypto.
This does not remove any functions from the ABI, but does turn them into
no-ops. Stub implementations of pthread_mutex_(init|lock|unlock) are
provided for ramdisks.
This does not implement the new OpenSSL 1.1 thread API internally,
keeping the original CRYTPO_lock / CRYPTO_add_lock functions for library
locking. For -portable, crypto_lock.c can be reimplemented with
OS-specific primitives as needed.
ok beck@, tb@, looks sane guenther@
|
| |
|
|
| |
Reported by Katherine <luigi30 at gmail dot com> on tech@
|
| |
|
|
|
|
| |
to uncompressed rather than compressed.
From Jacqueline Jolicoeur
|
| | |
|
| |
|
|
|
|
|
| |
No need to check for SSLv2/3 sessions when printing the tally mark.
Also do SSLv23_client_method -> TLS_client_method.
ok jsing@
|
| |
|
|
|
|
|
|
|
|
| |
jsing@ notes that this is not a complete solution, as we don't
account for retries or partial writes, but that this is a step
in a right direction.
May want to revisit this later to provide a complete solution.
ok jsing@
|
| |
|
|
| |
ok tb
|
| |
|
|
|
|
| |
are no longer supported. Remove their documentation.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
| |
While here, we don't need the app_timer_* wrapper function, it only
obfuscates things, so delete it. Also while here, totalTime only needs
to be assigned once.
ok tb@
|
