| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
Previously, it returned '1' regardless of whether is succeeded or failed. This is now fixed in the OpenSSL master branch as well. Thanks to Kinichiro Inoguchi for pointing it out.
ok @deraadt
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
| |
This also removes support for -timebomb related code which was only
enabled for GENCB_TEST.
ok jsing@
|
| |
|
|
| |
input + ok jsing@
|
| |
|
|
| |
ok doug@
|
| | |
|
| | |
|
| |
|
|
| |
From OpenSSL.
|
| | |
|
| |
|
|
| |
ok deraadt@ jsing@ miod@
|
| |
|
|
|
|
| |
Diff from kinichiro via github.
ok doug@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since we no longer have dynamic engines, don't bother falling back to them
if a builtin engine is not found first.
Before:
$ openssl dgst -engine unknown
invalid engine "unknown"
27256010481532:error:2606A074:engine routines:ENGINE_by_id:no such
engine:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/engine/eng_list.c:384:id=unknown
27256010481532:error:2606A074:engine routines:ENGINE_by_id:no such
engine:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/engine/eng_list.c:384:id=dynamic
After:
$ openssl dgst -engine unknown
invalid engine "unknown"
27256010481532:error:2606A074:engine routines:ENGINE_by_id:no such
engine:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/engine/eng_list.c:384:id=unknown
ok doug@
|
| | |
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
| |
This was imported into OpenSSL from SSLeay. It was recently deleted
in OpenSSL commit 7a4dadc3a6a487db92619622b820eb4f7be512c9
|
| |
|
|
|
|
|
| |
value from SSL_CTX_set_cipher_list(). Also remove pointless getenv()
handling.
ok bcook@ doug@
|
| | |
|
| |
|
|
| |
ok doug@
|
| |
|
|
|
|
|
|
|
| |
- Use BIO_new_fp() instead of BIO_new()/BIO_set_fp() and handle NULL
return value in a more appropriate manner.
- Use stroul() instead of sscanf() with appropriate error checking.
ok doug@
|
| |
|
|
| |
ok bcook@ doug@
|
| |
|
|
| |
Spotted by doug@
|
| | |
|
| |
|
|
|
|
|
|
|
| |
socket becomes invalid between these calls (e.g. connection closed), write
will throw SIGPIPE. With this patch, SIGPIPE is ignored so we can
handle write's -1 return value (errno will be EPIPE). Ultimately, it leads
to program exit, too -- but with nicer error message. :)
with input by and ok djm
|
| |
|
|
| |
ok djm
|
| |
|
|
| |
ok djm
|
| |
|
|
| |
ok djm
|
| |
|
|
|
|
|
|
|
| |
functions, and ocsp and s_time need networking enabled too, this just moves
BIO_sock_init() up into main() as a catch-all for all of the commands.
Of course, it is a no-op on any other platform.
ok @guenther
|
| |
|
|
|
| |
to place in an int. from Christian Neukirchen
ok deraadt
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
|
|
|
|
| |
Predefined strings are not very portable across troff implementations,
and they make the source much harder to read. Usually the intended
character can be written directly.
No output changes, except for two instances where the incorrect escape
was used in the first place.
tweaks + ok schwarze@
|
| |
|
|
| |
OK guenther@
|
| |
|
|
|
|
| |
Also, nuke debugging printfs per jsing and bcook.
ok bcook@, jsing@
|
| |
|
|
|
|
|
|
| |
using *at functions is equivalent to chdir()ing, which eases portability.
Tested with mixes of absolute and relative paths.
Eliminate a FILE leak too.
prodded by jsing@
|
| |
|
|
| |
ok miod@, doug@
|
| |
|
|
|
|
|
| |
Aq is not the same as <> in non-ASCII situations, so this caused
incorrect output in some places. And it provided no semantics besides.
ok schwarze@
|
| |
|
|
| |
ok sthen@
|
| |
|
|
|
|
| |
the correct return value. Prefer memcmp() anyway for portability.
ok jsing@ tedu@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If you didn't enable deprecated code, there were missing err.h and
bn.h includes. This commit allows building with or without deprecated
code.
This was not derived from an OpenSSL commit. However, they recently
enabled OPENSSL_NO_DEPRECATED in git and fixed these header problems
in a different way.
Verified with clang that this only changes line numbers in the generated
asm.
ok miod@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is effectively a reimplementation of the functionality provided by
the previously removed c_rehash Perl script. The c_rehash script had a
number of known issues, including the fact that it needs to run openssl(1)
multiple times and that it starts by removing all symlinks before
putting them back, creating atomicity issues/race conditions, even when
nothing has changed.
certhash is self-contained and is intended to be stable - no changes
should be made unless something has actually changed. This means it can
be run regularly in a production environment without causing certificate
lookup failures.
Further testing and improvements will happen in tree.
Discussed with tedu@
|
| | |
|
| |
|
|
|
|
|
|
|
| |
This has the same functionality as the previous version, however uses the
new option handling code, uses SSL_CIPHER_get_value() since we no longer
care about SSlv2 cipher suites and uses standard I/O functions instead of
BIO functions.
ok beck@ doug@
|
| |
|
|
|
|
|
|
|
|
| |
From OpenSSL commits:
6f91b017bbb7140f816721141ac156d1b828a6b3
75d0ebef2aef7a2c77b27575b8da898e22f3ccd5
a2b18e657ea1a932d125154f4e13ab2258796d90
ok miod@, jsing@
|
| |
|
|
|
|
|
|
|
|
| |
HP-UX defines BSIZE in its <sys/param.h>, and there is a route where its
getting included as a side-effect. I tracked back to at least from HP-UX 9.0
ca. 1993, up to the latest, so the user namespace is polluted.
from kinichiro <kinichiro.inoguchi@gmail.com>
ok miod@, jsing@
|
| |
|
|
| |
input + ok jsing@
|
| |
|
|
| |
input + ok jsing@
|
| |
|
|
| |
OK jmc@
|
