summaryrefslogtreecommitdiff
path: root/src/usr.bin (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Wrap long lines, add space in front of goto label in openssl(1) ocsp.cinoguchi2020-09-091-93/+118
|
* Change SSLv23_client_method to TLS_client_method openssl(1) ocspinoguchi2020-09-091-2/+2
|
* Remove space between pointer '*' and variable name in ocsp.cinoguchi2020-09-091-39/+39
|
* Convert openssl(1) ocsp option handlinginoguchi2020-09-091-443/+725
| | | | input and ok tb@
* Add option type OPTION_UL_VALUE_ORinoguchi2020-09-092-2/+9
| | | | ok tb@
* Convert openssl req option handling.jsing2020-08-091-378/+572
| | | | | | With input from inoguchi@ ok beck@ inoguchi@
* Wrap long lines s_server.cinoguchi2020-07-271-67/+130
|
* Add function prototype and move sub functions to bottominoguchi2020-07-271-198/+197
|
* Remove space between '*' and pointer variable in s_server.cinoguchi2020-07-271-12/+12
|
* Remove 's_' prefix from member of s_server_config structinoguchi2020-07-271-110/+110
|
* Convert openssl(1) s_server option handlinginoguchi2020-07-271-568/+929
| | | | ok and comments from jsing@
* Convert option handling for openssl(1) verify.jsing2020-07-141-88/+220
| | | | ok inoguchi@, tb@
* Remove hypheninoguchi2020-07-141-3/+3
|
* Add single space between pem and ...inoguchi2020-07-141-2/+2
|
* Add manual for openssl(1) certhashinoguchi2020-07-141-2/+57
| | | | ok jmc@
* Clean up s_client.cinoguchi2020-07-101-26/+27
| | | | | | | - Remove space between '*' and pointer variable. - Add function prototype. - Move callback function to bottom. - Move typedef struct to up.
* Change variable bio_c_out from global to localinoguchi2020-07-101-15/+11
| | | | ok tb@
* Wrap long lines and put space in front of label in s_client.cinoguchi2020-07-091-46/+80
|
* Remove c_ prefix from s_client_config memberinoguchi2020-07-091-33/+33
|
* Convert openssl(1) s_client option handlinginoguchi2020-07-091-450/+770
| | | | suggestions and ok beck@ jsing@ tb@
* While the second SSL_CTX in this code is only used on servernametb2020-05-231-1/+2
| | | | | | | | callback, so its mode is not used to update the ssl's mode, it seems more appropriate to clear the SSL_MODE_AUTO_RETRY flag on it as well. ok jsing
* In ssl_lib.c revision 1.217, jsing enabled SSL_MODE_AUTO_RETRY bytb2020-05-232-2/+7
| | | | | | | default. To avoid hanging on a blocking read, we need to clear the SSL_MODE_AUTO_RETRY flag in the s_client and the s_server. ok beck inoguchi jsing
* Avoid an out-of-bounds array access in the s_server.tb2020-05-231-1/+3
| | | | | | | | | It can be triggered by sending a line to stdin while no connection is open and then connecting a client. The first SSL_write() fails, sends SSL_ERROR_WANT_* and then causes a segfault deep down in the tls stack when accessing &(buf[-1]). ok beck inoguchi
* sockaddr should be sockaddr_storage, otherwise "openssl s_client -6 -dtls1"deraadt2020-05-221-3/+4
| | | | | | (gurn) copies getsockname() retrieves a truncated result and 14 bytes of stack garbage get copied onwards. ok tb
* Add description for -tls1_3 and -no_tls1_3 options to openssl(1) s_serverinoguchi2020-05-131-6/+8
| | | | ok jsing@ tb@
* Add -tls1_3 and -no_tls1_3 options to openssl(1) s_serverinoguchi2020-05-131-6/+28
| | | | | | | - Add -tls1_3 and -no_tls1_3 to openssl(1) s_server - Stop using version pinned methods, instead setting the min and max protocol versions ok jsing@ tb@
* Make openssl X509 handle the failure case return code from X509_time_cmp.beck2020-05-101-5/+16
| | | | | | While we are in here also make it notice if time values in a certificate are bogus, and say so in the output. ok bcook@ jsing@
* Conditionalize sleep-before-retry in server code to only be done whenbeck2020-05-101-3/+5
| | | | | | | debug is on. otherwise, just retry. Fixes problems this creates in testing. ok jsing@ tb@
* Display TLSv1.3 extension type with openssl(1) -tlsextdebuginoguchi2020-04-261-7/+49
| | | | | | | | Add TLSv1.3 extension type, and sort by the definition order in tls1.h. This helps that openssl(1) s_server and s_client with -tlsextdebug displays the TLS extension type instead of "unknown". ok beck@ jsing@ tb@
* s_client: fix use of possibly uninitialized valuesinoguchi2020-04-261-2/+2
| | | | | | | | | | Set initial value to variable 'p' and 'pending'. Reported and fix requested from leonklingele by GitHub pull request. https://github.com/libressl-portable/portable/issues/577 https://github.com/libressl-portable/openbsd/pull/114 ok bcook@ jsing@ tb@
* In s_server.c rev. 1.33, jsing added support for "openssl s_server -groups";schwarze2020-04-251-6/+18
| | | | | | | | document it and deprecate "openssl s_server -named_curve". While here, fix the error in the synopsis for "openssl s_client -groups" and use unified argument naming and similar wording like in SSL_CTX_set1_groups_list(3). OK jsing@
* Add -groups option to openssl(1) s_server.jsing2020-04-192-35/+31
| | | | | | | | | | This allows supported EC groups to be configured, which will also control which TLSv1.3 key shares we'll accept. While here, deprecate the rather useless -named_curve option, which is effectively the same as -groups with a single group. Also stop setting a single default group of P-256 via SSL_CTX_set_tmp_ecdh() - use the library defaults instead. ok beck@ inoguchi@
* Tag subcommand sectionskn2020-02-191-2/+44
| | | | | | | | | Allow semantic lookup by manually tagging sections (.Sh) for which no automatic tagging has been implemented; this thereby also eliminates false positives such that ":tx509<Enter>" now jumps to the X509 section. feedback remi inoguchi schwarze OK tb
* Add -tls1_3 and -notls1_3 options to openssl(1) s_client.jsing2020-02-162-23/+37
| | | | | | | | | Also stop using version pinned methods, instead setting the min and max protocol versions. Requested by inoguchi@ ok inoguchi@ tb@
* Standardize argument naming for "sourceaddr" and unify the wording a bit,schwarze2020-02-122-10/+9
| | | | similar to what deraadt@ recently did in other manual pages.
* revert previous nc loop refactor from 1.211, breaks bluhm's stuffbeck2020-01-261-64/+36
| | | | will attempt again later, now that there is new regress
* add a couple of XXX for future cleanuptb2020-01-251-1/+4
|
* Teach openssl s_client a bit about TLSv1.3.tb2020-01-241-2/+17
| | | | ok beck jsing
* Make -peekaboo mode also use SSL_pending after peeking, to ensurebeck2020-01-231-2/+9
| | | | | | SSL_pending implementation is correct. annoying jsing@
* Simplify the peekaboo code.jsing2020-01-221-35/+6
| | | | ok beck@
* Add -peekaboo option to s_client, to test SSL_peekbeck2020-01-221-4/+66
| | | | | | peeks data before reading, compares to subsequent read. ok jsing@
* If the client provides a TLS certificate and the user specifies abluhm2020-01-071-5/+6
| | | | | | | | | | hash value on the nc(1) server command line, the netcat server must use the TLS context of the accepted socket for verification. As the listening socket was used instead, the verification was always successful. If the peer provides a certificate, there must be a hash. Make the hash verification fail safe. OK tb@
* The unveil(2) for nc -U -u -l was wrong. The server cannot unveilbluhm2020-01-061-4/+23
| | | | | | | the file system as it has to connect to the UNIX domain client socket. The path of the latter is determined dynamically. Instead add a restrictive pledge(2) after connect(2). OK tb@
* When using UNIX domain sockets, always call report_sock() with thebluhm2020-01-061-6/+10
| | | | | | path name of the socket. This avoids bad errors from getnameinfo(3). Use the same error check for both calls to getnameinfo(3). OK millert@ tb@
* Check CMS API return value in openssl(1) cmsinoguchi2020-01-041-11/+21
| | | | ok jsing@
* use "Currently" in the doc for "openssl enc" when talking about defaultsthen2019-12-181-2/+2
| | | | | md, to hint that it might not always be the case (e.g. if dealing with files from a different version of the tool). ok tb@
* In January, the default digest used in the openssl enc command wastb2019-12-181-7/+4
| | | | | | | | changed from md5 to sha256. Update manual to reflect that. From Fabio Scotoni ok jmc
* Add manual for openssl(1) cmsinoguchi2019-11-281-2/+518
| | | | ok and comments jmc@
* More return value check in openssl(1) cmsinoguchi2019-11-191-23/+29
| | | | | | Checking return value of sk_.*_new_null(). ok beck@ jsing@
* Add manual descriptions for openssl(1) req -addextinoguchi2019-11-191-2/+10
| | | | ok jmc@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 23:42:39 +0000