summaryrefslogtreecommitdiff
path: root/src/usr.bin (follow)
Commit message (Collapse)AuthorAgeFilesLines
* new sentence, new line, and tweak wording of previous;jmc2021-09-051-2/+3
|
* Remove unused variable tmptm in do_body of openssl(1) cainoguchi2021-09-051-8/+2
|
* Using serial number instead as subject if it is empty in openssl(1) cainoguchi2021-09-052-3/+36
| | | | | | | This allows multiple entries without a subject even if unique_subject == yes. Referred to OpenSSL commit 5af88441 and arranged for our codebase. ok tb@
* Check extensions before setting version to v3inoguchi2021-09-051-5/+10
| | | | | | Referred to OpenSSL commit 4881d849 and arranged for our codebase. comment and ok from tb@
* Use accessor method rather than direct X509 structure accessinoguchi2021-09-051-20/+10
| | | | | | Referred to OpenSSL commit a8d8e06b and arranged for our codebase. comment and ok from tb@
* Use defined constantsinoguchi2021-09-021-16/+16
|
* Add DB_TYPE_SUSPinoguchi2021-09-021-1/+2
|
* Move subject check process after the subject edit processinoguchi2021-09-021-105/+106
| | | | | | Referred to OpenSSL commit 2cedf794 and arranged for our codebase. ok tb@
* Clean up end of do_body in openssl(1) cainoguchi2021-08-301-6/+8
| | | | suggested from tb@
* Remove NULL check before free in openssl(1) cainoguchi2021-08-301-41/+25
| | | | ok tb@
* Do not call X509_alias_get0(3) with NULL as the second argument.schwarze2021-08-291-5/+7
| | | | | | | | | | | | | | | | | | | Even if the buffer is guaranteed to be NUL-terminated in a particular case, it is still setting a bad example. Besides, it is unclear to me whether there is any such guarantee in the case at hand. Checking that would require auditing all of d2i_X509_bio(3), ASN1_item_d2i_bio(&NETSCAPE_X509_it, ...), PEM_read_bio_X509_AUX(3), and PKCS12_parse(3), since no such guarantee is documented for any of these functions, and even then it would remain fragile with respect to later changes of implementation details. In the worst case, this could potentially result in a read buffer overrun. OK tb@ on an earlier version of this patch. While we are here, deraadt@ requested to not use the word "string" in the name of a variable that is not a string in the sense of the C language.
* Start naccept .desc with a capitaltb2021-08-291-2/+2
| | | | noted by inoguchi
* Implement -naccept in the s_server.tb2021-08-294-11/+29
| | | | | doc fixes/ok jmc ok beck
* Add RCS markertb2021-08-281-0/+1
|
* Check X509_get_notAfter return value in openssl(1) ca.cinoguchi2021-08-281-3/+5
|
* Use strndup instead of malloc, memcpy and NULL termination in openssl(1) ca.cinoguchi2021-08-281-11/+4
| | | | | suggested from tb@ for do_updatedb(), and applied the same for do_body() and do_revoke().
* Remove ASN1_TIME_new and use NULL for X509_gmtime_adj, free tmptm in err pathinoguchi2021-08-281-15/+7
| | | | comments from tb@
* Unwrap lines in openssl(1) ca.cinoguchi2021-08-281-5/+3
| | | | suggested from tb@
* Avoid leak with X509_REVOKED variable in openssl(1) ca.cinoguchi2021-08-281-1/+3
| | | | pointed out by tb@
* Checking the return value in openssl(1) ca.cinoguchi2021-08-281-41/+127
| | | | | | | | | Some functions are used without verifying the return value in openssl(1) ca. This diff adds checking for the function return value. With this diff, I changed return value of the write_new_certificate from void to int to return the condition to the caller. ok and comments from tb@
* Compare strcmp and strcasecmp return value with zeroinoguchi2021-07-241-6/+6
|
* Check pointer variable if it is NULL in ca.cinoguchi2021-07-201-2/+2
| | | | missed with r1.32
* Wrap over 80 long lines in ca.cinoguchi2021-07-151-83/+154
|
* Explicitly check pointer variable if it is NULL or not in ca.cinoguchi2021-07-151-58/+58
|
* Remove space between '*' and pointer variable in ca.cinoguchi2021-07-151-56/+56
|
* Use 'serial' rather than 'ser' in ca.cinoguchi2021-07-151-19/+19
| | | | input from jsing@
* Convert openssl(1) ca option handlinginoguchi2021-07-151-456/+643
| | | | | | | | | | | | | | New option handling for openssl(1) ca. This diff is just replacing with new option handling, no functional change. I'm using the word DN or RDN in description as manual uses them, rather than replacing with "Distinguished Name" or "Relative Distinguished Name". I would like to add another fixes below by follow-up diffs. - remove space between '*' and pointer variable - wrap 80+ long lines - explicitly check pointer variable if it is NULL or not comments and ok from jsing@
* Change the error reporting pattern throughout the tree when unveilbeck2021-07-121-9/+9
| | | | | | | | | fails to report the path that the failure occured on. Suggested by deraadt@ after some tech discussion. Work done and verified by Ashton Fagg <ashton@fagg.id.au> ok deraadt@ semarie@ claudio@
* Replace unnecessary calls to EC_GROUP_get_curve_GF{p,2m}() withtb2021-05-101-15/+3
| | | | EC_GROUP_get_curve() and remove no longer needed prototypes.
* Fix const in previous. Pointed out by asoutb2021-04-211-5/+5
|
* Add prototypes for EC_GROUP_get_curve_{GF2m,GFp}().tb2021-04-201-1/+6
| | | | These will be removed once EC_GROUP_get_curve() is public.
* Check function return value in openssl(1) x509.cinoguchi2021-04-071-24/+71
| | | | input from bcook@, ok and comments from tb@
* Avoid leak in error pathinoguchi2021-04-071-3/+7
| | | | ok and input from tb@
* Show DTLS1.2 message with openssl(1) s_server and s_clientinoguchi2021-04-021-2/+6
| | | | ok jsing@ tb@
* Compare the pointer variable explicitly with NULL in if conditioninoguchi2021-04-011-18/+17
|
* one of the examples needs an -N (and explanation);jmc2021-03-311-4/+7
| | | | | | diff from robert scheck discussed with and tweaked by sthen
* Remove workarounds for SSL_is_dtls()tb2021-03-312-11/+2
| | | | Reminded by inoguchi jsing
* Fix duplicate SSL_is_dtls in libssl and apps.cinoguchi2021-03-281-1/+3
| | | | | | | | | | Currently, SSL_is_dtls exists in both libssl and apps.c, and one in libssl is guarded by LIBRESSL_INTERNAL and not exposed yet. This causes portable build broke with openssl(1) and optionstest. To solve this temporarily, rename SSL_is_dtls by apps.h. This temporary renaming will be removed when the SSL_is_dtls() is exposed. ok jsing@
* Sort header files and wrap long lines in x509.cinoguchi2021-03-261-67/+110
|
* Convert openssl(1) x509 option handlinginoguchi2021-03-241-414/+747
| | | | | | | | | | | | | Apply new option handling to openssl(1) x509. To handle incremental order value, using newly added OPTION_ORDER. I left the descriptions for -CAform, -inform, and -outform as it was, for now. These description would be fixed. And digest option handler could be consolidated to one between some subcommands in the future. ok and comments from tb@, and "I'd move forward with your current plan." from jsing@
* Add option type OPTION_ORDERinoguchi2021-03-242-2/+9
| | | | | | | | | | To handle incremental order value, added new option type OPTION_ORDER. openssl(1) x509 requires this option handling, since, - -CA and -signkey require to set both filename and incremental 'num'. - -dates requires to set two variables in a row, startdate and enddate. and this couldn't be solved by OPTION_FLAG_ORD. ok tb@ and "I'd move forward with your current plan." from jsing@
* Read ahead is now enforced for DTLS - remove workarounds.jsing2021-03-172-20/+2
| | | | ok inoguchi@ tb@
* Use consistent s_server_opt_ prefix.jsing2021-03-171-9/+9
|
* Add DTLSv1.2 support to openssl(1) s_client/s_server.jsing2021-03-174-34/+129
| | | | ok inoguchi@ tb@
* Only print the certificate file once on verifification failure.jsing2021-02-151-4/+2
| | | | | | Noted by Steffen Ullrich. ok tb@
* Document meaning of '*' in genrsa outputtb2020-12-301-3/+6
| | | | ok inoguchi jmc kn
* Remove a redundant memset call.tb2020-12-161-2/+2
|
* Wrap remaining overlong lines.tb2020-11-031-7/+7
|
* garbage collect an essentially unused variable and wrap some overlongtb2020-11-031-8/+10
| | | | lines
* * ptr -> *ptrtb2020-11-031-5/+5
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 23:42:38 +0000