summaryrefslogtreecommitdiff
path: root/src/usr.bin (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Plug TLS context leak in nc(1) server and client mode. Movebluhm2018-10-041-12/+10
| | | | | tls_free(3) directly after close(2) to catch all cases. based on a patch from Nan Xiao; OK tb@ deraadt@
* -T applies to ip6 too, apparently;jmc2018-09-251-4/+4
| | | | from nan xiao
* Move tally mark printing out of the main benchmark loop; ok tb@cheloha2018-09-171-14/+21
|
* Declare strings passed to local_listen() as const. This makes itbluhm2018-09-071-3/+3
| | | | | consistent to remote_connect() and getaddrinfo(3). from Nan Xiao
* Do not close the socket twice in netcat.bluhm2018-09-061-5/+6
| | | | from Nan Xiao; OK tb@
* Drop SSLv2, SSLv3 support.cheloha2018-08-281-6/+2
| | | | | | | No need to check for SSLv2/3 sessions when printing the tally mark. Also do SSLv23_client_method -> TLS_client_method. ok jsing@
* Check for SSL_write(3) error.cheloha2018-08-281-3/+4
| | | | | | | | | | jsing@ notes that this is not a complete solution, as we don't account for retries or partial writes, but that this is a step in a right direction. May want to revisit this later to provide a complete solution. ok jsing@
* update usage for pkcs8;jmc2018-08-241-10/+9
| | | | ok tb
* The broken pkcs8 formats generated by openssl pkcs -{embed,nooct,nsdb}tb2018-08-241-22/+2
| | | | | | are no longer supported. Remove their documentation. ok jsing
* Stop handling broken PKCS#8 formats in openssl(1).tb2018-08-241-52/+2
| | | | ok jsing
* Use a monotonic clock for the benchmark timeout.cheloha2018-08-221-24/+9
| | | | | | | | While here, we don't need the app_timer_* wrapper function, it only obfuscates things, so delete it. Also while here, totalTime only needs to be assigned once. ok tb@
* Merge duplicate benchmark() GET/SSL_shutdown blocks into doConnection().cheloha2018-08-211-41/+25
| | | | | | | | | | | | We need to then remove the shadow i from the GET block. While there, move retval's declaration to the beginning of the function. As doConnection() now executes the body of the benchmark's test, rename it to "run_test". Shadow variable spotted by tb@. ok tb@
* Don't leak a strdup()'ed string on error in do_accept().tb2018-08-191-1/+3
| | | | | | CID #154702. input & ok inoguchi, ok mestre on first version
* Plug SSL object leaks in doConnection().cheloha2018-08-181-32/+22
| | | | | | | | | | | | | Move SSL_new/SSL_free up into benchmark() to restrict the responsibility for the SSL object to a single scope. Make doConnection() return an int, openssl-style. Some miscellaneous cleanup, too. Discussed with tb, jsing, and jca. Basic idea from jsing, lots of patch input from tb. ok deraadt on an earlier version ok tb jsing
* spelling;jmc2018-08-171-2/+2
|
* Make the wording more concise, use the imperative throughout, stateschwarze2018-08-171-108/+126
| | | | | | | more precisely which options require which other options, add many missing incompatibilities, mention the default for -e, and some macro cleanup. OK jmc@ tb@
* Revert previous, which was wrong as noted by schwarze. Also revert a hunktb2018-08-161-4/+7
| | | | | | from r1.45 and thereby avoid a use-after-free spotted by schwarze. ok schwarze
* Remove unused variable.rob2018-08-161-5/+3
| | | | From Nan at chinadtrace dot org. Thanks!
* Don't fail by default in the -new case; ok tb jcacheloha2018-08-141-19/+12
|
* Refactor the nearly identical benchmark loops into a single loop.cheloha2018-08-111-139/+108
| | | | | | | | | | Move all of the benchmark code -- loop initialization, the loops, and the report printing -- into a new function, benchmark(). Eliminates lots of duplicate code. Regressions to 1.20 caught by tb@ and inoguchi@. Tweaked by tb@. ok tb@, jsing@
* In typical swiss-army style, various modes and options causederaadt2018-08-101-1/+24
| | | | | different unveils. Joint work with beck and florian. Let us know if you hit any corner cases.
* openssl app timers: TM_START -> TM_RESET, TM_STOP -> TM_GETcheloha2018-07-134-15/+15
| | | | | | | | Much more apt than the current operation names. Names suggested by jca@ ages ago. ok jca, jsing
* trailing whitespace, and move arg checking before pledgebeck2018-04-271-17/+17
| | | | | in preparation for pledgepath ok deraadt@
* The cookie in the cookie verify callback needs to be const.tb2018-04-252-4/+5
| | | | ok jsing (as part of a larger diff)
* Delete the description of the argument of the "ciphers" commandschwarze2018-04-101-145/+13
| | | | | | | | | because it was (1) woefully incomplete, (2) partially outdated and wrong, (3) in parts imprecisely worded and hard to understand, (4) excessively technical for a section 1 manual, (5) of excessive size for this particular page, (6) and didn't belong here in the first place because it essentially tried to document a C API - SSL_CTX_set_cipher_list(3), which is now documented, so point to it.
* Improve description of openssl(1) ciphers.schwarze2018-03-311-9/+5
| | | | | | * Remove -tls1 option which has no effect. * For -V, sort the fields in the order they are printed, and do not talk about key size restrictions, nothing like that is printed.
* Updates to the description of "openssl ca" from OpenSSL.schwarze2018-03-301-23/+82
| | | | | Some options were missing, some were in the wrong section (CRL-related or not), and there were some minor errors, typos, and omissions.
* checked the content against the current version of OpenSSL openssl.pod;schwarze2018-03-301-5/+5
| | | | | resulting fixes: markup of "command" below SYNOPSIS and links to the config file formats below SEE ALSO
* Clear password buffers in non-terminating casesderaadt2018-03-271-8/+11
| | | | ok tobias
* organizationUnitName -> organizationalUnitName;jmc2018-03-221-3/+3
| | | | from matt schwartz
* Remove the tls_init() call, since it is no longer necessary.jsing2018-03-191-3/+1
| | | | ok bcook@ beck@ inoguchi@
* ca start/enddates require all 4 yyyy from 2050 on; first twojmc2018-02-281-6/+6
| | | | | | are otherwise optional diff from holger mikolon, tweaked a bit by me
* document s_client -groups;jmc2018-02-181-2/+5
|
* typo in output string; from edgar pettijohnjmc2018-02-111-2/+2
|
* Convert option handling for openssl(1) genpkey.jsing2018-02-081-110/+177
| | | | ok beck@ inoguchi@
* Restore a check before BN_free() that needs to exist and write it such thatjsing2018-02-071-2/+3
| | | | the intent is more obvious.
* Nuke some more free NULL guards.jsing2018-02-071-9/+5
|
* Indent labels with a single space so that diff prototypes are more useful.jsing2018-02-0745-190/+190
|
* Remove guards around *_free() calls since these functions handle NULL.jsing2018-02-0718-114/+67
|
* Remove guards around *_free() calls since these functions handle NULL.jsing2018-02-071-27/+15
|
* Remove manual shutdown and close of the socket since in this casetb2018-02-061-7/+1
| | | | | | SSL_free will do this a second time. ok jsing
* Initialize variables to avoid compiler warningsinoguchi2018-01-282-4/+4
| | | | ok jsing@
* Add s_server and s_client -tlsextdebug messagesinoguchi2018-01-151-1/+9
| | | | ok sthen@ jsing@
* Remove unused extern variable in openssl(1) s_timeinoguchi2018-01-071-2/+1
| | | | | | | | | This extern variable appears not to be used. And it is overridden by local variable in doConnection(). This causes MSVC warning C4459 "declaration of 'verify_error' hides global declaration". OK millert@
* Seperate real and user timer interfacesjca2017-12-054-17/+15
| | | | | | | | | Use more descriptive names, and make it clearer that real and user timers work on different static storage. The end goal is to be able to reuse those timer functions, instead of inlining other timer implementations subject to clock jumps. Discussed with Scott Cheloha
* Mixing -url with any of -host, -port, or -path should be a usage errorguenther2017-11-291-7/+8
| | | | | | | instead of trying to work and then triggering a double-free(). problem noted by trondd (trondd (at) kagu-tsuchi.com) ok beck@
* Allow TLS ciphers and protocols to be specified for nc(1).jsing2017-11-282-41/+65
| | | | | | | | | | | Replace the "tlscompat" and "tlsall" options with "cipher" and "protocol" options that are key/value pairs. This allows the user to specify ciphers and protocols in a form that are accepted by tls_config_set_ciphers() and tls_config_set_protocols() respectively. ok beck@ (also ok jmc@ for a previous revision of the man page).
* Use clock_gettime and getrusage to compute real and user time.jca2017-11-241-16/+33
| | | | Better handling of clock jumps, from Scott Cheloa.
* openssl s_time -connect host:port needs dns promise for pledge(2) otherwise itmestre2017-11-021-2/+2
| | | | | | | | will SIGABRT Bug found by Scott Cheloha <scottcheloha at gmail.com> OK deraadt@
* Use a smaller buffer size too peek the receive data. The contentbluhm2017-10-241-5/+4
| | | | | | is discarded anyway, the plen variable is a leftover from the -j jumbo option. reported by Nan Xiao; OK deraadt@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 15:54:55 +0000