summaryrefslogtreecommitdiff
path: root/src/usr.bin (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* normalize the ordering of tame requests (particularily, "rpath wpath cpath",deraadt2015-10-101-2/+2
| | | | | | | which i have put in that order). this is not important, but helps look for outliers which might be strange. it hints that "ioctl" should be reassessed in a few places, to see if "tty" is better; that "unix" may be used in some places where "route" could now work.
* Change all tame callers to namechange to pledge(2).deraadt2015-10-091-3/+3
|
* tame "stdio inet rpath cpath wpath proc" seems to be sufficient forderaadt2015-10-071-1/+7
| | | | | all the wading in here. "proc" is for the speed command, which fork()'s. ok doug
* these do not use ioctl.hderaadt2015-10-062-4/+2
|
* BIO_get_fd() could return fd 0; fix error condition. Found atderaadt2015-10-031-2/+2
| | | | | http://marc.info/?l=openssl-dev&m=144374015404899&w=2 ok doug
* avoid sys/param.h, by using PATH_MAXderaadt2015-10-021-1/+1
|
* Another s/M_ASN1_INTEGER_free/ASN1_INTEGER_free/.jsing2015-10-011-2/+2
| | | | Found the hard way by Mark Patruck.
* avoid trailing .Ns, reduce .Xo and .Sm, drop redundant .Bkschwarze2015-09-251-12/+4
|
* add a missing NULL checkbcook2015-09-211-1/+5
| | | | noted by Bill Parker (dogbert2) on github
* add a couple of missing NULL checksbcook2015-09-211-3/+3
| | | | noted by Bill Parker (dogbert2) on github
* remove vestigial bits of sha-0 and md2 from openssl(1)bcook2015-09-215-23/+17
| | | | | | | | Noted by kinichiro on github. We probably need a better way to indicate the list of message digests that are allowed, as the current ones are nowhere near exhaustive (sigh - guenther@) OK guenther@ jmc@
* Pack the algorithm numbers, to avoid printing a useless (null) 0 0 0 0miod2015-09-201-34/+34
| | | | line in the summary.
* Temporarily revive MD4 for MS CHAP support.doug2015-09-145-16/+49
|
* Remove MD4 support from LibreSSL.doug2015-09-135-48/+15
| | | | | | | | MD4 should have been removed a long time ago. Also, RFC 6150 moved it to historic in 2011. Rides the major crank from removing SHA-0. Discussed with many including beck@, millert@, djm@, sthen@ ok jsing@, input + ok bcook@
* nc(1) seems worth an Xr in SEE ALSO now;jmc2015-09-131-1/+2
|
* Factor out setup_up / destroy_ui functions.bcook2015-09-134-58/+58
| | | | | | | | | This pulls out and renames setup_ui/destroy_ui so we have something that can be replaced as-needed, moving the the console setup code for Windows to app_win.c in -portable, instead of needing a local patch to enable binary console mode ui_read/write are also simplified.
* document extra algorithms available with openssl speed commandbcook2015-09-131-1/+4
| | | | ok jmc@
* display negotiated TLS version and cipher suite in verbose mode.beck2015-09-131-2/+3
| | | | ok jsing@
* tweak STANDARDS;jmc2015-09-131-3/+3
|
* Adapt to just committed libtls api changebeck2015-09-121-21/+14
|
* Nuke SSLEAY_CONF -- a backwards compatibility environment variable thatlteo2015-09-124-14/+5
| | | | | | | | | | has been superseded by OPENSSL_CONF and discouraged from use for almost 16 years. "Definately ok" jsing@ "burn it" deraadt@ "Kill it with fire" miod@ "KILL IT WITH FIRE!!! BURN!!!!" beck@
* Add openssl(1) speed support for AEAD algorithms.bcook2015-09-121-17/+96
| | | | | | | This adds aes-128-gcm aes-256-gcm chacha20-poly1305 from Adam Langley's original patch for OpenSSL ok beck@ jsing@
* Fix the openssl(1) prime command: When checking a decimal number forlteo2015-09-121-3/+2
| | | | | | | | | primality, do not unnecessarily convert the original decimal number to hex in the output. Hex numbers explicitly specified with -hex remain unchanged. ok beck@ deraadt@ jsing@ miod@
* use SOCK_CLOEXEC instead of fnctl; ok guenther beck jsingderaadt2015-09-121-12/+16
|
* fix previous;jmc2015-09-122-31/+48
|
* spaces found during a readderaadt2015-09-111-19/+18
|
* Add TLS suppport to nc. Provides a useful little test and script tool.beck2015-09-113-45/+346
| | | | ok jsing@ bluhm@
* unifdef -DOPENSSL_NO_RC5jsing2015-09-112-42/+2
|
* kill evil commentbeck2015-09-111-3/+1
| | | | ok deraadt@
* fix unchecked mallocs - coverity 130454 and 130455beck2015-09-111-6/+15
| | | | ok jsing@
* "Shutdown" should be "Shut down" in the usage for s_time's -no_shutdownlteo2015-09-111-2/+2
| | | | flag. Pointed out by jmc@'s commit to the openssl(1) man page.
* Remove engine command and parameters from openssl(1).bcook2015-09-1140-1726/+184
| | | | | | | We do not have any builtin or dynamic engines, meaning openssl(1) has no way to use the engine command or parameters at all. ok jsing@
* remove stupid castsderaadt2015-09-111-4/+4
|
* shutdown (n.) -> shut down (v.);jmc2015-09-111-2/+2
|
* Change the default behavior of the s_time command so that it willlteo2015-09-111-2/+7
| | | | | | | | | | | | | | | | perform a proper shutdown by sending a "close notify" alert to the server. This allows s_time to benchmark a full TLS connection more accurately. Introduce a new flag called -no_shutdown to make s_time adopt the previous behavior (i.e. shut down the connection without notifying the server) so that comparisons can still be made with OpenSSL's version. The idea of using a flag (which replaces a #define) was suggested by bcook@. Thanks to millert@ and miod@ as well for their feedback on an earlier diff which resulted in this change. ok bcook@ beck@
* *** empty log message ***lteo2015-09-111-19/+24
|
* Nuke references to DTLS1_BAD_VER and unbreak the tree.jsing2015-09-101-5/+2
|
* Remove call to CRYPTO_malloc_init(), which does nothing.jsing2015-09-101-2/+1
|
* Correct spelling of OPENSSL_cleanse.jsing2015-09-106-17/+17
|
* Fix shadowed verify_error in s_server by removing the unused global.bcook2015-09-104-10/+8
| | | | | | 's_time -verify 1' will now actually verify the peer certificate. ok beck@
* Remove SOCKET_PROTOCOL, a redundant define that was only used once.lteo2015-09-101-4/+2
| | | | | | No binary change. ok millert@ miod@
* Remove unused defines. No binary change.lteo2015-09-102-9/+2
| | | | ok deraadt@ miod@
* Netcat could hang during write(2) although poll(2) reports that thebluhm2015-09-081-15/+6
| | | | | | | | | socket is writeable. This happens because netcat tries to write more than the low water mark of the socket write buffer. With a non-blocking socket you may get a short write, otherwise it blocks. The latter could cause a total hang of the netcat process depending on the upper protocol. So make the network connection non-blocking. OK claudio@ millert@
* synchronize synopsis and usage.sobrado2015-09-031-2/+2
|
* Remove all duplicate prototypes for *_main functions (these are alreadyjsing2015-08-2242-185/+102
| | | | | | | | | provided by progs.h). Also, move the FUNCTION type (and flags) into openssl.c since that is the only place of use. Lastly, remove pointless 'extern' from the prototypes and use char **argv instead of char *argv[] (the former is used elsewhere). ok deraadt@ doug@
* bring prototypes into scope, requires movement of a large global objectderaadt2015-08-198-202/+208
| | | | | out of .h file ok jsing
* Improve openssl s_client -starttls xmpp support.landry2015-08-112-7/+28
| | | | | | | | | From https://rt.openssl.org/Ticket/Display.html?id=2860&user=guest&pass=guest - add a -xmpphost option to specify the xmpp virtual host - fix an infinite loop when the vhost isnt what the server expects - fix communication with openfire & prosody servers with tweaks & ok bcook@ doug@ manpage bits jmc@
* remove ssl3 bits; ok dougjmc2015-08-021-58/+14
|
* use file system path (.Pa) semantic markup macros where appropriate.sobrado2015-07-271-7/+7
| | | | ok jmc@
* remove unused variablechl2015-07-261-2/+2
| | | | ok tedu@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-20 23:00:46 +0000