| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is effectively a reimplementation of the functionality provided by
the previously removed c_rehash Perl script. The c_rehash script had a
number of known issues, including the fact that it needs to run openssl(1)
multiple times and that it starts by removing all symlinks before
putting them back, creating atomicity issues/race conditions, even when
nothing has changed.
certhash is self-contained and is intended to be stable - no changes
should be made unless something has actually changed. This means it can
be run regularly in a production environment without causing certificate
lookup failures.
Further testing and improvements will happen in tree.
Discussed with tedu@
|
| | |
|
| |
|
|
|
|
|
|
|
| |
This has the same functionality as the previous version, however uses the
new option handling code, uses SSL_CIPHER_get_value() since we no longer
care about SSlv2 cipher suites and uses standard I/O functions instead of
BIO functions.
ok beck@ doug@
|
| |
|
|
|
|
|
|
|
|
| |
From OpenSSL commits:
6f91b017bbb7140f816721141ac156d1b828a6b3
75d0ebef2aef7a2c77b27575b8da898e22f3ccd5
a2b18e657ea1a932d125154f4e13ab2258796d90
ok miod@, jsing@
|
| |
|
|
|
|
|
|
|
|
| |
HP-UX defines BSIZE in its <sys/param.h>, and there is a route where its
getting included as a side-effect. I tracked back to at least from HP-UX 9.0
ca. 1993, up to the latest, so the user namespace is polluted.
from kinichiro <kinichiro.inoguchi@gmail.com>
ok miod@, jsing@
|
| |
|
|
| |
input + ok jsing@
|
| |
|
|
| |
input + ok jsing@
|
| |
|
|
| |
OK jmc@
|
| |
|
|
|
|
| |
proxy. Implement the -proxy feature in the same hackish way as
-starttls.
OK jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- Check the return value of every relevant function call.
- If BIO_new() returns NULL instead of a valid BIO, do not attempt to
blindly use the NULL value as a BIO throughout the rest of the code.
- Ensure that bio_out is freed by BIO_free_all() at the end of all
error paths.
ok doug@
|
| |
|
|
| |
input + ok jsing@
|
| |
|
|
|
| |
Minor KNF in a few places too.
input + ok jsing@
|
| |
|
|
|
|
|
| |
Also, removed a few useless if null checks.
input from bcook@
input + ok jsing@
|
| |
|
|
| |
ok doug@
|
| |
|
|
|
|
| |
this man page.
ok jsing@
|
| |
|
|
|
|
| |
also check the return value of an adjacent malloc() call.
ok jsing@
|
| |
|
|
|
|
|
| |
apart from introducing a bug where the -elapsed option is not listed in
the usage output when it should be.
feedback/ok bcook@ jsing@
|
| |
|
|
| |
option.
|
| |
|
|
| |
With input from doug@
|
| | |
|
| |
|
|
| |
option type. In this case process the option as per normal.
|
| |
|
|
|
| |
arbitrary number of arguments. This will allow for more complex option
handling as required by some of the openssl(1) applications.
|
| |
|
|
| |
(as currently only implemented by some of the openssl(1) applications).
|
| |
|
|
|
| |
that it has consumed. This allows for the handling of multiple unnamed
arguments, including lists of filenames.
|
| |
|
|
|
|
|
| |
silently accept multiple unnamed arguments, ignoring all except the last.
This behaviour was already inconsistent between openssl(1) applications;
apply the principal of least surprise. This will also simplify the addition
of upcoming functionality.
|
| | |
|
| |
|
|
|
| |
allows for simpler code in the common cases and will allow for further
extension to support the complex cases.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Sync cipher strings with the ones that are actually implemented.
- Remove CIPHERS SUITE NAMES (the actual cipher suites can be obtained
via "openssl ciphers -v"), CIPHERS NOTES, and CIPHERS HISTORY
sections.
- Stop mentioning export cipher suites since they have already been
removed.
feedback from deraadt@ and jmc@
ok jmc@
|
| | |
|
| |
|
|
|
|
| |
"openssl dgst".
feedback/ok jmc@
|
| |
|
|
| |
EC_GROUP_free() all have implicit NULL checks.
|
| | |
|
| |
|
|
| |
Based on OpenSSL.
|
| |
|
|
| |
From Benjamin Baier <programmer at netzbasis.de>
|
| |
|
|
| |
From Minux Ma.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Several functions that need to be redefined for a Windows port are right
in the middle of other code that is relatively portable. This patch
isolates the functions that need Windows-specific implementations so
they can be built conditionally in the portable tree.
Add calls to BIO_sock_init() as-needed to openssl(1) so that socket IO works on
Windows. Sorry, these are no-op on other platforms.
ok jsing@ deraadt@
|
| |
|
|
|
|
| |
conversions in the tree, because the original code is very rotten and
fragile. Please test and report any failures.
Assistance from millert, bcook, and jsing.
|
| |
|
|
| |
Also looked at by bcook
|
| | |
|
| |
|
|
| |
ok deraadt@ millert@ tedu@
|
| | |
|
| |
|
|
| |
Based on a diff from Rusty (rustyl at outband dot net) and OpenSSL.
|
| |
|
|
| |
which was already done for libssl some time back.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Based on OpenSSL.
|
| |
|
|
| |
would be the next stage of embiggening. restore 16k.
|
| |
|
|
|
| |
if one pipe stalls out. from a diff by Arne Becker.
(buffer size left alone for now)
|
| |
|
|
| |
POLLHUP too. OK deraadt@
|
