| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | spelling fixes; from paul tagliamonte | jmc | 2022-12-28 | 1 | -2/+2 |
| | | | | | any parts of his diff not taken are noted on tech | ||||
| * | Change the error reporting pattern throughout the tree when unveil | beck | 2021-07-12 | 1 | -4/+4 |
| | | | | | | | | | | fails to report the path that the failure occured on. Suggested by deraadt@ after some tech discussion. Work done and verified by Ashton Fagg <ashton@fagg.id.au> ok deraadt@ semarie@ claudio@ | ||||
| * | Walk over all results from getaddrinfo() instead of giving up after the | claudio | 2021-02-09 | 1 | -2/+1 |
| | | | | | | | | first entry. This way ocspcheck will try all returned IPs to contact the OCSP server. Found by the regress test and a resolv.conf file with 'family inet6 inet4'. OK kn@ deraadt@ | ||||
| * | Refactor a bunch of oscpcheck for single return to clean it up, | beck | 2020-10-16 | 1 | -63/+95 |
| | | | | | | | | | | | | | and add the ability to parse a port in the specified ocsp url. Since this will now pass them, enable regress tests previously committed for ocspcheck. mostly by me with some cleanup by tb after an obvious yak was found to shave in the OCSP routines in libcrypto ok tb@ | ||||
| * | Ignore ftruncate failure with errno == EAGAIN | tb | 2020-09-04 | 1 | -2/+5 |
| | | | | | | | This makes piping the OCSP response to other programs with -o - work. input and r+ guenther | ||||
| * | The X509_LOOKUP code tries to grope around in /etc/ssl/cert/ to find | tb | 2020-01-23 | 1 | -30/+67 |
| | | | | | | | | | | | | | | | | | CA certs it couldn't find otherwise. This may lead to a pledge rpath violation reported by Kor, son of Rynar. Unfortunately, providing certs inside a directory is common in linuxes, so we need to keep this functionality for portable. Check if /etc/ssl/cert.pem and /etc/ssl/cert exist and pledge accordingly. Add unveils to restrict this program further on a default OpenBSD install. Fix -C to look only inside the provided root bundle. Input from jsing and sthen, tests by sthen and Kor ok beck, jsing, sthen (after much back and forth) | ||||
| * | check result of ftruncate() as we do write() below | bcook | 2019-05-15 | 1 | -2/+4 |
| | | | | | ok beck@ | ||||
| * | Avoid using an uninitialized variable. | visa | 2017-12-01 | 1 | -4/+6 |
| | | | | | | | Found by gcc. OK jca@ | ||||
| * | add -i to SYNOPSIS/usage() and sundry tweaks; | jmc | 2017-11-29 | 1 | -2/+3 |
| | | | | | ok beck | ||||
| * | Add option -i to allow oscpcheck to be used to validate an on-disk staple | beck | 2017-11-28 | 1 | -46/+92 |
| | | | | | ok claudio@ benno@ | ||||
| * | Print size_t's correctly. | beck | 2017-05-08 | 1 | -3/+3 |
| | | | | | Fix from Jonas 'Sortie' Termansen <sortie@maxsi.org> | ||||
| * | repair knf & whitespace that jumped out of the screen during review | deraadt | 2017-03-27 | 1 | -23/+18 |
| | | | | | ok beck | ||||
| * | use a path of "/" if the URL does not include a trailing / - since | beck | 2017-03-27 | 1 | -2/+5 |
| | | | | | | | the web server probably doesn't like it, even though you published the url without the trailing / in the certificate. (hello digicert!) ok claudio@ | ||||
| * | Fail early if an ocep server returns a non-200 http response, there is no | beck | 2017-03-27 | 1 | -1/+4 |
| | | | | | point in trying to parse error pages as an ocsp response. | ||||
| * | pledge stdio before parsing the http response | beck | 2017-02-25 | 1 | -9/+11 |
| | | | | | ok tb@ | ||||
| * | Add missing $OpenBSD$ | beck | 2017-02-20 | 1 | -0/+1 |
| | | |||||
| * | netinet/in.h should be included, and freebsd and some others | beck | 2017-02-01 | 1 | -0/+3 |
| | | | | | | don't have EAI_NODATA, so make this easier for people from bernard spill | ||||
| * | oscp -> ocsp; | jmc | 2017-01-26 | 1 | -1/+1 |
| | | | | | from holger mikolon, plus one more in nc; | ||||
| * | Use numeric exit codes consistently rather than a mix | beck | 2017-01-26 | 1 | -11/+11 |
| | | | | | ok jsing@ | ||||
| * | style | beck | 2017-01-26 | 1 | -1/+1 |
| | | |||||
| * | Fix the structure initialzation to compile. bad inioguchi and millert :) | beck | 2017-01-26 | 1 | -1/+1 |
| | | | | | ok jsing@ rpe@ | ||||
| * | Fix array initialization syntax for ocspcheck.c | inoguchi | 2017-01-25 | 1 | -1/+1 |
| | | | | | | Conformance to C99, and avoiding build break on VisualStudio and HP-UX. OK millert@ | ||||
| * | correct usage format; ok beck claudio benno | deraadt | 2017-01-24 | 1 | -2/+3 |
| | | |||||
| * | fix mode on open() and ftruncate(), noticed by | beck | 2017-01-24 | 1 | -2/+4 |
| | | | | | bcook@ | ||||
| * | Say no to two line error messages on failure | beck | 2017-01-24 | 1 | -4/+3 |
| | | |||||
| * | Actually load the cafile when providede, and error message cleanup | beck | 2017-01-24 | 1 | -4/+4 |
| | | |||||
| * | use warn, I have errno here. noticed by theo | beck | 2017-01-24 | 1 | -1/+1 |
| | | |||||
| * | knf | beck | 2017-01-24 | 1 | -1/+2 |
| | | |||||
| * | Just don't bother with OpenSSL error strings, they are mostly | beck | 2017-01-24 | 1 | -19/+13 |
| | | | | | irrelevant and look gross here anyway.. we don't need them | ||||
| * | various cleanup; | jmc | 2017-01-24 | 1 | -1/+1 |
| | | |||||
| * | New ocspcheck utility to validate a certificate against its ocsp responder | beck | 2017-01-24 | 1 | -0/+635 |
| and save the reply for stapling ok deraadt@ jsing@ | |||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |