| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Ignore ftruncate failure with errno == EAGAIN | tb | 2020-09-04 | 1 | -2/+5 |
| | | | | | | | This makes piping the OCSP response to other programs with -o - work. input and r+ guenther | ||||
| * | The X509_LOOKUP code tries to grope around in /etc/ssl/cert/ to find | tb | 2020-01-23 | 1 | -30/+67 |
| | | | | | | | | | | | | | | | | | CA certs it couldn't find otherwise. This may lead to a pledge rpath violation reported by Kor, son of Rynar. Unfortunately, providing certs inside a directory is common in linuxes, so we need to keep this functionality for portable. Check if /etc/ssl/cert.pem and /etc/ssl/cert exist and pledge accordingly. Add unveils to restrict this program further on a default OpenBSD install. Fix -C to look only inside the provided root bundle. Input from jsing and sthen, tests by sthen and Kor ok beck, jsing, sthen (after much back and forth) | ||||
| * | Set "Content-Type: application/ocsp-request" in ocspcheck(1)'s POSTs, | sthen | 2020-01-11 | 1 | -1/+2 |
| | | | | | | it is required by the RFC and some CAs require it (e.g. sectigo). From daharmasterkor at gmail com, ok jca@ | ||||
| * | When system calls indicate an error they return -1, not some arbitrary | deraadt | 2019-06-28 | 1 | -5/+5 |
| | | | | | | | value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future. | ||||
| * | check result of ftruncate() as we do write() below | bcook | 2019-05-15 | 1 | -2/+4 |
| | | | | | ok beck@ | ||||
| * | update for libtls default cert changes. | tedu | 2018-11-29 | 1 | -2/+2 |
| | | | | | bonus: this exposed a few missing const qualifiers. | ||||
| * | Use TLS_CA_CERT_FILE instead of a separate define. | jsing | 2018-11-06 | 1 | -4/+2 |
| | | | | | ok beck@ bluhm@ tb@ | ||||
| * | Avoid using an uninitialized variable. | visa | 2017-12-01 | 1 | -4/+6 |
| | | | | | | | Found by gcc. OK jca@ | ||||
| * | add -i to SYNOPSIS/usage() and sundry tweaks; | jmc | 2017-11-29 | 2 | -6/+8 |
| | | | | | ok beck | ||||
| * | Add option -i to allow oscpcheck to be used to validate an on-disk staple | beck | 2017-11-28 | 2 | -49/+103 |
| | | | | | ok claudio@ benno@ | ||||
| * | add missing HISTORY; based on CVS logs and release announcements | schwarze | 2017-10-17 | 1 | -2/+7 |
| | | |||||
| * | Print size_t's correctly. | beck | 2017-05-08 | 1 | -3/+3 |
| | | | | | Fix from Jonas 'Sortie' Termansen <sortie@maxsi.org> | ||||
| * | Limit -Werror to gcc4 as was done in libcrypto/libssl/libtls to avoid | jsg | 2017-05-07 | 1 | -3/+7 |
| | | | | | | | failed builds with different compilers. ok jsing@ | ||||
| * | repair knf & whitespace that jumped out of the screen during review | deraadt | 2017-03-27 | 1 | -23/+18 |
| | | | | | ok beck | ||||
| * | use a path of "/" if the URL does not include a trailing / - since | beck | 2017-03-27 | 1 | -2/+5 |
| | | | | | | | the web server probably doesn't like it, even though you published the url without the trailing / in the certificate. (hello digicert!) ok claudio@ | ||||
| * | Fail early if an ocep server returns a non-200 http response, there is no | beck | 2017-03-27 | 1 | -1/+4 |
| | | | | | point in trying to parse error pages as an ocsp response. | ||||
| * | recallocarray() for data buffer from the net. | deraadt | 2017-03-26 | 1 | -3/+5 |
| | | | | | ok beck | ||||
| * | pledge stdio before parsing the http response | beck | 2017-02-25 | 1 | -9/+11 |
| | | | | | ok tb@ | ||||
| * | Add missing $OpenBSD$ | beck | 2017-02-20 | 1 | -0/+1 |
| | | |||||
| * | Don't use <sys/param.h> from userland without cause. Sort <sys/*> | guenther | 2017-02-03 | 1 | -3/+4 |
| | | | | | | | before other includes per style(9) while we're here. ok florian@ bcook@ jsing@ beck@ | ||||
| * | netinet/in.h should be included, and freebsd and some others | beck | 2017-02-01 | 2 | -2/+6 |
| | | | | | | don't have EAI_NODATA, so make this easier for people from bernard spill | ||||
| * | oscp -> ocsp; | jmc | 2017-01-26 | 2 | -4/+4 |
| | | | | | from holger mikolon, plus one more in nc; | ||||
| * | Use numeric exit codes consistently rather than a mix | beck | 2017-01-26 | 1 | -11/+11 |
| | | | | | ok jsing@ | ||||
| * | style | beck | 2017-01-26 | 1 | -1/+1 |
| | | |||||
| * | Fix the structure initialzation to compile. bad inioguchi and millert :) | beck | 2017-01-26 | 1 | -1/+1 |
| | | | | | ok jsing@ rpe@ | ||||
| * | Fix array initialization syntax for ocspcheck.c | inoguchi | 2017-01-25 | 1 | -1/+1 |
| | | | | | | Conformance to C99, and avoiding build break on VisualStudio and HP-UX. OK millert@ | ||||
| * | remove __BEGIN_DECLS and __END_DECLS from http.h | inoguchi | 2017-01-25 | 1 | -5/+1 |
| | | | | | | sync with ocspcheck and acme-client ok benno@ | ||||
| * | bring changes from acme-client over here. | benno | 2017-01-25 | 1 | -56/+54 |
| | | | | | ok beck@ | ||||
| * | correct usage format; ok beck claudio benno | deraadt | 2017-01-24 | 1 | -2/+3 |
| | | |||||
| * | fix mode on open() and ftruncate(), noticed by | beck | 2017-01-24 | 1 | -2/+4 |
| | | | | | bcook@ | ||||
| * | Say no to two line error messages on failure | beck | 2017-01-24 | 1 | -4/+3 |
| | | |||||
| * | s/returns/exits/ | beck | 2017-01-24 | 1 | -2/+2 |
| | | |||||
| * | Break run-on sentence into two. | beck | 2017-01-24 | 1 | -3/+4 |
| | | |||||
| * | string terminator is called a NUL | deraadt | 2017-01-24 | 2 | -5/+5 |
| | | |||||
| * | Actually load the cafile when providede, and error message cleanup | beck | 2017-01-24 | 1 | -4/+4 |
| | | |||||
| * | use warn, I have errno here. noticed by theo | beck | 2017-01-24 | 1 | -1/+1 |
| | | |||||
| * | Yes the "if (const == val" idiom provides some safety, but it grates on | deraadt | 2017-01-24 | 1 | -58/+58 |
| | | | | | | us too much. ok beck jsing | ||||
| * | knf | beck | 2017-01-24 | 1 | -1/+2 |
| | | |||||
| * | revert accidental commit of theo diff | beck | 2017-01-24 | 1 | -58/+58 |
| | | |||||
| * | Just don't bother with OpenSSL error strings, they are mostly | beck | 2017-01-24 | 2 | -77/+71 |
| | | | | | irrelevant and look gross here anyway.. we don't need them | ||||
| * | various cleanup; | jmc | 2017-01-24 | 2 | -29/+28 |
| | | |||||
| * | slight cleanups | deraadt | 2017-01-24 | 1 | -4/+3 |
| | | |||||
| * | s/exit/exist/ typo | beck | 2017-01-24 | 1 | -2/+2 |
| | | |||||
| * | New ocspcheck utility to validate a certificate against its ocsp responder | beck | 2017-01-24 | 5 | -0/+1634 |
| | | | | | | | and save the reply for stapling ok deraadt@ jsing@ | ||||
| * | Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not | jsing | 2014-08-26 | 2 | -10438/+0 |
| | | | | | | | | | a system/superuser binary. At the same time, move the source code from its current lib/libssl/src/apps location to a more appropriate home under usr.bin/openssl. ok deraadt@ miod@ | ||||
| * | Link dependencies on libssl and libcrypto were missing. | guenther | 2014-07-27 | 1 | -2/+3 |
| | | | | | | | OPENSSL_NO_RC5 is #defined in the #includes, so it's not needed here. ok deraadt@ | ||||
| * | Use Cm instead of Li for 'MASK:' | guenther | 2014-07-22 | 1 | -2/+2 |
| | | | | | (Overlooked among jmc@'s other suggestions) | ||||
| * | Rewrite the description of the string_mask config file option to match | guenther | 2014-07-22 | 1 | -34/+30 |
| | | | | | | | reality, and reformatting to be readable. formatting and wording suggestions miod@ jmc@ | ||||
| * | Warnings. I haz them. | miod | 2014-07-02 | 1 | -2/+11 |
| | | |||||
| * | Alexander Schrijver posted a diff to remove references to the c_rehash script, | jmc | 2014-06-25 | 1 | -6/+5 |
| | | | | | | | which we don;t have in base. after some discussion with jca, i've not removed these references, but tried to make it clearer it's distributed with openssl and not included in base; | ||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |