summaryrefslogtreecommitdiff
path: root/src/usr.sbin (follow)
Commit message (Collapse)AuthorAgeFilesLines
* spelling fixes; from paul tagliamontejmc2022-12-281-2/+2
| | | | any parts of his diff not taken are noted on tech
* The argument to ctype functions must be EOF or representable as anflorian2022-12-151-2/+2
| | | | | | | | | | unsigned char. Casting to int is particularly useless because that's what the compiler already does. We need to prevent sign extension, not write down that we want sign extension. OK deraadt, kn, miod, op
* Add missing void to definition of http_init().tb2021-09-141-2/+2
| | | | ok deraadt florian
* Remove unneeded calls to tls_init(3)kn2021-07-141-6/+1
| | | | | | | | | | | | As per the manual and lib/libtls/tls.c revision 1.79 from 2018 "Automatically handle library initialisation for libtls." initialisation is handled automatically by other tls_*(3) functions. Remove explicit tls_init() calls from base to not give the impression of it being needed. Feedback tb OK Tests mestre
* Change the error reporting pattern throughout the tree when unveilbeck2021-07-121-4/+4
| | | | | | | | | fails to report the path that the failure occured on. Suggested by deraadt@ after some tech discussion. Work done and verified by Ashton Fagg <ashton@fagg.id.au> ok deraadt@ semarie@ claudio@
* Walk over all results from getaddrinfo() instead of giving up after theclaudio2021-02-091-2/+1
| | | | | | | first entry. This way ocspcheck will try all returned IPs to contact the OCSP server. Found by the regress test and a resolv.conf file with 'family inet6 inet4'. OK kn@ deraadt@
* Refactor a bunch of oscpcheck for single return to clean it up,beck2020-10-161-63/+95
| | | | | | | | | | | | and add the ability to parse a port in the specified ocsp url. Since this will now pass them, enable regress tests previously committed for ocspcheck. mostly by me with some cleanup by tb after an obvious yak was found to shave in the OCSP routines in libcrypto ok tb@
* Ignore ftruncate failure with errno == EAGAINtb2020-09-041-2/+5
| | | | | | This makes piping the OCSP response to other programs with -o - work. input and r+ guenther
* The X509_LOOKUP code tries to grope around in /etc/ssl/cert/ to findtb2020-01-231-30/+67
| | | | | | | | | | | | | | | | CA certs it couldn't find otherwise. This may lead to a pledge rpath violation reported by Kor, son of Rynar. Unfortunately, providing certs inside a directory is common in linuxes, so we need to keep this functionality for portable. Check if /etc/ssl/cert.pem and /etc/ssl/cert exist and pledge accordingly. Add unveils to restrict this program further on a default OpenBSD install. Fix -C to look only inside the provided root bundle. Input from jsing and sthen, tests by sthen and Kor ok beck, jsing, sthen (after much back and forth)
* Set "Content-Type: application/ocsp-request" in ocspcheck(1)'s POSTs,sthen2020-01-111-1/+2
| | | | | it is required by the RFC and some CAs require it (e.g. sectigo). From daharmasterkor at gmail com, ok jca@
* When system calls indicate an error they return -1, not some arbitraryderaadt2019-06-281-5/+5
| | | | | | value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
* check result of ftruncate() as we do write() belowbcook2019-05-151-2/+4
| | | | ok beck@
* update for libtls default cert changes.tedu2018-11-291-2/+2
| | | | bonus: this exposed a few missing const qualifiers.
* Use TLS_CA_CERT_FILE instead of a separate define.jsing2018-11-061-4/+2
| | | | ok beck@ bluhm@ tb@
* Avoid using an uninitialized variable.visa2017-12-011-4/+6
| | | | | | Found by gcc. OK jca@
* add -i to SYNOPSIS/usage() and sundry tweaks;jmc2017-11-292-6/+8
| | | | ok beck
* Add option -i to allow oscpcheck to be used to validate an on-disk staplebeck2017-11-282-49/+103
| | | | ok claudio@ benno@
* add missing HISTORY; based on CVS logs and release announcementsschwarze2017-10-171-2/+7
|
* Print size_t's correctly.beck2017-05-081-3/+3
| | | | Fix from Jonas 'Sortie' Termansen <sortie@maxsi.org>
* Limit -Werror to gcc4 as was done in libcrypto/libssl/libtls to avoidjsg2017-05-071-3/+7
| | | | | | failed builds with different compilers. ok jsing@
* repair knf & whitespace that jumped out of the screen during reviewderaadt2017-03-271-23/+18
| | | | ok beck
* use a path of "/" if the URL does not include a trailing / - sincebeck2017-03-271-2/+5
| | | | | | the web server probably doesn't like it, even though you published the url without the trailing / in the certificate. (hello digicert!) ok claudio@
* Fail early if an ocep server returns a non-200 http response, there is nobeck2017-03-271-1/+4
| | | | point in trying to parse error pages as an ocsp response.
* recallocarray() for data buffer from the net.deraadt2017-03-261-3/+5
| | | | ok beck
* pledge stdio before parsing the http responsebeck2017-02-251-9/+11
| | | | ok tb@
* Add missing $OpenBSD$beck2017-02-201-0/+1
|
* Don't use <sys/param.h> from userland without cause. Sort <sys/*>guenther2017-02-031-3/+4
| | | | | | before other includes per style(9) while we're here. ok florian@ bcook@ jsing@ beck@
* netinet/in.h should be included, and freebsd and some othersbeck2017-02-012-2/+6
| | | | | don't have EAI_NODATA, so make this easier for people from bernard spill
* oscp -> ocsp;jmc2017-01-262-4/+4
| | | | from holger mikolon, plus one more in nc;
* Use numeric exit codes consistently rather than a mixbeck2017-01-261-11/+11
| | | | ok jsing@
* stylebeck2017-01-261-1/+1
|
* Fix the structure initialzation to compile. bad inioguchi and millert :)beck2017-01-261-1/+1
| | | | ok jsing@ rpe@
* Fix array initialization syntax for ocspcheck.cinoguchi2017-01-251-1/+1
| | | | | Conformance to C99, and avoiding build break on VisualStudio and HP-UX. OK millert@
* remove __BEGIN_DECLS and __END_DECLS from http.hinoguchi2017-01-251-5/+1
| | | | | sync with ocspcheck and acme-client ok benno@
* bring changes from acme-client over here.benno2017-01-251-56/+54
| | | | ok beck@
* correct usage format; ok beck claudio bennoderaadt2017-01-241-2/+3
|
* fix mode on open() and ftruncate(), noticed bybeck2017-01-241-2/+4
| | | | bcook@
* Say no to two line error messages on failurebeck2017-01-241-4/+3
|
* s/returns/exits/beck2017-01-241-2/+2
|
* Break run-on sentence into two.beck2017-01-241-3/+4
|
* string terminator is called a NULderaadt2017-01-242-5/+5
|
* Actually load the cafile when providede, and error message cleanupbeck2017-01-241-4/+4
|
* use warn, I have errno here. noticed by theobeck2017-01-241-1/+1
|
* Yes the "if (const == val" idiom provides some safety, but it grates onderaadt2017-01-241-58/+58
| | | | | us too much. ok beck jsing
* knfbeck2017-01-241-1/+2
|
* revert accidental commit of theo diffbeck2017-01-241-58/+58
|
* Just don't bother with OpenSSL error strings, they are mostlybeck2017-01-242-77/+71
| | | | irrelevant and look gross here anyway.. we don't need them
* various cleanup;jmc2017-01-242-29/+28
|
* slight cleanupsderaadt2017-01-241-4/+3
|
* s/exit/exist/ typobeck2017-01-241-2/+2
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-17 13:14:36 +0000