| Commit message (Collapse) | Author | Files | Lines | ||
|---|---|---|---|---|---|
| 2017-08-09 | Remove unnecessary curly braces and unindent. Also add a few blank lines | jsing | 1 | -11/+13 | |
| for readability. | |||||
| 2017-08-09 | Fix conditionals for DH controls. | jsing | 1 | -3/+3 | |
| 2017-08-01 | add missing and correct misspelled names, most in NAME sections; | schwarze | 10 | -33/+45 | |
| found with regress/usr.bin/mandoc/db/dbm_dump; OK jmc@ | |||||
| 2017-08-01 | correct function name; | jmc | 1 | -3/+3 | |
| from carlos cardenas | |||||
| 2017-07-27 | Sort subdir, run getaddrinfo test, remove vax case. | bluhm | 1 | -13/+21 | |
| 2017-07-27 | Sort expected getaddrinfo output in inet4 inet6 order, then the | bluhm | 2 | -46/+37 | |
| test passes. | |||||
| 2017-07-27 | Fix all clang warnings in libc regress and cleanup some make files. | bluhm | 18 | -75/+67 | |
| 2017-07-27 | Mark the invalid memory location as volatile, otherwise clang would | bluhm | 1 | -2/+2 | |
| optimize the access to it with an illegal instruction. But the tests needs a SIGSEGV, it would fail with SIGILL. | |||||
| 2017-07-25 | as noted by Hanno Boeck, using the *check_private_key functions is | benno | 1 | -6/+22 | |
| tricky, especially since the manpage is full of lies. Try to make readers think twice before using them. With oks and help from schwarze@, tedu@, sthen@, jmc@ | |||||
| 2017-07-24 | Extend the SNI tests to ensure that we have a hostname in the session | jsing | 1 | -2/+31 | |
| after a successful tlsext_sni_serverhello_parse() and that tlsext_sni_clienthello_parse() fails if we have an existing session and the SNI is mismatched. | |||||
| 2017-07-24 | Rewrite and move the last remnants of the ServerHello SNI handling into | jsing | 2 | -29/+25 | |
| tlsext_sni_serverhello_parse(). This also adds a check to ensure that if we have an existing session, the name matches what we specified via SNI. ok doug@ | |||||
| 2017-07-24 | Add regress coverage for the TLS Renegotiation Indication extension. | jsing | 1 | -1/+266 | |
| 2017-07-24 | Rewrite the TLS Renegotiation Indication extension handling using CBB/CBS | jsing | 6 | -346/+161 | |
| and the new extension framework. Feedback from doug@ ok inoguchi@ | |||||
| 2017-07-23 | Hook the TLS extension parsing framework into the serverhello parsing. | jsing | 1 | -1/+6 | |
| Missed in the original commit. | |||||
| 2017-07-22 | zap trailing whitespace; | jmc | 1 | -2/+2 | |
| 2017-07-22 | rework the page a bit, clarify a few things, maybe better wording | tedu | 1 | -8/+13 | |
| 2017-07-20 | Allow leading . in nameConstraints. from openssl via jabberwock. ok jsing | tedu | 1 | -2/+2 | |
| 2017-07-19 | Check the return value of CBB_init_fixed(), since it can fail. | jsing | 1 | -3/+5 | |
| 2017-07-16 | Provide a new regress test for TLS extension handlers, currently covering | jsing | 3 | -1/+256 | |
| the newly converted SNI code. | |||||
| 2017-07-16 | Start rewriting TLS extension handling. | jsing | 4 | -141/+328 | |
| Introduce a TLS extension handling framework that has per-extension type functions to determine if an extension is needed, to build the extension data and parse the extension data. This is somewhat analogous to BoringSSL, however these build and parse functions are intentionally symetrical. The framework is hooked into the existing TLS handling code in such a way that we can gradual convert the extension handling code. Convert the TLS Server Name Indication extension to the new framework, while rewriting it to use CBB/CBS and be more strict in the process. Discussed with beck@ ok inoguchi@ | |||||
| 2017-07-15 | grammar was ass backwards; | jmc | 1 | -7/+7 | |
| 2017-07-15 | Remove unused variable. | jsing | 1 | -3/+3 | |
| Reported by <dravion at ht-foss dot net> | |||||
| 2017-07-15 | Add a "-T tlscompat" option to nc(1), which enables the use of all TLS | jsing | 2 | -5/+12 | |
| protocols and "compat" ciphers. This allows for TLS connections to TLS servers that are using less than ideal cipher suites, without having to resort to "-T tlsall" which enables all known cipher suites. Diff from Kyle J. McKay <mackyle at gmail dot com> ok beck@ | |||||
| 2017-07-15 | Add a test that covers the recently fixed "0x" prefix handling issue. | jsing | 1 | -1/+2 | |
| 2017-07-10 | remove misc. depend and yacc nits that no longer matter. | espie | 1 | -2/+1 | |
| okay millert@ | |||||
| 2017-07-10 | one more instance of the previous commit; also initialize ->offset to a | otto | 1 | -2/+3 | |
| definite value in the size == 0 case | |||||
| 2017-07-09 | remove redundant variable declarations in Makefiles, since those arelibressl-v2.6.0 | espie | 1 | -2/+1 | |
| the default. okay millert@ | |||||
| 2017-07-08 | update the little endian processor list to give it a chance of matching | tedu | 2 | -6/+6 | |
| what the reader is using. | |||||
| 2017-07-08 | Run malloc0test with all possible malloc options. | bluhm | 1 | -1/+7 | |
| 2017-07-07 | Only access offset if canaries are enabled *and* size > 0, otherwise offset | otto | 1 | -2/+2 | |
| is not initialized. Problem spotted by Carlin Bingham; ok phessler@ tedu@ | |||||
| 2017-07-06 | Document tls_config_set_crl_file() and tls_config_set_crl_mem(). | jsing | 1 | -3/+30 | |
| Based on a diff from Jack Burton <jack at saosce dot com dot au>, thanks! | |||||
| 2017-07-06 | Bump minor due to symbol addition. | jsing | 1 | -1/+1 | |
| 2017-07-06 | Add support for providing CRLs to libtls - once a CRL is provided we | jsing | 5 | -4/+67 | |
| enable CRL checking for the full certificate chain. Based on a diff from Jack Burton <jack at saosce dot com dot au>, thanks! Discussed with beck@ | |||||
| 2017-07-06 | The 0x (or 0X) prefix in base 16 is optional so only skip over the | millert | 6 | -18/+18 | |
| prefix if the character following it is a valid hex char. The C99 standard is clear that given the string "0xy" zero should be returned and endptr set to point to the "x". OK deraadt@ espie@ | |||||
| 2017-07-06 | fix broken cross references; found with mandoc -Tlint | schwarze | 3 | -43/+8 | |
| 2017-07-05 | RFC 6066 states that IP literals are not permitted in "HostName" for a | jsing | 1 | -3/+9 | |
| TLS Server Name extension, however seemingly several clients (including Python, Ruby and Safari) violate the RFC. Given that this is a fairly widespread issue, if we receive a TLS Server Name extension that contains an IP literal, pretend that we did not receive the extension rather than causing a handshake failure. Issue raised by jsg@ ok jsg@ | |||||
| 2017-07-05 | nits about trailing punctuation found with mandoc -Tlint | schwarze | 1 | -4/+4 | |
| 2017-07-05 | void functions don't return 0 | tb | 1 | -6/+2 | |
| From Klemens Nanni | |||||
| 2017-07-05 | fix cross references to self; found with mandoc -Tlint | schwarze | 4 | -13/+12 | |
| 2017-06-28 | .init stub creation doesn't need a jmp + .align to reach a branch target, | deraadt | 1 | -3/+0 | |
| just fall into the code. The .align created a FILL zone in the .init section, which on i386 was filled with a NOP-sled, something we want to get away from. discussed with kettenis and tom | |||||
| 2017-06-22 | Use the tls_password_cb() callback with all PEM_read_bio_*() calls, so that | jsing | 4 | -11/+14 | |
| we can prevent libcrypto from going behind our back and trying to read passwords from standard input (which we may not be permitted to do). Found by jsg@ with httpd and password protected keys. | |||||
| 2017-06-22 | Fix incorrect indentation. | jsing | 1 | -2/+2 | |
| 2017-06-22 | Plug a memory leak in tls_keypair_cert_hash(), introduced in r1.60. | jsing | 1 | -1/+3 | |
| 2017-06-22 | Remove dead code that has remained hiding since ressl.c r1.14! | jsing | 1 | -4/+1 | |
| 2017-06-22 | Use the standard `rv' idiom in tls_keypair_load_cert(), rather than | jsing | 1 | -5/+4 | |
| duplicating clean up code. | |||||
| 2017-06-22 | Distinguish between self-issued certificates and self-signed certificates. | jsing | 2 | -30/+40 | |
| The certificate verification code has special cases for self-signed certificates and without this change, self-issued certificates (which it seems are common place with openvpn/easyrsa) were also being included in this category. Based on BoringSSL. Thanks to Dale Ghent <daleg at elemental dot org> for assisting in identifying the issue and testing this fix. ok inoguchi@ | |||||
| 2017-06-19 | port the RBT code to userland by making it part of libc. | dlg | 1 | -10/+11 | |
| src/lib/libc/gen/tree.c is a copy of src/sys/kern/subr_tree.c, but with annotations for symbol visibility. changes to one should be reflected in the other. the malloc debug code that uses RB code is ported to RBT. because libc provides the RBT code, procmap doesn't have to reach into the kernel and build subr_tree.c itself now. mild enthusiasm from many ok guenther@ | |||||
| 2017-06-16 | mark files as BUILDFIRST, or write explicit dependencies, so that most | espie | 1 | -1/+2 | |
| programs will build even without a make depend first. okay tb@ millert@ | |||||
| 2017-06-11 | Continue the flattening of the pledge logic started in r1.184 and place | tb | 1 | -8/+8 | |
| a blank space somewhere else. suggested by and ok jsing | |||||
| 2017-06-11 | Simple style(9) fixes from Juuso Lapinlampi, mostly whitespace and | tb | 1 | -33/+35 | |
| omitting parentheses in return statements. Binary change because of return instead of exit(3) from main and because help() is now __dead. ok awolk | |||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |