summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Use freezero() for i2d_SSL_SESSION() - one line of code instead of three.jsing2017-04-101-5/+2
| | | | | | In this case the memory allocated can also be significant, in which case freezero() will have less overhead than explicit_bzero() (munmap instead of touching all of the memory to write zeros).
* fix some .Xr errors that jmc@ found with mdoclint(1)schwarze2017-04-103-12/+13
|
* new manual page SSL_get_server_tmp_key(3)schwarze2017-04-103-2/+88
| | | | from Matt Caswell <matt@openssl.org>, OpenSSL commit 508fafd8
* Additional SSL_SESSION documentationschwarze2017-04-1011-16/+349
| | | | | from Matt Caswell <matt at openssl dot org>, OpenSSL commit b31db505. Improve crosslinking while here.
* for pure *_ctrl() wrapper macros, move the reference from ssl(3)schwarze2017-04-1014-49/+54
| | | | to SSL_CTX_ctrl(3) to make ssl(3) slightly more palatable
* new manual page SSL_CTX_set_tlsext_servername_callback(3) for SNI;schwarze2017-04-102-1/+126
| | | | | from <Jon dot Spillett at oracle dot com> via OpenSSL commit 8c55c461
* tweak previous;jmc2017-04-101-4/+4
|
* Convert various client key exchange functions to freezero(3). The memoryjsing2017-04-101-14/+5
| | | | | contents needs to be made inaccessible - this is simpler and less error prone than the current "if not NULL, explicit_bzero(); free()" dance.
* Introducing freezero(3) a version of free that guarantees the processotto2017-04-102-36/+130
| | | | | | no longer has access to the content of a memmory object. It does this by either clearing (if the object memory remains cached) or by calling munmap(2). ok millert@, deraadt@, guenther@
* pasto; from <Jon dot Spillett at oracle dot com> via OpenSSL commit 3aaa1bd0schwarze2017-04-101-3/+3
|
* typo fix; from <Jon dot Spillett at oracle dot com>schwarze2017-04-101-5/+5
| | | | via OpenSSL commit 7bd27895
* Simplify/clean up BUF_MEM_grow_clean().jsing2017-04-091-17/+16
| | | | ok beck@
* With recallocarray() BUF_MEM_grow() is essentially the same asjsing2017-04-091-28/+2
| | | | | | | BUF_MEM_grow_clean() (the only difference is clearing on internal down sizing), so make it a wrapper. ok beck@ deraadt@
* Explicitly test for NULL.jsing2017-04-091-4/+4
| | | | ok beck@
* Improve unknown protocol version handling.jsing2017-04-091-2/+3
|
* In ssl.h TLS 1.0 is called TLSv1. Adapt name in test to make it pass.bluhm2017-04-071-1/+1
| | | | OK jsing@
* Use uint8_t instead of u_int8_t - for consistency and to make things easierjsing2017-04-071-2/+2
| | | | | | for portable. From Raphael Hittich.
* trailing ; on end of macro definition is wrong; ok guentherderaadt2017-04-061-4/+4
|
* Consistentcy between nmembers and size order. From Christopher Hettrick;otto2017-04-061-8/+8
| | | | ok deraadt@
* bump version for new development branchbcook2017-04-061-3/+3
|
* first print size in meta-data then supplied arg size when an inconsistency isotto2017-04-061-3/+3
| | | | detected wrt recallocarray()
* - -Z before -z in options listjmc2017-04-052-7/+9
| | | | - add -Z to help and usage()
* Allow nc to save the peer certificate and chain in a pem file specifiedbeck2017-04-052-4/+39
| | | | | with -Z ok jsing@
* Add tls_peer_cert_chain_pem - To retreive the peer certificate and chainbeck2017-04-057-6/+77
| | | | | | | as PEM format. This allows for it to be used or examined with tools external to libtls bump minor ok jsing@
* Internal changes to allow for relayd engine privsep. sends the hash of thebeck2017-04-055-29/+87
| | | | | | public key as an identifier to RSA, and adds an function for relayd to use to disable private key checking when doing engine privsep. ok jsing@
* Fix silly code that printfs NULL when there are no fractional secondsbeck2017-04-031-2/+2
| | | | | | on a GENREALIZEDTIME (which there should really never be for anything remotely standards compliant) ok jsing@
* rephrase more enumerations of functionsotto2017-03-291-13/+10
|
* tweak previous;jmc2017-03-291-3/+5
|
* Fix typo in function name;schwarze2017-03-281-4/+5
| | | | | from Markus Triska <triska at metalevel dot at> via OpenSSL commit 1f164c6f.
* After i wrote SSL_renegotiate(3) from scratch, OpenSSL alsoschwarze2017-03-281-12/+109
| | | | | | | documented the function. Merge the more detailed descriptions and the additional documentation of SSL_renegotiate_abbreviated(3) and SSL_renegotiate_pending(3). From Matt Caswell, OpenSSL commit 39820637.
* small cleanup & optimization; ok deraadt@ millert@otto2017-03-281-2/+5
|
* repair knf & whitespace that jumped out of the screen during reviewderaadt2017-03-271-23/+18
| | | | ok beck
* use a path of "/" if the URL does not include a trailing / - sincebeck2017-03-271-2/+5
| | | | | | the web server probably doesn't like it, even though you published the url without the trailing / in the certificate. (hello digicert!) ok claudio@
* Fail early if an ocep server returns a non-200 http response, there is nobeck2017-03-271-1/+4
| | | | point in trying to parse error pages as an ocsp response.
* reinstate the capitalisation from previous, as advised by schwarze;jmc2017-03-271-3/+3
|
* recallocarray() for data buffer from the net.deraadt2017-03-261-3/+5
| | | | ok beck
* tweak previous;jmc2017-03-263-9/+9
|
* Stop enumeration all allocation functions, just say "allocation functions"libressl-v2.5.2otto2017-03-261-32/+13
| | | | ok jmc@ deraadt@
* merge new UI documentation from OpenSSLschwarze2017-03-265-13/+651
|
* document X509_Digest(3) and friends;schwarze2017-03-252-1/+135
| | | | from Rich Salz <rsalz@openssl.org>, OpenSSL commit 3e5d9da5 etc.
* document the public function X509_cmp_time(3);schwarze2017-03-252-1/+88
| | | | | from Emilia Kasper <emilia@openssl.org>, OpenSSL commit 80770da3, tweaked by me
* correct RETURN VALUES;schwarze2017-03-251-7/+13
| | | | from Richard Levitte <levitte@openssl.org>, OpenSSL commit cdd6c8c5
* fix two more prototypes;schwarze2017-03-251-5/+5
| | | | from Matt Caswell <matt@openssl.org>, OpenSSL commit b41f6b64
* correct prototypes;schwarze2017-03-251-5/+5
| | | | from Matt Caswell <matt@openssl.org>, OpenSSL commit b41f6b64
* complete description of RETURN VALUES;schwarze2017-03-251-6/+8
| | | | from Alexander Koeppe via OpenSSL commit bb6c5e7f
* minimal stub-quality documentation of EVP_MD_CTX_ctrl(3);schwarze2017-03-251-3/+17
| | | | from Todd Short <tshort@akamai.com> via OpenSSL commit 52ad5b60
* OpenSSL documented the public function BIO_printf(3) (and friends)schwarze2017-03-253-3/+91
| | | | | in commit 2ca2e917. Document it here, too, but do not use their text. Be more concise and more precise at the same time.
* document ASN1_tag2str(3); from OpenSSL commit 9e183d22schwarze2017-03-251-4/+14
|
* Update RFC reference for TLSEXT_TYPE_padding.jsing2017-03-251-5/+2
|
* Check tls1_PRF() return value in tls1_generate_master_secret().jsing2017-03-251-4/+4
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 04:18:44 +0000