summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* In ssl.h rev. 1.154 2018/03/20 15:28:12, tb@ providedschwarze2018-03-201-9/+37
| | | | | SSL_SESSION_set1_id(3). Merge the documentation from OpenSSL, slightly tweaked by me.
* If X509_check_{host,email}() are called with a length of zero, use strlen()jsing2018-03-201-3/+7
| | | | | | | | | to determine the length. This is the documented behaviour and matches the OpenSSL implementation. Issue found by Michael Gmelin <freebsd at grem dot de>. ok tb@
* In x509_vfy.h rev. 1.27 2018/03/20 15:26:22, jsing@ providedschwarze2018-03-201-4/+18
| | | | X509_STORE_get_ex_new_index(3). Document it.
* In i2d_SSL_SESSION(), on error call CBB_cleanup() with the correct CBB.jsing2018-03-201-2/+2
| | | | Spotted by Coverity, although reported as a different issue.
* Avoid potentially calling strchr() on a NULL pointer injsing2018-03-201-7/+6
| | | | | | tls_config_set_ecdhecurve(). Spotted by Coverity.
* bump minors after symbol additiontb2018-03-203-3/+3
|
* Provide SSL_SESSION_set1_id()tb2018-03-204-3/+21
| | | | ok jsing
* Provide X509_STORE_get_ex_new_index macro.jsing2018-03-201-1/+5
|
* Remove the now unnecessary tls_init() call.jsing2018-03-191-4/+1
|
* Remove the tls_init() call, since it is no longer necessary.jsing2018-03-191-3/+1
| | | | ok bcook@ beck@ inoguchi@
* Automatically handle library initialisation for libtls.jsing2018-03-196-11/+28
| | | | | | | | | Now that we have tls_init() under pthread_once(), automatically initialise libtls from the entry point functions (tls_config(), tls_client() and tls_server()) - this makes an explicit tls_init() call no longer a requirement. ok bcook@ beck@ inoguchi@
* Add regress test ensuring autoinit stays pledge("stdio") safe.beck2018-03-193-1/+50
|
* correct funciton prototypebeck2018-03-191-3/+3
| | | | spotted by anton@
* I should not be calling ENGINE_load_builtin_engines_internalbeck2018-03-191-4/+2
| | | | | here, just the normal version. ok jsing@
* Add a -q (for quick) mode to apptest.sh, and use it by default.beck2018-03-192-11/+35
| | | | | | | this means that running the regression test doesn't take forever because we run a huge dhparam test and openssl speed tests. ok inoguchi@
* Correct mistake of loading the default openssl.conf by default during autoinit.beck2018-03-193-13/+37
| | | | | | | | This brings in the OPENSSL_INIT_LOAD_CONFIG flag with the same semantics as OpenSSL. As a result, by default the openssl.conf file is not loaded during autoinit, which makes autoinit safe for pledge(stdio). ok jsing@
* In ecdsa.h rev. 1.5 2018/03/17 15:24:44, tb@ providedschwarze2018-03-181-4/+39
| | | | | ECDSA_SIG_get0(3) and ECDSA_SIG_set0(3). Merge the documentation from OpenSSL.
* In rsa.h rev. 1.38 2018/03/17 15:12:56 and dsa.h rev. 1.30 2018/03/17schwarze2018-03-1810-15/+400
| | | | | | 15:19:12, tb@ provided a subset of the DSA_meth_*(3) and RSA_meth_*(3) functions. Merge the relevant parts of the manual pages from OpenSSL, heavily tweaked by me, in particular for conciseness.
* In x509.h rev. 1.43 2018/03/17 14:55:39, jsing@ providedschwarze2018-03-181-5/+16
| | | | X509_PUBKEY_get0(3). Merge the documentation from OpenSSL.
* In ocsp.h rev. 1.12 2018/03/17 14:44:34, jsing@ providedschwarze2018-03-181-4/+14
| | | | | OCSP_SINGLERESP_get0_id(3). OpenSSL fails to document it, so document it from scratch.
* In ssl.h rev. 1.149 2018/03/17 14:40:45, jsing@ providedschwarze2018-03-181-6/+79
| | | | | | SSL_CIPHER_get_cipher_nid(3), SSL_CIPHER_get_digest_nid(3), SSL_CIPHER_get_kx_nid(3), SSL_CIPHER_get_auth_nid(3), and SSL_CIPHER_is_aead(3). Merge the documentation from OpenSSL.
* In x509.h rev. 1.42 2018/03/17 14:33:20, jsing@ providedschwarze2018-03-181-3/+14
| | | | X509_REVOKED_dup(3). Document it.
* In ssl.h rev. 1.148 2018/03/17 14:26:13, jsing@ providedschwarze2018-03-181-4/+30
| | | | | SSL_SESSION_get0_id_context(3). Merge the documentation from OpenSSL, tweaked by me.
* Fix a typo: OPENSSL_INIT_LOAD_CONFIG doesn't have double underbars.tb2018-03-181-2/+2
| | | | | | Found via port build failures reported by sthen. ok jsing
* Clean up now that autoconfiguration is available:schwarze2018-03-171-78/+55
| | | | | | | | | | - deprecation notice - say more precisely what OPENSSL_config(3) does - kill the unfounded rumour that the library might inspect environment variables; in fact, only the openssl(1) program inspects $OPENSSL_CONF - garbage collect long, irrelevant ramblings about engines - garbage collect empty RETURN VALUES section - garbage collect CAVEATS section, duplicate information only
* In crypto.h rev. 1.43 and ssl.h rev. 1.153 2018/03/17 16:20:01, beck@schwarze2018-03-176-7/+148
| | | | | | provided OPENSSL_init_crypto(3) and OPENSSL_init_ssl(3). Write the documentation from scratch because the text OpenSSL provides is full of bloat.
* In ssl.h rev. 1.152 2018/03/17 15:55:52, tb@ providedschwarze2018-03-176-9/+97
| | | | | SSL_SESSION_has_ticket(3) and SSL_SESSION_get_ticket_lifetime_hint(3). Merge the documentation from OpenSSL, tweaked by me.
* In x509_cmp.c rev. 1.30 2018/03/17 14:57:23, jsing@ adjustedschwarze2018-03-171-3/+14
| | | | | X509_get0_pubkey(3) to the same semantics as in OpenSSL. Merge the documentation.
* crank majorstb2018-03-173-6/+6
| | | | req by deraadt
* Bump minors after symbol additiontb2018-03-173-3/+3
|
* Bring in compatibility for OpenSSL 1.1 style init functions.beck2018-03-1720-38/+322
| | | | | | | | | This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL ok jsing@, nits by tb@ and deraadt@
* Provide SSL_SESSION_get_ticket_lifetime_hint() andtb2018-03-173-2/+18
| | | | | | SSL_SESSION_has_ticket() ok jsing
* Provide SSL_CTX_get_default_passwd_cb{,_userdata}()tb2018-03-173-2/+18
| | | | ok jsing
* Provide X509_STORE_get0_param()tb2018-03-173-2/+10
| | | | ok jsing
* Provide X509_OBJECT_get_type(). Instead of the X509_LOOKUP_TYPE enumtb2018-03-173-2/+10
| | | | | | (which we don't have) it returns a plain int. ok jsing
* Provide X509_NAME_ENTRY_set()tb2018-03-173-2/+10
| | | | ok jsing
* Provide ECDSA_SIG_{g,s}et0().tb2018-03-173-2/+40
| | | | ok jsing
* Add DSA_meth_{dup,free,new,set_{finish,sign}}()tb2018-03-174-2/+93
| | | | | | | As in RSA_meth_*, note that these functions return NULL in out-of-memory situations, but they do not set an error explicitly. ok jsing
* Provide RSA_meth_{dup,free,new,set_{finish,priv_{dec,enc}}}()tb2018-03-174-3/+104
| | | | | | | Note that these functions return NULL in out-of-memory situations, but contrary to OpenSSL's versions they do not set an error. ok jsing
* Make BIO_meth_get_write() public. Omission spotted by schwarze.tb2018-03-172-1/+3
| | | | ok jsing
* Fix X509_get0_pubkey() - X509_get_pubkey() is a misnamed "get1" function,jsing2018-03-171-2/+4
| | | | | | so call X509_PUBKEY_get0() instead. Spotted by schwarze@ while documenting.
* Provide X509_PUBKEY_get0() by splitting X509_PUBKEY_get() and turning itjsing2018-03-173-7/+19
| | | | into a wrapper that calls X509_PUBKEY_get0() and up refs.
* SSL_SESSION_get_protocol_version() takes a const SSL_SESSION *.tb2018-03-172-4/+4
| | | | | | Noted by schwarze@ ok jsing@
* Provide OCSP_SINGLERESP_get0_id().jsing2018-03-173-2/+10
|
* Provide SSL_CIPHER_get_auth_nid(), SSL_CIPHER_get_cipher_nid(),jsing2018-03-173-2/+110
| | | | | SSL_CIPHER_get_digest_nid(), SSL_CIPHER_get_kx_nid() and SSL_CIPHER_is_aead().
* Provide object identifier for chacha20-poly1305.jsing2018-03-172-0/+3
|
* Provide object identifiers for TLS cipher suite key exchange andjsing2018-03-172-0/+20
| | | | authentication.
* Provide X509_REVOKED_dup().jsing2018-03-173-2/+10
|
* Provide SSL_SESSION_get0_id_context().jsing2018-03-173-11/+22
|
* Consistently spell "IPsec" in comments and debug outputs.mpi2018-03-161-2/+2
| | | | From Raf Czlonka, ok sthen@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-31 17:50:29 +0000