summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Complete rewrite, documenting 16 additional constructor/destructor pairs.schwarze2017-01-051-98/+189
| | | | | | | | | | | | While OpenSSL does not document them, they are public in <openssl/asn1.h>, and OpenSSL does document the related decoders and encoders. It makes no sense to me to document object methods without documenting the public constructors as well. While here: Bugfix: The type assigned by ASN1_STRING_new() was wrong. Remove implementation details. Add small amounts of useful auxiliary information.
* Convert ARM assembly to unified syntax. Clang demands it, binutilspatrick2017-01-041-4/+5
| | | | | | supports it as long as it's marked as unified syntax. ok bcook@ kettenis@
* Write new d2i_ASN1_SEQUENCE_ANY(3) manual page from scratch.schwarze2017-01-042-1/+87
| | | | | | | | All four functions are listed in <openssl/asn1.h> and in OpenSSL doc/man3/d2i_X509.pod. Note that in the OpenSSL documentation, three of the four prototypes are incorrect.
* Remove superfluous datatype that is 32 by default. Clang complainspatrick2017-01-041-1/+1
| | | | | | | about it and it's ok to remove it. This only came up as our clang is targeted at armv7 which enables the NEON instructions. ok kettenis@
* Remove unnecessary casts of 'a' to char * since 'a' is already char *.millert2017-01-041-10/+10
| | | | | This is a remnant from the original 4.4BSD code that had 'a' as void * in the function args. No binary change. OK bluhm@
* Complete rewrite:schwarze2017-01-041-58/+72
| | | | | | | | | | | | | | | | Better one-line description. Specify the correct header file. Same parameter names as in ASN1_item_d2i(3). Lots of new information. The ASN1_OBJECT interfaces appear specifically designed to maximize the number and subtlety of traps, maybe in order to trap the wary along with the unwary. All the quirks, caveats, and bugs of ASN1_item_d2i(3) apply, and there are three additional ones on top in this page. It looks like that design approach was so successful that the designers managed to trap even themselves: see the new BUGS section.
* Describe what ASN1_OBJECT_new(3), ASN1_OBJECT_free(3), OBJ_dup(3),schwarze2017-01-042-34/+105
| | | | | | | | | | and OBJ_create(3) really do rather than making broad and incomplete statements that are only true in some cases. Improve the one-line descriptions. Some minor wording improvements while here. There is obviously more work to do in the vicinity...
* Document d2i_ASN1_TYPE(3) and i2d_ASN1_TYPE(3),schwarze2017-01-031-9/+46
| | | | | both listed in <openssl/asn1.h> and in OpenSSL doc/man3/d2i_X509.pod. Minor wording improvements while here.
* consistently spell ASN.1;jmc2017-01-031-12/+12
|
* Document ASN1_TYPE_new(3) and ASN1_TYPE_free(3), even though OpenSSLschwarze2017-01-032-34/+106
| | | | | | | | | | | does not document them. By being in <openssl/asn1.h>, they are public, and it makes no sense to document accessors but not document constructors and destructors. Improve the one-line description. Mention various missing details. Many wording improvements. Add some cross references.
* If certificate verification has been disabled, do not attempt to load ajsing2017-01-031-5/+9
| | | | | | | CA chain or specify CA paths. This prevents attempts to access the file system, which may fail due to pledge. ok bluhm@
* Revert previous - the original code was correct since X509_verify_cert()jsing2017-01-031-5/+5
| | | | | | | | | | | should not have changed the X509_STORE_CTX error value on success and it was initialised to X509_V_OK by X509_STORE_CTX_init(). Other software also depends on this behaviour. Previously X509_verify_cert() was mishandling the X509_STORE_CTX error value when validating alternate chains. This has been fixed and further changes now explicitly ensure that the error value will be set to X509_V_OK if X509_verify_cert() returns success.
* Add regress tests for max shared version code.jsing2017-01-031-2/+133
|
* Pull out, rework and dedup the code that determines the highest sharedjsing2017-01-034-79/+62
| | | | | | version. ok beck@ doug@
* It takes a special style of creative writing to be unspecific about the errorbeck2017-01-031-15/+5
| | | | | | return code of a function in a man page. Let's remove the ambiguity and half truths in here. ok jsing@
* Add a small bit of belt and suspenders around ERR_V_OK with X509_STORE_ctxbeck2017-01-031-2/+20
| | | | | | | and X509_verify_cert - We at least make it so an an init'ed ctx is not "valid" until X509_verify_cert has actually been called, And we make it impossible to return success without having the error set to ERR_V_OK. ok jsing@
* bring in boring's internal check_trust function to fix a bug introducedbeck2017-01-031-24/+79
| | | | | | when we went to alternate cert chains. this correctly does not clobber the ctx->error when using an alt chain. ok jsing@
* fix cert verify. a cert with an alt chain may verify but leave an errortedu2017-01-021-5/+5
| | | | | | in the context. don't look for errors in case of success. fixes spurious verify errors. guilty change tracked and fix tested by sthen
* Various work on cert.pem, ok bcook@sthen2017-01-011-969/+869
| | | | | | | | | | | | | | - print/sort using the full certificate subject rather than a pretty-printed subset (as done in the current version of format-pem.pl); previously this was resulting in a problem where a CN conflict resulted in the GlobalSign R2 CA accidentally getting dropped in r1.10; problem found by Steven McDonald - remove CA certificates that are no longer present in the CA store of the release branch of Mozilla - possible now that libressl has support for alternate chains (libcrypto/x509/x509_vfy.c r1.52) - add new CA certificates from Mozilla's store from those organisations which we already list
* Display details of the server ephemeral key, based on OpenSSL.jsing2016-12-303-3/+44
| | | | ok doug@
* Add support for SSL_get_server_tmp_key().jsing2016-12-302-3/+74
| | | | ok doug@
* Add regress coverage for enabled protocol version range.jsing2016-12-302-1/+146
|
* Pull out (and largely rewrite) the code that determines the enabledjsing2016-12-303-40/+54
| | | | | | | | | | protocol version range. This also fixes a bug whereby if all protocols were disabled, the client would still use TLSv1.2 in the client hello, only to have if fail with unsupported version when it received and processed the server hello. ok doug@
* Place ASN_ITEM_{ptr,rptr,ref} and DECLARE_ASN1_ITEM under #ifndefjsing2016-12-301-2/+4
| | | | LIBRESSL_INTERNAL.
* Expand ASN1_ITEM_rptr macros here as well... used with NETSCAPE_X509 of alljsing2016-12-302-4/+4
| | | | things...
* Expand ASN1_ITEM_rptr macros - no change in preprocessor output.jsing2016-12-302-9/+9
|
* Expand ASN1_ITEM_rptr and ASN1_ITEM_ptr macros - no change in generatedjsing2016-12-309-33/+33
| | | | assembly.
* Stop using M_PKCS12_* compatibility macros here as well.jsing2016-12-301-3/+3
|
* Expand ASN1_ITEM_ref and ASN1_ITEM_ptr macros - no change in generatedjsing2016-12-3022-66/+66
| | | | | | | | assembly. Of particular interest is ASN1_ITEM_ptr which does nothing and resulted in code like: if (method->it) ASN1_ITEM_free(..., ASN1_ITEM_ptr(method->it));
* Expand ASN1_ITEM_rptr macros - no change in generated assembly.jsing2016-12-302-6/+6
|
* Expand ASN1_ITEM_rptr macros - no change in generated assembly.jsing2016-12-3010-37/+37
|
* Expand ASN1_ITEM_rptr macro - no change in generated assembly.jsing2016-12-302-4/+4
|
* Expand ASN1_ITEM_rptr macros - no change in generated assembly.jsing2016-12-302-55/+55
|
* Remove now unused c2l, c2ln, l2c, n2l, l2cn and n2l3 macros.jsing2016-12-302-53/+2
|
* Explicitly include openssl/opensslconf.h in headers that use OPENSSL_NO_*jsing2016-12-302-2/+4
| | | | defines - do not rely on another heading making those available for us.
* Place M_PKCS12_* compatibility macros under #ifndef LIBRESSL_INTERNAL.jsing2016-12-301-1/+5
|
* Expand M_PKCS12_* "compatibility" macros. No change to generated assembly.jsing2016-12-303-10/+10
|
* Write d2i_ASN1_NULL(3) manual page from scratch.schwarze2016-12-292-1/+86
| | | | | | | | | | | Both functions are listed in <openssl/asn1.h> and in OpenSSL doc/man3/d2i_X509.pod. After reading the code, i'm not amused. You wouldn't think that it might take eight stack levels to decode a constant sixteen bit value that does not even allow a single content octet, or would you? Nota bene, this is an average of four stack levels for each non-zero bit decoded... :-(
* fix typo; from OpenSSLschwarze2016-12-291-4/+4
| | | | | | commit 67adf0a7c273a82901ce8705ae8d71ee2f1c959c Author: Markus Triska <triska@metalevel.at> Date: Sun Dec 25 19:58:38 2016 +0100
* Write documentation for <openssl/x509v3.h> DER decoding andschwarze2016-12-289-8/+861
| | | | | encoding functions from scratch. All 46 functions are listed in OpenSSL doc/man3/d2i_X509.pod.
* add missing .Vt macrosschwarze2016-12-282-8/+15
|
* standard section name;jmc2016-12-281-3/+3
|
* Rewrite and add d2i_X509_REQ_INFO(3) and i2d_X509_REQ_INFO(3),schwarze2016-12-281-66/+99
| | | | both listed in <openssl/x509.h> and in OpenSSL doc/man3/d2i_X509.pod.
* Rewrite and add d2i_X509_CRL_INFO(3), i2d_X509_CRL_INFO(3),schwarze2016-12-281-67/+94
| | | | | d2i_X509_REVOKED(3), and i2d_X509_CRL_INFO(3), all listed in <openssl/x509.h> and in OpenSSL doc/man3/d2i_X509.pod.
* Use the same parameter names as in ASN1_item_d2i(3).schwarze2016-12-281-53/+32
| | | | | Use simpler standard wordings. Add X.509 references.
* rewrite in the standard wayschwarze2016-12-281-60/+29
|
* Minor cleanup:schwarze2016-12-281-17/+19
| | | | | | Improve the one-line description. Use the standard wordings in some places. Complete the RETURN VALUES section.
* Write new manual pages d2i_X509_ATTRIBUTE(3) and d2i_X509_EXTENSION(3)schwarze2016-12-286-7/+176
| | | | | from scratch. All six functions are listed in <openssl/x509.h> and in OpenSSL doc/man3/d2i_X509.pod.
* In contrast to OpenSSL, do not attempt to document the worldschwarze2016-12-281-5/+98
| | | | | | in this page - but do include documentation for immediate subobjects that are used nowhere else. All six functions listed in <openssl/x509.h> and in OpenSSL doc/man3/d2i_X509.pod.
* Basic cleanup:schwarze2016-12-281-311/+60
| | | | | | | | | | Improve .Nd. Sort functions. Use the same parameter names as in ASN1_item_d2i(3). Point to ASN1_item_d2i(3) for all he details. Delete all the information that's now in ASN1_item_d2i(3). Add missing entries to the RETURN VALUES section. Add STANDARDS section.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-28 08:45:48 +0000