| Age | Commit message (Collapse) | Author |
|---|
|
|
|
OpenSSL commit 1f13ad31 Dec 25 17:50:39 2017 +0800,
with a number of fixes by me.
Also include three earlier, minor improvements from OpenSSL.
|
|
via OpenSSL commit 1f13ad31 Dec 25 17:50:39 2017 +0800.
|
|
|
|
because i see no indication that a 2016 revision of this standard
might exist. Instead, use information from:
https://www.iso.org/standard/39876.html and
https://www.iso.org/standard/60475.html
|
|
with their random subsystem in 2017 rather than relying on the
operating system, which made me check the changes to their manual
pages, which caused me to notice that they document another public
function as non-deprecated that we neutered: RAND_poll(3).
Mention it briefly.
|
|
from Paul Yang via OpenSSL commit 1f13ad31 Dec 25 17:50:39 2017 +0800.
|
|
from David Cooper <david.cooper@nist.gov>
via OpenSSL commit cace14b8 Jan 24 11:47:23 2018 -0500.
|
|
removing parts that don't apply to OpenBSD.
|
|
lacked an argument; from Jakub Jelen <jjelen at redhat dot com>
via OpenSSL commit 9db6673a Jan 17 19:23:37 2018 -0500.
|
|
fixing half a dozen bugs and typos and also tweaking the wording a bit.
|
|
X509_STORE_CTX_set0_untrusted(3), X509_STORE_CTX_set0_trusted_stack(3),
X509_STORE_CTX_get0_untrusted(3), and X509_STORE_CTX_get0_cert(3).
Merge the related documentation from OpenSSL.
|
|
provided X509_get0_notBefore(3) and its three friends.
Write a manual page from scratch because what OpenSSL has
is confusing and incomplete.
By the way, providing two identical functions differing only
in the constness of the returned structure is crazy.
Are application programmers expected to be too stupid to write
const ASN1_TIME *notBefore = X509_getm_notBefore(x)
if that's what they want?
|
|
|
|
|
|
config space reads.
ok kettenis@, ccardenas@
|
|
|
|
|
|
|
|
|
|
this lets us look up the gre(4) interface before looking at the
protocols it might be carrying.
|
|
provided ASN1_STRING_get0_data(3).
Merge the corresponding documentation from OpenSSL.
|
|
ok patrick@
|
|
ok krw@ mpi@
|
|
Merge the documentation from OpenSSL commits 0c497e96 Dec 14 18:10:16
2015 +0000 and c5ebfcab Mar 7 22:45:58 2016 +0100 with tweaks by me.
|
|
|
|
this resolves an ordering problem when adding pseudo interfaces to bridges
tweaks from kn@
ok mpi@ sthen@
|
|
X509_get_signature_nid(3). Add a new manual page for it
based on the relevant parts of OpenSSL X509_get0_signature.pod.
|
|
SSL_CTX_up_ref(3). Merge the related documentation from OpenSSL,
but tweak the wording to be less confusing and simplify the RETURN
VALUES section.
|
|
|
|
SSL_CTX_get0_param(3) and SSL_get0_param(3).
Merge the related documentation from OpenSSL, with small tweaks.
|
|
|
|
|
|
|
|
X509_STORE_CTX_set0_{trusted_stack,untrusted}().
|
|
|
|
|
|
|
|
This will ease the burden on ports and others trying to make software
work with LibreSSL, while avoiding #ifdef mazes. Note that we are not
removing 1.0.1 API or making things opaque, hence software written to
use the older APIs will continue to work, as will software written to
use the 1.1 API (as more functionality become available).
Discussed at length with deraadt@ and others.
|
|
This avoids a potential side channel timing leak.
ok djm@ markus@
|
|
|
|
Some applications that use X509_VERIFY_PARAM expect these to exist, since
they're also part of the OpenSSL 1.0.2 API.
|
|
This also zeros an ed25519_pk when it was not being zeroed previously.
ok djm@ dtucker@
|
|
Apparently I failed to commit this when I committed the libtls change...
|
|
|
|
ok rpe
|
|
|
|
|
|
|
|
via OpenSSL commit 751148e2 Oct 27 00:11:11 2017 +0200,
including only the parts related to functions that exist
in OpenBSD.
The design of these interfaces is not particularly pretty,
they are not particularly easy to document, and the manual
page does not look particularly good when formatted,
but what can we do, things are as they are...
|
