summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-11-04Do not mix declarations and code.Joel Sing
2016-11-04Rename the internal bio related functions so that they have a commonJoel Sing
prefix. Makes the code more readable and removes shadowing.
2016-11-04Add X509_up_ref, from boringBob Beck
ok jsing@
2016-11-04convert RSA manuals from pod to mdocIngo Schwarze
2016-11-04MALLOC_STATS tweaks, by default not compiled inOtto Moerbeek
2016-11-04There's not much point in casting a void * to a specific type just beforeJoel Sing
calling free(). ok beck@ ingo@
2016-11-04new sentence, new line, and zap trailing whitespace;Jason McIntyre
2016-11-04bump minor for ocsp_require_stapling additionBob Beck
2016-11-04Add ocsp_require_stapling config option for tls - allows a connectionBob Beck
to indicate that it requires the peer to provide a stapled OCSP response with the handshake. Provide a "-T muststaple" for nc that uses it. ok jsing@, guenther@
2016-11-03Don't use ce_time if we are running as a server, it won't be present.Joris Vink
2016-11-03small tweak to also check canaries if F is in effectOtto Moerbeek
2016-11-03Remove obsolete vxlan_lookup return value handlingMike Belopuhov
With input from reyk@, OK mpi
2016-11-03Support for key removal and value update operationsMike Belopuhov
This change makes it possible for the Host to update the value of an existing key via a Set operation as well as to remove the key completely with a Delete message.
2016-11-03Missing local.Antoine Jacoutot
2016-11-03Add a proper annotation for portroach documentation linkDaniel Jakots
OK schwarze@
2016-11-03Re-add the Xr macro to syspatch now that it's hooked up.Antoine Jacoutot
2016-11-03Hook up syspatch(8).Antoine Jacoutot
expectations elevation encouragement from deraadt@
2016-11-03In ssl3_read_bytes(), do not process more than three consecutive TLSJoel Sing
records, otherwise a peer can potentially cause us to loop indefinately. Return with an SSL_ERROR_WANT_READ instead, so that the caller can choose when they want to handle further processing for this connection. ok beck@ miod@
2016-11-03rollback -> revert where it makes sense.Antoine Jacoutot
2016-11-03make OCSP_URL only show up when an OCSP url is actually present in the certBob Beck
2016-11-03XXX match with installed sets (comp, x...)?Antoine Jacoutot
2016-11-03Make OCSP Stapling: only appear if there is stapling info present.Bob Beck
2016-11-03convert RAND manuals from pod to mdocIngo Schwarze
2016-11-03Hardlinks are properly handled; for the rest, we'll see if we need to careAntoine Jacoutot
or not (XXX).
2016-11-03zap the overview manual page of the RAND subsystemIngo Schwarze
that contained nothing but duplicate and misleading information; OK jsing@
2016-11-03convert PEM and PKCS manuals from pod to mdocIngo Schwarze
2016-11-03Fix debug message to print the presence of more flag correctly.Rafael Zalamena
ok mikeb@
2016-11-03Add locks to key-value pair poolsMike Belopuhov
We need to ensure list and data consistency during concurrent accesses since the interrupt handler is not executed under the kernel lock and may add or modify entries while userland process is reading the value or traversing the list.
2016-11-03switch to using BUILDUSER and add more error checkingRobert Nagy
2016-11-03Make sure PATCH_PATH is an URL that ftp(1) can cope with.Antoine Jacoutot
2016-11-03Merge ls_avail() into ls_missing(), it's only used once.Antoine Jacoutot
While here, cope with a missing index.txt or other ftp(1) error.
2016-11-03Identify as an OSPlatformID 131 with a kernel version of 6Mike Belopuhov
2016-11-03Document the KVP interfaceMike Belopuhov
2016-11-03Split ssl3_get_key_exchange() into separate functions for DHE/ECDHE.Joel Sing
ok beck@ (who was struggling to keep lunch down while reviewing the diff)
2016-11-03Implement a Key-Value Pair exchange interfaceMike Belopuhov
The implemented abstraction allows us to query and set little endian UTF-16 keys exchanged between the Host and the Guest via a text based pvbus(4) interface. All keys are attached to one of several key pools: Auto, Guest, External or Guest/Parameters. The hostctl(8) is able to modify values for keys in the Auto pool as well as set new keys in the Guest pool while the Host provides its keys in External and Guest/Parameters pools. Discussed with reyk@
2016-11-03Don't do OCSP validation when we have disabled certificate verificationBob Beck
or certificate validation. ok jsing@
2016-11-03Use hw.ncpufound.Antoine Jacoutot
2016-11-03Simplify for loops; prompted by a comment from rpe@Antoine Jacoutot
2016-11-03Let Integrated Components allocate the receive buffer themselvesMike Belopuhov
since they have a better clue how to size it. While here, cleanup the kernel output a bit.
2016-11-03convert configuration manuals from pod to mdocIngo Schwarze
2016-11-03convert remaining ASN1 object manuals from pod to mdocIngo Schwarze
2010-10-01import OpenSSL-1.0.0aDamien Miller
2003-05-11import 0.9.7b (without idea and rc5)Markus Friedl
2016-11-03Also ignore --no-undefined (we already ignore -no-undefined) which isAntoine Jacoutot
starting to show up more and more. ok jasper@
2016-11-03Only set an error from libssl related code, if an error has not alreadyJoel Sing
been set by libtls code. This avoids the situation where a libtls callback has set an error, only to have it replaced by a less useful libssl based error. ok beck@
2016-11-03convert HMAC and MD5 manuals from pod to mdocIngo Schwarze
2016-11-03convert EVP manuals from pod to mdocIngo Schwarze
2016-11-03Always call if_put() during the interface iteration on port status multipartRafael Zalamena
reply to avoid reference leaks. ok mikeb@
2016-11-03The networking code no longer runs off software interrupts.Martin Pieuchot
2016-11-03Fix handshake failures:Bob Beck
split out internals of OCSP verification to allow callback to verify before TLS handshake is complete
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-15 16:31:18 +0000