src - OpenBSD base system

Age	Commit message (Collapse)	Author
2016-11-11	Bump TLS_API due to recent feature additions and changes.	Joel Sing

2016-11-11	Change the return value of tls_config_set_protocols() and	Joel Sing
	tls_config_set_verify_depth() from void to int. This makes them consistent with all other tls_config_set_* functions and will allow for call time validation to be implemented. Rides libtls major bump. ok beck@
2016-11-11	Disable ec assembly for amd64 pending fixes for ssh, and bump	Bob Beck
	majors appropriately
2016-11-06	Set the callback on the correct ssl_ctx for the SNI case, instead of	Bob Beck
	the master only. ok jsing@
2016-11-05	fix misplaced quote by tls_peer_ocsp_this_update	Brent Cook

2016-11-05	tweak previous;	Jason McIntyre

2016-11-05	bump minors for symbol addition for ocsp and x25519 symbol additions	Bob Beck

2016-11-05	Add support for server side OCSP stapling to libtls.	Bob Beck
	Add support for server side OCSP stapling to netcat.
2016-11-05	rename ocsp_ctx to ocsp	Bob Beck
	ok jsing@
2016-11-05	Remove generated Symbols.map on make clean.	Joel Sing
	ok guenther@
2016-11-04	Build with WARNINGS=Yes.	Joel Sing

2016-11-04	Avoid shadowing the socket global.	Joel Sing
	ok miod@
2016-11-04	Make the tls_keypair_new() function a valid prototype.	Joel Sing

2016-11-04	Avoid another signed vs unsigned comparison.	Joel Sing
	ok miod@
2016-11-04	Add an explict list of exported symbols with just the functions declared	Philip Guenther
	in <tls.h>, and use __{BEGIN,END}_HIDDEN_DECLS in tls_internal.h to optimize internal functions ok jsing@
2016-11-04	make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hidden	Bob Beck
	functions.. document with a man page. bump majors on libtls, libssl, libcrypto ok jsing@ guenther@
2016-11-04	Address some signed vs unsigned warnings and check that an integer value	Joel Sing
	is positive before passing it to several functions as a size_t. Additionally, in tls_load_file() there is not much point using calloc(), when we're immediately reading into the buffer (having an extra byte for NUL termination seems pointless given the API). ok beck@ miod@
2016-11-04	Assign and test, as is consistent with the rest of the libtls code.	Joel Sing

2016-11-04	Use a consistent name for struct bio_cb * variables.	Joel Sing

2016-11-04	Rename struct bio_cb_st to struct bio_cb.	Joel Sing

2016-11-04	Do not cast a pointer to a struct, to a char * when assigning to a void *.	Joel Sing

2016-11-04	Use a consistent name for a BIO *, rather than having four different names	Joel Sing
	in the same file.
2016-11-04	Avoid signed vs unsigned comparisons.	Joel Sing
	ok miod@
2016-11-04	There's not much point having three static functions that do a cast and	Joel Sing
	assign a pointer, when we can just inline the three and do one cast followed by three pointer assignments.
2016-11-04	Do not mix declarations and code.	Joel Sing

2016-11-04	Rename the internal bio related functions so that they have a common	Joel Sing
	prefix. Makes the code more readable and removes shadowing.
2016-11-04	There's not much point in casting a void * to a specific type just before	Joel Sing
	calling free(). ok beck@ ingo@
2016-11-04	bump minor for ocsp_require_stapling addition	Bob Beck

2016-11-04	Add ocsp_require_stapling config option for tls - allows a connection	Bob Beck
	to indicate that it requires the peer to provide a stapled OCSP response with the handshake. Provide a "-T muststaple" for nc that uses it. ok jsing@, guenther@
2016-11-03	Don't do OCSP validation when we have disabled certificate verification	Bob Beck
	or certificate validation. ok jsing@
2016-11-03	Only set an error from libssl related code, if an error has not already	Joel Sing
	been set by libtls code. This avoids the situation where a libtls callback has set an error, only to have it replaced by a less useful libssl based error. ok beck@
2016-11-03	Fix handshake failures:	Bob Beck
	split out internals of OCSP verification to allow callback to verify before TLS handshake is complete
2016-11-02	bit more cleanup;	Jason McIntyre

2016-11-02	fix shadow declaration of time in parameter list.	Bob Beck
	ok jsing@
2016-11-02	Ensure handshake is complete before processing an ocsp response for a ctx	Bob Beck
	ok jsing@
2016-11-02	tweak previous;	Jason McIntyre

2016-11-02	bump minor for ocsp api additions	Bob Beck

2016-11-02	Add OCSP client side support to libtls.	Bob Beck
	- Provide access to certificate OCSP URL - Provide ability to check a raw OCSP reply against an established TLS ctx - Check and validate OCSP stapling info in the TLS handshake if a stapled OCSP response is provided.` Add example code to show OCSP URL and stapled info into netcat. ok jsing@
2016-10-03	use the same type for buf as the return type in tls_load_file	Brent Cook
	ok tedu@, noted by kinichiro
2016-09-19	Update ld search path for libssl/libcrypto, fixes cross-build after source ↵	Brent Cook
	moved. from Patrick Wildt
2016-09-14	Set callbacks on the right tls ctx on accept.	Brent Cook
	From Tobias Pape
2016-09-14	Handle the FLUSH BIO cntl, that happens at the end of SSL handshakes.	Brent Cook
	from Tobias Pape
2016-09-14	Allow callback read/write functions to set TLS_WANT_POLLOUT/POLLIN.	Brent Cook
	from Tobias Pape
2016-09-13	add a little more typing to the first callback argument.	Ted Unangst
	it's always a tls context.
2016-09-04	minor tweaks;	Jason McIntyre

2016-09-04	Bump TLS_API for addition of callbacks.	Joel Sing

2016-09-04	Maintain consistency with function naming.	Joel Sing

2016-09-04	Sort headers and use the installed tls.h, rather than the local one.	Joel Sing

2016-09-04	$OpenBSD$ tag	Joel Sing

2016-09-04	New sentence, new line. Also wrap at 80 chars.	Joel Sing