summaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Expand)Author
2016-07-16Limit the support of the "backward compatible" ssl2 handshake to only beBob Beck
2016-07-14kern.usermount is currently a no-op;Jason McIntyre
2016-07-13Split the existing TLS cipher suite groups into four:Joel Sing
2016-07-10zero the read buffer after copying data to user so it doesn't linger.Ted Unangst
2016-07-10use offsetof to create an offset instead of illegal unaligned pointersTed Unangst
2016-07-10Document that SIGTTOU is sent if the process is in the background.Todd C. Miller
2016-07-07Revert previous - it introduces problems with a common privsep use case.Joel Sing
2016-07-07call BN_init on temporaries to avoid use-before-set warningsBrent Cook
2016-07-06J/j is a three valued option, document and fix code to actuall support thatOtto Moerbeek
2016-07-06Check that the given ciphers string is syntactically valid and results inJoel Sing
2016-07-06Always load CA, key and certificate files at the time the configurationJoel Sing
2016-07-06Use fstatat() to avoid path surgery.Philip Guenther
2016-07-06Correctly handle an EOF that occurs prior to the TLS handshake completing.Joel Sing
2016-07-05remove unneeded duplicate call - spotted by jsing@Bob Beck
2016-07-05On systems where we do not have BN_ULLONG defined (most 64-bit systems),Brent Cook
2016-07-05Missed a reference to dl_prebind.hPhilip Guenther
2016-07-05Add several fixes from OpenSSL to make OCSP work with intermediateBob Beck
2016-07-04DEBUGLIBS has been broken since the gcc4 switch, so delete it. CFLAGSPhilip Guenther
2016-07-03introduces new promise "chown" to allow changing owner/group with *chown(2) f...Sebastien Marie
2016-06-30nptys sysctls were removedTed Unangst
2016-06-30Tighten behavior of _rs_allocate failure for portable arc4random implementati...Brent Cook
2016-06-30Tighten behavior of _rs_allocate on Windows.Brent Cook
2016-06-30bump to 2.4.2Brent Cook
2016-06-30adapt S option: add C, rm F (not relevant with 0 cache and disablesOtto Moerbeek
2016-06-30Remove flags for disabling constant-time operations.Brent Cook
2016-06-28For the EINVAL case there can be more than a single option.Todd C. Miller
2016-06-28fts_open() requires that the list passed as argument to contain at leastTodd C. Miller
2016-06-28Add sysctl for arp timers: net.inet.ip.arptimeout (expire timer for resolvedChris Cappuccio
2016-06-28Do not return an error in fts_open(3) if one of the paths in argvTodd C. Miller
2016-06-28fix a couple of errors in the page;Jason McIntyre
2016-06-28Back out previous; otto saw a potential race that could lead to aTheo Buehler
2016-06-27make proper use of fstatat, as suggested by guenther@Marc Espie
2016-06-27defer munmap to after unlocking malloc. this can (unfortunately) be anTed Unangst
2016-06-27make the fallback code more accurate (in particular, it should return namesMarc Espie
2016-06-26increase the minimum for auto rounds to 6. that was the previous low boundTed Unangst
2016-06-25Fix from kinichiro.inoguchi@gmail.com to ensure that OCSP usesBob Beck
2016-06-25Fix the ocsp code to actually check for errors when comparing time valuesBob Beck
2016-06-21Disable DSA_FLAG_NO_EXP_CONSTTIME, always enable constant-time behavior.Brent Cook
2016-06-18sort previous;Jason McIntyre
2016-06-18Remove duplicated line.Reyk Floeter
2016-06-18Add net.inet.{tcp,udp}.rootonly sysctl, to mark which portsVincent Gross
2016-06-18Update column width decisionPhilip Guenther
2016-06-18Document KTRFAC_{PLEDGE,EXEC{ARGS,ENV}}Philip Guenther
2016-06-16PSEUDO_NOERROR() is used for syscalls that return now, so need to putPhilip Guenther
2016-06-13On localhost a user program may create a socket splicing loop.Alexander Bluhm
2016-06-07remove historic note about multiple processes. mostly irrelevant today.Ted Unangst
2016-06-07Document the net.inet.tcp.synuselimit sysctl; OK bluhm@ jmc@Tim van der Molen
2016-06-06Set BN_FLG_CONSTTIME on the correct variable. beck committed wrong fix.Ted Unangst
2016-06-06Add ERRORS section, from FreeBSD. OK tedu@Todd C. Miller
2016-06-06Return EOVERFLOW, not ENOMEM for overflow conditions to match POSIX.Todd C. Miller