summaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2016-11-06some minor cleanup;Jason McIntyre
2016-11-06Set the callback on the correct ssl_ctx for the SNI case, instead ofBob Beck
the master only. ok jsing@
2016-11-06spacing between macro args and punctuation;Jason McIntyre
2016-11-06document ENGINE_add_conf_module(3) in one page, not in twoIngo Schwarze
2016-11-06document BIO_set_fd() and BIO_get_fd() in one manual page, not in two;Ingo Schwarze
general direction discussed yesterday with bcook@
2016-11-06delete prototypes available in other pages and add a missing .Xr linkIngo Schwarze
2016-11-06delete prototypes available in other pages and add two missing .Xr linksIngo Schwarze
2016-11-06first pass; ok schwarzeJason McIntyre
2016-11-06delete prototypes available in other pages and add three missing .Xr linksIngo Schwarze
2016-11-06delete prototypes available in other pages and add two missing .Xr linksIngo Schwarze
2016-11-06Split ssl3_get_client_key_exchange() into separate per algorithm functions.Joel Sing
ok beck@
2016-11-06Remove pointless check - without fixed ECDH, there is only one way to reachJoel Sing
this code path. ok beck@ bcook@
2016-11-06simplify error handling in c2i_ASN1_OBJECTBrent Cook
ok beck@, miod@
2016-11-06Split out the DHE and ECDHE code paths fromJoel Sing
ssl3_send_server_key_exchange(). ok beck@ bcook@
2016-11-06Adjust cipher suite strengths - move MD5 to LOW, RC4 to LOW and 3DES toJoel Sing
MEDIUM. ok beck@ bcook@
2016-11-06Remove the single IDEA cipher suite. There is no good reason to supportJoel Sing
this. ok beck@ bcook@
2016-11-06unifdef -m -UOPENSSL_NO_CHACHA -UOPENSSL_NO_POLY1305Joel Sing
ok beck@
2016-11-06Avoid compiling in an unused function.Joel Sing
Spotted by guenther@
2016-11-06adjust guards to elide unused Bi arrayBrent Cook
ok jsing@
2016-11-06Rework X509_verify_cert to support alt chains on certificate verification,Bob Beck
via boringssl. ok jsing@ miod@
2016-11-06The upcoming x509 alt chains diff tightens the trust requirementsBob Beck
for certificates. This (from OpenSSL) ensures that the current "default" behaviour remains the same. We should revisit this later ok jsing@
2016-11-06Commit a reminder that the default is not the default. This needs toBob Beck
be revisited. ok jsing@
2016-11-06remove unused variableBrent Cook
2016-11-06use the correct function for freeBrent Cook
ok beck@
2016-11-06add an .Xr that was missingIngo Schwarze
2016-11-05document BN_set_negative() and BN_is_negative();Ingo Schwarze
feedback and OK bcook@, OK jsing@
2016-11-05Part one of the alt chains changes, bring in newer modifications toBob Beck
VERIFY_PARAMS - based on boringssl. ok jsing@ miod@
2016-11-05Add objects for X25519, X448, Ed25519 and Ed448.Joel Sing
ok miod@
2016-11-05One of the error paths would attempt to access not-yet-initialized locals.Miod Vallat
Simply return since there is nothing more to do. Spotted by coverity. ok jsing@ beck@
2016-11-05Do a partial CBB conversion of ssl3_send_server_key_exchange(), which willJoel Sing
make it easier to do further clean up. ok beck@ miod@
2016-11-05fix misplaced quote by tls_peer_ocsp_this_updateBrent Cook
2016-11-05tweak previous;Jason McIntyre
2016-11-05move manual pages from doc/ to man/ for consistency with otherIngo Schwarze
libraries, in particular considering that there are unrelated files in doc/; requested by jsing@ and beck@
2016-11-05Check BIO_new*() for failure.Miod Vallat
ok beck@ jsing@
2016-11-05More X509_STORE_CTX_set_*() return value checks.Miod Vallat
ok beck@ jsing@
2016-11-05bump minors for symbol addition for ocsp and x25519 symbol additionsBob Beck
2016-11-05Add support for server side OCSP stapling to libtls.Bob Beck
Add support for server side OCSP stapling to netcat.
2016-11-05after getting rid of the pod files, clean up the Makefiles; ok bcook@Ingo Schwarze
2016-11-05Add support for X25519.Joel Sing
This brings in code from BoringSSL, which is mostly taken from SUPERCOP. ok beck@ bcook@
2016-11-05rename ocsp_ctx to ocspBob Beck
ok jsing@
2016-11-05minor mandoc -Tlint nitsIngo Schwarze
2016-11-05add the missing content, sorry for committing an empty fileIngo Schwarze
2016-11-05Stricter validation of inputs of OPENSSL_asc2uni() and OPENSSL_uni2asc().Miod Vallat
While there, try to make these slightly less obfuscated. ok beck@ jsing@
2016-11-05convert the remaining manual pages from pod to mdocIngo Schwarze
2016-11-05X509_STORE_CTX_set_*() may fail, so check for errors.Miod Vallat
ok beck@
2016-11-05Do not leak the ressources possibly allocated by EVP_MD_CTX_init() in theMiod Vallat
trivial error path of PKCS12_key_gen_uni(). ok beck@ jsing@
2016-11-05Make sure PEM_SealInit() will correctly destroy the PEM_ENCODE_SEAL_CTXMiod Vallat
upon error, as there is no way to do this outside of PEM_SealFinal(), which can only work if PEM_SealInit() succeeded... ok beck@ jsing@
2016-11-05No need to duplicate definitions from evp.h locally.Miod Vallat
ok bock@ jsing@
2016-11-05Stop abusing the ternary operator to decide which function to call in aMiod Vallat
return statement. ok beck@ jsing@
2016-11-05further tweakage, with an improvement from joel;Jason McIntyre
ok jsing schwarze
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-08 14:58:43 +0000