| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2021-04-21 | Fix const in previous. Pointed out by asou | Theo Buehler | |
| 2021-04-20 | Add prototypes for EC_GROUP_get_curve_{GF2m,GFp}(). | Theo Buehler | |
| These will be removed once EC_GROUP_get_curve() is public. | |||
| 2021-04-07 | Check function return value in openssl(1) x509.c | Kinichiro Inoguchi | |
| input from bcook@, ok and comments from tb@ | |||
| 2021-04-07 | Avoid leak in error path | Kinichiro Inoguchi | |
| ok and input from tb@ | |||
| 2021-04-02 | Show DTLS1.2 message with openssl(1) s_server and s_client | Kinichiro Inoguchi | |
| ok jsing@ tb@ | |||
| 2021-04-01 | Compare the pointer variable explicitly with NULL in if condition | Kinichiro Inoguchi | |
| 2021-03-31 | Remove workarounds for SSL_is_dtls() | Theo Buehler | |
| Reminded by inoguchi jsing | |||
| 2021-03-28 | Fix duplicate SSL_is_dtls in libssl and apps.c | Kinichiro Inoguchi | |
| Currently, SSL_is_dtls exists in both libssl and apps.c, and one in libssl is guarded by LIBRESSL_INTERNAL and not exposed yet. This causes portable build broke with openssl(1) and optionstest. To solve this temporarily, rename SSL_is_dtls by apps.h. This temporary renaming will be removed when the SSL_is_dtls() is exposed. ok jsing@ | |||
| 2021-03-26 | Sort header files and wrap long lines in x509.c | Kinichiro Inoguchi | |
| 2021-03-24 | Convert openssl(1) x509 option handling | Kinichiro Inoguchi | |
| Apply new option handling to openssl(1) x509. To handle incremental order value, using newly added OPTION_ORDER. I left the descriptions for -CAform, -inform, and -outform as it was, for now. These description would be fixed. And digest option handler could be consolidated to one between some subcommands in the future. ok and comments from tb@, and "I'd move forward with your current plan." from jsing@ | |||
| 2021-03-24 | Add option type OPTION_ORDER | Kinichiro Inoguchi | |
| To handle incremental order value, added new option type OPTION_ORDER. openssl(1) x509 requires this option handling, since, - -CA and -signkey require to set both filename and incremental 'num'. - -dates requires to set two variables in a row, startdate and enddate. and this couldn't be solved by OPTION_FLAG_ORD. ok tb@ and "I'd move forward with your current plan." from jsing@ | |||
| 2021-03-17 | Read ahead is now enforced for DTLS - remove workarounds. | Joel Sing | |
| ok inoguchi@ tb@ | |||
| 2021-03-17 | Use consistent s_server_opt_ prefix. | Joel Sing | |
| 2021-03-17 | Add DTLSv1.2 support to openssl(1) s_client/s_server. | Joel Sing | |
| ok inoguchi@ tb@ | |||
| 2021-02-15 | Only print the certificate file once on verifification failure. | Joel Sing | |
| Noted by Steffen Ullrich. ok tb@ | |||
| 2020-12-30 | Document meaning of '*' in genrsa output | Theo Buehler | |
| ok inoguchi jmc kn | |||
| 2020-12-16 | Remove a redundant memset call. | Theo Buehler | |
| 2020-11-03 | Wrap remaining overlong lines. | Theo Buehler | |
| 2020-11-03 | garbage collect an essentially unused variable and wrap some overlong | Theo Buehler | |
| lines | |||
| 2020-11-03 | * ptr -> *ptr | Theo Buehler | |
| 2020-11-03 | X509_verify_cert()'s return value is not reliable if the callback | Theo Buehler | |
| returns 1. verify.c's cb() ignores a bunch of things to display as much info as possible. Thus, check the error code on the store ctx as well, similar to OpenSSL commit d9e309a6 (old licence). This makes openssl verify error on expired certs, at least with the legacy verify code. While here, fix a number of style issues, simplify and plug a leak. ok inoguchi | |||
| 2020-11-01 | some comma fixes; from varik valefor | Jason McIntyre | |
| (audio.4 tweaked from that submitted) | |||
| 2020-10-26 | Add a -legacy_verify flag to force use of the old validator for debugging | Theo Buehler | |
| and testing purposes. ok beck inoguchi jsing | |||
| 2020-10-14 | no need to initialize i if it's re-initialized a few lines down | Theo Buehler | |
| 2020-10-14 | Free peekaboo pbuf at end of s_client_main() | Theo Buehler | |
| Otherwise each run of the s_client leaks 16k of memory. This hurts in interactive mode. ok inoguchi jsing | |||
| 2020-10-13 | Make sure an OCSP query sends a host header | Theo Buehler | |
| While OCSP uses HTTP/1.0 where a host header is optional, some widely used OCSP responders will return 400 bad request if it is missing. Add such a header unless it's already provided in the user's custom headers. OpenSSL did something similar in ff4a9394a23 and 76e0cd12f68 (both commits are under the old license) ok inoguchi | |||
| 2020-10-08 | set SO_REUSEADDR on the server socket when we play oscp server. | Bob Beck | |
| ok inoguchi@ tb@ deraadt@ | |||
| 2020-10-02 | Add -[46] nops for compatibility with the OpenSSL s_server | Theo Buehler | |
| On OpenBSD it's necessary to use the eopenssl11 s_server with either -4 or -6 to choose an address family. I often want to try something with an OpenSSL server and then test the same thing with LibreSSL or vice versa. Adding and removing -4s on top of editing the command is annoying and distracting. This commits teaches our s_server to ignore -4 and -6 and thus makes commands that work with eopenssl11 more likely to work with openssl(1). These options are deliberately undocumented and don't show up in help listings. ok bcook inoguchi jsing | |||
| 2020-09-09 | Wrap long lines, add space in front of goto label in openssl(1) ocsp.c | Kinichiro Inoguchi | |
| 2020-09-09 | Change SSLv23_client_method to TLS_client_method openssl(1) ocsp | Kinichiro Inoguchi | |
| 2020-09-09 | Remove space between pointer '*' and variable name in ocsp.c | Kinichiro Inoguchi | |
| 2020-09-09 | Convert openssl(1) ocsp option handling | Kinichiro Inoguchi | |
| input and ok tb@ | |||
| 2020-09-09 | Add option type OPTION_UL_VALUE_OR | Kinichiro Inoguchi | |
| ok tb@ | |||
| 2020-08-09 | Convert openssl req option handling. | Joel Sing | |
| With input from inoguchi@ ok beck@ inoguchi@ | |||
| 2020-07-27 | Wrap long lines s_server.c | Kinichiro Inoguchi | |
| 2020-07-27 | Add function prototype and move sub functions to bottom | Kinichiro Inoguchi | |
| 2020-07-27 | Remove space between '*' and pointer variable in s_server.c | Kinichiro Inoguchi | |
| 2020-07-27 | Remove 's_' prefix from member of s_server_config struct | Kinichiro Inoguchi | |
| 2020-07-27 | Convert openssl(1) s_server option handling | Kinichiro Inoguchi | |
| ok and comments from jsing@ | |||
| 2020-07-14 | Convert option handling for openssl(1) verify. | Joel Sing | |
| ok inoguchi@, tb@ | |||
| 2020-07-14 | Remove hyphen | Kinichiro Inoguchi | |
| 2020-07-14 | Add single space between pem and ... | Kinichiro Inoguchi | |
| 2020-07-14 | Add manual for openssl(1) certhash | Kinichiro Inoguchi | |
| ok jmc@ | |||
| 2020-07-10 | Clean up s_client.c | Kinichiro Inoguchi | |
| - Remove space between '*' and pointer variable. - Add function prototype. - Move callback function to bottom. - Move typedef struct to up. | |||
| 2020-07-10 | Change variable bio_c_out from global to local | Kinichiro Inoguchi | |
| ok tb@ | |||
| 2020-07-09 | Wrap long lines and put space in front of label in s_client.c | Kinichiro Inoguchi | |
| 2020-07-09 | Remove c_ prefix from s_client_config member | Kinichiro Inoguchi | |
| 2020-07-09 | Convert openssl(1) s_client option handling | Kinichiro Inoguchi | |
| suggestions and ok beck@ jsing@ tb@ | |||
| 2020-05-23 | While the second SSL_CTX in this code is only used on servername | Theo Buehler | |
| callback, so its mode is not used to update the ssl's mode, it seems more appropriate to clear the SSL_MODE_AUTO_RETRY flag on it as well. ok jsing | |||
| 2020-05-23 | In ssl_lib.c revision 1.217, jsing enabled SSL_MODE_AUTO_RETRY by | Theo Buehler | |
| default. To avoid hanging on a blocking read, we need to clear the SSL_MODE_AUTO_RETRY flag in the s_client and the s_server. ok beck inoguchi jsing | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |