| Age | Commit message (Collapse) | Author |
|---|
|
Add TLSv1.3 extension type, and sort by the definition order in tls1.h.
This helps that openssl(1) s_server and s_client with -tlsextdebug
displays the TLS extension type instead of "unknown".
ok beck@ jsing@ tb@
|
|
Set initial value to variable 'p' and 'pending'.
Reported and fix requested from leonklingele by GitHub pull request.
https://github.com/libressl-portable/portable/issues/577
https://github.com/libressl-portable/openbsd/pull/114
ok bcook@ jsing@ tb@
|
|
document it and deprecate "openssl s_server -named_curve".
While here, fix the error in the synopsis for "openssl s_client -groups"
and use unified argument naming and similar wording like
in SSL_CTX_set1_groups_list(3).
OK jsing@
|
|
This allows supported EC groups to be configured, which will also control
which TLSv1.3 key shares we'll accept. While here, deprecate the rather
useless -named_curve option, which is effectively the same as -groups with
a single group. Also stop setting a single default group of P-256 via
SSL_CTX_set_tmp_ecdh() - use the library defaults instead.
ok beck@ inoguchi@
|
|
Allow semantic lookup by manually tagging sections (.Sh) for which no
automatic tagging has been implemented; this thereby also eliminates false
positives such that ":tx509<Enter>" now jumps to the X509 section.
feedback remi inoguchi schwarze
OK tb
|
|
Also stop using version pinned methods, instead setting the min and max
protocol versions.
Requested by inoguchi@
ok inoguchi@ tb@
|
|
|
|
ok beck jsing
|
|
SSL_pending implementation is correct.
annoying jsing@
|
|
ok beck@
|
|
peeks data before reading, compares to subsequent read.
ok jsing@
|
|
ok jsing@
|
|
md, to hint that it might not always be the case (e.g. if dealing with
files from a different version of the tool). ok tb@
|
|
changed from md5 to sha256. Update manual to reflect that.
From Fabio Scotoni
ok jmc
|
|
ok and comments jmc@
|
|
Checking return value of sk_.*_new_null().
ok beck@ jsing@
|
|
ok jmc@
|
|
- Remove typedef and use 'struct cms_key_param' instead
- Check return value of sk_X509_push and sk_OPENSSL_STRING_push
- Add a blank line to separate variable declarations from code
comments from jsing@
|
|
This provides rsa_padding_mode:oaep for cms -encrypt,
and rsa_padding_mode:pss for cms -sign.
ok jsing@
|
|
- Check NCONF_new() return value
- Remove unnecessary 'i'
comments from jsing@
|
|
First step of adding -addext option to openssl(1) req from OpenSSL 1.1.1d.
ok jsing@
|
|
|
|
|
|
|
|
|
|
|
|
This was cleaned up after cms went to the attic.
|
|
|
|
openssl s_server has an arbitrary read vulnerability on Windows when run with
the -WWW or -HTTP options, due to an incomplete path check logic. Thanks to
Jobert Abma for reporting.
ok tb@
|
|
on html or groff. the solution, to replace the non-standard .nr macros
with a hang list, was provided by ingo - thanks!
ok schwarze
|
|
|
|
|
|
suggested from jsing@
|
|
Adapt openssl(1) dgst command to new option handling.
Added dgst_options struct and option handlers, and replaced for-if-strcmp
handling with options_parse().
ok bcook@ jsing@
|
|
ok schwarze@
|
|
First step to adapt openssl(1) dgst command to new option handling.
There is no functional changes by this diff, and just moving variables
into dgst_config struct.
ok bcook@
|
|
- Add a space before 'export_end:'
- Remove space after '*'
- Wrap lines by 80 columns
|
|
ok bcook@ tb@
|
|
|
|
from Steven Roberts
|
|
|
|
Adapt openssl(1) pkcs12 command to new option handling.
Added pkcs12_options struct, and replaced for-if-strcmp handling with
options_parse().
ok and comments jsing@
|
|
First step to adapt openssl(1) pkcs12 command to new option handling.
There is no functional changes by this diff, and just moving variables into
pkcs12_config struct.
I still keep long lines more than 80 for this review to minimize diffs.
ok jsing@ tb@
|
|
|
|
As we did in other openssl sub command, move up option handlers above option
definition struct. No functional changes and just move up and remove prototype.
|
|
- s/outputed/outputted/
- s/trused/trusted/
- add der as argument and describe pem is the default
|
|
This moves them from .data to .data.rel.ro
ok deraadt@ inoguchi@
|
|
- Add undocumented options below.
-alpn, -cert2, -certform, -dcertform, -dkeyform, -dpass, -dtls1, -key2,
-keyform, -keymatexport, -keymatexportlen, -mtu, -named_curve, -no_cache,
-no_ecdhe, -no_ticket, -pass, -port, -servername, -servername_fatal,
-status, -status_timeout, -status_url, -status_verbose, -timeout,
-tlsextdebug, -use_srtp, -verify_return_error
- Remove -hack, -psk and -psk_hint since not exist in source code.
I didn't add these 5 options since these were no-op.
-chain, -legacy_renegotiation, -nextprotoneg, -no_comp, -no_ssl2
This option was removed from manual in the past.
-no_ssl3
ok and suggestions from jmc@
|
|
- Add undocumented options below.
-alpn, -certform, -dtls1, -host, -keyform, -keymatexport, -keymatexportlen,
-legacy_server_connect, -mtu, -no_ign_eof, -no_legacy_server_connect, -pass
-port, -serverpref, -sess_in, -sess_out, -status, -timeout, -use_srtp,
-verify_return_error
- Remove -psk and -psk_identity since not exist in source code.
I didn't add these 4 options since these were no-op.
-nextprotoneg, -legacy_renegotiation, -no_comp, -no_ssl2
This option was removed from manual in the past.
-no_ssl3
ok jmc@
|
|
ok bcook@ jsing@
|
