| Age | Commit message (Collapse) | Author |
|---|
|
value from SSL_CTX_set_cipher_list(). Also remove pointless getenv()
handling.
ok bcook@ doug@
|
|
|
|
ok doug@
|
|
- Use BIO_new_fp() instead of BIO_new()/BIO_set_fp() and handle NULL
return value in a more appropriate manner.
- Use stroul() instead of sscanf() with appropriate error checking.
ok doug@
|
|
ok bcook@ doug@
|
|
Spotted by doug@
|
|
|
|
functions, and ocsp and s_time need networking enabled too, this just moves
BIO_sock_init() up into main() as a catch-all for all of the commands.
Of course, it is a no-op on any other platform.
ok @guenther
|
|
to place in an int. from Christian Neukirchen
ok deraadt
|
|
ok jsing@
|
|
Predefined strings are not very portable across troff implementations,
and they make the source much harder to read. Usually the intended
character can be written directly.
No output changes, except for two instances where the incorrect escape
was used in the first place.
tweaks + ok schwarze@
|
|
OK guenther@
|
|
Also, nuke debugging printfs per jsing and bcook.
ok bcook@, jsing@
|
|
using *at functions is equivalent to chdir()ing, which eases portability.
Tested with mixes of absolute and relative paths.
Eliminate a FILE leak too.
prodded by jsing@
|
|
ok miod@, doug@
|
|
Aq is not the same as <> in non-ASCII situations, so this caused
incorrect output in some places. And it provided no semantics besides.
ok schwarze@
|
|
the correct return value. Prefer memcmp() anyway for portability.
ok jsing@ tedu@
|
|
ok jsing@
|
|
If you didn't enable deprecated code, there were missing err.h and
bn.h includes. This commit allows building with or without deprecated
code.
This was not derived from an OpenSSL commit. However, they recently
enabled OPENSSL_NO_DEPRECATED in git and fixed these header problems
in a different way.
Verified with clang that this only changes line numbers in the generated
asm.
ok miod@
|
|
This is effectively a reimplementation of the functionality provided by
the previously removed c_rehash Perl script. The c_rehash script had a
number of known issues, including the fact that it needs to run openssl(1)
multiple times and that it starts by removing all symlinks before
putting them back, creating atomicity issues/race conditions, even when
nothing has changed.
certhash is self-contained and is intended to be stable - no changes
should be made unless something has actually changed. This means it can
be run regularly in a production environment without causing certificate
lookup failures.
Further testing and improvements will happen in tree.
Discussed with tedu@
|
|
|
|
This has the same functionality as the previous version, however uses the
new option handling code, uses SSL_CIPHER_get_value() since we no longer
care about SSlv2 cipher suites and uses standard I/O functions instead of
BIO functions.
ok beck@ doug@
|
|
From OpenSSL commits:
6f91b017bbb7140f816721141ac156d1b828a6b3
75d0ebef2aef7a2c77b27575b8da898e22f3ccd5
a2b18e657ea1a932d125154f4e13ab2258796d90
ok miod@, jsing@
|
|
HP-UX defines BSIZE in its <sys/param.h>, and there is a route where its
getting included as a side-effect. I tracked back to at least from HP-UX 9.0
ca. 1993, up to the latest, so the user namespace is polluted.
from kinichiro <kinichiro.inoguchi@gmail.com>
ok miod@, jsing@
|
|
input + ok jsing@
|
|
input + ok jsing@
|
|
OK jmc@
|
|
proxy. Implement the -proxy feature in the same hackish way as
-starttls.
OK jsing@
|
|
- Check the return value of every relevant function call.
- If BIO_new() returns NULL instead of a valid BIO, do not attempt to
blindly use the NULL value as a BIO throughout the rest of the code.
- Ensure that bio_out is freed by BIO_free_all() at the end of all
error paths.
ok doug@
|
|
input + ok jsing@
|
|
Minor KNF in a few places too.
input + ok jsing@
|
|
Also, removed a few useless if null checks.
input from bcook@
input + ok jsing@
|
|
ok doug@
|
|
this man page.
ok jsing@
|
|
also check the return value of an adjacent malloc() call.
ok jsing@
|
|
apart from introducing a bug where the -elapsed option is not listed in
the usage output when it should be.
feedback/ok bcook@ jsing@
|
|
option.
|
|
With input from doug@
|
|
|
|
option type. In this case process the option as per normal.
|
|
arbitrary number of arguments. This will allow for more complex option
handling as required by some of the openssl(1) applications.
|
|
(as currently only implemented by some of the openssl(1) applications).
|
|
that it has consumed. This allows for the handling of multiple unnamed
arguments, including lists of filenames.
|
|
silently accept multiple unnamed arguments, ignoring all except the last.
This behaviour was already inconsistent between openssl(1) applications;
apply the principal of least surprise. This will also simplify the addition
of upcoming functionality.
|
|
|
|
allows for simpler code in the common cases and will allow for further
extension to support the complex cases.
|
|
- Sync cipher strings with the ones that are actually implemented.
- Remove CIPHERS SUITE NAMES (the actual cipher suites can be obtained
via "openssl ciphers -v"), CIPHERS NOTES, and CIPHERS HISTORY
sections.
- Stop mentioning export cipher suites since they have already been
removed.
feedback from deraadt@ and jmc@
ok jmc@
|
|
|
|
"openssl dgst".
feedback/ok jmc@
|
|
EC_GROUP_free() all have implicit NULL checks.
|
