| Age | Commit message (Collapse) | Author |
|---|
|
ok and comments jmc@
|
|
Checking return value of sk_.*_new_null().
ok beck@ jsing@
|
|
ok jmc@
|
|
- Remove typedef and use 'struct cms_key_param' instead
- Check return value of sk_X509_push and sk_OPENSSL_STRING_push
- Add a blank line to separate variable declarations from code
comments from jsing@
|
|
This provides rsa_padding_mode:oaep for cms -encrypt,
and rsa_padding_mode:pss for cms -sign.
ok jsing@
|
|
- Check NCONF_new() return value
- Remove unnecessary 'i'
comments from jsing@
|
|
First step of adding -addext option to openssl(1) req from OpenSSL 1.1.1d.
ok jsing@
|
|
|
|
|
|
|
|
|
|
|
|
This was cleaned up after cms went to the attic.
|
|
|
|
openssl s_server has an arbitrary read vulnerability on Windows when run with
the -WWW or -HTTP options, due to an incomplete path check logic. Thanks to
Jobert Abma for reporting.
ok tb@
|
|
on html or groff. the solution, to replace the non-standard .nr macros
with a hang list, was provided by ingo - thanks!
ok schwarze
|
|
|
|
|
|
suggested from jsing@
|
|
Adapt openssl(1) dgst command to new option handling.
Added dgst_options struct and option handlers, and replaced for-if-strcmp
handling with options_parse().
ok bcook@ jsing@
|
|
ok schwarze@
|
|
First step to adapt openssl(1) dgst command to new option handling.
There is no functional changes by this diff, and just moving variables
into dgst_config struct.
ok bcook@
|
|
- Add a space before 'export_end:'
- Remove space after '*'
- Wrap lines by 80 columns
|
|
ok bcook@ tb@
|
|
|
|
from Steven Roberts
|
|
|
|
Adapt openssl(1) pkcs12 command to new option handling.
Added pkcs12_options struct, and replaced for-if-strcmp handling with
options_parse().
ok and comments jsing@
|
|
First step to adapt openssl(1) pkcs12 command to new option handling.
There is no functional changes by this diff, and just moving variables into
pkcs12_config struct.
I still keep long lines more than 80 for this review to minimize diffs.
ok jsing@ tb@
|
|
|
|
As we did in other openssl sub command, move up option handlers above option
definition struct. No functional changes and just move up and remove prototype.
|
|
- s/outputed/outputted/
- s/trused/trusted/
- add der as argument and describe pem is the default
|
|
This moves them from .data to .data.rel.ro
ok deraadt@ inoguchi@
|
|
- Add undocumented options below.
-alpn, -cert2, -certform, -dcertform, -dkeyform, -dpass, -dtls1, -key2,
-keyform, -keymatexport, -keymatexportlen, -mtu, -named_curve, -no_cache,
-no_ecdhe, -no_ticket, -pass, -port, -servername, -servername_fatal,
-status, -status_timeout, -status_url, -status_verbose, -timeout,
-tlsextdebug, -use_srtp, -verify_return_error
- Remove -hack, -psk and -psk_hint since not exist in source code.
I didn't add these 5 options since these were no-op.
-chain, -legacy_renegotiation, -nextprotoneg, -no_comp, -no_ssl2
This option was removed from manual in the past.
-no_ssl3
ok and suggestions from jmc@
|
|
- Add undocumented options below.
-alpn, -certform, -dtls1, -host, -keyform, -keymatexport, -keymatexportlen,
-legacy_server_connect, -mtu, -no_ign_eof, -no_legacy_server_connect, -pass
-port, -serverpref, -sess_in, -sess_out, -status, -timeout, -use_srtp,
-verify_return_error
- Remove -psk and -psk_identity since not exist in source code.
I didn't add these 4 options since these were no-op.
-nextprotoneg, -legacy_renegotiation, -no_comp, -no_ssl2
This option was removed from manual in the past.
-no_ssl3
ok jmc@
|
|
ok bcook@ jsing@
|
|
Add missing -camellia*/-idea description to genrsa section.
ok jmc@
|
|
ok tb@ jsing@
|
|
- dsa : add missing -pvk-none, -pvk-strong and -pvk-weak
add pvk format to -inform and -outform
- ocsp : add missing -header, -ignore_err, -no_explicit and -timeout
- rsa : add missing -pvk-none, -pvk-strong and -pvk-weak
add missing -RSAPublicKey_in and -RSAPublicKey_out
add pvk format to -inform and -outform
- smime : add missing -nosmimecap
- add pvk description at common format part
ok jmc@
|
|
- For pkcs12, add -camellia*/-idea, -LMK and -password
- For req, add -multivalue-rdn, -pkeyopt and -sigopt
- For verify, add -CRLfile and -trusted, and down -check_ss_sig description
- For x509, add -next_serial and -sigopt
- Remove the escape in -multivalue-rdn from ca section
ok jmc@
|
|
- For ec, add -param_out description
- For enc, add -v usage and description
- For pkcs7, add -print usage and description
ok jmc@
|
|
- Add undocumented option -r
ok jmc@
|
|
- Add undocumented options -crlnumber, -hash_old, -nameopt and -verify
ok jmc@
|
|
- Add undocumented options -crlsec and -sigopt
- Sync argument name between usage and options description
ok jmc@
|
|
|
|
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.
|
|
- Move local variables in genrsa_main() to struct genrsa_config
- Leave long lines more than 80, still
ok bcook@
|
|
|
|
- Adapt openssl(1) gendsa command to new option handling.
- Add lacking ciphers and passout description in openssl.1 manpage.
- Describe paramfile as argument in openssl.1 manpage.
ok bcook@
|
|
|
