src - OpenBSD base system

Age	Commit message (Collapse)	Author
2016-09-11	Files in /etc/ssl belong to root. ok deraadt	Martin Natano

2016-06-14	Remove unused variable, found by clang	Reyk Floeter

2016-03-01	add LIBCRYPTO to DPADD	Gleydson Soares
	OK deraadt@ mikeb@
2015-12-05	EAGAIN handling for imsg_read. OK henning@ benno@	Claudio Jeker

2015-11-10	With ikectl now requiring ca specific sections not present in the	Jonathan Gray
	general openssl cnf files install the ikeca.cnf file. ok sthen@ requested by reyk@
2015-11-06	Use pledge in ikectl. For now one request for sending imsgs to iked	Jonathan Gray
	another request for the ca portion. ok deraadt@
2015-11-02	switch from using sha1 to sha256	Jonathan Gray
	As the ca section of the cnf file requires a default_md line (unlike req) this change also requires updating the installed ikeca.cnf or equivalent files. Requested by and ok reyk@ who also tested this against ios9 with iked.
2015-11-02	sign csrs with openssl ca instead of x509 -req	Jonathan Gray
	This way openssl will add valid signed certs to the index file which is required to use the builtin openssl OCSP server. This change requires installing a new ikeca.cnf or updating the default cnf files with equivalent sections. Requested by and ok reyk@
2015-11-02	sign csrs with openssl ca instead of x509 -req	Jonathan Gray
	This way openssl will add valid signed certs to the index file which is required to use the builtin openssl OCSP server. This change requires installing a new ikeca.cnf or updating the default cnf files with equivalent sections. Requested by and ok reyk@
2015-11-02	Accept an ocsp option when creating certificates to set the extended	Jonathan Gray
	key usage for OCSP signing. Requested by and ok reyk@
2015-09-07	append a slash immediately after a file system path that is a directory;	Igor Sobrado
	uppercase the description of /var/run/iked.sock (found by jmc@); add missing full stop. ok jmc@
2015-08-19	ca_hier() und ca_newpass() abort on failure, return void instead of int.	Reyk Floeter
	Based on previous observation by semarie@
2015-08-19	spacing	Reyk Floeter

2015-08-19	fcopy_env() should return void as it aborts on failure.	Reyk Floeter
	Pointed out by semarie@
2015-08-19	Use C99 integer types in ikectl(8).	Reyk Floeter
	OK jsg@
2015-08-19	Support for overwriting $ENV:: variables in OpenSSL .cnf files from	Reyk Floeter
	the environment has been removed in LibreSSL. This was a good step but it unintentionally broke the "ikectl ca" commands. Rework the implementation for copying the .cnf files and expanding the $ENV:: variables ourselves before passing the generated .cnf file to the "openssl" command. Reported and tested by Jona Joachim (thanks!) OK jsg@
2015-08-15	correct mode_t 644 to 0644	Sebastien Marie
	ok sthen@
2015-08-15	corrects three err() to errx() calls	Sebastien Marie
	- a if condition don't set errno - strlcpy(3) don't set errno (no mention is man page) - ca_readpass() already manage errno error message with warn(3) ok sthen@
2015-07-27	use file system path (.Pa) semantic markup macros where appropriate.	Igor Sobrado
	ok jmc@
2015-06-11	Use "compliant" header guards by avoiding the reserved '_' namespace.	Reyk Floeter
	Pointed out by Markus Elfring OK mikeb@ millert@
2015-02-28	Reduce usage of predefined strings in manpages.	Anthony J. Bentley
	Predefined strings are not very portable across troff implementations, and they make the source much harder to read. Usually the intended character can be written directly. No output changes, except for two instances where the incorrect escape was used in the first place. tweaks + ok schwarze@
2015-01-16	Replace <sys/param.h> with <limits.h> and other less dirty headers where	Theo de Raadt
	possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
2014-11-22	/dev/random has created the same effect as /dev/arandom (and /dev/urandom)	Theo de Raadt
	for quite some time. Mop up the last few, by using /dev/random where we actually want it, or not even mentioning arandom where it is irrelevant.
2014-08-26	Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not	Joel Sing
	a system/superuser binary. At the same time, move the source code from its current lib/libssl/src/apps location to a more appropriate home under usr.bin/openssl. ok deraadt@ miod@
2014-08-25	Delete secret or secret-derived data with explicit_bzero.	Doug Hogan
	concept ok deraadt@ diff looks ok tedu@
2014-07-20	Make sure the correct errno is reported by warn* or err* and not	Philip Guenther
	the errno of an intervening cleanup operation like close/unlink/etc. Diff from Doug Hogan (doug (at) acyclic.org)
2014-04-18	round up some enemy sympathizers found calling RAND_seed().	Ted Unangst
	ok beck reyk
2014-01-18	Remove -Wbounded: it is now the compiler default.	Martynas Venckus

2013-11-14	cope with the EAGAIN API change for msgbuf_write()	Theo de Raadt
	ok benno
2013-08-16	Use %lld and cast to (long long) when printing time_t values	Philip Guenther
	otto@ millert@ lteo@ mikeb@ deraadt@
2013-07-16	use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@	Ingo Schwarze

2013-01-08	Remove private CVS tag from an obsolete repository and bump copyright	Reyk Floeter
	to 2013 while I'm here... this is my way of saying "happy new year!".
2012-12-08	don't forget to include a path separator after an SSLDIR;	Mike Belopuhov
	reported by david hill
2012-11-01	Remove dead code that was a leftover from the initial code which was	Reyk Floeter
	based on snmpctl. Found and committed from the plane in 10km (35.000 feet). No functional change and this diff doesn't touch any crypto code so the current country below me cannot blame me for importing / exporting any crypto. ok benno@
2012-10-25	Remove support email address from the example that is intended for	Reyk Floeter
	customers for an existing company.
2012-10-23	Allow to overwrite a few more definitions like file paths from the	Reyk Floeter
	Makefile. No functional change.
2012-09-18	update email addresses to match reality.	Reyk Floeter
	sure jsg@ mikeb@
2012-07-08	if you use nitems() in userland, you must define it yourself	Theo de Raadt
	discussed with guenther
2012-05-02	s/snmpd/iked/ in comment	Gleydson Soares
	ok henning@
2011-05-27	spacing	Reyk Floeter

2011-01-20	more double word removal;	Jason McIntyre

2010-10-11	and another one... s/10.4.5.6/10.3.4.5/, also from jy-p.	Stuart Henderson

2010-10-11	typo, s/10.1.2.3/10.2.3.4/, from jy-p	Stuart Henderson

2010-10-08	set the client/server certificate options with all the common keyusage	Reyk Floeter
	and extendedkeyusage and nscerttype flags. the ikectl CA can now be used with all kinds of other vpn tools in addition to iked and isakmpd. ok phessler@
2010-10-08	check if a directory exists before trying to create it in the export	Jonathan Gray
	case as well, spotted by mikeb
2010-10-08	tweak for nroff	Jonathan Gray

2010-10-08	if non absolute paths are specified in install commands assume they	Jonathan Gray
	are relative to /etc
2010-10-08	allow optional paths for the install commands so we can	Jonathan Gray
	install into the isakmpd directory hierarchy for example.
2010-10-08	Allow to show certificate details (show ca x cert [y]).	Reyk Floeter

2010-10-07	only try to setup a passfile when creating a CA	Jonathan Gray