| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2022-12-28 | spelling fixes; from paul tagliamonte | Jason McIntyre | |
| any parts of his diff not taken are noted on tech | |||
| 2022-12-15 | The argument to ctype functions must be EOF or representable as an | Florian Obser | |
| unsigned char. Casting to int is particularly useless because that's what the compiler already does. We need to prevent sign extension, not write down that we want sign extension. OK deraadt, kn, miod, op | |||
| 2021-09-14 | Add missing void to definition of http_init(). | Theo Buehler | |
| ok deraadt florian | |||
| 2021-07-14 | Remove unneeded calls to tls_init(3) | kn | |
| As per the manual and lib/libtls/tls.c revision 1.79 from 2018 "Automatically handle library initialisation for libtls." initialisation is handled automatically by other tls_*(3) functions. Remove explicit tls_init() calls from base to not give the impression of it being needed. Feedback tb OK Tests mestre | |||
| 2021-07-12 | Change the error reporting pattern throughout the tree when unveil | Bob Beck | |
| fails to report the path that the failure occured on. Suggested by deraadt@ after some tech discussion. Work done and verified by Ashton Fagg <ashton@fagg.id.au> ok deraadt@ semarie@ claudio@ | |||
| 2021-02-09 | Walk over all results from getaddrinfo() instead of giving up after the | Claudio Jeker | |
| first entry. This way ocspcheck will try all returned IPs to contact the OCSP server. Found by the regress test and a resolv.conf file with 'family inet6 inet4'. OK kn@ deraadt@ | |||
| 2020-10-16 | Refactor a bunch of oscpcheck for single return to clean it up, | Bob Beck | |
| and add the ability to parse a port in the specified ocsp url. Since this will now pass them, enable regress tests previously committed for ocspcheck. mostly by me with some cleanup by tb after an obvious yak was found to shave in the OCSP routines in libcrypto ok tb@ | |||
| 2020-09-04 | Ignore ftruncate failure with errno == EAGAIN | Theo Buehler | |
| This makes piping the OCSP response to other programs with -o - work. input and r+ guenther | |||
| 2020-01-23 | The X509_LOOKUP code tries to grope around in /etc/ssl/cert/ to find | Theo Buehler | |
| CA certs it couldn't find otherwise. This may lead to a pledge rpath violation reported by Kor, son of Rynar. Unfortunately, providing certs inside a directory is common in linuxes, so we need to keep this functionality for portable. Check if /etc/ssl/cert.pem and /etc/ssl/cert exist and pledge accordingly. Add unveils to restrict this program further on a default OpenBSD install. Fix -C to look only inside the provided root bundle. Input from jsing and sthen, tests by sthen and Kor ok beck, jsing, sthen (after much back and forth) | |||
| 2020-01-11 | Set "Content-Type: application/ocsp-request" in ocspcheck(1)'s POSTs, | Stuart Henderson | |
| it is required by the RFC and some CAs require it (e.g. sectigo). From daharmasterkor at gmail com, ok jca@ | |||
| 2019-06-28 | When system calls indicate an error they return -1, not some arbitrary | Theo de Raadt | |
| value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future. | |||
| 2019-05-15 | check result of ftruncate() as we do write() below | Brent Cook | |
| ok beck@ | |||
| 2018-11-29 | update for libtls default cert changes. | Ted Unangst | |
| bonus: this exposed a few missing const qualifiers. | |||
| 2018-11-06 | Use TLS_CA_CERT_FILE instead of a separate define. | Joel Sing | |
| ok beck@ bluhm@ tb@ | |||
| 2017-12-01 | Avoid using an uninitialized variable. | Visa Hankala | |
| Found by gcc. OK jca@ | |||
| 2017-11-29 | add -i to SYNOPSIS/usage() and sundry tweaks; | Jason McIntyre | |
| ok beck | |||
| 2017-11-28 | Add option -i to allow oscpcheck to be used to validate an on-disk staple | Bob Beck | |
| ok claudio@ benno@ | |||
| 2017-10-17 | add missing HISTORY; based on CVS logs and release announcements | Ingo Schwarze | |
| 2017-05-08 | Print size_t's correctly. | Bob Beck | |
| Fix from Jonas 'Sortie' Termansen <sortie@maxsi.org> | |||
| 2017-05-07 | Limit -Werror to gcc4 as was done in libcrypto/libssl/libtls to avoid | Jonathan Gray | |
| failed builds with different compilers. ok jsing@ | |||
| 2017-03-27 | repair knf & whitespace that jumped out of the screen during review | Theo de Raadt | |
| ok beck | |||
| 2017-03-27 | use a path of "/" if the URL does not include a trailing / - since | Bob Beck | |
| the web server probably doesn't like it, even though you published the url without the trailing / in the certificate. (hello digicert!) ok claudio@ | |||
| 2017-03-27 | Fail early if an ocep server returns a non-200 http response, there is no | Bob Beck | |
| point in trying to parse error pages as an ocsp response. | |||
| 2017-03-26 | recallocarray() for data buffer from the net. | Theo de Raadt | |
| ok beck | |||
| 2017-02-25 | pledge stdio before parsing the http response | Bob Beck | |
| ok tb@ | |||
| 2017-02-20 | Add missing $OpenBSD$ | Bob Beck | |
| 2017-02-03 | Don't use <sys/param.h> from userland without cause. Sort <sys/*> | Philip Guenther | |
| before other includes per style(9) while we're here. ok florian@ bcook@ jsing@ beck@ | |||
| 2017-02-01 | netinet/in.h should be included, and freebsd and some others | Bob Beck | |
| don't have EAI_NODATA, so make this easier for people from bernard spill | |||
| 2017-01-26 | oscp -> ocsp; | Jason McIntyre | |
| from holger mikolon, plus one more in nc; | |||
| 2017-01-26 | Use numeric exit codes consistently rather than a mix | Bob Beck | |
| ok jsing@ | |||
| 2017-01-26 | style | Bob Beck | |
| 2017-01-26 | Fix the structure initialzation to compile. bad inioguchi and millert :) | Bob Beck | |
| ok jsing@ rpe@ | |||
| 2017-01-25 | Fix array initialization syntax for ocspcheck.c | Kinichiro Inoguchi | |
| Conformance to C99, and avoiding build break on VisualStudio and HP-UX. OK millert@ | |||
| 2017-01-25 | remove __BEGIN_DECLS and __END_DECLS from http.h | Kinichiro Inoguchi | |
| sync with ocspcheck and acme-client ok benno@ | |||
| 2017-01-25 | bring changes from acme-client over here. | Sebastian Benoit | |
| ok beck@ | |||
| 2017-01-24 | correct usage format; ok beck claudio benno | Theo de Raadt | |
| 2017-01-24 | fix mode on open() and ftruncate(), noticed by | Bob Beck | |
| bcook@ | |||
| 2017-01-24 | Say no to two line error messages on failure | Bob Beck | |
| 2017-01-24 | s/returns/exits/ | Bob Beck | |
| 2017-01-24 | Break run-on sentence into two. | Bob Beck | |
| 2017-01-24 | string terminator is called a NUL | Theo de Raadt | |
| 2017-01-24 | Actually load the cafile when providede, and error message cleanup | Bob Beck | |
| 2017-01-24 | use warn, I have errno here. noticed by theo | Bob Beck | |
| 2017-01-24 | Yes the "if (const == val" idiom provides some safety, but it grates on | Theo de Raadt | |
| us too much. ok beck jsing | |||
| 2017-01-24 | knf | Bob Beck | |
| 2017-01-24 | revert accidental commit of theo diff | Bob Beck | |
| 2017-01-24 | Just don't bother with OpenSSL error strings, they are mostly | Bob Beck | |
| irrelevant and look gross here anyway.. we don't need them | |||
| 2017-01-24 | various cleanup; | Jason McIntyre | |
| 2017-01-24 | slight cleanups | Theo de Raadt | |
| 2017-01-24 | s/exit/exist/ typo | Bob Beck | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |