Up to [local] / src / usr.bin / openssl
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.18 / (download) - annotate - [select for diffs], Tue Nov 21 17:56:19 2023 UTC (6 months, 2 weeks ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
HEAD
Changes since 1.17: +2 -2 lines
Diff to previous 1.17 (colored)
Make a few purpose things const This should allow us to constify a sizable table in libcrypto in an upcoming bump.
Revision 1.17 / (download) - annotate - [select for diffs], Fri Apr 14 15:27:13 2023 UTC (13 months, 3 weeks ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.16: +1 -4 lines
Diff to previous 1.16 (colored)
Drop policy printing from openssl Nothing really uses the policy tree. It's desgined with built-in DoS capabilities directly from the RFC. It will be removed from the attack surface and replaced with something equivalent that doesn't grow exponentially with the depth. This removes the only reason the policy tree itself ever leaked out of the library. ok jsing
Revision 1.16 / (download) - annotate - [select for diffs], Mon Mar 6 14:32:06 2023 UTC (15 months ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.15: +27 -27 lines
Diff to previous 1.15 (colored)
Rename struct ${app}_config to plain cfg All the structs are static and we need to reach into them many times. Having a shorter name is more concise and results in less visual clutter. It also avoids many overlong lines and we will be able to get rid of some unfortunate line wrapping down the road. Discussed with jsing
Revision 1.15 / (download) - annotate - [select for diffs], Fri Nov 11 17:07:39 2022 UTC (18 months, 4 weeks ago) by joshua
Branch: MAIN
Changes since 1.14: +4 -6 lines
Diff to previous 1.14 (colored)
Remove the legacy interactive mode from openssl(1). This removes the legacy interactive mode from openssl(1) since it is rarely used, complicates the code, and has also been removed from OpenSSL in version 3.x.x. ok tb@ jsing@
Revision 1.14 / (download) - annotate - [select for diffs], Mon Feb 15 17:57:58 2021 UTC (3 years, 3 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.13: +2 -4 lines
Diff to previous 1.13 (colored)
Only print the certificate file once on verifification failure. Noted by Steffen Ullrich. ok tb@
Revision 1.13 / (download) - annotate - [select for diffs], Tue Nov 3 18:50:25 2020 UTC (3 years, 7 months ago) by tb
Branch: MAIN
Changes since 1.12: +7 -7 lines
Diff to previous 1.12 (colored)
Wrap remaining overlong lines.
Revision 1.12 / (download) - annotate - [select for diffs], Tue Nov 3 18:47:19 2020 UTC (3 years, 7 months ago) by tb
Branch: MAIN
Changes since 1.11: +10 -8 lines
Diff to previous 1.11 (colored)
garbage collect an essentially unused variable and wrap some overlong lines
Revision 1.11 / (download) - annotate - [select for diffs], Tue Nov 3 18:42:52 2020 UTC (3 years, 7 months ago) by tb
Branch: MAIN
Changes since 1.10: +5 -5 lines
Diff to previous 1.10 (colored)
* ptr -> *ptr
Revision 1.10 / (download) - annotate - [select for diffs], Tue Nov 3 18:39:18 2020 UTC (3 years, 7 months ago) by tb
Branch: MAIN
Changes since 1.9: +22 -20 lines
Diff to previous 1.9 (colored)
X509_verify_cert()'s return value is not reliable if the callback returns 1. verify.c's cb() ignores a bunch of things to display as much info as possible. Thus, check the error code on the store ctx as well, similar to OpenSSL commit d9e309a6 (old licence). This makes openssl verify error on expired certs, at least with the legacy verify code. While here, fix a number of style issues, simplify and plug a leak. ok inoguchi
Revision 1.9 / (download) - annotate - [select for diffs], Mon Oct 26 11:48:39 2020 UTC (3 years, 7 months ago) by tb
Branch: MAIN
Changes since 1.8: +5 -1 lines
Diff to previous 1.8 (colored)
Add a -legacy_verify flag to force use of the old validator for debugging and testing purposes. ok beck inoguchi jsing
Revision 1.8 / (download) - annotate - [select for diffs], Tue Jul 14 19:08:30 2020 UTC (3 years, 10 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.7: +220 -88 lines
Diff to previous 1.7 (colored)
Convert option handling for openssl(1) verify. ok inoguchi@, tb@
Revision 1.7 / (download) - annotate - [select for diffs], Wed Feb 7 05:47:55 2018 UTC (6 years, 4 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.6: +3 -3 lines
Diff to previous 1.6 (colored)
Indent labels with a single space so that diff prototypes are more useful.
Revision 1.6 / (download) - annotate - [select for diffs], Sat Oct 17 15:00:11 2015 UTC (8 years, 7 months ago) by doug
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2,
OPENBSD_6_1_BASE,
OPENBSD_6_1,
OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.5: +4 -2 lines
Diff to previous 1.5 (colored)
Exit if a pledge call fails in non-interactive mode. ok semarie@
Revision 1.5 / (download) - annotate - [select for diffs], Sat Oct 10 22:28:51 2015 UTC (8 years, 8 months ago) by doug
Branch: MAIN
Changes since 1.4: +6 -1 lines
Diff to previous 1.4 (colored)
Initial support for pledges in openssl(1) commands. openssl(1) has two mechanisms for operating: either a single execution of one command (looking at argv[0] or argv[1]) or as an interactive session than may execute any number of commands. We already have a top level pledge that should cover all commands and that's what interactive mode must continue using. However, we can tighten up the pledges when only executing one command. This is an initial stab at support and may contain regressions. Most commands only need "stdio rpath wpath cpath". The pledges could be further restricted by evaluating the situation after parsing options. deraadt@ and beck@ are roughly fine with this approach.
Revision 1.4 / (download) - annotate - [select for diffs], Fri Sep 11 14:30:23 2015 UTC (8 years, 9 months ago) by bcook
Branch: MAIN
Changes since 1.3: +9 -27 lines
Diff to previous 1.3 (colored)
Remove engine command and parameters from openssl(1). We do not have any builtin or dynamic engines, meaning openssl(1) has no way to use the engine command or parameters at all. ok jsing@
Revision 1.3 / (download) - annotate - [select for diffs], Sat Aug 22 16:36:05 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.2: +1 -3 lines
Diff to previous 1.2 (colored)
Remove all duplicate prototypes for *_main functions (these are already provided by progs.h). Also, move the FUNCTION type (and flags) into openssl.c since that is the only place of use. Lastly, remove pointless 'extern' from the prototypes and use char **argv instead of char *argv[] (the former is used elsewhere). ok deraadt@ doug@
Revision 1.2 / (download) - annotate - [select for diffs], Thu Aug 28 14:23:52 2014 UTC (9 years, 9 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.1: +1 -3 lines
Diff to previous 1.1 (colored)
openssl_setup() calls SSL_load_error_strings(), which happens to call ERR_load_crypto_strings() - as such, we do not need to call the same function from most of the applications.
Revision 1.1 / (download) - annotate - [select for diffs], Tue Aug 26 17:47:25 2014 UTC (9 years, 9 months ago) by jsing
Branch: MAIN
Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not a system/superuser binary. At the same time, move the source code from its current lib/libssl/src/apps location to a more appropriate home under usr.bin/openssl. ok deraadt@ miod@