| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
| |
to receive sendsyslog(2) messages.
discussed with martijn@; OK jmc@ deraadt@
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
okay bluhm@, deraadt@
|
| |
|
|
|
| |
default protocols instead of crashing - this makes the behaviour more
useful and mirrors what we already do in tls_config_set_ciphers() et al.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- When parsing the OCSP extension we can have multiple responder IDs - pull
these out correctly.
- Stop using CBS_stow() - it's unnecessary since we just need access to the
data and length (which we can get via CBS_data() and CBS_len()).
- Use a temporary pointer when calling d2i_*() functions, since it will
increment the pointer by the number of bytes it consumed when decoding.
The original code incorrectly passes the pointer allocated via CBS_stow()
(using malloc()) to a d2i_*() function and then calls free() on the now
incremented pointer, most likely resulting in a crash. This issue was
reported by Robert Swiecki who found the issue using honggfuzz.
ok beck@
|
| |
|
|
|
|
|
| |
after we finish building the responder ID list. Otherwise adding to the
responder ID list fails.
ok beck@
|
| |
|
|
| |
Spotted by krw@
|
| |
|
|
| |
ok tb@ tedu@
|
| |
|
|
| |
requested by jmc@
|
| |
|
|
|
|
| |
and delete misleading parts from the CAVEATS;
issue reported by <ScottCheloha at gmail dot com> on bugs@;
OK espie@ millert@
|
| |
|
|
|
|
|
|
|
|
| |
This fixes a bug where by a TLS server with SNI would always only return
the OCSP staple for the default keypair, rather than returning the OCSP
staple associated with the keypair that was selected via SNI.
Issue reported by William Graeber and confirmed by Andreas Bartelt.
Fix tested by William Graeber and Andreas Bartelt - thanks!
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
code. Adapted from a diff by Ross L Richardson.
|
| |
|
|
|
| |
havoc all over the place. So add some casts to silence the compiler.
ok deraadt@ guenther@
|
| | |
|
| |
|
|
|
|
| |
Theo already clamped down on these devices last year.
Triggered by a question from Nan Xiao <xiaonan830818 at gmail dot com>.
OK deraadt@
|
| | |
|
| |
|
|
|
|
|
| |
cancellation points in POSIX, so change them to invoke the non-cancellation
point versions of open(), close(), nanosleep(), and write()
ok deraadt@ millert@
|
| | |
|
| |
|
|
|
|
| |
Prompted by Nan Xiao noticing the redundancy of bzero+termination - thanks.
ok deraadt@
|
| |
|
|
|
|
|
|
|
| |
conversion functions use SSE2 instructions, but these are not guarded by
#ifdef __SSE2__, and there is no implementation using general purpose
registers. For these functions, use the generic C variants instead,
otherwise they will cause SIGILL on older processors.
From FreeBSD; ok deraadt@ mlarkin@ patrick@
|
| |
|
|
|
|
| |
Riding previous libc bump.
ok kettenis@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Complete in the sense that all POSIX *locale(3) and *_l(3) functions
are included, but in OpenBSD, we of course only really care about
LC_CTYPE and we only support ASCII and UTF-8.
With important help from kettenis@, guenther@, and jca@.
Repeated testing in ports bulk builds by naddy@.
Additional testing by jca@, sebastia@, dcoppa@, and others.
OK kettenis@ dcoppa@, and guenther@ on an earlier version.
Riding guenther@'s libc/librthread major bump.
|
| |
|
|
| |
ok jca@ kettenis@ deraadt@
|
| |
|
|
|
|
|
|
| |
pthread_exit from libpthread to libc, along with low-level bits to
support them. Major bump to both libc and libpthread.
Requested by libressl team. Ports testing by naddy@
ok kettenis@
|
| |
|
|
| |
ok bcook@
|
| | |
|
| |
|
|
|
| |
prototypes if we have both OPENSSL_NO_NEXTPROTONEG and the prototypes
defined.
|
| |
|
|
| |
POSIX 2001 instead of POSIX.1c suggested by millert@ and jmc@, ok jmc@
|
| |
|
|
|
|
| |
leaving ssl_add_{client,server}hello_tlsext() as pointer to CBB wrappers.
ok doug@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Several pieces of software make use of these based on a conditional around
OPENSSL_NPN_NEGOTIATED, rather than using the presence of the symbols, the
non-existence of a OPENSSL_NO_NEXTPROTONEG define or even the existence of
the TLS extension type.
Unfortunately we cannot remove OPENSSL_NPN_NEGOTIATED since the API for
ALPN was effectively botched and reuses two parts from the NPN
implementation, rather than providing ALPN specific or generic versions.
|
| |
|
|
| |
Several pieces of software expect this to be available unconditionally.
|
| |
|
|
| |
ok deraadt@ bcook@
|
| |
|
|
|
|
|
| |
This needs to skip past the CBS data or it will be treated as a decode
error even though it returns 1.
ok jsing@
|
| |
|
|
|
|
|
| |
to low when they are actually numbered in the opposite (numerical)
order. Use "ordered by decreasing importance" instead. Also try
to make it clear that LOG_UPTO uses the numerical priorities where
a larger value means a lower priority. OK jmc@
|
| |
|
|
|
|
|
|
| |
callback has been installed. This ensures that the ALPN extension is valid
and avoids leaving unprocessed extension data, which leads to a decode
error.
Found the hard way by jsg@
|
| |
|
|
| |
OK espie@
|
| |
|
|
| |
Spotted by Andreas Bartelt <obsd at bartula dot de>
|
| | |
|
| |
|
|
| |
chacha20-poly1305 cipher suites have been removed from libssl.
|
| |
|
|
| |
removed/renamed a long time back.
|
| | |
|
| |
|
|
|
|
| |
code. We removed SSLv2/SSLv3 a long time ago...
Discussed with doug@
|
schwarze
bluhm
jmc
bcook
espie
jsing
jca
otto
millert
guenther
tom
naddy
mpi
jsg
inoguchi
doug