| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Noted by kinichiro on github. We probably need a better way to indicate the
list of message digests that are allowed, as the current ones are nowhere near
exhaustive (sigh - guenther@)
OK guenther@ jmc@
|
| | |
|
| |
|
|
|
|
|
|
| |
MD4 should have been removed a long time ago. Also, RFC 6150 moved it to
historic in 2011. Rides the major crank from removing SHA-0.
Discussed with many including beck@, millert@, djm@, sthen@
ok jsing@, input + ok bcook@
|
| | |
|
| |
|
|
| |
ok jmc@
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
has been superseded by OPENSSL_CONF and discouraged from use for almost
16 years.
"Definately ok" jsing@
"burn it" deraadt@
"Kill it with fire" miod@
"KILL IT WITH FIRE!!! BURN!!!!" beck@
|
| |
|
|
|
|
|
| |
We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.
ok jsing@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
perform a proper shutdown by sending a "close notify" alert to the
server. This allows s_time to benchmark a full TLS connection
more accurately.
Introduce a new flag called -no_shutdown to make s_time adopt the
previous behavior (i.e. shut down the connection without notifying the
server) so that comparisons can still be made with OpenSSL's version.
The idea of using a flag (which replaces a #define) was suggested by
bcook@. Thanks to millert@ and miod@ as well for their feedback on an
earlier diff which resulted in this change.
ok bcook@ beck@
|
| |
|
|
|
|
|
|
|
| |
From https://rt.openssl.org/Ticket/Display.html?id=2860&user=guest&pass=guest
- add a -xmpphost option to specify the xmpp virtual host
- fix an infinite loop when the vhost isnt what the server expects
- fix communication with openfire & prosody servers
with tweaks & ok bcook@ doug@ manpage bits jmc@
|
| | |
|
| |
|
|
| |
ok jmc@
|
| | |
|
| |
|
|
| |
ok deraadt@ jsing@ miod@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Predefined strings are not very portable across troff implementations,
and they make the source much harder to read. Usually the intended
character can be written directly.
No output changes, except for two instances where the incorrect escape
was used in the first place.
tweaks + ok schwarze@
|
| |
|
|
|
|
|
| |
Aq is not the same as <> in non-ASCII situations, so this caused
incorrect output in some places. And it provided no semantics besides.
ok schwarze@
|
| |
|
|
| |
OK jmc@
|
| |
|
|
|
|
| |
this man page.
ok jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Sync cipher strings with the ones that are actually implemented.
- Remove CIPHERS SUITE NAMES (the actual cipher suites can be obtained
via "openssl ciphers -v"), CIPHERS NOTES, and CIPHERS HISTORY
sections.
- Stop mentioning export cipher suites since they have already been
removed.
feedback from deraadt@ and jmc@
ok jmc@
|
| | |
|
| |
|
|
|
|
| |
"openssl dgst".
feedback/ok jmc@
|
| | |
|
| |
|
|
| |
Based on a diff from Rusty (rustyl at outband dot net) and OpenSSL.
|
| |
|
|
|
|
|
|
|
|
| |
keys by default (instead of SHA1/3DES) and update documentation to match.
Another way to do this is s/NID_sha1/NID_sha256/ in src/crypto/rsa/rsa_ameth.c
("case ASN1_PKEY_CTRL_DEFAULT_MD_NID") but going with the more targetted method
above that only affects "openssl req" for now.
Help/OK jsing@. OKs on earlier diffs changing openssl.cnf from phessler@ aja@
|
| | |
|
| | |
|
|
|
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.
ok deraadt@ miod@
|
bcook
doug
jmc
lteo
landry
sobrado
sthen
bentley
bluhm
guenther
jsing
robert