| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.
We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.
This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.
deraadt@ and beck@ are roughly fine with this approach.
|
| |
|
|
| |
flag. Pointed out by jmc@'s commit to the openssl(1) man page.
|
| | |
|
| |
|
|
|
|
| |
's_time -verify 1' will now actually verify the peer certificate.
ok beck@
|
| |
|
|
|
|
|
|
|
| |
provided by progs.h). Also, move the FUNCTION type (and flags) into
openssl.c since that is the only place of use. Lastly, remove pointless
'extern' from the prototypes and use char **argv instead of char *argv[]
(the former is used elsewhere).
ok deraadt@ doug@
|
| |
|
|
| |
ok miod@ bcook@ beck@
|
| |
|
|
|
|
|
| |
value from SSL_CTX_set_cipher_list(). Also remove pointless getenv()
handling.
ok bcook@ doug@
|
| | |
|
| |
|
|
| |
ok doug@
|
| |
|
|
|
|
|
|
|
|
| |
From OpenSSL commits:
6f91b017bbb7140f816721141ac156d1b828a6b3
75d0ebef2aef7a2c77b27575b8da898e22f3ccd5
a2b18e657ea1a932d125154f4e13ab2258796d90
ok miod@, jsing@
|
| | |
|
| |
|
|
| |
ok jsing@
|
|
|
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.
ok deraadt@ miod@
|
doug
lteo
bcook
jsing
deraadt