Branch :
| Author | Commit | Date | CI | Message |
|---|---|---|---|---|
| 72a107cf | 2020-07-27 13:06:13 | Add function prototype and move sub functions to bottom | ||
| f94a2c25 | 2020-07-27 12:29:51 | Remove space between '*' and pointer variable in s_server.c | ||
| 0e15fe22 | 2020-07-27 12:19:51 | Remove 's_' prefix from member of s_server_config struct | ||
| 5a233072 | 2020-07-27 12:09:14 | Convert openssl(1) s_server option handling ok and comments from jsing@ | ||
| af806480 | 2020-07-14 19:08:30 | Convert option handling for openssl(1) verify. ok inoguchi@, tb@ | ||
| b38ea368 | 2020-07-14 09:52:46 | Remove hyphen | ||
| 53fa2216 | 2020-07-14 09:49:42 | Add single space between pem and ... | ||
| f354b939 | 2020-07-14 09:46:17 | Add manual for openssl(1) certhash ok jmc@ | ||
| a2111520 | 2020-07-10 12:25:57 | Clean up s_client.c - Remove space between '*' and pointer variable. - Add function prototype. - Move callback function to bottom. - Move typedef struct to up. | ||
| 5042ef37 | 2020-07-10 12:05:52 | Change variable bio_c_out from global to local ok tb@ | ||
| 6369f9f8 | 2020-07-09 14:09:19 | Wrap long lines and put space in front of label in s_client.c | ||
| 6dcdcd8f | 2020-07-09 13:07:46 | Remove c_ prefix from s_client_config member | ||
| 10281ad2 | 2020-07-09 12:48:19 | Convert openssl(1) s_client option handling suggestions and ok beck@ jsing@ tb@ | ||
| a7150521 | 2020-05-23 13:00:30 | While the second SSL_CTX in this code is only used on servername callback, so its mode is not used to update the ssl's mode, it seems more appropriate to clear the SSL_MODE_AUTO_RETRY flag on it as well. ok jsing | ||
| f4cc3564 | 2020-05-23 12:52:54 | In ssl_lib.c revision 1.217, jsing enabled SSL_MODE_AUTO_RETRY by default. To avoid hanging on a blocking read, we need to clear the SSL_MODE_AUTO_RETRY flag in the s_client and the s_server. ok beck inoguchi jsing | ||
| 5285fdef | 2020-05-23 09:02:02 | Avoid an out-of-bounds array access in the s_server. It can be triggered by sending a line to stdin while no connection is open and then connecting a client. The first SSL_write() fails, sends SSL_ERROR_WANT_* and then causes a segfault deep down in the tls stack when accessing &(buf[-1]). ok beck inoguchi | ||
| f91d157a | 2020-05-22 16:11:23 | sockaddr should be sockaddr_storage, otherwise "openssl s_client -6 -dtls1" (gurn) copies getsockname() retrieves a truncated result and 14 bytes of stack garbage get copied onwards. ok tb | ||
| 283e98c7 | 2020-05-13 10:19:25 | Add description for -tls1_3 and -no_tls1_3 options to openssl(1) s_server ok jsing@ tb@ | ||
| 95f83488 | 2020-05-13 10:18:03 | Add -tls1_3 and -no_tls1_3 options to openssl(1) s_server - Add -tls1_3 and -no_tls1_3 to openssl(1) s_server - Stop using version pinned methods, instead setting the min and max protocol versions ok jsing@ tb@ | ||
| bbdaa95a | 2020-05-10 17:13:31 | Make openssl X509 handle the failure case return code from X509_time_cmp. While we are in here also make it notice if time values in a certificate are bogus, and say so in the output. ok bcook@ jsing@ | ||
| 30d5484a | 2020-05-10 16:55:28 | Conditionalize sleep-before-retry in server code to only be done when debug is on. otherwise, just retry. Fixes problems this creates in testing. ok jsing@ tb@ | ||
| e14d36e1 | 2020-04-26 02:09:21 | Display TLSv1.3 extension type with openssl(1) -tlsextdebug Add TLSv1.3 extension type, and sort by the definition order in tls1.h. This helps that openssl(1) s_server and s_client with -tlsextdebug displays the TLS extension type instead of "unknown". ok beck@ jsing@ tb@ | ||
| ac7717a1 | 2020-04-26 01:59:27 | s_client: fix use of possibly uninitialized values Set initial value to variable 'p' and 'pending'. Reported and fix requested from leonklingele by GitHub pull request. https://github.com/libressl-portable/portable/issues/577 https://github.com/libressl-portable/openbsd/pull/114 ok bcook@ jsing@ tb@ | ||
| 997fb57a | 2020-04-25 19:18:40 | In s_server.c rev. 1.33, jsing added support for "openssl s_server -groups"; document it and deprecate "openssl s_server -named_curve". While here, fix the error in the synopsis for "openssl s_client -groups" and use unified argument naming and similar wording like in SSL_CTX_set1_groups_list(3). OK jsing@ | ||
| 480d2676 | 2020-04-19 17:05:55 | Add -groups option to openssl(1) s_server. This allows supported EC groups to be configured, which will also control which TLSv1.3 key shares we'll accept. While here, deprecate the rather useless -named_curve option, which is effectively the same as -groups with a single group. Also stop setting a single default group of P-256 via SSL_CTX_set_tmp_ecdh() - use the library defaults instead. ok beck@ inoguchi@ | ||
| 60c2fcbe | 2020-02-19 20:42:12 | Tag subcommand sections Allow semantic lookup by manually tagging sections (.Sh) for which no automatic tagging has been implemented; this thereby also eliminates false positives such that ":tx509<Enter>" now jumps to the X509 section. feedback remi inoguchi schwarze OK tb | ||
| 428703dc | 2020-02-16 16:39:01 | Add -tls1_3 and -notls1_3 options to openssl(1) s_client. Also stop using version pinned methods, instead setting the min and max protocol versions. Requested by inoguchi@ ok inoguchi@ tb@ | ||
| 88411e53 | 2020-01-25 05:29:10 | add a couple of XXX for future cleanup | ||
| 654e66e6 | 2020-01-24 09:42:32 | Teach openssl s_client a bit about TLSv1.3. ok beck jsing | ||
| 586463fe | 2020-01-23 03:35:54 | Make -peekaboo mode also use SSL_pending after peeking, to ensure SSL_pending implementation is correct. annoying jsing@ | ||
| bfef4384 | 2020-01-22 06:40:42 | Simplify the peekaboo code. ok beck@ | ||
| 9c84cee0 | 2020-01-22 04:51:48 | Add -peekaboo option to s_client, to test SSL_peek peeks data before reading, compares to subsequent read. ok jsing@ | ||
| 6ee93950 | 2020-01-04 14:17:55 | Check CMS API return value in openssl(1) cms ok jsing@ | ||
| 2961fddb | 2019-12-18 12:38:15 | use "Currently" in the doc for "openssl enc" when talking about default md, to hint that it might not always be the case (e.g. if dealing with files from a different version of the tool). ok tb@ | ||
| 6270d946 | 2019-12-18 07:54:28 | In January, the default digest used in the openssl enc command was changed from md5 to sha256. Update manual to reflect that. From Fabio Scotoni ok jmc | ||
| d8fa3dd1 | 2019-11-28 11:21:33 | Add manual for openssl(1) cms ok and comments jmc@ | ||
| d4271273 | 2019-11-19 10:28:18 | More return value check in openssl(1) cms Checking return value of sk_.*_new_null(). ok beck@ jsing@ | ||
| f872ba1d | 2019-11-19 10:20:10 | Add manual descriptions for openssl(1) req -addext ok jmc@ | ||
| 514c2dab | 2019-11-18 12:43:27 | Remove typedef and check sk_push return value in openssl(1) cms - Remove typedef and use 'struct cms_key_param' instead - Check return value of sk_X509_push and sk_OPENSSL_STRING_push - Add a blank line to separate variable declarations from code comments from jsing@ | ||
| 99e5b935 | 2019-11-18 11:34:41 | Add -keyopt opiton to openssl(1) cms subcommand This provides rsa_padding_mode:oaep for cms -encrypt, and rsa_padding_mode:pss for cms -sign. ok jsing@ | ||
| efc1006d | 2019-11-06 11:16:16 | Check return value and remove unnecessary variable - Check NCONF_new() return value - Remove unnecessary 'i' comments from jsing@ | ||
| a72a31a2 | 2019-11-06 10:35:40 | Add -addext option to openssl(1) req subcommand First step of adding -addext option to openssl(1) req from OpenSSL 1.1.1d. ok jsing@ | ||
| f3b9fd27 | 2019-11-04 15:34:27 | Indent labels for diffability. | ||
| 81f69065 | 2019-11-04 15:33:48 | Remove spaces between * and variable names. | ||
| d852947d | 2019-11-04 15:31:08 | Remove explicit NULL checks before *_free() calls. | ||
| a9821b6a | 2019-11-04 15:25:54 | Hook openssl(1) cms back up. | ||
| 6ff77328 | 2019-11-04 15:18:45 | Currently we need to include pem.h before cms.h... | ||
| 22f41c42 | 2019-11-04 14:49:59 | Remove engine argument from load_cert() calls. This was cleaned up after cms went to the attic. | ||
| c8d13811 | 2019-11-04 14:47:43 | Bring openssl(1) cms back from the attic. | ||
| e149b380 | 2019-10-04 09:47:34 | Avoid a path traversal bug in s_server on Windows. openssl s_server has an arbitrary read vulnerability on Windows when run with the -WWW or -HTTP options, due to an incomplete path check logic. Thanks to Jobert Abma for reporting. ok tb@ | ||
| 936eb19c | 2019-10-04 06:22:51 | the formatting for the mini synopses in this page did not render well on html or groff. the solution, to replace the non-standard .nr macros with a hang list, was provided by ingo - thanks! ok schwarze | ||
| 7e260d01 | 2019-08-30 12:32:14 | Remove unnecessary NULL check before free function in openssl(1) dgst | ||
| b43c161c | 2019-08-30 12:09:05 | Wrap lines over 80 cols and put space before goto label in openssl(1) dgst | ||
| ddf8e1cb | 2019-08-30 11:43:34 | Simplify checking and more readable descriptions in openssl(1) dgst suggested from jsing@ | ||
| 704010f9 | 2019-08-30 11:19:00 | Convert openssl(1) dgst to the newer style of option handling Adapt openssl(1) dgst command to new option handling. Added dgst_options struct and option handlers, and replaced for-if-strcmp handling with options_parse(). ok bcook@ jsing@ | ||
| 297e14c8 | 2019-08-05 12:01:51 | Remove -port option from s_server since it is same as -accept ok schwarze@ | ||
| ed873533 | 2019-07-29 10:06:55 | Moving variables into struct in openssl(1) dgst First step to adapt openssl(1) dgst command to new option handling. There is no functional changes by this diff, and just moving variables into dgst_config struct. ok bcook@ | ||
| 02e96206 | 2019-07-26 12:35:59 | Code clean up openssl(1) pkcs12 - Add a space before 'export_end:' - Remove space after '*' - Wrap lines by 80 columns | ||
| ac38447c | 2019-07-26 11:52:51 | Remove unnecessary NULL checks before free in openssl(1) pkcs12 ok bcook@ tb@ | ||
| 632daac0 | 2019-07-25 11:42:12 | remove superfluous comment | ||
| 972737a6 | 2019-07-25 11:41:03 | zero tmpkeyiv buffer after use when encrypting from Steven Roberts | ||
| 07a5d217 | 2019-07-24 14:23:25 | Capitalize cipher name and mode in help message as sync with pkcs12 | ||
| e21e78eb | 2019-07-24 13:49:24 | Convert openssl(1) pkcs12 to the newer style of option handling Adapt openssl(1) pkcs12 command to new option handling. Added pkcs12_options struct, and replaced for-if-strcmp handling with options_parse(). ok and comments jsing@ | ||
| 3ff5c216 | 2019-07-23 10:18:32 | Moving variables into struct in openssl(1) pkcs12 First step to adapt openssl(1) pkcs12 command to new option handling. There is no functional changes by this diff, and just moving variables into pkcs12_config struct. I still keep long lines more than 80 for this review to minimize diffs. ok jsing@ tb@ | ||
| 279a27cf | 2019-07-16 12:50:30 | Fix long line by wrapping with 80 chars | ||
| 4b6ea4e7 | 2019-07-16 12:36:50 | Move option handlers up to option definition struct in gendsa.c As we did in other openssl sub command, move up option handlers above option definition struct. No functional changes and just move up and remove prototype. | ||
| b8cc3fef | 2019-07-16 12:14:30 | Fix typo and -keyform argument in openssl(1) manual - s/outputed/outputted/ - s/trused/trusted/ - add der as argument and describe pem is the default | ||
| ea149709 | 2019-07-14 03:30:45 | Mark the initialized struct options arrays as both static and const. This moves them from .data to .data.rel.ro ok deraadt@ inoguchi@ | ||
| d8518166 | 2019-07-12 10:21:08 | Fix manual openssl(1) s_server - Add undocumented options below. -alpn, -cert2, -certform, -dcertform, -dkeyform, -dpass, -dtls1, -key2, -keyform, -keymatexport, -keymatexportlen, -mtu, -named_curve, -no_cache, -no_ecdhe, -no_ticket, -pass, -port, -servername, -servername_fatal, -status, -status_timeout, -status_url, -status_verbose, -timeout, -tlsextdebug, -use_srtp, -verify_return_error - Remove -hack, -psk and -psk_hint since not exist in source code. I didn't add these 5 options since these were no-op. -chain, -legacy_renegotiation, -nextprotoneg, -no_comp, -no_ssl2 This option was removed from manual in the past. -no_ssl3 ok and suggestions from jmc@ | ||
| e218c379 | 2019-07-11 10:31:48 | Fix manual openssl(1) s_client - Add undocumented options below. -alpn, -certform, -dtls1, -host, -keyform, -keymatexport, -keymatexportlen, -legacy_server_connect, -mtu, -no_ign_eof, -no_legacy_server_connect, -pass -port, -serverpref, -sess_in, -sess_out, -status, -timeout, -use_srtp, -verify_return_error - Remove -psk and -psk_identity since not exist in source code. I didn't add these 4 options since these were no-op. -nextprotoneg, -legacy_renegotiation, -no_comp, -no_ssl2 This option was removed from manual in the past. -no_ssl3 ok jmc@ | ||
| 9b8155cd | 2019-07-10 10:28:28 | Add missing option openssl dsa -modulus ok bcook@ jsing@ | ||
| 7561efde | 2019-07-09 11:19:05 | Fix manual openssl(1) genrsa Add missing -camellia*/-idea description to genrsa section. ok jmc@ | ||
| 19db20da | 2019-07-09 11:02:52 | Convert openssl(1) genrsa to the newer style of option handling ok tb@ jsing@ | ||
| d263800a | 2019-07-08 14:15:12 | Fix manual openssl(1) dsa, ocsp, rsa and smime - dsa : add missing -pvk-none, -pvk-strong and -pvk-weak add pvk format to -inform and -outform - ocsp : add missing -header, -ignore_err, -no_explicit and -timeout - rsa : add missing -pvk-none, -pvk-strong and -pvk-weak add missing -RSAPublicKey_in and -RSAPublicKey_out add pvk format to -inform and -outform - smime : add missing -nosmimecap - add pvk description at common format part ok jmc@ | ||
| 1d8137f8 | 2019-07-07 02:04:40 | Fix manual openssl(1) pkcs12, req, verify and x509 - For pkcs12, add -camellia*/-idea, -LMK and -password - For req, add -multivalue-rdn, -pkeyopt and -sigopt - For verify, add -CRLfile and -trusted, and down -check_ss_sig description - For x509, add -next_serial and -sigopt - Remove the escape in -multivalue-rdn from ca section ok jmc@ | ||
| b95ac2a4 | 2019-07-05 14:33:10 | Fix manual openssl(1) ec, enc and pkcs7 - For ec, add -param_out description - For enc, add -v usage and description - For pkcs7, add -print usage and description ok jmc@ | ||
| c8247584 | 2019-07-05 11:50:46 | Fix manual openssl(1) dgst - Add undocumented option -r ok jmc@ | ||
| c3c80be4 | 2019-07-04 13:55:20 | Fix manual openssl(1) crl - Add undocumented options -crlnumber, -hash_old, -nameopt and -verify ok jmc@ | ||
| 594cff4c | 2019-07-04 13:00:42 | Fix manual openssl(1) ca - Add undocumented options -crlsec and -sigopt - Sync argument name between usage and options description ok jmc@ | ||
| 515e489c | 2019-07-03 03:24:01 | snprintf/vsnprintf return < 0 on error, rather than -1. | ||
| 3aaa63eb | 2019-06-28 13:34:58 | When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future. | ||
| e724e435 | 2019-06-19 01:51:14 | Move variables into struct in openssl(1) genrsa - Move local variables in genrsa_main() to struct genrsa_config - Leave long lines more than 80, still ok bcook@ | ||
| 4b991305 | 2019-06-07 05:53:46 | tidy up the formatting of gendsa synopsis a little; | ||
| eb6e8935 | 2019-06-07 02:32:22 | Convert openssl(1) gendsa to the newer style of option handling - Adapt openssl(1) gendsa command to new option handling. - Add lacking ciphers and passout description in openssl.1 manpage. - Describe paramfile as argument in openssl.1 manpage. ok bcook@ | ||
| e8e42339 | 2019-04-01 16:06:54 | Sort. | ||
| ce0472c5 | 2019-04-01 16:05:14 | Make the openssl(1) enc -iter flag actually work. Diff from Steven Roberts <sroberts at fenderq dot com> - thanks! | ||
| bdd6a469 | 2019-03-17 17:46:00 | Add the SM4 block cipher from the Chinese standard GB/T 32907-2016. Patch from Daniel Wyatt ok inoguchi, jsing | ||
| 06aa0bd7 | 2019-02-17 15:01:08 | Convert openssl(1) pkeyutl to the newer style of option handling. ok jsing@ tb@ | ||
| 6685372a | 2019-02-09 15:49:21 | Fix weird wrap showing cipher list in interactive mode ok jsing@ tb@ | ||
| 4071f800 | 2019-02-09 06:27:37 | Summarize the 4 same name functions and move it to apps.c ok tb@ jsing@ | ||
| 8d81c581 | 2019-02-05 12:45:47 | Add islower check to show_ciphers in pkey.c and rsa.c. suggested by jsing@ ok tb@ | ||
| fe082ddb | 2019-02-05 11:26:21 | Convert openssl(1) pkey to the newer style of option handling. ok jsing@ | ||
| ce730975 | 2019-02-04 11:21:05 | Document missing command line options for the rsautl command. ok jsing, "looks good!" jmc | ||
| 358db57d | 2019-02-03 15:40:32 | zap spaces before tabs | ||
| 94e38b1e | 2019-02-03 14:20:07 | Convert openssl(1) rsautl to the newer style of option handling. ok beck@ inoguchi@ tb@ | ||
| bfd38911 | 2019-01-29 10:17:56 | Remove SSLv23 padding mode from rsautl's usage (left behind in a removal from code and manual in 2017). Reported by KEINOS in github issue #101. | ||
| e84f51a6 | 2019-01-28 21:17:25 | spelling; | ||
| d1ddd169 | 2019-01-20 01:59:06 | Fix BN_is_prime_* calls in openssl(1), the API returns -1 on error. Found thanks to BoringSSL's commit 53409ee3d7595ed37da472bc73b010cd2c8a5ffd by David Benjamin. ok djm, jsing | ||
| 020b59f8 | 2019-01-19 21:17:05 | change the default digest used by openssl x509 -fingerprint openssl crl -fingerprint from sha1 to sha256 ok jsing@ | ||
| 02f94051 | 2019-01-18 23:33:57 | switch the default algorithm for the dgst command from MD5 to SHA256 ok deraadt@ |