kmx git

Commit	Date	Message
d7a9ca6d	2025-08-28T13:42:04	Fix inconsistencies in accept4.c Fix inconsistencies in accept4.c. If the underlying accept() fails the shim returns the listening socket s instead of −1.
5d9229b1	2025-06-01T17:24:24	adjust incorrect commit years Co-authored-by: Theo Buehler <botovq@users.noreply.github.com>
340037f6	2025-06-01T08:20:41	add autotools build copyright headers
c51665d4	2025-06-01T08:11:22	add copyright headers to Cmake files based on original committer and date
8dad5fe3	2025-01-02T08:11:30	Update for speed.c and .h churn
64f15ec5	2024-10-06T18:52:46	use TIMEVAL typedef with select() This prevents the compatibility struct timeval definition in sys/time.h from potentially getting used with select() here. https://learn.microsoft.com/en-us/windows/win32/api/winsock2/nf-winsock2-select
0eceb61c	2024-10-06T18:50:51	for poll timeout -1, set loop time more reasonably Otherwise it sets looptime to -1, which was skipped by select() and caused 100% cpu busy looping.
1ff9793d	2024-08-02T22:18:05	Switch to check_symbol_exists() in simplest cases There are a few exceptions. Some require _GNU_SOURCE, some are in the weird strings.h header, some are probably too new to be found in the standard locations. Fixes #1077
050b6de7	2024-07-08T00:52:31	spkac.c is no more
fccbb9b5	2023-12-14T04:39:35	nc needs compat_obj on some platforms
84895087	2023-12-14T03:36:09	cmake: stop exporting compat functions
89fcb1a3	2023-11-05T08:56:09	also fix ocspcheck and nc, dedupe build logic
c4bb6b79	2023-09-12T18:33:46	MSVC: Enable building ocspcheck. - Add `STDIN_FILENO` to compat unistd header. - Use quotes to include compat getopt header in the compat unistd. - Export additional symbols needed by ocspcheck (optarg, optind, ftruncate)
71ce0b8c	2023-07-04T10:37:24	generate opensslconf.h in build dir for cmake
a316f8ab	2022-12-18T22:10:11	link internal apps statically
b3c13755	2023-04-25T14:17:25	A handful of files were removed
cfbdf67f	2022-12-18T22:10:11	link internal apps statically
fe903fb7	2022-04-15T23:48:50	Fix unreachable nc portability shim This fixes nc failing to run on darwin due to it incorrectly setting the linux-specific SOCK_NONBLOCK flag on connect. nc already had a portability shim in apps/nc/compat/sys/socket.h, which kicks in if SOCK_NONBLOCK is undefined. But that header includes include/compat/sys/socket.h, which also has a portability shim that defines a default value for SOCK_NONBLOCK if it's undefined. Thus the first portability shim was unreachable. Fixes this by moving the NEED_SOCKET_FLAGS flag into the outer shim, and having the inner shim activate if NEED_SOCKET_FLAGS is defined. This closes https://github.com/libressl-portable/portable/issues/631
adde656b	2021-12-26T15:42:47	Add strtonum to compat library and export it crypto library requires strtonum now, and add it to compat library. remove it from applications compat/ directories.
c211d97e	2021-12-04T10:49:59	Remove unneeded target_include_directories with cmake This could remove recurring of the same statement for include directories. Instead of this removals, apps/* and tests should have include path that had been provided by INTERFACE_INCLUDE_DIRECTORIES of target libs and internal static libs.
39c7fa8a	2021-05-22T10:58:13	Force cmake to link strtonum shim with Darwin less than 20 check_function_exists misinterprets as if strtonum exists on macos 10.15.
4c56df46	2021-05-02T15:50:37	Statically link libcrypto/ssl into libtls with cmake
921c0675	2021-04-05T02:32:35	Add '--enable-libtls-only' build option
9abd36e3	2020-10-18T22:14:03	modify nc build to link libcompat objects directly Rather than assuming the static version of libcrypto exists for pulling in the compatibility functions, link the compat objects directly. This modifies the object file generation script a bit to handle the empty-case properly as well.
6359d940	2020-10-18T20:47:10	include strtonum for ocspcheck
5a29b047	2020-09-20T13:37:52	Link crypto and ssl object files directly instead of static library - Output object files list variable for libcrypto and libssl to .mk file. - Include object files list variable .mk from tls/Makefile - Link .lo files directly instead of static library for libtls.
fe42a801	2020-08-20T09:30:21	Configure libtls and nc(1) to statically link to libcrypto/ssl An issue that Reyk Floeter noted while building a Debian package for LibreSSL is that installing libtls along with OpenSSL causes linker issues since it will often pick up the wrong libcrypto/libssl. This change makes libtls statically link the object files it needs rather than relying on the shared libraries, effectively making libtls self-contained and able to be packaged independently. This should make it possible for other projects that also use libtls to be able to package support without requiring the target OS to ship libcrypto / libssl from LibreSSL. https://salsa.debian.org/reyk-guest/libressl/-/commit/678278df55ce866f2f363998ca690442fa786c66
6dc8d2be	2020-01-09T21:33:28	Install ocspcheck.8 manual
73fb0f89	2019-11-07T18:24:37	re-add CMS to openssl(1)
30e91bc6	2019-07-14T18:37:59	Enable speed on win32 - Use thread and sleep instead of signal and alarm, on win32 - Disable -multi option on win32 since fork is hard to implement
a7265dd1	2019-04-30T16:35:04	Fix MacOSX cmake missing symbol _clock_gettime On El Capitan: [exec] [100%] Linking C executable openssl [exec] Undefined symbols for architecture x86_64: [exec] "_clock_gettime", referenced from: [exec] _app_timer_real in apps_posix.c.o [exec] ld: symbol(s) not found for architecture x86_64 [exec] clang: error: linker command failed with exit code 1 (use -v to see invocation) [exec] make[2]: * [apps/openssl/openssl] Error 1 [exec] make[1]: * [apps/openssl/CMakeFiles/openssl.dir/all] Error 2 [exec] make: *** [all] Error 2
b7a580e8	2018-09-23T14:04:26	implement app_timer_real
bf368e58	2018-06-14T05:59:20	add private includes for apps and tests
4fcfc82d	2018-05-29T05:44:34	scope private/public headers when embedding into other projects thanks to Cameron Palmer
6b513a1c	2018-03-23T13:45:05	add proper guard and typedef
4b2a8cd1	2018-03-23T11:10:16	adjust definition of compat clock_gettime
987aa6a0	2018-03-22T20:50:24	add clock_gettime for macos 10.11 and earlier
09590953	2018-03-16T14:59:53	Remove CMAKE_HOST_ references CMAKE_HOST_ describes the host system not the target. For cross compilation to work the actual target system should be used for making decisions in CMake.
3fb9e63b	2018-03-14T07:29:04	bump base requirement to Windows Vista, use builtin inet_ntop/pton
82ce5983	2017-12-26T22:49:01	Add app_timer_user for Windows build
653ba217	2017-11-06T11:52:03	Create correct directory in CMake install. Was creating ${CONFDIR}/cert instead of ${CONFDIR}/certs.
9bb3e037	2017-09-26T22:02:21	Fix checking memmem in apps/ocspcheck/CMakeLists.txt - Issue #352 pointed out by @d3x0r
4916f940	2017-08-13T16:09:32	use standard initialization for poll loop delay
a4d80ca5	2017-07-06T23:11:11	Merge branch 'master' of https://github.com/libressl-portable/portable into SkipInstall Fix merge conflicts from GNUInstallDirs merge to master.
2557dd74	2017-07-06T02:09:44	Add option LIBRESSL_SKIP_INSTALL Internally LIBRESSL_SKIP_INSTALL, if not set becomes ENABLE_LIBRESSL_INSTALL so this by default is enabled. defining LIBRESSL_SKIP_INSTALL before hand will disable all install() rules. This is useful if another project includes and links to this statically. I chose to add a prefix to avoid potential name collision because the options are cached globally. If the installation is skipped, maybe it should also disable building apps? I didn't do that.
a2bd5eba	2017-07-06T01:49:43	use GNUInstallDirs from cmake to specify install paths. Primarily this is to select whether 'lib64' or 'lib' is used on linux type systems.
9d2418ae	2017-04-12T08:18:20	add nc(1) manpage to install if enabled
58eb645f	2017-01-28T03:40:38	Copy libc compat files rather than adding into the repository - remove the CP_LIBC files from repo - move tests/memmem.c to tests/compat/
cb57534a	2017-01-27T07:14:43	skip building ocspcheck on MSCV
05cf1ee6	2017-01-27T01:21:37	Copy openbsd library file every time rather than statically checking in
7dd0650d	2017-01-26T13:58:27	Add inet_ntop and memmem for ocspcheck
91a8bd79	2017-01-25T19:37:29	Move strsep.c to crypto/compat/ and add ocspcheck build to CMake
93754dc5	2017-01-24T06:06:07	initial ocspcheck integration
c6914595	2017-01-09T02:22:26	fix static mingw builds, platform LDADD needs to come at the end
332c2eea	2016-10-20T18:16:05	remove unneeded slash after DESTDIR
df207699	2016-09-14T08:49:53	remove cms
9e25f758	2016-08-13T11:42:21	remove DEFAULT_CA_FILE patch, since libtls handles this by default
b13529f7	2016-07-09T12:40:22	Revert "remove DEFAULT_CA_FILE patch, since libtls handles this by default" This reverts commit 30adf9c06e8d3d7ac9e89f4b2b290567bcafa75c.
30adf9c0	2016-07-07T07:27:39	remove DEFAULT_CA_FILE patch, since libtls handles this by default
552817b7	2016-05-02T02:03:03	Land #192, fix fix ld warning "attempted multiple inclusion of file" on Solaris
02e1cc4d	2016-04-21T14:49:39	fix ld warning "attempted multiple inclusion of file" on Solaris - To avoid ld warning on Solaris, use abs_top_builddir in Makefile.am
bda62f7f	2016-04-11T12:59:23	add cmake build options - add cmake build options as configure provides * -DENABLE_ASM (default ON) * -DENABLE_EXTRATESTS (default OFF) * -DENABLE_NC (default OFF) * -DOPENSSLDIR (default ${CMAKE_INSTALL_PREFIX}/etc/ssl) - add biotest and pidwraptest if ENABLE_EXTRATESTS is ON - add compiler flag `-fno-common` if CMAKE_SYSTEM_NAME is Darwin to prevent link error Undefined symbols "_OPENSSL_ia32cap_P"
2510a5e6	2016-04-07T15:08:12	modify cmake to build nc - modify structure of CMakeLists.txt under apps/ * move apps/CMakeLists.txt to apps/openssl/ since this is for openssl build * create new apps/nc/CMakeLists.txt for nc build * modify apps/CMakeLists.txt just add_subdirectory() - add checking and compile of arc4random_uniform() - add installing man files, openssl.1 and nc.1
28aaab43	2015-12-07T08:14:51	allow optionally installing nc(1) with '--enable-nc'
1988b8f6	2015-12-07T07:55:05	fixup cert.pem path override for libtls, add for nc(1) this also fixes the formatting of help for nc(1)
7109fb32	2015-11-23T02:06:03	ensure we don't pass a negative int to ctypes functions Some implementations, e.g. cygwin, use a table lookup that can cast a char to a negative array offset.
0086809a	2015-10-18T10:48:17	update apps.h include
0197a589	2015-10-18T09:28:10	Windows compatibility fixes VS2013 has trouble with relative include paths for apps/openssl, so move certhash_win/apps_win.c back to apps/openssl. gmtime_r on mingw64 fails with negative time_t, override gmtime_s fails all of the time unit tests, override SHUT_RD/WR are defined in newer mingw64 headers, check before overriding
9afc4527	2015-10-11T16:45:25	nc: Use AM_CPPFLAGS, not CPPFLAGS in Makefile.am CPPFLAGS should just be set by the user at configure time Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
a7f031ba	2015-10-01T07:40:26	add b64_ntop checking and fallback for nc(1)
630e7b60	2015-09-18T08:43:57	visual studio path updates
c7ae7c0c	2015-09-13T19:15:34	fix a library paths, nc patch
eaa4c1cc	2015-09-13T19:06:29	a few more linux nc build tweaks
8c90be2a	2015-09-13T11:56:41	allow nc to build on linux and os x
a896d400	2015-09-13T09:19:26	move windows file IO mode setup to apps_win.c
02b7539c	2015-09-13T07:23:04	readd openssl.1, distribute nc.1
a787f964	2015-09-12T10:51:11	restrict nc to openbsd builds for now
dcbaa6b6	2015-09-12T10:15:00	correct nc compat path
a64c42a0	2015-09-12T09:50:44	add some backcompat in nc, don't install it
854f4f69	2015-09-12T07:48:06	add 'nc' to the distribution as an example of libtls client and server
c5eef7f1	2015-09-11T18:52:22	remove engine.c from CMake
6db3fc7c	2015-09-11T09:47:40	remove engine from openssl(1)
5461dea7	2015-08-18T13:20:19	Add install targets and shared libraries to CMake
a9122f74	2015-07-21T22:21:14	add cmake tests
5d8a1cf7	2014-07-10T22:06:10	add initial CMake and Visual Studio build support This moves the compatibility include files from include to include/compat so we can use the awful MS C compiler <../include/> trick to emulate the GNU #include_next extension. This also removes a few old compat files we do not need anymore.
db974c34	2015-07-15T20:00:21	fixup how OPENSSLDIR is derived and expanded As per http://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Installation-Directory-Variables.html we should not try to expand variables like sysconfdir in the configure script, but rather derive the correct value in the Makefiles instead. This fixes missing expansions as the preprocessor define.
bda20bd1	2015-07-11T14:23:44	Improve automatic handling of OPENSSLDIR Install a default cert.pem, openssl.cnf, x509v3.cnf in OPENSSLDIR, which is derived by default from sysconfdir and the prefix setting.
ad2a38ab	2015-03-22T06:18:18	rework CFLAGS/CPPFLAGS settings during configuration Move define adjustments to CPPFLAGS. Adjust user CFLAGS directly, do not override during configuration. USER_CFLAGS is not necessary to build libcompat_noopt correctly.
148aebdb	2015-03-08T16:39:48	fix hangs reading stdin on Windows
28311d43	2015-02-14T18:51:44	conditionally build certhash into openssl(1) For now, look for openat and symlink. We may switch to just needing symlink later.
5e96c047	2015-02-11T20:50:10	add the new openssl(1) certhash command
9adc6d64	2014-12-27T16:52:25	Revert "do not double-link libcrypto" This reverts commit c83d468cfd5d3ca60a499b69c0b7c9d0b159d405. It wasn't as superfluous as I thought on all platforms.
c83d468c	2014-12-27T16:34:48	do not double-link libcrypto libssl already has LIBFLAGS for libcrypto, so adding -lcrypto is superfluous.
13035fa6	2014-12-06T11:20:56	simplify building the apps Makefile Remove extra machinery in favor of a plain-old Makefile.am. Tighten up what files are copied on build, package a simple openssl.cnf.
1bbde19a	2014-11-20T00:24:20	add minimal poll(2) implementation for Windows This provides sufficient functionality to run openssl(1) from a Windows console. This is based on the original select-based version from from songdongsheng@live.cn. Changes: * use nfds_t directly for iterating the fds. * add WSAGetLastError -> errno mappings * handle POLLHUP and the OOB data cases for revents * handle sparse arrays of fds correctly * KNF style updates * teach poll how to handle file handles as well as sockets This handles the socket/non-socket issue by alternating a loop between WaitForMultipleObjects for non-sockets and and select for sockets. One would think this would be terrible for performance, but as of this writing, poll consumes about 6% of the time doing a bulk transfer between a Linux box and 'openssl.exe s_server'. I tried to implement this all in terms of WaitForMultipleObjects with a select 'poll' at the end to get extra specific socket status. However, the cost of setting up an event handle for each socket, setting the WSAEventSelect attributes, and cleaning them up reliably was pretty high. Since the event handle associated with a socket is also global, creating a new one cancels the previous one or can be disabled externally. In addition, the 'FD_WRITE' status of a socket event handle does not behave in an expected fashion, being triggered by an edge on a write event rather than being level triggered. Another fun horror story is how stdin in windows might be a console, it might be a pipe, it might be something else. If these all worked in the same way, it would be great. But, since a console-stdin can also signal on a mouse or window event, it means we can easily get stuck in a blocking read (you can't make stdin non-blocking) if the non-character events are not filtered out. So, poll does that too. See here for various additional horror stories: http://www.postgresql.org/message-id/4351.1336927207@sss.pgh.pa.us
58fcd3c3	2014-11-20T00:26:55	Add conditional compilation for windows and posix functions. This adds a Windows-specific versions of several symbols from libcrypto and openssl(1).
2103690c	2014-11-19T22:02:17	improve readability of generated Makefile.am files
0aeb93b9	2014-10-27T19:22:03	override native arc4random_buf on FreeBSD The FreeBSD-native arc4random_buf implementation falls back to weak sources of entropy if the sysctl fails. Remove these dangerous fallbacks by overriding locally. Unfortunately, pthread_atfork() is broken on FreeBSD (at least 9 and 10) if a program does not link to -lthr. Callbacks registered with pthread_atfork() simply fail silently. So, it is not always possible to detect a PID wraparound. I wish we could do better. This improves arc4random_buf's safety compared to the native FreeBSD implementation. Tested on FreeBSD 9 and 10. ok beck@ deraadt@
a4cc9539	2014-10-29T15:44:36	Improve and simplify function and header detection logic. Simplify autoconf checks by using AC_CHECK_FUNCS/HEADERS. Clarify some ambiguous dependencies around strnlen/strndup. Unconditionally enable pidwraptest for all arc4random implementations. Remove HAVE_VASPRINTF conditional, since asprintf requires vasprintf. ok @doug
4335a49f	2014-07-21T05:40:28	use correct link order for app and tests ok beck@ guenther@

d7a9ca6d

2025-08-28T13:42:04

Fix inconsistencies in accept4.c Fix inconsistencies in accept4.c. If the underlying accept() fails the shim returns the listening socket s instead of −1.

5d9229b1

2025-06-01T17:24:24

adjust incorrect commit years Co-authored-by: Theo Buehler <botovq@users.noreply.github.com>

340037f6

2025-06-01T08:20:41

add autotools build copyright headers

c51665d4

2025-06-01T08:11:22

add copyright headers to Cmake files based on original committer and date

8dad5fe3

2025-01-02T08:11:30

Update for speed.c and .h churn

64f15ec5

2024-10-06T18:52:46

use TIMEVAL typedef with select() This prevents the compatibility struct timeval definition in sys/time.h from potentially getting used with select() here. https://learn.microsoft.com/en-us/windows/win32/api/winsock2/nf-winsock2-select

0eceb61c

2024-10-06T18:50:51

for poll timeout -1, set loop time more reasonably Otherwise it sets looptime to -1, which was skipped by select() and caused 100% cpu busy looping.

1ff9793d

2024-08-02T22:18:05

Switch to check_symbol_exists() in simplest cases There are a few exceptions. Some require _GNU_SOURCE, some are in the weird strings.h header, some are probably too new to be found in the standard locations. Fixes #1077

050b6de7

2024-07-08T00:52:31

spkac.c is no more

fccbb9b5

2023-12-14T04:39:35

nc needs compat_obj on some platforms

84895087

2023-12-14T03:36:09

cmake: stop exporting compat functions

89fcb1a3

2023-11-05T08:56:09

also fix ocspcheck and nc, dedupe build logic

c4bb6b79

2023-09-12T18:33:46

MSVC: Enable building ocspcheck. - Add `STDIN_FILENO` to compat unistd header. - Use quotes to include compat getopt header in the compat unistd. - Export additional symbols needed by ocspcheck (optarg, optind, ftruncate)

71ce0b8c

2023-07-04T10:37:24

generate opensslconf.h in build dir for cmake

a316f8ab

2022-12-18T22:10:11

link internal apps statically

b3c13755

2023-04-25T14:17:25

A handful of files were removed

cfbdf67f

2022-12-18T22:10:11

link internal apps statically

fe903fb7

2022-04-15T23:48:50

Fix unreachable nc portability shim This fixes nc failing to run on darwin due to it incorrectly setting the linux-specific SOCK_NONBLOCK flag on connect. nc already had a portability shim in apps/nc/compat/sys/socket.h, which kicks in if SOCK_NONBLOCK is undefined. But that header includes include/compat/sys/socket.h, which also has a portability shim that defines a default value for SOCK_NONBLOCK if it's undefined. Thus the first portability shim was unreachable. Fixes this by moving the NEED_SOCKET_FLAGS flag into the outer shim, and having the inner shim activate if NEED_SOCKET_FLAGS is defined. This closes https://github.com/libressl-portable/portable/issues/631

adde656b

2021-12-26T15:42:47

Add strtonum to compat library and export it crypto library requires strtonum now, and add it to compat library. remove it from applications compat/ directories.

c211d97e

2021-12-04T10:49:59

Remove unneeded target_include_directories with cmake This could remove recurring of the same statement for include directories. Instead of this removals, apps/* and tests should have include path that had been provided by INTERFACE_INCLUDE_DIRECTORIES of target libs and internal static libs.

39c7fa8a

2021-05-22T10:58:13

Force cmake to link strtonum shim with Darwin less than 20 check_function_exists misinterprets as if strtonum exists on macos 10.15.

4c56df46

2021-05-02T15:50:37

Statically link libcrypto/ssl into libtls with cmake

921c0675

2021-04-05T02:32:35

Add '--enable-libtls-only' build option

9abd36e3

2020-10-18T22:14:03

modify nc build to link libcompat objects directly Rather than assuming the static version of libcrypto exists for pulling in the compatibility functions, link the compat objects directly. This modifies the object file generation script a bit to handle the empty-case properly as well.

6359d940

2020-10-18T20:47:10

include strtonum for ocspcheck

5a29b047

2020-09-20T13:37:52

Link crypto and ssl object files directly instead of static library - Output object files list variable for libcrypto and libssl to .mk file. - Include object files list variable .mk from tls/Makefile - Link .lo files directly instead of static library for libtls.

fe42a801

2020-08-20T09:30:21

Configure libtls and nc(1) to statically link to libcrypto/ssl An issue that Reyk Floeter noted while building a Debian package for LibreSSL is that installing libtls along with OpenSSL causes linker issues since it will often pick up the wrong libcrypto/libssl. This change makes libtls statically link the object files it needs rather than relying on the shared libraries, effectively making libtls self-contained and able to be packaged independently. This should make it possible for other projects that also use libtls to be able to package support without requiring the target OS to ship libcrypto / libssl from LibreSSL. https://salsa.debian.org/reyk-guest/libressl/-/commit/678278df55ce866f2f363998ca690442fa786c66

6dc8d2be

2020-01-09T21:33:28

Install ocspcheck.8 manual

73fb0f89

2019-11-07T18:24:37

re-add CMS to openssl(1)

30e91bc6

2019-07-14T18:37:59

Enable speed on win32 - Use thread and sleep instead of signal and alarm, on win32 - Disable -multi option on win32 since fork is hard to implement

a7265dd1

2019-04-30T16:35:04

Fix MacOSX cmake missing symbol _clock_gettime On El Capitan: [exec] [100%] Linking C executable openssl [exec] Undefined symbols for architecture x86_64: [exec] "_clock_gettime", referenced from: [exec] _app_timer_real in apps_posix.c.o [exec] ld: symbol(s) not found for architecture x86_64 [exec] clang: error: linker command failed with exit code 1 (use -v to see invocation) [exec] make[2]: *** [apps/openssl/openssl] Error 1 [exec] make[1]: *** [apps/openssl/CMakeFiles/openssl.dir/all] Error 2 [exec] make: *** [all] Error 2

b7a580e8

2018-09-23T14:04:26

implement app_timer_real

bf368e58

2018-06-14T05:59:20

add private includes for apps and tests

4fcfc82d

2018-05-29T05:44:34

scope private/public headers when embedding into other projects thanks to Cameron Palmer

6b513a1c

2018-03-23T13:45:05

add proper guard and typedef

4b2a8cd1

2018-03-23T11:10:16

adjust definition of compat clock_gettime

987aa6a0

2018-03-22T20:50:24

add clock_gettime for macos 10.11 and earlier

09590953

2018-03-16T14:59:53

Remove CMAKE_HOST_ references CMAKE_HOST_ describes the host system not the target. For cross compilation to work the actual target system should be used for making decisions in CMake.

3fb9e63b

2018-03-14T07:29:04

bump base requirement to Windows Vista, use builtin inet_ntop/pton

82ce5983

2017-12-26T22:49:01

Add app_timer_user for Windows build

653ba217

2017-11-06T11:52:03

Create correct directory in CMake install. Was creating ${CONFDIR}/cert instead of ${CONFDIR}/certs.

9bb3e037

2017-09-26T22:02:21

Fix checking memmem in apps/ocspcheck/CMakeLists.txt - Issue #352 pointed out by @d3x0r

4916f940

2017-08-13T16:09:32

use standard initialization for poll loop delay

a4d80ca5

2017-07-06T23:11:11

Merge branch 'master' of https://github.com/libressl-portable/portable into SkipInstall Fix merge conflicts from GNUInstallDirs merge to master.

2557dd74

2017-07-06T02:09:44

Add option LIBRESSL_SKIP_INSTALL Internally LIBRESSL_SKIP_INSTALL, if not set becomes ENABLE_LIBRESSL_INSTALL so this by default is enabled. defining LIBRESSL_SKIP_INSTALL before hand will disable all install() rules. This is useful if another project includes and links to this statically. I chose to add a prefix to avoid potential name collision because the options are cached globally. If the installation is skipped, maybe it should also disable building apps? I didn't do that.

a2bd5eba

2017-07-06T01:49:43

use GNUInstallDirs from cmake to specify install paths. Primarily this is to select whether 'lib64' or 'lib' is used on linux type systems.

9d2418ae

2017-04-12T08:18:20

add nc(1) manpage to install if enabled

58eb645f

2017-01-28T03:40:38

Copy libc compat files rather than adding into the repository - remove the CP_LIBC files from repo - move tests/memmem.c to tests/compat/

cb57534a

2017-01-27T07:14:43

skip building ocspcheck on MSCV

05cf1ee6

2017-01-27T01:21:37

Copy openbsd library file every time rather than statically checking in

7dd0650d

2017-01-26T13:58:27

Add inet_ntop and memmem for ocspcheck

91a8bd79

2017-01-25T19:37:29

Move strsep.c to crypto/compat/ and add ocspcheck build to CMake

93754dc5

2017-01-24T06:06:07

initial ocspcheck integration

c6914595

2017-01-09T02:22:26

fix static mingw builds, platform LDADD needs to come at the end

332c2eea

2016-10-20T18:16:05

remove unneeded slash after DESTDIR

df207699

2016-09-14T08:49:53

remove cms

9e25f758

2016-08-13T11:42:21

remove DEFAULT_CA_FILE patch, since libtls handles this by default

b13529f7

2016-07-09T12:40:22

Revert "remove DEFAULT_CA_FILE patch, since libtls handles this by default" This reverts commit 30adf9c06e8d3d7ac9e89f4b2b290567bcafa75c.

30adf9c0

2016-07-07T07:27:39

remove DEFAULT_CA_FILE patch, since libtls handles this by default

552817b7

2016-05-02T02:03:03

Land #192, fix fix ld warning "attempted multiple inclusion of file" on Solaris

02e1cc4d

2016-04-21T14:49:39

fix ld warning "attempted multiple inclusion of file" on Solaris - To avoid ld warning on Solaris, use abs_top_builddir in Makefile.am

bda62f7f

2016-04-11T12:59:23

add cmake build options - add cmake build options as configure provides * -DENABLE_ASM (default ON) * -DENABLE_EXTRATESTS (default OFF) * -DENABLE_NC (default OFF) * -DOPENSSLDIR (default ${CMAKE_INSTALL_PREFIX}/etc/ssl) - add biotest and pidwraptest if ENABLE_EXTRATESTS is ON - add compiler flag `-fno-common` if CMAKE_SYSTEM_NAME is Darwin to prevent link error Undefined symbols "_OPENSSL_ia32cap_P"

2510a5e6

2016-04-07T15:08:12

modify cmake to build nc - modify structure of CMakeLists.txt under apps/ * move apps/CMakeLists.txt to apps/openssl/ since this is for openssl build * create new apps/nc/CMakeLists.txt for nc build * modify apps/CMakeLists.txt just add_subdirectory() - add checking and compile of arc4random_uniform() - add installing man files, openssl.1 and nc.1

28aaab43

2015-12-07T08:14:51

allow optionally installing nc(1) with '--enable-nc'

1988b8f6

2015-12-07T07:55:05

fixup cert.pem path override for libtls, add for nc(1) this also fixes the formatting of help for nc(1)

7109fb32

2015-11-23T02:06:03

ensure we don't pass a negative int to ctypes functions Some implementations, e.g. cygwin, use a table lookup that can cast a char to a negative array offset.

0086809a

2015-10-18T10:48:17

update apps.h include

0197a589

2015-10-18T09:28:10

Windows compatibility fixes VS2013 has trouble with relative include paths for apps/openssl, so move certhash_win/apps_win.c back to apps/openssl. gmtime_r on mingw64 fails with negative time_t, override gmtime_s fails all of the time unit tests, override SHUT_RD/WR are defined in newer mingw64 headers, check before overriding

9afc4527

2015-10-11T16:45:25

nc: Use AM_CPPFLAGS, not CPPFLAGS in Makefile.am CPPFLAGS should just be set by the user at configure time Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>

a7f031ba

2015-10-01T07:40:26

add b64_ntop checking and fallback for nc(1)

630e7b60

2015-09-18T08:43:57

visual studio path updates

c7ae7c0c

2015-09-13T19:15:34

fix a library paths, nc patch

eaa4c1cc

2015-09-13T19:06:29

a few more linux nc build tweaks

8c90be2a

2015-09-13T11:56:41

allow nc to build on linux and os x

a896d400

2015-09-13T09:19:26

move windows file IO mode setup to apps_win.c

02b7539c

2015-09-13T07:23:04

readd openssl.1, distribute nc.1

a787f964

2015-09-12T10:51:11

restrict nc to openbsd builds for now

dcbaa6b6

2015-09-12T10:15:00

correct nc compat path

a64c42a0

2015-09-12T09:50:44

add some backcompat in nc, don't install it

854f4f69

2015-09-12T07:48:06

add 'nc' to the distribution as an example of libtls client and server

c5eef7f1

2015-09-11T18:52:22

remove engine.c from CMake

6db3fc7c

2015-09-11T09:47:40

remove engine from openssl(1)

5461dea7

2015-08-18T13:20:19

Add install targets and shared libraries to CMake

a9122f74

2015-07-21T22:21:14

add cmake tests

5d8a1cf7

2014-07-10T22:06:10

add initial CMake and Visual Studio build support This moves the compatibility include files from include to include/compat so we can use the awful MS C compiler <../include/> trick to emulate the GNU #include_next extension. This also removes a few old compat files we do not need anymore.

db974c34

2015-07-15T20:00:21

fixup how OPENSSLDIR is derived and expanded As per http://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Installation-Directory-Variables.html we should not try to expand variables like sysconfdir in the configure script, but rather derive the correct value in the Makefiles instead. This fixes missing expansions as the preprocessor define.

bda20bd1

2015-07-11T14:23:44

Improve automatic handling of OPENSSLDIR Install a default cert.pem, openssl.cnf, x509v3.cnf in OPENSSLDIR, which is derived by default from sysconfdir and the prefix setting.

ad2a38ab

2015-03-22T06:18:18

rework CFLAGS/CPPFLAGS settings during configuration Move define adjustments to CPPFLAGS. Adjust user CFLAGS directly, do not override during configuration. USER_CFLAGS is not necessary to build libcompat_noopt correctly.

148aebdb

2015-03-08T16:39:48

fix hangs reading stdin on Windows

28311d43

2015-02-14T18:51:44

conditionally build certhash into openssl(1) For now, look for openat and symlink. We may switch to just needing symlink later.

5e96c047

2015-02-11T20:50:10

add the new openssl(1) certhash command

9adc6d64

2014-12-27T16:52:25

Revert "do not double-link libcrypto" This reverts commit c83d468cfd5d3ca60a499b69c0b7c9d0b159d405. It wasn't as superfluous as I thought on all platforms.

c83d468c

2014-12-27T16:34:48

do not double-link libcrypto libssl already has LIBFLAGS for libcrypto, so adding -lcrypto is superfluous.

13035fa6

2014-12-06T11:20:56

simplify building the apps Makefile Remove extra machinery in favor of a plain-old Makefile.am. Tighten up what files are copied on build, package a simple openssl.cnf.

1bbde19a

2014-11-20T00:24:20

add minimal poll(2) implementation for Windows This provides sufficient functionality to run openssl(1) from a Windows console. This is based on the original select-based version from from songdongsheng@live.cn. Changes: * use nfds_t directly for iterating the fds. * add WSAGetLastError -> errno mappings * handle POLLHUP and the OOB data cases for revents * handle sparse arrays of fds correctly * KNF style updates * teach poll how to handle file handles as well as sockets This handles the socket/non-socket issue by alternating a loop between WaitForMultipleObjects for non-sockets and and select for sockets. One would think this would be terrible for performance, but as of this writing, poll consumes about 6% of the time doing a bulk transfer between a Linux box and 'openssl.exe s_server'. I tried to implement this all in terms of WaitForMultipleObjects with a select 'poll' at the end to get extra specific socket status. However, the cost of setting up an event handle for each socket, setting the WSAEventSelect attributes, and cleaning them up reliably was pretty high. Since the event handle associated with a socket is also global, creating a new one cancels the previous one or can be disabled externally. In addition, the 'FD_WRITE' status of a socket event handle does not behave in an expected fashion, being triggered by an edge on a write event rather than being level triggered. Another fun horror story is how stdin in windows might be a console, it might be a pipe, it might be something else. If these all worked in the same way, it would be great. But, since a console-stdin can also signal on a mouse or window event, it means we can easily get stuck in a blocking read (you can't make stdin non-blocking) if the non-character events are not filtered out. So, poll does that too. See here for various additional horror stories: http://www.postgresql.org/message-id/4351.1336927207@sss.pgh.pa.us

58fcd3c3

2014-11-20T00:26:55

Add conditional compilation for windows and posix functions. This adds a Windows-specific versions of several symbols from libcrypto and openssl(1).

2103690c

2014-11-19T22:02:17

improve readability of generated Makefile.am files

0aeb93b9

2014-10-27T19:22:03

override native arc4random_buf on FreeBSD The FreeBSD-native arc4random_buf implementation falls back to weak sources of entropy if the sysctl fails. Remove these dangerous fallbacks by overriding locally. Unfortunately, pthread_atfork() is broken on FreeBSD (at least 9 and 10) if a program does not link to -lthr. Callbacks registered with pthread_atfork() simply fail silently. So, it is not always possible to detect a PID wraparound. I wish we could do better. This improves arc4random_buf's safety compared to the native FreeBSD implementation. Tested on FreeBSD 9 and 10. ok beck@ deraadt@

a4cc9539

2014-10-29T15:44:36

Improve and simplify function and header detection logic. Simplify autoconf checks by using AC_CHECK_FUNCS/HEADERS. Clarify some ambiguous dependencies around strnlen/strndup. Unconditionally enable pidwraptest for all arc4random implementations. Remove HAVE_VASPRINTF conditional, since asprintf requires vasprintf. ok @doug

4335a49f

2014-07-21T05:40:28

use correct link order for app and tests ok beck@ guenther@

kc3-lang/libressl/apps

apps

Log