#
fb9eeb22 |
| 26-Apr-2023 |
tb <tb@openbsd.org> |
Zap trailing whitespace
|
#
e2a6bdce |
| 26-Apr-2023 |
tb <tb@openbsd.org> |
Take X509_POLICY_NODE_print() behind the barn
This used to be public API but is now only used for debug code that has certainly never been used since it was released to the public. It drags that deb
Take X509_POLICY_NODE_print() behind the barn
This used to be public API but is now only used for debug code that has certainly never been used since it was released to the public. It drags that debug nonsense with it.
ok beck
show more ...
|
#
e6cf98fc |
| 26-Apr-2023 |
beck <beck@openbsd.org> |
Make the new policy code in x509_policy.c to be selectable at compile time.
The old policy codes remains the default, with the new policy code selectable by defining LIBRESSL_HAS_POLICY_DAG.
ok tb@
Make the new policy code in x509_policy.c to be selectable at compile time.
The old policy codes remains the default, with the new policy code selectable by defining LIBRESSL_HAS_POLICY_DAG.
ok tb@ jsing@
show more ...
|
#
3201f0b1 |
| 20-Apr-2023 |
tb <tb@openbsd.org> |
Flip the default of explicitText to UTF8String
While it may have been reasonable to use VisibleString back when this code was written, it's an anachronism nowadays. In particular, configuring Boring
Flip the default of explicitText to UTF8String
While it may have been reasonable to use VisibleString back when this code was written, it's an anachronism nowadays. In particular, configuring BoringSSL reports that they have seen malformed certificates with exactly the issue caused by this unfortuante default.
Reported by Alex Gaynor in OpenSSL issue 20772
ok jsing
show more ...
|
#
cedac418 |
| 16-Feb-2023 |
tb <tb@openbsd.org> |
libressl *_namespace.h: adjust *_ALIAS() to require a semicolon
LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon. This does not conform to style(9), breaks editors and ctags and (most
libressl *_namespace.h: adjust *_ALIAS() to require a semicolon
LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon. This does not conform to style(9), breaks editors and ctags and (most importantly) my workflow. Fix this by neutering them with asm("") so that -Wpedantic doesn't complain. There's precedent in libc's namespace.h
fix suggested by & ok jsing
show more ...
|
#
c9675a23 |
| 26-Nov-2022 |
tb <tb@openbsd.org> |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_l
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
show more ...
|
#
06d31337 |
| 14-Nov-2022 |
beck <beck@openbsd.org> |
Hide public symbols in libcrypto/x509 .c files
ok tb@
|
#
9b72422d |
| 14-Jan-2022 |
tb <tb@openbsd.org> |
Garbage collect the app_items field of ASN1_ADB
This is unused and was removed in OpenSSL 5b70372d when it was replaced with an ASN.1 ADB callback (which we don't support).
ok inoguchi jsing
|
#
2dc20167 |
| 08-Jan-2022 |
tb <tb@openbsd.org> |
x509_cpols.c will need to include x509_lcl.h soon
|
#
3d508f29 |
| 24-Aug-2021 |
tb <tb@openbsd.org> |
Fix various read buffer overflow when printing ASN.1 strings (which are not necessarily NUL terminated). Same as schwarze's fix in t_x509a.c r1.9.
From David Benjamin and Matt Caswell (part of the f
Fix various read buffer overflow when printing ASN.1 strings (which are not necessarily NUL terminated). Same as schwarze's fix in t_x509a.c r1.9.
From David Benjamin and Matt Caswell (part of the fixes in OpenSSL 1.1.1l)
ok inoguchi
show more ...
|
#
e500e238 |
| 04-Jun-2020 |
jsing <jsing@openbsd.org> |
Collapse the x509v3 directory into x509.
This avoids the need to grep across directories to find functions and prepares for further rototilling and chainsawing.
Discussed with tb@ (who also tested
Collapse the x509v3 directory into x509.
This avoids the need to grep across directories to find functions and prepares for further rototilling and chainsawing.
Discussed with tb@ (who also tested the release build)
show more ...
|