| #
e7718ada |
| 06-Mar-2023 |
tb <tb@openbsd.org> |
Rename struct ${app}_config to plain cfg
All the structs are static and we need to reach into them many times.
Having a shorter name is more concise and results in less visual clutter.
It also avoid
Rename struct ${app}_config to plain cfg
All the structs are static and we need to reach into them many times.
Having a shorter name is more concise and results in less visual clutter.
It also avoids many overlong lines and we will be able to get rid of some
unfortunate line wrapping down the road.
Discussed with jsing
show more ...
|
| #
46f4e7fa |
| 11-Nov-2022 |
joshua <joshua@openbsd.org> |
Remove the legacy interactive mode from openssl(1).
This removes the legacy interactive mode from openssl(1) since it is
rarely used, complicates the code, and has also been removed from
OpenSSL in
Remove the legacy interactive mode from openssl(1).
This removes the legacy interactive mode from openssl(1) since it is
rarely used, complicates the code, and has also been removed from
OpenSSL in version 3.x.x.
ok tb@ jsing@
show more ...
|
| #
3b269dc8 |
| 23-Oct-2021 |
tb <tb@openbsd.org> |
Add a length check before NUL-terminating target. From Jonas Termansen.
ok jsing
|
| #
361e8ff4 |
| 28-Aug-2021 |
tb <tb@openbsd.org> |
Add RCS marker
|
| #
ea149709 |
| 14-Jul-2019 |
guenther <guenther@openbsd.org> |
Mark the initialized struct options arrays as both static and const.
This moves them from .data to .data.rel.ro
ok deraadt@ inoguchi@
|
| #
1020b5f1 |
| 07-Feb-2018 |
jsing <jsing@openbsd.org> |
Indent labels with a single space so that diff prototypes are more useful.
|
| #
51811ead |
| 20-Jan-2017 |
deraadt <deraadt@openbsd.org> |
rearrange pledge promises into the canonical order; easier to eyeball
|
| #
9614edd0 |
| 20-Nov-2015 |
deraadt <deraadt@openbsd.org> |
do not need sys/param.h
|
| #
e370f0ee |
| 17-Oct-2015 |
doug <doug@openbsd.org> |
Exit if a pledge call fails in non-interactive mode.
ok semarie@
|
| #
9bc487ad |
| 10-Oct-2015 |
doug <doug@openbsd.org> |
Initial support for pledges in openssl(1) commands.
openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session
Initial support for pledges in openssl(1) commands.
openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.
We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.
This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.
deraadt@ and beck@ are roughly fine with this approach.
show more ...
|
| #
b19fe0ad |
| 02-Oct-2015 |
deraadt <deraadt@openbsd.org> |
avoid sys/param.h, by using PATH_MAX
|
| #
20c6dab5 |
| 22-Aug-2015 |
jsing <jsing@openbsd.org> |
Remove all duplicate prototypes for *_main functions (these are already
provided by progs.h). Also, move the FUNCTION type (and flags) into
openssl.c since that is the only place of use. Lastly, remo
Remove all duplicate prototypes for *_main functions (these are already
provided by progs.h). Also, move the FUNCTION type (and flags) into
openssl.c since that is the only place of use. Lastly, remove pointless
'extern' from the prototypes and use char **argv instead of char *argv[]
(the former is used elsewhere).
ok deraadt@ doug@
show more ...
|
| #
3b51259b |
| 19-Jul-2015 |
beck <beck@openbsd.org> |
Fix coverity 105339, by correctly checking return from strtoll
ok miod@ bcook@
|
| #
09a3af8f |
| 05-Mar-2015 |
tedu <tedu@openbsd.org> |
subtraction is not comparison. the difference of two longs is not good
to place in an int. from Christian Neukirchen
ok deraadt
|
| #
10ff8fbe |
| 25-Feb-2015 |
millert <millert@openbsd.org> |
No need to use O_DIRECTORY when opening ".", O_RDONLY will suffice.
OK guenther@
|
| #
07628f06 |
| 25-Feb-2015 |
doug <doug@openbsd.org> |
Avoid NULL pointer deref in hashinfo_free() when calling from error paths.
Also, nuke debugging printfs per jsing and bcook.
ok bcook@, jsing@
|
| #
c339397c |
| 22-Feb-2015 |
guenther <guenther@openbsd.org> |
While slick, this isn't accessing multiple directories concurrently, so
using *at functions is equivalent to chdir()ing, which eases portability.
Tested with mixes of absolute and relative paths.
Eli
While slick, this isn't accessing multiple directories concurrently, so
using *at functions is equivalent to chdir()ing, which eases portability.
Tested with mixes of absolute and relative paths.
Eliminate a FILE leak too.
prodded by jsing@
show more ...
|
| #
5558f497 |
| 18-Feb-2015 |
beck <beck@openbsd.org> |
fix coverity 105350 and 10345
ok miod@, doug@
|
| #
13a74dcc |
| 12-Feb-2015 |
guenther <guenther@openbsd.org> |
qsort() compare functions MUST use memcmp() instead of bcmp() to have
the correct return value. Prefer memcmp() anyway for portability.
ok jsing@ tedu@
|
| #
38ec878b |
| 12-Feb-2015 |
bcook <bcook@openbsd.org> |
swap limits.h for sys/limits.h
ok jsing@
|
| #
33596611 |
| 10-Feb-2015 |
jsing <jsing@openbsd.org> |
Introduce an openssl(1) certhash command.
This is effectively a reimplementation of the functionality provided by
the previously removed c_rehash Perl script. The c_rehash script had a
number of kno
Introduce an openssl(1) certhash command.
This is effectively a reimplementation of the functionality provided by
the previously removed c_rehash Perl script. The c_rehash script had a
number of known issues, including the fact that it needs to run openssl(1)
multiple times and that it starts by removing all symlinks before
putting them back, creating atomicity issues/race conditions, even when
nothing has changed.
certhash is self-contained and is intended to be stable - no changes
should be made unless something has actually changed. This means it can
be run regularly in a production environment without causing certificate
lookup failures.
Further testing and improvements will happen in tree.
Discussed with tedu@
show more ...
|