#
1.17 |
|
19-Apr-2023 |
jsg |
remove duplicate includes
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.16 |
|
15-Dec-2022 |
florian |
The argument to ctype functions must be EOF or representable as an unsigned char.
Casting to int is particularly useless because that's what the compiler already does. We need to prevent sign extension, not write down that we want sign extension.
OK deraadt, kn, miod, op
|
Revision tags: OPENBSD_7_0_BASE OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.15 |
|
14-Sep-2021 |
tb |
Add missing void to definition of http_init().
ok deraadt florian
|
#
1.14 |
|
14-Jul-2021 |
kn |
Remove unneeded calls to tls_init(3)
As per the manual and lib/libtls/tls.c revision 1.79 from 2018 "Automatically handle library initialisation for libtls." initialisation is handled automatically by other tls_*(3) functions.
Remove explicit tls_init() calls from base to not give the impression of it being needed.
Feedback tb OK Tests mestre
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.13 |
|
11-Jan-2020 |
sthen |
Set "Content-Type: application/ocsp-request" in ocspcheck(1)'s POSTs, it is required by the RFC and some CAs require it (e.g. sectigo). From daharmasterkor at gmail com, ok jca@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.12 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.11 |
|
29-Nov-2018 |
tedu |
update for libtls default cert changes. bonus: this exposed a few missing const qualifiers.
|
#
1.10 |
|
06-Nov-2018 |
jsing |
Use TLS_CA_CERT_FILE instead of a separate define.
ok beck@ bluhm@ tb@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.9 |
|
26-Mar-2017 |
deraadt |
recallocarray() for data buffer from the net. ok beck
|
#
1.8 |
|
03-Feb-2017 |
guenther |
Don't use <sys/param.h> from userland without cause. Sort <sys/*> before other includes per style(9) while we're here.
ok florian@ bcook@ jsing@ beck@
|
#
1.7 |
|
01-Feb-2017 |
beck |
netinet/in.h should be included, and freebsd and some others don't have EAI_NODATA, so make this easier for people from bernard spill
|
#
1.6 |
|
25-Jan-2017 |
benno |
bring changes from acme-client over here. ok beck@
|
#
1.5 |
|
24-Jan-2017 |
deraadt |
string terminator is called a NUL
|
#
1.4 |
|
24-Jan-2017 |
deraadt |
Yes the "if (const == val" idiom provides some safety, but it grates on us too much. ok beck jsing
|
#
1.3 |
|
24-Jan-2017 |
beck |
revert accidental commit of theo diff
|
#
1.2 |
|
24-Jan-2017 |
beck |
Just don't bother with OpenSSL error strings, they are mostly irrelevant and look gross here anyway.. we don't need them
|
#
1.1 |
|
24-Jan-2017 |
beck |
New ocspcheck utility to validate a certificate against its ocsp responder and save the reply for stapling
ok deraadt@ jsing@
|
#
1.16 |
|
15-Dec-2022 |
florian |
The argument to ctype functions must be EOF or representable as an unsigned char.
Casting to int is particularly useless because that's what the compiler already does. We need to prevent sign extension, not write down that we want sign extension.
OK deraadt, kn, miod, op
|
Revision tags: OPENBSD_7_0_BASE OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.15 |
|
14-Sep-2021 |
tb |
Add missing void to definition of http_init().
ok deraadt florian
|
#
1.14 |
|
14-Jul-2021 |
kn |
Remove unneeded calls to tls_init(3)
As per the manual and lib/libtls/tls.c revision 1.79 from 2018 "Automatically handle library initialisation for libtls." initialisation is handled automatically by other tls_*(3) functions.
Remove explicit tls_init() calls from base to not give the impression of it being needed.
Feedback tb OK Tests mestre
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.13 |
|
11-Jan-2020 |
sthen |
Set "Content-Type: application/ocsp-request" in ocspcheck(1)'s POSTs, it is required by the RFC and some CAs require it (e.g. sectigo). From daharmasterkor at gmail com, ok jca@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.12 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.11 |
|
29-Nov-2018 |
tedu |
update for libtls default cert changes. bonus: this exposed a few missing const qualifiers.
|
#
1.10 |
|
06-Nov-2018 |
jsing |
Use TLS_CA_CERT_FILE instead of a separate define.
ok beck@ bluhm@ tb@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.9 |
|
26-Mar-2017 |
deraadt |
recallocarray() for data buffer from the net. ok beck
|
#
1.8 |
|
03-Feb-2017 |
guenther |
Don't use <sys/param.h> from userland without cause. Sort <sys/*> before other includes per style(9) while we're here.
ok florian@ bcook@ jsing@ beck@
|
#
1.7 |
|
01-Feb-2017 |
beck |
netinet/in.h should be included, and freebsd and some others don't have EAI_NODATA, so make this easier for people from bernard spill
|
#
1.6 |
|
25-Jan-2017 |
benno |
bring changes from acme-client over here. ok beck@
|
#
1.5 |
|
24-Jan-2017 |
deraadt |
string terminator is called a NUL
|
#
1.4 |
|
24-Jan-2017 |
deraadt |
Yes the "if (const == val" idiom provides some safety, but it grates on us too much. ok beck jsing
|
#
1.3 |
|
24-Jan-2017 |
beck |
revert accidental commit of theo diff
|
#
1.2 |
|
24-Jan-2017 |
beck |
Just don't bother with OpenSSL error strings, they are mostly irrelevant and look gross here anyway.. we don't need them
|
#
1.1 |
|
24-Jan-2017 |
beck |
New ocspcheck utility to validate a certificate against its ocsp responder and save the reply for stapling
ok deraadt@ jsing@
|
#
1.15 |
|
14-Sep-2021 |
tb |
Add missing void to definition of http_init().
ok deraadt florian
|
#
1.14 |
|
14-Jul-2021 |
kn |
Remove unneeded calls to tls_init(3)
As per the manual and lib/libtls/tls.c revision 1.79 from 2018 "Automatically handle library initialisation for libtls." initialisation is handled automatically by other tls_*(3) functions.
Remove explicit tls_init() calls from base to not give the impression of it being needed.
Feedback tb OK Tests mestre
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.13 |
|
11-Jan-2020 |
sthen |
Set "Content-Type: application/ocsp-request" in ocspcheck(1)'s POSTs, it is required by the RFC and some CAs require it (e.g. sectigo). From daharmasterkor at gmail com, ok jca@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.12 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.11 |
|
29-Nov-2018 |
tedu |
update for libtls default cert changes. bonus: this exposed a few missing const qualifiers.
|
#
1.10 |
|
06-Nov-2018 |
jsing |
Use TLS_CA_CERT_FILE instead of a separate define.
ok beck@ bluhm@ tb@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.9 |
|
26-Mar-2017 |
deraadt |
recallocarray() for data buffer from the net. ok beck
|
#
1.8 |
|
03-Feb-2017 |
guenther |
Don't use <sys/param.h> from userland without cause. Sort <sys/*> before other includes per style(9) while we're here.
ok florian@ bcook@ jsing@ beck@
|
#
1.7 |
|
01-Feb-2017 |
beck |
netinet/in.h should be included, and freebsd and some others don't have EAI_NODATA, so make this easier for people from bernard spill
|
#
1.6 |
|
25-Jan-2017 |
benno |
bring changes from acme-client over here. ok beck@
|
#
1.5 |
|
24-Jan-2017 |
deraadt |
string terminator is called a NUL
|
#
1.4 |
|
24-Jan-2017 |
deraadt |
Yes the "if (const == val" idiom provides some safety, but it grates on us too much. ok beck jsing
|
#
1.3 |
|
24-Jan-2017 |
beck |
revert accidental commit of theo diff
|
#
1.2 |
|
24-Jan-2017 |
beck |
Just don't bother with OpenSSL error strings, they are mostly irrelevant and look gross here anyway.. we don't need them
|
#
1.1 |
|
24-Jan-2017 |
beck |
New ocspcheck utility to validate a certificate against its ocsp responder and save the reply for stapling
ok deraadt@ jsing@
|
#
1.14 |
|
14-Jul-2021 |
kn |
Remove unneeded calls to tls_init(3)
As per the manual and lib/libtls/tls.c revision 1.79 from 2018 "Automatically handle library initialisation for libtls." initialisation is handled automatically by other tls_*(3) functions.
Remove explicit tls_init() calls from base to not give the impression of it being needed.
Feedback tb OK Tests mestre
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.13 |
|
11-Jan-2020 |
sthen |
Set "Content-Type: application/ocsp-request" in ocspcheck(1)'s POSTs, it is required by the RFC and some CAs require it (e.g. sectigo). From daharmasterkor at gmail com, ok jca@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.12 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.11 |
|
29-Nov-2018 |
tedu |
update for libtls default cert changes. bonus: this exposed a few missing const qualifiers.
|
#
1.10 |
|
06-Nov-2018 |
jsing |
Use TLS_CA_CERT_FILE instead of a separate define.
ok beck@ bluhm@ tb@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.9 |
|
26-Mar-2017 |
deraadt |
recallocarray() for data buffer from the net. ok beck
|
#
1.8 |
|
03-Feb-2017 |
guenther |
Don't use <sys/param.h> from userland without cause. Sort <sys/*> before other includes per style(9) while we're here.
ok florian@ bcook@ jsing@ beck@
|
#
1.7 |
|
01-Feb-2017 |
beck |
netinet/in.h should be included, and freebsd and some others don't have EAI_NODATA, so make this easier for people from bernard spill
|
#
1.6 |
|
25-Jan-2017 |
benno |
bring changes from acme-client over here. ok beck@
|
#
1.5 |
|
24-Jan-2017 |
deraadt |
string terminator is called a NUL
|
#
1.4 |
|
24-Jan-2017 |
deraadt |
Yes the "if (const == val" idiom provides some safety, but it grates on us too much. ok beck jsing
|
#
1.3 |
|
24-Jan-2017 |
beck |
revert accidental commit of theo diff
|
#
1.2 |
|
24-Jan-2017 |
beck |
Just don't bother with OpenSSL error strings, they are mostly irrelevant and look gross here anyway.. we don't need them
|
#
1.1 |
|
24-Jan-2017 |
beck |
New ocspcheck utility to validate a certificate against its ocsp responder and save the reply for stapling
ok deraadt@ jsing@
|
#
1.13 |
|
11-Jan-2020 |
sthen |
Set "Content-Type: application/ocsp-request" in ocspcheck(1)'s POSTs, it is required by the RFC and some CAs require it (e.g. sectigo). From daharmasterkor at gmail com, ok jca@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.12 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.11 |
|
29-Nov-2018 |
tedu |
update for libtls default cert changes. bonus: this exposed a few missing const qualifiers.
|
#
1.10 |
|
06-Nov-2018 |
jsing |
Use TLS_CA_CERT_FILE instead of a separate define.
ok beck@ bluhm@ tb@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.9 |
|
26-Mar-2017 |
deraadt |
recallocarray() for data buffer from the net. ok beck
|
#
1.8 |
|
03-Feb-2017 |
guenther |
Don't use <sys/param.h> from userland without cause. Sort <sys/*> before other includes per style(9) while we're here.
ok florian@ bcook@ jsing@ beck@
|
#
1.7 |
|
01-Feb-2017 |
beck |
netinet/in.h should be included, and freebsd and some others don't have EAI_NODATA, so make this easier for people from bernard spill
|
#
1.6 |
|
25-Jan-2017 |
benno |
bring changes from acme-client over here. ok beck@
|
#
1.5 |
|
24-Jan-2017 |
deraadt |
string terminator is called a NUL
|
#
1.4 |
|
24-Jan-2017 |
deraadt |
Yes the "if (const == val" idiom provides some safety, but it grates on us too much. ok beck jsing
|
#
1.3 |
|
24-Jan-2017 |
beck |
revert accidental commit of theo diff
|
#
1.2 |
|
24-Jan-2017 |
beck |
Just don't bother with OpenSSL error strings, they are mostly irrelevant and look gross here anyway.. we don't need them
|
#
1.1 |
|
24-Jan-2017 |
beck |
New ocspcheck utility to validate a certificate against its ocsp responder and save the reply for stapling
ok deraadt@ jsing@
|
#
1.12 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.11 |
|
29-Nov-2018 |
tedu |
update for libtls default cert changes. bonus: this exposed a few missing const qualifiers.
|
#
1.10 |
|
06-Nov-2018 |
jsing |
Use TLS_CA_CERT_FILE instead of a separate define.
ok beck@ bluhm@ tb@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.9 |
|
26-Mar-2017 |
deraadt |
recallocarray() for data buffer from the net. ok beck
|
#
1.8 |
|
03-Feb-2017 |
guenther |
Don't use <sys/param.h> from userland without cause. Sort <sys/*> before other includes per style(9) while we're here.
ok florian@ bcook@ jsing@ beck@
|
#
1.7 |
|
01-Feb-2017 |
beck |
netinet/in.h should be included, and freebsd and some others don't have EAI_NODATA, so make this easier for people from bernard spill
|
#
1.6 |
|
25-Jan-2017 |
benno |
bring changes from acme-client over here. ok beck@
|
#
1.5 |
|
24-Jan-2017 |
deraadt |
string terminator is called a NUL
|
#
1.4 |
|
24-Jan-2017 |
deraadt |
Yes the "if (const == val" idiom provides some safety, but it grates on us too much. ok beck jsing
|
#
1.3 |
|
24-Jan-2017 |
beck |
revert accidental commit of theo diff
|
#
1.2 |
|
24-Jan-2017 |
beck |
Just don't bother with OpenSSL error strings, they are mostly irrelevant and look gross here anyway.. we don't need them
|
#
1.1 |
|
24-Jan-2017 |
beck |
New ocspcheck utility to validate a certificate against its ocsp responder and save the reply for stapling
ok deraadt@ jsing@
|
#
1.11 |
|
29-Nov-2018 |
tedu |
update for libtls default cert changes. bonus: this exposed a few missing const qualifiers.
|
#
1.10 |
|
06-Nov-2018 |
jsing |
Use TLS_CA_CERT_FILE instead of a separate define.
ok beck@ bluhm@ tb@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.9 |
|
26-Mar-2017 |
deraadt |
recallocarray() for data buffer from the net. ok beck
|
#
1.8 |
|
03-Feb-2017 |
guenther |
Don't use <sys/param.h> from userland without cause. Sort <sys/*> before other includes per style(9) while we're here.
ok florian@ bcook@ jsing@ beck@
|
#
1.7 |
|
01-Feb-2017 |
beck |
netinet/in.h should be included, and freebsd and some others don't have EAI_NODATA, so make this easier for people from bernard spill
|
#
1.6 |
|
25-Jan-2017 |
benno |
bring changes from acme-client over here. ok beck@
|
#
1.5 |
|
24-Jan-2017 |
deraadt |
string terminator is called a NUL
|
#
1.4 |
|
24-Jan-2017 |
deraadt |
Yes the "if (const == val" idiom provides some safety, but it grates on us too much. ok beck jsing
|
#
1.3 |
|
24-Jan-2017 |
beck |
revert accidental commit of theo diff
|
#
1.2 |
|
24-Jan-2017 |
beck |
Just don't bother with OpenSSL error strings, they are mostly irrelevant and look gross here anyway.. we don't need them
|
#
1.1 |
|
24-Jan-2017 |
beck |
New ocspcheck utility to validate a certificate against its ocsp responder and save the reply for stapling
ok deraadt@ jsing@
|