aboutsummaryrefslogtreecommitdiffstats
path: root/apps
Commit message (Collapse)AuthorAgeFilesLines
* Add the -groups option to s_server/s_clientMatt Caswell2017-05-031-4/+7
| | | | | | This should have been added before but was missed. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3375)
* Added support for ESSCertIDv2Marek Klein2017-05-033-0/+6
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/771)
* Convert uses of snprintf to BIO_snprintfRich Salz2017-05-021-10/+10
| | | | | | | Fixes #2360 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3366)
* TLS1.3 PaddingTodd Short2017-05-021-1/+5
| | | | | | | | | | Add padding callback for application control Standard block_size callback Documentation and tests included Configuration file/s_client/s_srver option Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3130)
* Add checks on return code when applying some settings.FdaSilvaYY2017-04-282-75/+40
| | | | | | | | Remove hardcoded bound checkings. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3141)
* Output prog name within error messageFdaSilvaYY2017-04-282-6/+6
| | | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3141)
* Add a 'max_send_frag' option to configure maximum size of send fragmentsFdaSilvaYY2017-04-282-7/+46
| | | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3141)
* Fix s_client when no-dtlsTodd Short2017-04-281-0/+2
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3344)
* Remove (broken) diagnostic printRich Salz2017-04-271-6/+0
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3336)
* Ensure s_client sends an SNI extension by defaultMatt Caswell2017-04-271-4/+26
| | | | | | | | | Enforcement of an SNI extension in the initial ClientHello is becoming increasingly common (e.g. see GitHub issue #2580). This commit changes s_client so that it adds SNI be default, unless explicitly told not to via the new "-noservername" option. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2614)
* Switch command-line utils to new nameopt API.Dmitry Belyavskiy2017-04-2512-100/+69
| | | | | | | | | | | | | | | | | The CA names should be printed according to user's decision print_name instead of set of BIO_printf dump_cert_text instead of set of BIO_printf Testing cyrillic output of X509_CRL_print_ex Write and use X509_CRL_print_ex Reduce usage of X509_NAME_online Using X509_REQ_print_ex instead of X509_REQ_print Fix nameopt processing. Make dump_cert_text nameopt-friendly Move nameopt getter/setter to apps/apps.c Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3262)
* Correct some badly formated preprocessor linesRichard Levitte2017-04-251-5/+5
| | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3304)
* Add guards around one of use of IPPROTO_SCTP where it was missingRichard Levitte2017-04-251-0/+2
| | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3304)
* openssl enc: Don't unbuffer stdinBernard Spil2017-04-251-1/+0
| | | | | | | | | | - unbuffer causes single-byte reads from stdin and poor performance Fixes #3281 CLA: trivial Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3299)
* Fix some variable references in init_clientMatt Caswell2017-04-251-4/+5
| | | | | | We were incorrectly using "res" when we meant "ai" Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3286)
* Ask libssl if we should retry not the socketMatt Caswell2017-04-251-3/+3
| | | | | | | s_server was asking the underlying socket if it is a retryable error rather than libssl which has more information. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3286)
* Add a -sctp option to s_clientMatt Caswell2017-04-253-9/+62
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3286)
* Add a -sctp option to s_serverMatt Caswell2017-04-253-21/+80
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3286)
* OCSP Updates: error codes and multiple certificatesTodd Short2017-04-121-11/+21
| | | | | | | | | | | | | | RT3877: Add X509 OCSP error codes and messages Add additional OCSP error codes for X509 verify usage RT3867: Support Multiple CA certs in ocsp app Add the ability to read multiple CA certs from a single file in the ocsp app. Update some missing X509 errors in documentation. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/941)
* Make default_method mostly compile-timeRich Salz2017-04-071-5/+1
| | | | | | | | Document thread-safety issues Have RSA_null return NULL (always fails) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2244)
* Print CA names in s_server, add -requestCAfile to s_clientDr. Stephen Henson2017-04-034-16/+25
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3015)
* Add requestCAfile optionDr. Stephen Henson2017-04-031-1/+17
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3015)
* Add extensions to debug listDr. Stephen Henson2017-04-031-0/+5
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3015)
* Ensure dhparams can handle X9.42 params in DERMatt Caswell2017-04-031-5/+17
| | | | | | | | | dhparams correctly handles X9.42 params in PEM format. However it failed to correctly processes them when reading/writing DER format. Fixes #3102 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3111)
* apps/*.c: switch to platform-neutral format modifiers in BIO_print calls.Andy Polyakov2017-03-303-6/+6
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3083)
* Fix s_client early data indicatorMatt Caswell2017-03-301-1/+1
| | | | | | | | | | | | | | s_client was always saying that early_data was rejected even when it was accepted. This was because it was using the wrong test to detect the end of the handshake. It was using SSL_in_init() which only tells you whether it is currently processing/sending/expecting handshake messages. It should use SSL_is_init_finished() which tells you that no handshake messages are being processed/sent/expected AND we have completed the handshake. In the early data case we are not processing/sending handshake messages and we are expecting early data (not a handshake message) - but the handshake has not yet completed. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3090)
* More typo fixesFdaSilvaYY2017-03-291-1/+1
| | | | | | | | Fix some comments too [skip ci] Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3069)
* apps/passwd.c: 32 bits are sufficient to hold ROUNDS_MAX.Andy Polyakov2017-03-271-3/+3
| | | | | | | | Even though C standard defines 'z' modifier, recent mingw compilers break the contract by defining __STDC_VERSION__ with non-compliant MSVCRT.DLL. In other words we can't use %zu with mingw, but insteadl of cooking Reviewed-by: Tim Hudson <tjh@openssl.org>
* Fix no-dtls buildsMatt Caswell2017-03-171-1/+6
| | | | | | | | Commits f2ff1432f in master and 14d4d7eda in 1.1.0 broke the no-dtls build by moving the position of a "#endif" for OPENSSL_NO_DTLS in a change which is otherwise unrelated to DTLS. This puts it back to where it was. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2974)
* Add TLSv1.3 draft-19 messages to traceTodd Short2017-03-161-16/+21
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2970)
* Simplify code around next_proto.len by changing 'len' data type.FdaSilvaYY2017-03-161-16/+6
| | | | | | | | clean an useless static qualifier and a dead comment. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2278)
* Fix a -Wsign-compare warningBenjamin Kaduk2017-03-141-1/+1
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2940)
* Add HelloRetryRequest text to s_client/s_serverTodd Short2017-03-101-0/+1
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2900)
* Make the output of enc -ciphers identical even if run several times in a ↵Pauli2017-03-091-10/+17
| | | | | | | | | session. This amounts to moving the column counter so it isn't a function local static variable and reinitialising it each time. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2884)
* Add some TLS13 values to s_client/s_serverTodd Short2017-03-081-4/+10
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2882)
* Limit the output of the enc -ciphers command to just the ciphers enc canPauli2017-03-081-0/+8
| | | | | | | | | | process. This means no AEAD ciphers and no XTS mode. Update the test script that uses this output to test cipher suites to not filter out the now missing cipher modes. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2876)
* Increase the password buffer size to APP_PASS_LEN.Pauli2017-03-071-1/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2868)
* Fix no-pskMatt Caswell2017-03-061-2/+2
| | | | | | Fixes #2847 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2856)
* apps/s_client.c: harden ldap_ExtendedResponse_parse.Andy Polyakov2017-03-041-0/+2
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* use OSSLzu instead of lu format for size_t displayedelangh2017-03-031-2/+2
| | | | | | | CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2660)
* Silence some clang warningsMatt Caswell2017-03-021-1/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2831)
* Rename SSL_write_early() to SSL_write_early_data()Matt Caswell2017-03-021-1/+1
| | | | | | | This is for consistency with the rest of the API where all the functions are called *early_data*. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
* Rename SSL_read_early() to SSL_read_early_data()Matt Caswell2017-03-021-4/+4
| | | | | | | This is for consistency with the rest of the API where all the functions are called *early_data*. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
* Updates to s_server and s_client for the latest early_data API changesMatt Caswell2017-03-022-12/+20
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
* Tighten sanity checks when calling early data functionsMatt Caswell2017-03-021-1/+3
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
* Ensure the max_early_data option to s_server can be 0Matt Caswell2017-03-021-3/+7
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
* Get s_client to report on whether early data was accepted or notMatt Caswell2017-03-021-0/+17
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
* Add a "-early_data" option to s_serverMatt Caswell2017-03-021-1/+44
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
* Add an option to s_client to send early_dataMatt Caswell2017-03-021-2/+40
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
* Add a -max_early_data option to s_serverMatt Caswell2017-03-021-2/+10
| | | | | | Allows you to set the number of bytes that can be sent as early data Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-19 09:19:39 +0000