| #
849d353b |
| 31-Aug-2024 |
tb <tb@openbsd.org> |
Remove SSL_add_compression_method
|
| #
dcd96ea6 |
| 03-Aug-2024 |
tb <tb@openbsd.org> |
Prepare to provide SSL_CTX_set1_cert_store()
SSL_CTX_set_cert_store() should have been called SSL_CTX_set0_cert_store()
since it takes ownership of the store argument. Apparently a few people ran
in
Prepare to provide SSL_CTX_set1_cert_store()
SSL_CTX_set_cert_store() should have been called SSL_CTX_set0_cert_store()
since it takes ownership of the store argument. Apparently a few people ran
into the issue of not bumping the refcount themselves, leading to use after
frees about 10 years ago. This is a quite rarely used API and there are no
misuses in the ports tree, but since someone did the work of writing a diff,
we can still add it.
Needless to say that SSL_CTX_get_cert_store() obviously has the exact same
issue and nobody seems to have thought of adding a get0 or get1 version to
match...
Fixes https://github.com/libressl/openbsd/issues/71
From Kenjiro Nakayama
show more ...
|
| #
39d7e165 |
| 14-Jul-2024 |
tb <tb@openbsd.org> |
Prepare to provide SSL_CIPHER_get_handshake_digest()
Needed by newer freeradius. This is a straightforward implementation that
essentially duplicates tls13_cipher_hash().
ok jsing
|
| #
451d66bb |
| 02-Mar-2024 |
tb <tb@openbsd.org> |
Remove SSL_debug
The garbage truck is quite full by now. Collect the last symbol
straggler for this bump.
ok jsing
|
| #
47628128 |
| 02-Mar-2024 |
tb <tb@openbsd.org> |
Remove SSL_CIPHER_get_by_{id,value}()
While this undocumented API would have been much nicer and saner than
SSL_CIPHER_find(), nothing used this except for the exporter test.
Let's get rid of it aga
Remove SSL_CIPHER_get_by_{id,value}()
While this undocumented API would have been much nicer and saner than
SSL_CIPHER_find(), nothing used this except for the exporter test.
Let's get rid of it again. libssl uses ssl3_get_cipher_by_{id,value}()
directly.
ok jsing
show more ...
|
| #
bc5829a3 |
| 28-Jul-2023 |
tb <tb@openbsd.org> |
Set OPENSSL_NO_ENGINE, remove engine code
ENGINE was special. It's horrible code even by the low standards of this
library. Some ports may now try to use the stubs which will fail, but
the fallout f
Set OPENSSL_NO_ENGINE, remove engine code
ENGINE was special. It's horrible code even by the low standards of this
library. Some ports may now try to use the stubs which will fail, but
the fallout from this should be minimal. Of course there are various
language bindings that expose the ENGINE API. OpenSSL 3 disabling ENGINE
by default will likely help fixing this at some point.
ok jsing
show more ...
|
| #
71e04849 |
| 08-Jul-2023 |
beck <beck@openbsd.org> |
Hide all public symbols in libssl
With the guentherizer 9000
ok tb@
|
| #
39d2b79e |
| 05-Jul-2023 |
bcook <bcook@openbsd.org> |
upstream hidden file #include_next workaround for MS C compilers
ok beck@, tb@
|
| #
ec6848bc |
| 11-Nov-2022 |
beck <beck@openbsd.org> |
Add support for symbol hiding disabled by default.
Fully explained in libcrypto/README. TL;DR make sure libcrypto
and libssl's function calls internally and to each other are via
symbol names that w
Add support for symbol hiding disabled by default.
Fully explained in libcrypto/README. TL;DR make sure libcrypto
and libssl's function calls internally and to each other are via
symbol names that won't get overridden by linking other libraries.
Mostly work by guenther@, which will currently be gated behind a
build setting NAMESPACE=yes. once we convert all the symbols to
this method we will do a major bump and pick up the changes.
ok tb@ jsing@
show more ...
|