Add some new mouse ranges called "control0" to "control9", will be used
for controls on floating panes, from Dane Jensen, with some bits from
Michael Grant.
remove dup block that tries to close tls client ca fd
it's already closed and fd set to -1 a few lines above.
diff from Marc Jorge (openbsd [at] cypher-fox com), thanks!
Remove ssl_server_legacy_first_packet()
This has not been reachable since we made the TLSv1.3 stack the default
entry point - tls13_record_layer_read_record() will send a protocol
version alert and raise an error, which means we never transition into
the legacy stack.
ok kenjiro@
rpki-client: stop aligning variables in cert_parse_extensions()
While it looks a bit tidier if the variables are aligned with a tab in
the declarations, this is also a source of churn, so give up on this in
this function.
rpki-client: const for ext and OID in cert_parse_extensions()
This is the last step of sprinkling const for OpenSSL 4. Move the extension
retrieved via X509_get_ext() to a const. The extension is first passed to
the simple X509_EXTENSION_get_object() getter and in the extension parsers
to X509V3_EXT_d2i(). The OID is passed to the const correct OBJ_obj2nid()
and OBJ_obj2text().
discussed with claudio
rpki-client: cast extension passed to X509_EXTENSION_get_object()
Again this is currently a noop which is needed since this simple getter
isn't const correct in OpenSSL < 4 and LibreSSL and because OpenSSL 4
fixed this.
discussed with claudio
rpki-client: const correct cert extension handlers
The only reason the extension passed in wasn't const was X509V3_EXT_d2i(),
for which we now cast away const.
discussed with claudio
rpki-client: cast extension passed to X509V3_EXT_d2i()
This function has never modified the extensions. It only uses the extension's
object (OID) to retrieve the X509_EXT_METHOD and then calls the appropriate
d2i handler on the extension's value. OpenSSL 4 correctly added a const
qualifier to this function.
The cast is a noop right now, but once we switch the extension handlers'
signatures to take a const, this will generate a warning due to passing a
const pointer to a non-const function for OpensSL < 4 and LibreSSL.
Annotate the cast for our future selves.
discussed with claudio
rpki-client: rename certificate_policies() into cert_policies()
This is slightly more consistent with the remainder of the file.
All other extension handlers except those for ipAddrBlocks and
autonomousSysIds, which start with sbgp_ for historical reasons,
have a cert_ prefix.
discussed with claudio
rpki-client: cast away const for X509_get_X509_PUBKEY()
In cert_check_spki() the pubkey is a libcrypto-internal pointer hanging
off cert->x509, which is then passed to the very const-incorrect getter
X509_PUBKEY_get0_param(): that's a piece of art which hands back pointers
to things deeper down in the x509 - some of them const, some non-const.
OpenSSL 3 made its X509_PUBKEY argument const, but their X509_ALGOR **
still isn't. I don't believe they thought about this in #11894 as they
had a more important _cmp() vs _eq() bikeshed to sort out.
discussed with claudio
rpki-client: make the X509_NAME *xissuer const
X509_get_issuer_name() isn't const correct in LibreSSL and OpenSSL < 4
and it returns a modifiable X509_NAME *. The xissuer is only passed to
X509_NAME_oneline() which takes a const X509_NAME, so it can be const.
discussed with claudio
Fix leap year detection.
Found and initial diff from Alvar Penning, shorter diff from me (I
guess it's a matter of taste).
ok jca@, who would do it the same way.
If a fd satisfies both POLLIN and POLLOUT in the same cycle, but the
POLLIN resulted in a file close, the POLLOUT runs incorrectly which
matters in the TLS context which attempts to read after free.
from James J. Lippard
ok millert
Prevent integer overflow in regex repetition count
Limit the repetition count to 255 like POSIX does. Also avoid a
crash when the repetition is the first atom parsed.
From Renaud Allard.
relayd: error check bsearch in relay_httperror_byid()
If relay_httperror_byid() is passed a HTTP error code not in the table
this would result in a NULL deref. The intent is that the code fall back
to "Unknown error" on NULL return.
From Jan Schreiber
sys/iwx: align antenna patterns and STBC with iwlwifi
Follow iwlwifi for antenna pattern and STBC advertisement. Advertise RX
antenna pattern only when RX is effectively 1x1; advertise HT and VHT
STBC unconditionally, and VHT TX antenna pattern only when TX is
effectively 1x1, and program the firmware TLC STBC flag when the peer
advertises RX STBC and the device has more than one valid TX antenna.
OK: stsp@