regress tests but causes tls ciphersuite using sha386 to fail; found the
hard way by henning@.
I can't see anything wrong in the generated assembly code yet, but building
a libcrypto with no assembler code but sha512_block_data_order() is enough
to trigger Henning's issue, so the bug lies there.
No ABI change; ok deraadt@
Printing strerror() in that case will say result too large, even if rounds is
actually too small. invalid is less specific, but less incorrect.
ok millert
tls_config_insecure_noverifyname(), so that it is more accurate and keeps
inline with the distinction between DNS hostname and server name.
Requested by tedu@ during s2k15.
- comments relevant to other brands of UNIX
- the no-op KSH_VERSION case-block, we only have pdksh
- the case-block for setting aliases based on UNIX brand
together with a comment that falsely encourages to modify this
file instead of putting stuff in $HOME/.kshrc
OK krw@ halex@
no need to request it ever again. The only exception is the
escalation of failed constraint checks that might lead into
re-requesting the constraint time from all servers. Adjust the states
accordingly.
OK henning@
time from HTTPS servers, by parsing the Date: header, and use the
median constraint time as a boundary to verify NTP responses. This
adds some level of authentication and protection against MITM attacks
while preserving the accuracy of the NTP protocol; without relying on
authentication options for NTP that are basically unavailable at
present. This is an initial implementation and the semantics will be
improved once it is in the tree.
Discussed with deraadt@ and henning@
OK henning@
in the image is for Cubieboard1. Discussed with bmercer@
While here switch from using the separate spl and u-boot images
to the combined spl and u-boot 'u-boot-sunxi-with-spl.bin'.
did). This allows any local changes to /etc/services to be effective
if all you have is the default.
Issue pointed out by Brian S. Vangsgaard on bugs@. Thanks!
ok phessler@ deraadt@