Commits
- Commit:
6a996ec20ffc1ae030c0c56c85d0296d8164c4c4
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fmt
- Commit:
bd2330769039944d0acbf10e81e798698be13a20
- From:
- Omar Polo <op@omarpolo.com>
- Date:
drop engine support
- Commit:
21617eda73fc4f7b75e6e27b6c102160aba57e9e
- From:
- Omar Polo <op@omarpolo.com>
- Date:
remove the useless logging methods
it makes more clear where the magic is. adapted from the smtpd'
ca.c diff.
- Commit:
51340784148099697642da6252048a266f227d8e
- From:
- Omar Polo <op@omarpolo.com>
- Date:
macos' clang is retarded
thinks rsa and ecdsa may be used un-initialized... if we enter the
branch with fatalx().
sigh
- Commit:
abc599e0317f564fcbbb7fe04a4f1a9dc0ce0036
- From:
- Omar Polo <op@omarpolo.com>
- Date:
drop debug log
- Commit:
b90faa1605c46f14747742a30cf10721515e0cac
- From:
- Omar Polo <op@omarpolo.com>
- Date:
simplify check
brought to my attention by gcc who isn't smart enough to figure out
that `ret' is always set.
- Commit:
10cc819309de08fbab770ce9605dec1b35a4fad9
- From:
- Omar Polo <op@omarpolo.com>
- Date:
avoid arithmetic on void pointers (GNU extension)
not really sold on this one, I don't see what other interpretation could
be given, but it's not standard so...
- Commit:
b8d68fc8e49b3eeac2ba3106e9694ef463a646e1
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fixes for -Wpointer-sign
- Commit:
d1739e3f03a014fa9baded61a49eeb49293c751f
- From:
- Omar Polo <op@omarpolo.com>
- Date:
cast uint64_t to unsigned long long
- Commit:
ec96a0ad3b80dd46a4d68359807c0c09560100cb
- From:
- Omar Polo <op@omarpolo.com>
- Date:
work around different signature for ecdsae_compute_key
- Commit:
86693a33abd5e8c31530adb3045c9f4664d4d6c9
- From:
- Omar Polo <op@omarpolo.com>
- Date:
add a privsep crypto engine
Incorporate the OpenSMTPD' privsep crypto engine. The idea behind
it is to never load the certificate' private keys in a networked
process, instead they are loaded in a separate process (the `crypto'
one) which signs payloads on the behalf of the server processes.
This way, we greatly reduce the risk of leaking the certificate'
private key should the server process be compromised.
This currently compiles only on LibreSSL (portable fix is in the
way).