If CSR verify fails in ca utility print out error messages.
Otherwise some errors give misleading output: for example
if the key size exceeds the library limit.
PR#2875
(cherry picked from commit a30bdb55d1361b9926eef8127debfc2e1bb8c484)
Keep copy of any host, path and port values allocated by
OCSP_parse_url and free as necessary.
(cherry picked from commit 5219d3dd350cc74498dd49daef5e6ee8c34d9857)
Use bufsiz - 1 not BUFSIZ - 1 when prompting for a password in
the openssl utility.
Thanks to Rob Mackinnon, Leviathan Security for reporting this issue.
(cherry picked from commit 7ba08a4d73c1bdfd3aced09a628b1d7d7747cdca)
Windows 8 SDKs complain that GetVersion() is deprecated.
We only use GetVersion like this:
(GetVersion() < 0x80000000)
which checks if the Windows version is NT based. Use a macro check_winnt()
which uses GetVersion() on older SDK versions and true otherwise.
(cherry picked from commit a4cc3c8041104896d51ae12ef7b678c31808ce52)
If you use "-newkey rsa" it's supposed to read the default number of bits from the
config file. However the value isn't used to generate the key, but it does
print it's generating such a key. The set_keygen_ctx() doesn't call
EVP_PKEY_CTX_set_rsa_keygen_bits() and you end up with the default set in
pkey_rsa_init() (1024). Afterwards the number of bits gets read from the config
file, but nothing is done with that anymore.
We now read the config first and use the value from the config file when no size
is given.
PR: 2592
(cherry picked from commit 3343220327664680420d4068e1fbe46d2236f1b0)
Use default instead of ENGINE version of digest. Without this
errors will occur if you use an ENGINE for a private key and
it doesn't implement the digest in question.
(cherry picked from commit 4eedf86a163284478140c46edb7b462d33898c93)
different options:
"64" The build system will choose /POINTER_SIZE=64=ARGV if
the compiler supports it, otherwise /POINTER_SIZE=64.
"64=" The build system will force /POINTER_SIZE=64.
"64=ARGV" The build system will force /POINTER_SIZE=64=ARGV.
with turning trapping back on.
* test/maketests.com: Do the same check for /POINTER_SIZE=64=ARGV
here.
* test/clean-test.com: A new script for cleaning up.
directly in main(). 'if needed' also includes when argv is a 32 bit
pointer in an otherwise 64 bit environment.
* apps/makeapps.com: When using /POINTER_SIZE=64, try to use the additional
=ARGV, but only if it's supported. Fortunately, DCL is very helpful
telling us in this case.
Submitted by: Damien Miller <djm@mindrot.org>
Reviewed by: steve
Stop pkeyutl crashing if some arguments are missing. Also make str2fmt
tolerate NULL parameter.
