generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
11,184 Commits 16 Branches 258 Tags
Commit Graph

1530 Commits

Author SHA1 Message Date
Dr. Stephen Henson
60938ae772 add -crl_download option to s_server 2012-12-12 03:35:31 +00:00
Dr. Stephen Henson
4e71d95260 add -cert_chain option to s_client 2012-12-12 00:50:26 +00:00
Ben Laurie
fefc111a2a Make openssl verify return errors. 2012-12-11 16:05:14 +00:00
Dr. Stephen Henson
1e8b9e7e69 add -badsig option to ocsp utility too. 2012-12-09 16:21:46 +00:00
Ben Laurie
30c278aa6b Fix OCSP checking. 2012-12-07 18:47:47 +00:00
Dr. Stephen Henson
0090a686c0 Add code to download CRLs based on CRLDP extension. 
Just a sample, real world applications would have to be cleverer.
 2012-12-06 18:43:40 +00:00
Dr. Stephen Henson
f5a7d5b164 remove print_ssl_cert_checks() from openssl application: it is no longer used 2012-12-06 18:36:51 +00:00
Dr. Stephen Henson
3bf15e2974 Integrate host, email and IP address checks into X509_verify. 
Add new verify options to set checks.

Remove previous -check* commands from s_client and s_server.
 2012-12-05 18:35:20 +00:00
Dr. Stephen Henson
fbeb85ecb9 don't print verbose policy check messages when -quiet is selected even on error 2012-12-04 23:18:44 +00:00
Dr. Stephen Henson
2e8cb108dc initial support for delta CRL generations by diffing two full CRLs 2012-12-04 18:35:36 +00:00
Dr. Stephen Henson
256f9573c5 make -subj always override config file 2012-12-04 18:35:04 +00:00
Dr. Stephen Henson
b6b094fb77 check mval for NULL too 2012-12-04 17:25:34 +00:00
Dr. Stephen Henson
0db46a7dd7 fix leak 2012-12-03 16:32:52 +00:00
Dr. Stephen Henson
2537d46903 oops, really check brief mode only ;-) 2012-12-03 03:40:57 +00:00
Dr. Stephen Henson
5447f836a0 don't check errno is zero, just print out message 2012-12-03 03:39:23 +00:00
Dr. Stephen Henson
66d9f2e521 if no error code and -brief selected print out connection closed instead of read error 2012-12-03 03:33:44 +00:00
Dr. Stephen Henson
139cd16cc5 add -badsig option to corrupt CRL signatures for testing too 2012-12-02 16:48:25 +00:00
Dr. Stephen Henson
fdb78f3d88 New option to add CRLs for s_client and s_server. 2012-12-02 16:16:28 +00:00
Dr. Stephen Henson
95ea531864 add option to get a certificate or CRL from a URL 2012-12-02 14:00:22 +00:00
Dr. Stephen Henson
df316fd43c Add new test option set the version in generated certificates: this 
is needed to test some profiles/protocols which reject certificates
with unsupported versions.
 2012-11-30 19:24:13 +00:00
Dr. Stephen Henson
84bafb7471 Print out point format list for clients too. 2012-11-26 18:39:38 +00:00
Dr. Stephen Henson
55b66f084d set cmdline flag in s_server 2012-11-26 12:51:12 +00:00
Dr. Stephen Henson
96cfba0fb4 option to output corrupted signature in certificates for testing purposes 2012-11-25 22:29:52 +00:00
Dr. Stephen Henson
a5afc0a8f4 Don't display messages about verify depth in s_server if -quiet it set. 
Add support for separate verify and chain stores in s_client.
 2012-11-23 18:56:25 +00:00
Dr. Stephen Henson
20b431e3a9 Add support for printing out and retrieving EC point formats extension. 2012-11-22 15:20:53 +00:00
Dr. Stephen Henson
1740c9fbfc support -quiet with -msg or -trace 2012-11-21 17:11:42 +00:00
Dr. Stephen Henson
191b3f0ba9 only use a default curve if not already set 2012-11-21 16:47:25 +00:00
Dr. Stephen Henson
5c1393bfc3 PR: 2908 
Submitted by: Dmitry Belyavsky <beldmit@gmail.com>

Fix DH double free if parameter generation fails.
 2012-11-21 14:02:40 +00:00
Dr. Stephen Henson
f7ac0ec89d fix printout of expiry days if -enddate is used in ca 2012-11-20 15:22:15 +00:00
Dr. Stephen Henson
22b5d7c80b fix leaks 2012-11-20 00:24:52 +00:00
Dr. Stephen Henson
685755937a with -rev close connection if client sends "CLOSE" 2012-11-19 23:41:24 +00:00
Dr. Stephen Henson
7c8ac50504 update usage messages 2012-11-19 23:20:40 +00:00
Dr. Stephen Henson
98a7edf9f0 make depend 2012-11-19 13:18:09 +00:00
Dr. Stephen Henson
7831969634 don't call gethostbyname if OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL is set 2012-11-19 12:36:04 +00:00
Dr. Stephen Henson
9ba297e49f remove obsolete code 2012-11-19 03:46:49 +00:00
Dr. Stephen Henson
b5cadfb564 add -naccept <n> option to s_server to automatically exit after <n> connections 2012-11-18 15:45:16 +00:00
Dr. Stephen Henson
9fc81acae6 fix error messages 2012-11-17 15:22:50 +00:00
Dr. Stephen Henson
5d2e07f182 Delegate command line handling for many common options in s_client/s_server 
to the SSL_CONF APIs.

This is complicated a little because the SSL_CTX structure is not available
when the command line is processed: so just check syntax of commands initially
and store them, ready to apply later.
 2012-11-17 14:42:22 +00:00
Dr. Stephen Henson
51b9115b6d new command line option -stdname to ciphers utility 2012-11-16 00:35:46 +00:00
Dr. Stephen Henson
95bba34b83 contify 2012-11-05 19:38:32 +00:00
Dr. Stephen Henson
671c9e2dc8 oops, fix compilation errors in s_server 2012-10-11 18:03:42 +00:00
Dr. Stephen Henson
a70da5b3ec New functions to check a hostname email or IP address against a 
certificate. Add options to s_client, s_server and x509 utilities
to print results of checks.
 2012-10-08 15:10:07 +00:00
Andy Polyakov
27e0c86307 md5-sparcv9.pl: more accurate performance result. 2012-09-28 09:25:49 +00:00
Dr. Stephen Henson
4f3df8bea2 Add -rev test option to s_server to just reverse order of characters received 
by client and send back to server. Also prints an abbreviated summary of
the connection parameters.
 2012-09-14 13:27:05 +00:00
Dr. Stephen Henson
2a7cbe77b3 Add -brief option to s_client and s_server to summarise connection details. 
New option -verify_quiet to shut up the verify callback unless there is
an error.
 2012-09-12 23:14:28 +00:00
Dr. Stephen Henson
0a17b8de06 fix memory leak 2012-09-11 13:43:57 +00:00
Dr. Stephen Henson
147d4c96b0 fix memory leak 2012-09-09 21:19:32 +00:00
Dr. Stephen Henson
648f551a4a New -valid option to add a certificate to the ca index.txt that is valid and not revoked 2012-09-09 12:58:49 +00:00
Dr. Stephen Henson
33a8de69dc new ctrl to retrive value of received temporary key in server key exchange message, print out details in s_client 2012-09-08 13:59:51 +00:00
Dr. Stephen Henson
319354eb6c store and print out message digest peer signed with in TLS 1.2 2012-09-07 12:53:42 +00:00