generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
3,177 Commits 16 Branches 258 Tags 86 MiB
b0c8638650
Commit Graph

519 Commits

Author SHA1 Message Date
Dr. Stephen Henson
a6b7ffddac New options to 'ca' utility to support CRL entry extensions. 
Add revelant new X509V3 extensions.

Add OIDs.

Fix ASN1 memory leak code to pop info if external allocation used.
 2001-02-16 01:35:44 +00:00
Lutz Jänicke
52b621db88 Add "-rand" option to s_client and s_server. 2001-02-15 10:22:07 +00:00
Dr. Stephen Henson
f2e5ca84d4 Option to disable standard block padding with EVP API. 
Add -nopad option to enc command.

Update docs.
 2001-02-14 02:11:52 +00:00
Dr. Stephen Henson
cdc7b8cc60 Initial OCSP SSL support. 2001-02-14 01:12:41 +00:00
Dr. Stephen Henson
67c1801924 New function OCSP_parse_url() and -url option for ocsp utility. 
Doesn't handle SSL URLs yet.
 2001-02-13 00:37:44 +00:00
Dr. Stephen Henson
46a58ab946 Modify OCSP nonce behaviour. 2001-02-12 23:28:45 +00:00
Bodo Möller
620cea37e0 disable stdin buffering in load_cert 2001-02-10 13:12:35 +00:00
Bodo Möller
c15e036398 use case-insensitive comparison in set_table_opts 
(similar to how arguments such as -inform/-outform specifications
are treated)
 2001-02-10 11:21:29 +00:00
Dr. Stephen Henson
ccb08f98ae Fix CRL printing to correctly show when there are no revoked certificates. 
Make ca.c correctly initialize the revocation date.

Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string() set the
string type: so they can initialize ASN1_TIME structures properly.
 2001-02-10 00:56:45 +00:00
Lutz Jänicke
836f996010 New Option SSL_OP_CIPHER_SERVER_PREFERENCE allows TLS/SSLv3 server to override 
the clients choice; in SSLv2 the client uses the server's preferences.
 2001-02-09 19:56:31 +00:00
Lutz Jänicke
1613c4d3bf Typo 2001-02-09 19:05:49 +00:00
Dr. Stephen Henson
c063f2c5ec Various Win32 related fixed. Make no-krb5 work in mkdef.pl . 
Fix warning in apps/engine.c

Remove definitions of deleted functions.

Add missing definition of X509_VAL.
 2001-02-09 18:16:12 +00:00
Dr. Stephen Henson
b3f2e399d2 Add missing \n's to ocsp usage message. 2001-02-09 03:09:05 +00:00
Dr. Stephen Henson
8c950429a9 Allow various options to be included for signing and verify of 
OCSP responses.

Documentation to follow...

Urgh.. this conflicted with the -VAfile patch I hope I haven't
broken it.
 2001-02-08 19:36:10 +00:00
Richard Levitte
9235adbf47 Add the -VAfile option to 'openssl ocsp'. This option will give the 
client code certificates to use to only check response signatures.
I'm not entirely sure if the way I just implemented the verification
is the right way to do it, and would be happy if someone would like to
review this.
 2001-02-08 17:59:29 +00:00
Lutz Jänicke
73fc98a7bf Fix typo preventing correct usage of -out option. 2001-02-07 14:15:41 +00:00
Ben Laurie
259810e05b Rijdael CBC mode and partial undebugged SSL support. 2001-02-06 14:09:13 +00:00
Bodo Möller
69a03c1799 don't dump core 2001-02-06 09:47:47 +00:00
Ulf Möller
4327aae816 format strings 2001-02-06 02:57:35 +00:00
Ben Laurie
4978361212 Make depend. 2001-02-04 21:06:55 +00:00
Lutz Jänicke
08f3f07212 If the source has already been succesfully queried, do not try to open it 
again as file.
 2001-02-03 10:59:13 +00:00
Dr. Stephen Henson
88ce56f8c1 Various function for commmon operations. 2001-02-02 00:45:54 +00:00
Bodo Möller
a25b265d27 Use OpenSSL_add_all_algorithms instead of the backwards compatibility 
alias SSLeay_add_all_algorithms
 2001-01-23 13:36:57 +00:00
Dr. Stephen Henson
8e8972bb68 Fixes to various ASN1_INTEGER routines for negative case. 
Enhance s2i_ASN1_INTEGER().
 2001-01-19 14:21:48 +00:00
Bodo Möller
57108f0ad5 Fix openssl passwd -1 2001-01-19 07:37:56 +00:00
Dr. Stephen Henson
73758d435b Additional functionality in ocsp utility: print summary 
of status info. Check nonce values. Option to disable
verify. Update usage message.

Rename status to string functions and make them global.
 2001-01-19 01:32:23 +00:00
Dr. Stephen Henson
90f63e8f83 Don't shadow. 2001-01-18 01:36:54 +00:00
Dr. Stephen Henson
e8af92fcb1 Implement remaining OCSP verify checks in 
accordance with RFC2560.
 2001-01-18 01:35:39 +00:00
Richard Levitte
b3466895e6 Keep up with Unix 2001-01-17 01:35:35 +00:00
Dr. Stephen Henson
81f169e95c Initial OCSP certificate verify. Not complete, 
it just supports a "trusted OCSP global root CA".
 2001-01-17 01:31:34 +00:00
Bodo Möller
dfebac32c0 New '-extfile' option for 'openssl ca'. 
This allows keeping extensions in a separate configuration file.

Submitted by: Massimiliano Pala <madwolf@comune.modena.it>
 2001-01-15 11:35:24 +00:00
Dr. Stephen Henson
8e5b6314ef Fix warning in apps/ca.c 2001-01-14 13:58:49 +00:00
Dr. Stephen Henson
b4b1bdd5d3 Preliminary ocsp utility documentation. 
Fix ocsp usage message.
 2001-01-14 00:52:19 +00:00
Dr. Stephen Henson
5782ceb298 New OCSP utility. This can generate, parse and print 
OCSP requests. It can also query reponders and parse or
print out responses.

Still needs some more work: OCSP response checks and
of course documentation.
 2001-01-13 01:48:38 +00:00
Bodo Möller
c67cdb50d2 New 'openssl ca -status <serial>' and 'openssl ca -updatedb' 
commands.

Submitted by: Massimiliano Pala <madwolf@comune.modena.it>
 2001-01-12 14:50:44 +00:00
Bodo Möller
d199858e89 New -newreq-nodes option to CA.pl. 
Submitted by: Damien Miller <djm@mindrot.org>
 2001-01-11 13:23:19 +00:00
Bodo Möller
72e2d9138c It's silly to use a different default for PERL than in the top 
Makefile.  (The default is never actually used though because
the top Makefile passes its value of PERL down to sub-Makefiles.)
 2001-01-10 16:46:00 +00:00
Bodo Möller
673b3fde82 Add SSLEAY_DIR argument code for SSLeay_version. 
Add '-d' option for 'openssl version' (included in '-a').
 2001-01-10 15:15:36 +00:00
Bodo Möller
a87e50a945 'char' argument to islower must be converted to 'unsigned char' 2001-01-10 14:58:22 +00:00
Bodo Möller
c06648f7f0 Fix C code generate by 'openssl dsaparam -C'. 2001-01-10 14:26:32 +00:00
Ulf Möller
b2293b1e9b rsa_num is not used with NO_RSA 2001-01-09 21:39:16 +00:00
Dr. Stephen Henson
ecbe07817a Rewrite PKCS#12 code and remove some of the old 
horrible macros.

Fix two evil ASN1 bugs. Attempt to use 'ctx' when
NULL if input is indefinite length constructed
in asn1_check_tlen() and invalid pointer to ASN1_TYPE
when reusing existing structure (this took *ages* to
find because the new PKCS#12 code triggered it).
 2000-12-31 01:13:04 +00:00
Richard Levitte
701adceb12 "make update" plus a rewrite of both .num files. 2000-12-29 00:19:12 +00:00
Bodo Möller
2c0d10123e If CONF_get_string returns NULL and we want to tolerate this 
(e.g., use a default), we have to call ERR_clear_error().
 2000-12-15 16:59:49 +00:00
Bodo Möller
3ac82faae5 Locking issues. 2000-12-15 16:40:35 +00:00
Richard Levitte
8d28d5f81b Constification of the data of a hash table. This means the callback 
functions need to be constified, and therefore meant a number of easy
changes a little everywhere.

Now, if someone could explain to me why OBJ_dup() cheats...
 2000-12-13 17:15:03 +00:00
Richard Levitte
df2c442a6d Make TYPE_RSA the default type instead of just setting it when -new is 
given.  That also allows the arguments to come in any order (-new
last, for example).
 2000-12-09 11:11:35 +00:00
Geoff Thorpe
d0fa136ce2 Next step in tidying up the LHASH code. 
DECLARE/IMPLEMENT macros now exist to create type (and prototype) safe
wrapper functions that avoid the use of function pointer casting yet retain
type-safety for type-specific callbacks. However, most of the usage within
OpenSSL itself doesn't really require the extra function because the hash
and compare callbacks are internal functions declared only for use by the
hash table. So this change catches all those cases and reimplements the
functions using the base-level LHASH prototypes and does per-variable
casting inside those functions to convert to the appropriate item type.

The exception so far is in ssl_lib.c where the hash and compare callbacks
are not static - they're exposed in ssl.h so their prototypes should not be
changed. In this last case, the IMPLEMENT_LHASH_*** macros have been left
intact.
 2000-12-08 20:02:01 +00:00
Dr. Stephen Henson
9d6b1ce644 Merge from the ASN1 branch of new ASN1 code 
to main trunk.

Lets see if the makes it to openssl-cvs :-)
 2000-12-08 19:09:35 +00:00
Ben Laurie
b0dc680f71 Fix warnings. 2000-12-03 10:04:22 +00:00