wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7094 commits 20 branches 302 tags 153 MiB
Commit graph

1104 commits

Author SHA1 Message Date
Richard Levitte
051bb5c457 Incorporate the following changes from 0.9.8-dev: 
2003-04-04 17:10  levitte

	* apps/: apps.c (1.72), apps.h (1.56), ca.c (1.135), x509.c (1.82):
	  Convert save_serial() to work like save_index(), and add a
	  rotate_serial() that works like rotate_index().

2003-04-03 20:07  levitte

	* apps/: apps.c (1.69), ca.c (1.130): Conditionalise all debug
	  strings.

2003-04-03 18:33  levitte

	* apps/apps.c (1.68), apps/apps.h (1.55), apps/ca.c (1.129),
	  apps/ocsp.c (1.31), apps/openssl.cnf (1.24), apps/x509.c (1.80),
	  CHANGES (1.1139): Make it possible to have multiple active
	  certificates with the same subject.
 2004-03-08 02:53:46 +00:00
Dr. Stephen Henson
01fc051e8a Various X509 fixes. Disable broken certificate workarounds 
when X509_V_FLAG_X509_STRICT is set. Check for CRLSign in
CRL issuer certificates. Reject CRLs with unhandled (any)
critical extensions.
 2004-03-05 17:16:06 +00:00
Dr. Stephen Henson
33ad6eca7a Use an OCTET STRING for the encoding of an OCSP nonce value. 
The old raw format can't be handled by some implementations
and updates to RFC2560 will make the OCTET STRING mandatory.
 2004-02-19 18:17:35 +00:00
Dr. Stephen Henson
31edde3edc Add flag to avoid continuous 
memory allocate when calling EVP_MD_CTX_copy_ex().

Without this HMAC is several times slower than
< 0.9.7.
 2004-02-01 13:37:56 +00:00
Dr. Stephen Henson
c22e6753ef Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex(). 2003-11-10 01:25:11 +00:00
Dr. Stephen Henson
80986c9ced Retrieve correct content to sign when the 
type is "other".
 2003-10-10 23:24:10 +00:00
Dr. Stephen Henson
0c6fa13fee In order to get the expected self signed error when 
calling X509_verify_cert() in x509.c the cert should
not be added to the trusted store.
 2003-09-30 13:10:48 +00:00
Dr. Stephen Henson
68f0bcfbc3 Changes for release 2003-09-30 12:08:23 +00:00
Dr. Stephen Henson
662ede2370 Fix for ASN1 parsing bugs. 2003-09-30 12:05:44 +00:00
Bodo Möller
2689b8f326 certain changes have to be listed twice in this file because OpenSSL 
0.9.6h forked into 0.9.6i and 0.9.7 ...
 2003-09-04 12:52:10 +00:00
Dr. Stephen Henson
bd69ac5c93 New -ignore_err option in ocsp application to stop the server 
exiting on the first error in a request.
 2003-09-03 23:54:00 +00:00
Dr. Stephen Henson
33ed371ec9 Only accept a client certificate if the server requests 
one, as required by SSL/TLS specs.
 2003-09-03 23:42:17 +00:00
Bodo Möller
5cc2658cff tolerate extra data at end of client hello for SSL 3.0 
PR: 659
 2003-07-21 15:17:49 +00:00
Bodo Möller
2f4335ec2b fix: 0.9.7 is based on 0.9.6h, not on 0.9.6k 
typo in 0.9.6k section
 2003-07-21 15:08:03 +00:00
Richard Levitte
e2491c45ab Document the last change. 
PR: 587
 2003-06-19 19:04:20 +00:00
Richard Levitte
398cd7276f Prepare for changes in the 0.9.6 branch 2003-06-19 19:01:11 +00:00
Richard Levitte
873ddf7c0c Prepare for changes in the 0.9.6 branch 2003-06-19 18:59:30 +00:00
Richard Levitte
f63f51dc22 Document the AES_cbc_encrypt() change 2003-06-10 04:42:42 +00:00
Dr. Stephen Henson
16c9148220 Move the base64 BIO fixes to 0.9.7-stable 2003-06-03 00:11:37 +00:00
Dr. Stephen Henson
3410aa1aa8 Various S/MIME bug and compatibility fixes. 2003-06-01 20:45:44 +00:00
Bodo Möller
4e7566579e include 'Changes between 0.9.6i and 0.9.6j' 2003-04-11 15:01:42 +00:00
Richard Levitte
fba1cfa06d The release is tagged, time to work on 0.9.7c. 2003-04-10 20:40:19 +00:00
Richard Levitte
5964e95c0a Time to release 0.9.7b. 
The tag will be OpenSSL_0_9_7b.
 2003-04-10 20:22:15 +00:00
Bodo Möller
46b695d850 make RSA blinding thread-safe 2003-04-02 09:50:55 +00:00
Bodo Möller
409a5de586 countermeasure against new Klima-Pokorny-Rosa atack 2003-03-19 19:19:58 +00:00
Bodo Möller
84b1e84af1 make sure RSA blinding works when the PRNG is not properly seeded; 
enable it automatically only for the built-in engine
 2003-03-19 18:58:55 +00:00
Ben Laurie
96c15b8aad Turn on RSA blinding by default. 2003-03-18 12:12:10 +00:00
Geoff Thorpe
86a925b27e Fix a bone-head bug. This warrants a CHANGES entry because it could affect 
applications if they were passing a bogus 'flags' parameter yet having
things work as they wanted anyway.
 2003-03-13 20:23:19 +00:00
Ulf Möller
5600a9cba1 Add instructions for building the MinGW target in Cygwin, and 
rearrange some of the other text for better readability.
 2003-02-22 23:00:25 +00:00
Richard Levitte
dab0aaa612 Let's move on to development of 0.9.7b. 2003-02-19 12:55:39 +00:00
Richard Levitte
352df99302 Security fix: Vaudenay timing attack on CBC. 
An advisory will be posted to the web.  Expect a release within the hour.
 2003-02-19 12:04:16 +00:00
Richard Levitte
cc811b1d7e Make the no-err option work properly 2003-02-18 12:15:13 +00:00
Richard Levitte
142398d3a7 Add support for IA64. 
PR: 454
 2003-02-14 13:30:43 +00:00
Richard Levitte
e4b95737f0 Adjust DES_cbc_cksum() so the returned value is the same as MIT's 
mit_des_cbc_cksum().  The difference was first observed, then verified by
looking at the MIT source.
 2003-02-12 17:20:50 +00:00
Dr. Stephen Henson
c13eba970c Option to disable auto SSL chain building. 2003-02-12 17:05:17 +00:00
Richard Levitte
6d85cd36e2 Add the possibility to build without the ENGINE framework. 
PR: 287
 2003-01-30 17:37:49 +00:00
Bodo Möller
30e3c99d9f consistency 2003-01-24 22:27:00 +00:00
Dr. Stephen Henson
624feae8af Check return value of gmtime() and add error codes 
where it fails in ASN1_TIME_set().

Clear error queue in req.c if *_min or *_max is absent.
 2003-01-24 00:42:50 +00:00
Lutz Jänicke
0748cdc7f1 Fix initialization sequence to prevent freeing of unitialized objects. 
Submitted by: Nils Larsch <nla@trustcenter.de>

PR: 459
 2003-01-15 14:56:47 +00:00
Lutz Jänicke
b2c71c489d Really fix SSLv2 session ID handling 
PR: 377
 2003-01-15 09:48:29 +00:00
Andy Polyakov
e5658b9331 Note IA-32 assembler support enhancements in CHANGES. 2003-01-13 16:39:41 +00:00
Richard Levitte
959ba907df Add better support for FreeBSD on non-x86 machines. 
Add specific support for FreeBSD on sparc64.
PR: 427
 2003-01-12 04:43:52 +00:00
Richard Levitte
fa47b4d8b8 When preparing a separate build tree, don't make softlinks to softlinks. 
Add instructions in INSTALL, for easy access.
PR: 437
 2003-01-10 10:56:21 +00:00
Richard Levitte
4a2e36b19e It's rather silly to believe we'd release 0.9.7a in 2002 :-). 2002-12-31 00:59:36 +00:00
Richard Levitte
1c2018f37f Tagging is done, move on to development of 0.9.7a. 2002-12-31 00:02:34 +00:00
Richard Levitte
04572965ea Time for release of OpenSSL 0.9.7. 
The tag will be OpenSSL_0_9_7.
 2002-12-30 23:54:11 +00:00
Lutz Jänicke
ef9d3a10c3 Fix wrong handling of session ID in SSLv2 client code. 
PR: 377
 2002-12-29 20:58:55 +00:00
Richard Levitte
e286dfe6ed We stupidly had a separate LIBKRB5 variable for KRB5 library dependencies, 
and then didn't support it very well.  And that when there already is a
useful variable for exactly this kind of thing; EX_LIBS...
 2002-12-19 22:10:20 +00:00
Richard Levitte
04c71cd725 OK, there's at least one application author who has provided dynamic locking 
callbacks
 2002-12-13 07:30:59 +00:00
Richard Levitte
5c72869563 Add a static lock called HWCRHK, for the case of having an application 
that wants to use the hw_ncipher engine without having given any
callbacks for the dynamic type of locks.
 2002-12-12 17:41:36 +00:00