wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11313 commits 20 branches 302 tags 153 MiB
Commit graph

165 commits

Author SHA1 Message Date
Richard Levitte
08327bfb26 Allow proxy certs to be present when verifying a chain 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 6ad8c48291)
 2016-06-30 01:01:38 +02:00
Alessandro Ghedini
200c8ed4f5 Remove useless code 
RT#4081

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 070c23325a)
 2015-10-23 20:47:53 +02:00
Dr. Stephen Henson
8b5ac90e5e Use default field separator. 
If the field separator isn't specified through -nameopt then use
XN_FLAG_SEP_CPLUS_SPC instead of printing nothing and returing an error.

PR#2397

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 03706afa30)
 2015-09-11 20:52:58 +01:00
Matt Caswell
c6a39046f5 Add -no_alt_chains option to apps to implement the new X509_V_FLAG_NO_ALT_CHAINS flag. Using this option means that when building certificate chains, the first chain found will be the one used. Without this flag, if the first chain found is not trusted then we will keep looking to see if we can build an alternative chain instead. 
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>

Conflicts:
	apps/cms.c
	apps/ocsp.c
	apps/s_client.c
	apps/s_server.c
	apps/smime.c
	apps/verify.c
 2015-05-20 23:14:25 +02:00
Viktor Dukhovni
c70908d247 Code style: space after 'if' 
Reviewed-by: Matt Caswell <gitlab@openssl.org>
 2015-04-16 13:51:51 -04:00
Matt Caswell
9f11421950 Unchecked malloc fixes 
Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error
paths as I spotted them along the way.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 918bb86529)

Conflicts:
	crypto/bio/bss_dgram.c

Conflicts:
	apps/cms.c
	apps/s_cb.c
	apps/s_server.c
	apps/speed.c
	crypto/dh/dh_pmeth.c
	ssl/s3_pkt.c
 2015-03-05 09:22:50 +00:00
Matt Caswell
10621efd32 Run util/openssl-format-source -v -c . 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:38:39 +00:00
Matt Caswell
0f6c965823 Move more comments that confuse indent 
Conflicts:
	crypto/dsa/dsa.h
	demos/engines/ibmca/hw_ibmca.c
	ssl/ssl_locl.h

Conflicts:
	crypto/bn/rsaz_exp.c
	crypto/evp/e_aes_cbc_hmac_sha1.c
	crypto/evp/e_aes_cbc_hmac_sha256.c
	ssl/ssl_locl.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:38:04 +00:00
Tim Hudson
3e9a08ecb1 mark all block comments that need format preserving so that 
indent will not alter them when reformatting comments

(cherry picked from commit 1d97c84351)

Conflicts:
	crypto/bn/bn_lcl.h
	crypto/bn/bn_prime.c
	crypto/engine/eng_all.c
	crypto/rc4/rc4_utl.c
	crypto/sha/sha.h
	ssl/kssl.c
	ssl/t1_lib.c

Conflicts:
	crypto/rc4/rc4_enc.c
	crypto/x509v3/v3_scts.c
	crypto/x509v3/v3nametest.c
	ssl/d1_both.c
	ssl/s3_srvr.c
	ssl/ssl.h
	ssl/ssl_locl.h
	ssl/ssltest.c
	ssl/t1_lib.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:33:23 +00:00
Dr. Stephen Henson
0980992d44 Memory leak and NULL derefernce fixes. 
PR#3403
 2014-06-27 03:21:10 +01:00
Dr. Stephen Henson
f54167d1dc Use correct length when prompting for password. 
Use bufsiz - 1 not BUFSIZ - 1 when prompting for a password in
the openssl utility.

Thanks to Rob Mackinnon, Leviathan Security for reporting this issue.
(cherry picked from commit 7ba08a4d73)
 2014-04-04 13:07:17 +01:00
Dr. Stephen Henson
caf55bfacf Avoid Windows 8 Getversion deprecated errors. 
Windows 8 SDKs complain that GetVersion() is deprecated.

We only use GetVersion like this:

	(GetVersion() < 0x80000000)

which checks if the Windows version is NT based. Use a macro check_winnt()
which uses GetVersion() on older SDK versions and true otherwise.
(cherry picked from commit a4cc3c8041)
 2014-02-25 13:42:25 +00:00
Dr. Stephen Henson
a650314f72 check mval for NULL too 2012-12-04 17:26:13 +00:00
Dr. Stephen Henson
54fdc39a08 fix leak 2012-12-03 16:33:24 +00:00
Dr. Stephen Henson
c714e43c8d PR: 2717 
Submitted by: Tim Rice <tim@multitalents.net>

Make compilation work on OpenServer 5.0.7
 2012-02-11 23:38:49 +00:00
Dr. Stephen Henson
26c6857a59 PR: 2710 
Submitted by: Tomas Mraz <tmraz@redhat.com>

Check return codes for load_certs_crls.
 2012-02-10 19:54:46 +00:00
Dr. Stephen Henson
f2e590942e implement -attime option as a verify parameter then it works with all relevant applications 2011-12-10 00:37:42 +00:00
Ben Laurie
68b33cc5c7 Add Next Protocol Negotiation. 2011-11-13 21:55:42 +00:00
Richard Levitte
01d2e27a2b Apply all the changes submitted by Steven M. Schweda <sms@antinode.info> 2011-03-19 09:47:47 +00:00
Dr. Stephen Henson
84fbc56fd0 PR: 2366 
Submitted by: Damien Miller <djm@mindrot.org>
Reviewed by: steve

Stop pkeyutl crashing if some arguments are missing. Also make str2fmt
tolerate NULL parameter.
 2010-11-11 14:42:34 +00:00
Dr. Stephen Henson
e97359435e Fix warnings (From HEAD, original patch by Ben). 2010-06-15 17:25:15 +00:00
Dr. Stephen Henson
6938440d68 PR: 2262 
Submitted By: Victor Wagner <vitus@cryptocom.ru>

Fix error reporting in load_key function.
 2010-05-27 14:09:13 +00:00
Dr. Stephen Henson
5b0a79a27a PR: 2220 
Fixes to make OpenSSL compile with no-rc4
 2010-04-06 11:18:32 +00:00
Dr. Stephen Henson
961092281f Add option to allow in-band CRL loading in verify utility. Add function 
load_crls and tidy up load_certs. Remove useless purpose variable from
verify utility: now done with args_verify.
 2009-10-31 13:34:19 +00:00
Dr. Stephen Henson
4386445c18 Change STRING to OPENSSL_STRING etc as common words such 
as "STRING" cause conflicts with other headers/libraries.
 2009-07-27 21:08:53 +00:00
Dr. Stephen Henson
fa07f00aaf Update from HEAD. 2009-06-29 16:09:58 +00:00
Dr. Stephen Henson
710c1c34d1 Allow checking of self-signed certifictes if a flag is set. 2009-06-26 11:28:52 +00:00
Dr. Stephen Henson
43dc001b62 Update from HEAD. 2009-06-17 11:33:17 +00:00
Dr. Stephen Henson
756d2074b8 PR: 1924 
Submitted by: "Green, Paul" <Paul.Green@stratus.com>
Approved by: steve@openssl.org

Fix _POSIX_C_SOURCE usage.
 2009-05-13 11:32:24 +00:00
Dr. Stephen Henson
7134507de0 Make no-rsa, no-dsa and no-dh compile again. 2009-04-23 17:16:40 +00:00
Dr. Stephen Henson
6abbc68188 PR: 1870 
Submitted by: kilroy <kilroy@mail.zutom.sk>
Approved by: steve@openssl.org

Handle pkcs12 format correctly by not assuming PEM format straight away.
 2009-04-03 17:06:35 +00:00
Dr. Stephen Henson
617298dca3 Update from stable branch. 2009-03-12 17:10:26 +00:00
Dr. Stephen Henson
79bd20fd17 Update from stable-branch. 2008-11-24 17:27:08 +00:00
Ben Laurie
f3b7bdadbc Integrate J-PAKE and TLS-PSK. Increase PSK buffer size. Fix memory leaks. 2008-11-16 12:47:12 +00:00
Dr. Stephen Henson
ed551cddf7 Update from stable branch. 2008-11-12 17:28:18 +00:00
Dr. Stephen Henson
c76fd290be Fix warnings about mismatched prototypes, undefined size_t and value computed 
not used.
 2008-11-02 12:50:48 +00:00
Dr. Stephen Henson
e9eda23ae6 Fix warnings and various issues. 
C++ style comments.
Signed/unsigned warning in apps.c
Missing targets in jpake/Makefile
 2008-10-27 12:02:52 +00:00
Ben Laurie
6caa4edd3e Add JPAKE. 2008-10-26 18:40:52 +00:00
Dr. Stephen Henson
d43c4497ce Initial support for delta CRLs. If "use deltas" flag is set attempt to find 
a delta CRL in addition to a full CRL. Check and search delta in addition to
the base.
 2008-09-01 15:15:16 +00:00
Dr. Stephen Henson
9d84d4ed5e Initial support for CRL path validation. This supports distinct certificate 
and CRL signing keys.
 2008-08-13 16:00:11 +00:00
Dr. Stephen Henson
002e66c0e8 Support for policy mappings extension. 
Delete X509_POLICY_REF code.

Fix handling of invalid policy extensions to return the correct error.

Add command line option to inhibit policy mappings.
 2008-08-12 10:32:56 +00:00
Dr. Stephen Henson
5cbd203302 Initial support for alternative CRL issuing certificates. 
Allow inibit any policy flag to be set in apps.
 2008-07-30 15:49:12 +00:00
Dr. Stephen Henson
dd043cd501 Stop const mismatch warning in VC++. 2008-05-31 18:55:23 +00:00
Ben Laurie
3c1d6bbc92 LHASH revamp. make depend. 2008-05-26 11:24:29 +00:00
Lutz Jänicke
44a877aa88 Fix incorrect return value in apps/apps.c:parse_yesno() 
PR: 1607
Submitted by: "Christophe Macé" <mace.christophe@gmail.com>
 2008-04-17 14:15:27 +00:00
Geoff Thorpe
7e8481afd1 Fix a nasty cast issue that my compiler was choking on. 2008-03-16 20:57:12 +00:00
Dr. Stephen Henson
52108cecc0 <strings.h> does not exist under WIN32. 2008-01-14 18:10:55 +00:00
Ben Laurie
f12797a447 Missing headers. 2008-01-12 11:22:31 +00:00
Dr. Stephen Henson
eef0c1f34c Netware support. 
Submitted by: Guenter Knauf <eflash@gmx.net>
 2008-01-03 22:43:04 +00:00
Ben Laurie
e28eddc51f Typo? Why did this work, anyway? 2007-09-08 15:58:51 +00:00