Dr. Stephen Henson
bb7cd4e3eb
Remainder of SSL purpose and trust code: trust and purpose setting in
...
SSL_CTX and SSL, functions to set them and defaults if no values set.
1999-11-29 22:35:00 +00:00
Dr. Stephen Henson
13938aceca
Add part of chain verify SSL support code: not complete or doing anything
...
yet.
Add a function X509_STORE_CTX_purpose_inherit() which implements the logic
of "inheriting" purpose and trust from a parent structure and using a default:
this will be used in the SSL code and possibly future S/MIME.
Partial documentation of the 'verify' utility. Still need to document how all
the extension checking works and the various error messages.
1999-11-29 01:09:25 +00:00
Dr. Stephen Henson
51630a3706
Add trust setting support to the verify code. It now checks the
...
trust settings of the root CA.
After a few fixes it seems to work OK.
Still need to add support to SSL and S/MIME code though.
1999-11-27 19:43:10 +00:00
Dr. Stephen Henson
21f775522b
Oops! Commit died on me :-(
1999-11-27 01:18:39 +00:00
Dr. Stephen Henson
9868232ae1
Initial trust code: allow setting of trust checking functions
...
in a table. Doesn't do too much yet.
Make the -<digestname> options in 'x509' affect all relevant
options.
Change the name of the 'notrust' options to 'reject' as this
causes less confusion and is a better description of the
effect.
A few constification changes.
1999-11-27 01:14:04 +00:00
Dr. Stephen Henson
d4cec6a13d
New options to the -verify program which can be used for chain verification.
...
Extend the X509_PURPOSE structure to include shortnames for purposed and default
trust ids.
Still need some extendable trust checking code and integration with the SSL and
S/MIME code.
1999-11-26 00:27:07 +00:00
Dr. Stephen Henson
1126239111
Initial chain verify code: not tested probably not working
...
at present. However nothing enables it yet so this doesn't
matter :-)
1999-11-24 01:31:49 +00:00
Dr. Stephen Henson
52664f5081
Transparent support for PKCS#8 private keys in RSA/DSA.
...
New universal public key format.
Fix CRL+cert load problem in by_file.c
Make verify report errors when loading files or dirs
1999-11-21 22:28:31 +00:00
Ben Laurie
44eca70641
Update dependencies.
1999-11-18 14:32:54 +00:00
Dr. Stephen Henson
f76d8c4747
Modify verify code to handle self signed certificates.
1999-11-17 01:20:29 +00:00
Bodo Möller
b1fe6ca175
Store verify_result with sessions to avoid potential security hole.
1999-11-16 23:15:41 +00:00
Dr. Stephen Henson
e947f39689
New function X509_cmp().
1999-11-16 00:56:03 +00:00
Dr. Stephen Henson
06556a1744
'req' fixes. Reinstate length check one request fields.
...
Fix to stop null being added to attributes.
Modify X509_LOOKUP, X509_INFO to handle auxiliary info.
1999-11-14 23:10:50 +00:00
Dr. Stephen Henson
a0ad17bb6c
Fix to the -revoke option in ca. It was leaking memory, crashing and just
...
plain not working :-(
Also fix some memory leaks in the new X509_NAME code.
Fix so new app_rand code doesn't crash 'x509' and move #include so it compiles
under Win32.
1999-11-08 13:58:08 +00:00
Dr. Stephen Henson
ce1b4fe146
Allow additional information to be attached to a
...
certificate: currently this includes trust settings
and a "friendly name".
1999-11-04 00:45:35 +00:00
Dr. Stephen Henson
74400f7348
Continued multibyte character support.
...
Add a bunch of functions to simplify the creation of X509_NAME structures.
Change the X509_NAME_entry_add stuff in req/ca so it no longer uses
X509_NAME_entry_count(): passing -1 has the same effect.
1999-10-27 00:15:11 +00:00
Bodo Möller
38899535f8
Report an error from X509_STORE_load_locations
...
when X509_LOOKUP_load_file or X509_LOOKUP_add_dir failed.
1999-10-26 01:52:16 +00:00
Dr. Stephen Henson
f769ce3ea4
More multibyte character support.
...
Functions to get keys from EVP_PKEY structures.
1999-10-25 02:00:09 +00:00
Dr. Stephen Henson
08e9c1af6c
Replace the macros in asn1.h with function equivalents. Also make UTF8Strings
...
tolerated in certificates.
1999-10-20 01:50:23 +00:00
Dr. Stephen Henson
673b102c5b
Initial support for certificate purpose checking: this will
...
ultimately lead to certificate chain verification. It is
VERY EXPERIMENTAL at present though.
1999-10-13 01:11:56 +00:00
Dr. Stephen Henson
56a3fec1b1
Add EX_DATA support to X509.
...
Fix a bug in the X509_get_d2i() functions which didn't check if crit was NULL.
1999-10-11 01:30:04 +00:00
Dr. Stephen Henson
3ea23631d4
Add support for public key input and output in rsa and dsa utilities with some
...
new DSA public key functions that were missing.
Also beginning of a cache for X509_EXTENSION structures: this will allow them
to be accessed more quickly for things like certificate chain verification...
1999-10-04 21:17:47 +00:00
Dr. Stephen Henson
393f2c651d
Fix for d2i_ASN1_bytes and stop PKCS#7 routines crashing is signed message
...
contains no certificates.
Also fix typo in RANLIB changes.
1999-10-04 12:08:59 +00:00
Andy Polyakov
17f389bbbf
Initial support for MacOS.
...
This will soon be complemented with MacOS specific source code files and
INSTALL.MacOS.
I (Andy) have decided to get rid of a number of #include <sys/types.h>.
I've verified it's ok (both by examining /usr/include/*.h and compiling)
on a number of Unix platforms. Unfortunately I don't have Windows box
to verify this on. I really appreciate if somebody could try to compile
it and contact me a.s.a.p. in case a problem occurs.
Submitted by: Roy Wood <roy@centricsystems.ca>
Reviewed by: Andy Polyakov <appro@fy.chalmers.se>
1999-09-11 17:54:18 +00:00
Ben Laurie
092ec334f0
Fix warnings.
1999-09-06 11:06:54 +00:00
Dr. Stephen Henson
8ce97163a2
Add new 'spkac' utility and several SPKAC utility functions.
1999-09-03 01:08:34 +00:00
Dr. Stephen Henson
fd52057729
Add functions to allow extensions to be added to certificate requests.
...
Modify obj_dat.pl to take its files from the command line. Usage is now
perl obj_dat.pl objects.h obj_dat.h
this should avoid redirection shell escape problems under Win32.
1999-08-11 13:08:58 +00:00
Dr. Stephen Henson
87c49f622e
Support for parsing of certificate extensions in PKCS#10 requests: these are
...
used by things like Xenroll. Also include documentation for extendedKeyUsage
extension.
1999-08-09 22:38:05 +00:00
Bodo Möller
a9642be663
more consistent formatting
1999-08-08 14:06:29 +00:00
Bodo Möller
74678cc2f8
Additional user data argument to pem_password_cb function type
...
and to lots of PEM_... functions.
Submitted by: Damien Miller <dmiller@ilogic.com.au>
1999-07-21 20:57:16 +00:00
Bodo Möller
16bc9fea4d
slight clean-up
1999-07-21 20:47:51 +00:00
Ulf Möller
5271ebd9a3
More no-xxx option tweaks.
1999-06-30 00:42:56 +00:00
Dr. Stephen Henson
8eb57af5fe
Complete support for PKCS#5 v2.0. Still needs extensive testing.
1999-06-08 00:09:51 +00:00
Dr. Stephen Henson
8e21c14607
More PKCS#5 v2.0 development. Add a function to setup a PKCS#5 v2.0
...
AlgorithmIdentifier and make various ASN1 fixes.
1999-06-06 23:34:44 +00:00
Dr. Stephen Henson
69cbf46811
Rewrite PBE handling read to support PKCS#5 v2.0 and update the function
...
list for Win32.
1999-06-06 13:07:13 +00:00
Dr. Stephen Henson
3cbb7937fa
Add d2i,i2d bio and fp functions for PKCS#8 and add -inform and -outform
...
arguments to pkcs8 application.
1999-06-05 01:45:20 +00:00
Ulf Möller
a53955d8ab
Support the EBCDIC character set and BS2000/OSD-POSIX (work in progress).
...
Submitted by: Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>
1999-06-04 21:35:58 +00:00
Ben Laurie
5c0a48655f
stack
1999-06-02 22:01:56 +00:00
Ben Laurie
6d114240b9
stack.
1999-05-31 21:00:25 +00:00
Ben Laurie
426edadf98
Stack.
1999-05-31 20:35:31 +00:00
Ben Laurie
7e258a56da
Yet another stack.
1999-05-30 22:25:19 +00:00
Ben Laurie
fc875472d0
Another stack.
1999-05-30 21:16:24 +00:00
Ben Laurie
e5e932d212
Another safe stack.
1999-05-30 15:40:21 +00:00
Ben Laurie
ee8ba0b26c
Another safe stack.
1999-05-30 15:25:47 +00:00
Dr. Stephen Henson
4b55c2a3a9
Move the Win32 #undefs of X509_NAME and PKCS7_ISSUER_AND_SERIAL so they will
...
always get included with the relevant files.
1999-05-21 12:14:35 +00:00
Bodo Möller
7e70181723
It was a very bad idea to use #include "../e_os.h" -- when this occurs
...
in cryptlib.h (which is often included as "../cryptlib.h"), then the
question remains relative to which directory this is to be interpreted.
gcc went one further directory up, as intended; but makedepend thinks
differently, and so probably do some C compilers. So the ../ must go away;
thus e_os.h goes back into include/openssl (but I now use
#include "openssl/e_os.h" instead of <openssl/e_os.h> to make the point) --
and we have another huge bunch of dependency changes. Argh.
1999-05-21 11:16:48 +00:00
Dr. Stephen Henson
31a352d191
The last argument in the d2i_XXX_fp and d2i_XXX_bio functions should be
...
of type XXX ** not XXX *
1999-05-21 01:06:23 +00:00
Bodo Möller
17e3dd1c62
Don't install e_os.h in include/openssl, use it only as a local
...
include file.
1999-05-20 21:59:20 +00:00
Bodo Möller
127640b449
Update dependencies.
1999-05-15 13:38:48 +00:00
Ben Laurie
2adca9cdc6
Update dependencies.
1999-05-13 17:33:27 +00:00
Ulf Möller
7d7d2cbcb0
VMS support.
...
Submitted by: Richard Levitte <richard@levitte.org>
1999-05-13 11:37:32 +00:00
Bodo Möller
d797727b20
Comment.
...
Submitted by:
Reviewed by:
PR:
1999-05-11 22:05:39 +00:00
Ralf S. Engelschall
397f703892
Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall -Wshadow
...
-Wpointer-arith -Wcast-align -Wmissing-prototypes -Wmissing-declarations
-Wnested-externs -Winline'' with EGCS 1.1.2+
1999-05-10 08:33:56 +00:00
Dr. Stephen Henson
c8b4185079
Kill evil casts, fix PKCS#7 and add new X509V3 Function.
1999-05-09 16:39:11 +00:00
Bodo Möller
303c002898
Use "const char *" instead of "char *" for filenames passed to functions.
...
Submitted by:
Reviewed by:
PR:
1999-05-09 10:12:10 +00:00
Dr. Stephen Henson
a5ab0532ca
Various Win32 fixes. Win95 doesn't support MoveFileEx() (which was used for a
...
Win32 version of rename() ). There isn't a precise rename() equivalent under
Win95: the standard rename() complains if the destination already exists so
replaced with a combination of unlink() and MoveFile().
1999-05-08 22:46:51 +00:00
Ralf S. Engelschall
20b85fdd76
Convert casted X509_INFO stacks to type-safe STACK_OF(X509_INFO).
...
PS: Feel free to move the IMPLEMENT_STACK_OF(X509_INFO) from
crypto/asn1/x_info.c to any other place where you think it fits better.
X509_INFO is a structure slightly spreaded over ASN.1, X509 and PEM code,
so I found no definitive location for IMPLEMENT_STACK_OF(X509_INFO). In
crypto/asn1/x_info.c it's at least now bundled with X509_INFO_new() and
friends.
1999-05-04 08:56:51 +00:00
Ben Laurie
0b3f827cf5
Yet another stack.
1999-05-02 21:36:58 +00:00
Ben Laurie
d35ea5b00b
Another stack.
1999-05-01 18:29:59 +00:00
Ben Laurie
d500de1672
Another stack.
1999-05-01 18:08:44 +00:00
Ben Laurie
65d4927b8d
Another safe stack.
1999-05-01 17:40:57 +00:00
Bodo Möller
7f89714e64
Support verify_depth from the SSL API without need for user-defined
...
callbacks.
Submitted by:
Reviewed by:
PR:
1999-05-01 03:20:40 +00:00
Bodo Möller
c9e4bc2f07
Use correct error macro so that error messages make sense.
...
Submitted by:
Reviewed by:
PR:
1999-05-01 00:11:15 +00:00
Bodo Möller
e5f3045fbf
Support INSTALL_PREFIX for packagers.
...
Submitted by:
Reviewed by:
PR:
1999-04-29 21:52:08 +00:00
Ulf Möller
d575d2924c
Ignore Makefile.save
...
Submitted by: Anonymous
1999-04-29 16:04:54 +00:00
Bodo Möller
1314c344ac
Obey $(PERL) when running util/mklink.pl.
...
Submitted by:
Reviewed by:
PR:
1999-04-29 12:46:59 +00:00
Bodo Möller
6e6acfd4b9
Use util/mklink.pl instead of util/mklink.sh.
...
Submitted by:
Reviewed by:
PR:
1999-04-28 22:33:54 +00:00
Ulf Möller
f5d7a031a3
New Configure option no-<cipher> (rsa, idea, rc5, ...).
1999-04-27 01:14:46 +00:00
Ulf Möller
a9be3af5ad
Remove NOPROTO definitions and error code comments.
1999-04-26 16:43:10 +00:00
Dr. Stephen Henson
a1e464f94a
Fixes so it will compile again under Win32.
1999-04-25 20:57:09 +00:00
Dr. Stephen Henson
c74b3a6037
Various header consistency fixes.
1999-04-25 16:38:52 +00:00
Dr. Stephen Henson
5043fc9fd5
Fix mkerr.pl to find functions returning function pointers (thanks Ulf!)
...
also add a few missing prototypes.
1999-04-25 11:17:44 +00:00
Bodo Möller
0b86eb3ea6
Fix header files so that any one can be included first.
...
Submitted by:
Reviewed by:
PR:
1999-04-24 18:50:40 +00:00
Dr. Stephen Henson
7393480047
Change the command line options of mkerr.pl so -static is now default and
...
a -write option is needed to actually change anything. Second attempt at
getting rid of ERR, ERRC definitions: it might even work this time :-)
1999-04-24 17:28:43 +00:00
Bodo Möller
c76b0f751f
Restore ERRC definitions that are needed to compile the library.
...
Submitted by:
Reviewed by:
PR:
Submitted by:
Reviewed by:
PR:
1999-04-24 15:57:02 +00:00
Dr. Stephen Henson
6e781e8e07
Delete the unnecessary ERR and ERRC lines in makefiles, add some functionality
...
to error code script: it can now find untranslatable function codes (usually
because the function is static and not defined in a header: occasionally because
of a typo...) and unreferenced function and reason codes. To see this try:
perl util/mkerr.pl -recurse -debug
Also fixed some typos in crypto/pkcs12 that this found :-)
Also tidy up some error calls that had to be all on one line: the old error
script couldn't find codes unless the call was all on one line.
1999-04-24 13:28:57 +00:00
Dr. Stephen Henson
6d31193858
Complete rewrite of the error code generation script. It now runs as a single
...
script, translates function codes better and doesn't need the K&R function
prototypes to work (NB. the K&R prototypes can't be wiped just yet: they are
still needed by the DEF generator...). I also ran the script with the -rewrite
option to update all the header and source files.
1999-04-24 00:15:18 +00:00
Bodo Möller
bf57da0717
"make depend"
...
Submitted by:
Reviewed by:
PR:
1999-04-23 22:50:50 +00:00
Bodo Möller
ec577822f9
Change #include filenames from <foo.h> to <openssl.h>.
...
Submitted by:
Reviewed by:
PR:
1999-04-23 22:13:45 +00:00
Ben Laurie
61f5b6f338
Work with -pedantic!
1999-04-23 15:01:15 +00:00
Ben Laurie
6cda1005f8
Reverse unexplained change.
1999-04-22 14:17:12 +00:00
Ulf Möller
95dc05bc6d
Fix lots of warnings.
...
Submitted by: Richard Levitte <levitte@stacken.kth.se>
1999-04-20 22:50:42 +00:00
Dr. Stephen Henson
f5fedc0497
Various fixes so Win32 compile may work. Convert GeneralNames to use safe stack.
1999-04-20 01:10:33 +00:00
Ulf Möller
6b691a5c85
Change functions to ANSI C.
1999-04-19 21:31:43 +00:00
Bodo Möller
6c5d4168ff
Removed extra semicolons.
...
Submitted by:
Reviewed by:
PR:
1999-04-19 13:37:35 +00:00
Ben Laurie
e778802f53
Massive constification.
1999-04-17 21:25:43 +00:00
Ben Laurie
cfdcfede9c
Another STACK bites the dust.
1999-04-17 10:28:46 +00:00
Dr. Stephen Henson
0490a86d01
Delete all the old X509V3 pack and unpack stuff and various structures and
...
files associated with them. This stuff is all obsoleted by the new X509V3 code.
1999-04-13 23:56:39 +00:00
Ben Laurie
f73e07cf42
Add type-safe STACKs and SETs.
1999-04-12 17:23:57 +00:00
Ralf S. Engelschall
268c2102e3
Make sure a corresponding plain text error message exists for the
...
X509_V_ERR_CERT_REVOKED/23 error number which can occur when a
verify callback function determined that a certificate was revoked.
1999-04-12 09:59:05 +00:00
Ben Laurie
c0035435a9
Rid the world of yet more evil casts.
1999-04-10 12:09:17 +00:00
Bodo Möller
adbfb08354
Tiny comment to improve code comprehensibility.
...
Submitted by:
Reviewed by:
PR:
1999-04-09 07:12:17 +00:00
Dr. Stephen Henson
d2e26dccd1
Add PKCS#5 v2.0 ASN1 structures.
1999-04-08 23:55:42 +00:00
Ulf Möller
20232a9ca5
Bug fix for X.509 two-digit year.
...
Pointed out by Alexander Tyshlek <tyshlek@fuib.com> and Peter Gutmann
<pgut001@cs.auckland.ac.nz>
1999-04-06 15:29:54 +00:00
Ulf Möller
99aab1619f
New Makefile variables $(RANLIB) and $(PERL).
1999-04-01 12:34:33 +00:00
Dr. Stephen Henson
ee0508d411
Include pkcs12 program as part of openssl. This completes most of the PKCS#12
...
integration.
1999-03-29 17:50:26 +00:00
Dr. Stephen Henson
8d8c7266d4
Yet more PKCS#12 integration: add lots of files under crypto/pkcs12 and add
...
them to the build environment.
1999-03-28 23:17:34 +00:00
Dr. Stephen Henson
cfcefcbe2a
Further PKCS#12 integration, PBE, PKCS#8 additions.
1999-03-28 17:46:10 +00:00
Ben Laurie
b4cadc6e13
Fix security hole.
1999-03-22 12:22:14 +00:00
Ben Laurie
6242bb9c63
Put the dependencies back.
1999-03-06 14:32:48 +00:00
Ralf S. Engelschall
bb8f3c5879
General source tree makefile cleanups: Made `making xxx in yyy...' display
...
consistent in the source tree and replaced `/bin/rm' by `rm'. Additonally
cleaned up the `make links' target: Remove unnecessary semicolons, subsequent
redundant removes, inline point.sh into mklink.sh to speed processing and no
longer clutter the display with confusing stuff. Instead only the actually
done links are displayed.
1999-03-06 12:32:06 +00:00
Ben Laurie
4004dbb7f6
Generate errors when public/private key check is done.
1999-02-20 11:50:07 +00:00
Dr. Stephen Henson
0ca5f8b15c
Overhaul 'crl' application, add a proper X509_CRL_print function and start
...
to support CRL extensions.
1999-02-19 01:29:29 +00:00
Ralf S. Engelschall
155d7a0e1d
First cut for a very conservative source tree cleanup:
...
1. merge various obsolete readme texts into doc/ssleay.txt
where we collect the old documents and readme texts.
2. remove the first part of files where I'm already sure that we no longer need
them because of three reasons: either they are just temporary files which
were left by Eric or they are preserved original files where I've verified
that the diff is also available in the CVS via "cvs diff -rSSLeay_0_8_1b"
or they were renamed (as it was definitely the case for the crypto/md/
stuff).
We've still a horrible mess under crypto/bn/asm/. There for a lot of files
I'm sure whether we need them or not. So, when someone knows it better, feel
free to cleanup there.
1999-02-10 08:26:08 +00:00
Ben Laurie
f33fbc2e1e
More pissing about to get pem.h to behave properly.
1999-01-30 14:05:52 +00:00
Ben Laurie
59ff713462
Break circular dependency between pem and err.
1999-01-30 13:40:34 +00:00
Dr. Stephen Henson
92c046cac0
Add ASN1 code for netscape certificate sequences.
1999-01-28 00:16:44 +00:00
Ben Laurie
6f93539970
This time, get it right.
1999-01-19 23:25:22 +00:00
Ben Laurie
8039257dbc
Finally lay dependencies to rest (I hope!).
1999-01-19 21:36:31 +00:00
Dr. Stephen Henson
fdc71eccec
This is the result of a "make errors" with the new error building functionality
...
in place.
1999-01-18 22:19:46 +00:00
Dr. Stephen Henson
6c8abdd744
New err_code.pl script to retain old error codes. This should allow the use
...
of 'make errors' without causing huge re-organisations of files when a new
code is added.
1999-01-18 22:18:38 +00:00
Ben Laurie
2c1ef383ae
Generate an error on an invalid directory.
1999-01-17 14:10:08 +00:00
Ben Laurie
a6801a91cd
Add prototype, fix parameter passing bug.
1999-01-10 20:36:02 +00:00
Ben Laurie
e03ddfae7e
Accept NULL in *_free.
1999-01-07 19:15:59 +00:00
Ben Laurie
e416ad9772
Free the right thing.
1999-01-04 21:43:32 +00:00
Dr. Stephen Henson
10061c7c47
More EVP_PKEY patches for new functionality.
1999-01-03 23:00:45 +00:00
Ralf S. Engelschall
cb0f35d716
Make sure the already existing X509_STORE->depth variable is initialized
...
in X509_STORE_new(), but document the fact that this variable is still
unused in the certificate verification process.
1999-01-03 15:31:11 +00:00
Dr. Stephen Henson
098fc2c0d8
Remove one EVP_PKEY_free() that shouldn't be there.
1999-01-03 02:15:34 +00:00
Dr. Stephen Henson
cfcf645356
Make sure applications free up pkey structures and add netscape extension
...
handling to x509.c
1999-01-03 01:08:33 +00:00
Ralf S. Engelschall
0491b70983
Make GCC happy by removing an unused variable defintion.
1999-01-02 12:10:43 +00:00
Ben Laurie
c77f1b37fd
Fix name delete problem.
1998-12-31 17:08:34 +00:00
Ralf S. Engelschall
9cb0969f65
Fix version stuff:
...
1. The already released version was 0.9.1c and not 0.9.1b
2. The next release should be 0.9.2 and not 0.9.1d, because
first the changes are already too large, second we should avoid any more
0.9.1x confusions and third, the Apache version semantics of
VERSION.REVISION.PATCHLEVEL for the version string is reasonable (and here
.2 is already just a patchlevel and not major change).
tVS: ----------------------------------------------------------------------
1998-12-31 09:36:40 +00:00
Ralf S. Engelschall
320a14cb5b
*** empty log message ***
1998-12-23 12:09:47 +00:00
Ralf S. Engelschall
5f32680329
Switch version string to SSLeay/OpenSSL
1998-12-23 07:53:55 +00:00
Ralf S. Engelschall
651d0aff98
Various cleanups and fixed by Marc and Ralf to start the OpenTLS project
1998-12-22 15:04:48 +00:00
Ralf S. Engelschall
dfeab0689f
Import of old SSLeay release: SSLeay 0.9.1b (unreleased)
1998-12-21 11:00:56 +00:00
Ralf S. Engelschall
58964a4922
Import of old SSLeay release: SSLeay 0.9.0b
1998-12-21 10:56:39 +00:00
Ralf S. Engelschall
d02b48c63a
Import of old SSLeay release: SSLeay 0.8.1b
1998-12-21 10:52:47 +00:00