Commit graph

868 commits

Author SHA1 Message Date
Ulf Möller
e0c875081e remember the problem with ftime() 2000-12-02 18:50:31 +00:00
Geoff Thorpe
385d81380c First step in tidying up the LHASH code. The callback prototypes (and
casts) used in the lhash code are about as horrible and evil as they can
be. For starters, the callback prototypes contain empty parameter lists.
Yuck.

This first change defines clearer prototypes - including "typedef"'d
function pointer types to use as "hash" and "compare" callbacks, as well as
the callbacks passed to the lh_doall and lh_doall_arg iteration functions.
Now at least more explicit (and clear) casting is required in all of the
dependant code - and that should be included in this commit.

The next step will be to hunt down and obliterate some of the function
pointer casting being used when it's not necessary - a particularly evil
variant exists in the implementation of lh_doall.
2000-12-01 20:31:52 +00:00
Bodo Möller
b5a25a430a "make depend" 2000-12-01 08:48:42 +00:00
Richard Levitte
f9b3bff6f7 First tentative impementation of Kerberos 5 cryptos and keys for SSL/TLS. Implemented by Vern Staats <staatsvr@asc.hpc.mil>, further hacked and distributed by Jeffrey Altman <jaltnab@columbia.edu> 2000-11-30 22:53:34 +00:00
Bodo Möller
53d286797c avoid segmentation fault 2000-11-29 11:04:31 +00:00
Richard Levitte
d53d271728 Addapt the VMS scripts to the changes in the Makefiles. 2000-11-22 18:17:16 +00:00
Ben Laurie
646d56956b Better handling of EVP names, add EVP to speed. 2000-11-20 04:14:19 +00:00
Bodo Möller
db70a3fd6e Improve usability of 'openssl passwd' by including
password verification where it makes sense.
2000-11-17 09:03:02 +00:00
Ulf Möller
6a8ba34f9d in some new file names the first 8 characters were not unique 2000-11-12 22:32:18 +00:00
Ben Laurie
757e392d4e Make Rijndael work! Those long flights have some good points. 2000-11-12 02:13:38 +00:00
Richard Levitte
ccb9643f02 Remove references to RSAref. The glue library is but a memory to fade
away now...
2000-11-08 17:51:37 +00:00
Richard Levitte
5e4ca4220e The consequence of constification is that to pass the address to a
pointer to a const double pointe parameter, the pointer must point to
const data as well.
2000-11-06 23:16:04 +00:00
Richard Levitte
e7ef1a561a Make all engines available in the openssl application. 2000-11-06 22:03:00 +00:00
Richard Levitte
11c0f1201c Change the engine library so the application writer has to explicitely
load the "external" built-in engines (those that require DSO).  This
makes linking with libdl or other dso libraries non-mandatory.

Change 'openssl engine' accordingly.

Change the engine header files so some declarations (that differed at
that!) aren't duplicated, and make sure engine_int.h includes
engine.h.  That way, there should be no way of missing the needed
info.
2000-11-02 20:33:04 +00:00
Richard Levitte
69e7805f54 'openssl engine' can now list engine capabilities. The current
implementation is contained in the application, and the capability
string building part should really be part of the engine library.
This is therefore an experimental hack, and will be changed in the
near future.
2000-11-02 19:24:48 +00:00
Richard Levitte
e264cfe17a Better error reporting in 'openssl engine' 2000-11-02 18:58:43 +00:00
Richard Levitte
8224b0cbe5 make update 2000-11-02 18:53:25 +00:00
Bodo Möller
15d52ddb55 Never call load_dh_param(NULL) because this leads to an illegal
fopen(NULL).
2000-11-02 10:35:10 +00:00
Richard Levitte
d48f487e2c -t is supported, so display some help about it. 2000-11-01 23:55:45 +00:00
Richard Levitte
14c6d27d63 Add application to enumerate, list and test engines with. 2000-11-01 02:57:35 +00:00
Richard Levitte
92125ffaec Make flag variables int instead of char. This avoids getting into trouble on systems where char is unsigned by default 2000-10-31 11:58:56 +00:00
Richard Levitte
32d862ede4 Add the possibility to use keys handled by engines in more
applications.
2000-10-28 22:40:40 +00:00
Richard Levitte
a44f26d5c9 Small documentation change 2000-10-28 22:21:04 +00:00
Richard Levitte
5660eb489e NetBSD doesn't use ftime(). 2000-10-27 20:28:37 +00:00
Richard Levitte
eb64730b9c The majority of the OCSP code from CertCo. 2000-10-27 11:05:35 +00:00
Richard Levitte
5270e7025e Merge the engine branch into the main trunk. All conflicts resolved.
At the same time, add VMS support for Rijndael.
2000-10-26 21:07:28 +00:00
Bodo Möller
28967cf079 rsautl.c requires RSA. 2000-10-26 12:05:57 +00:00
Bodo Möller
4fb40db932 Don't ever set 'seeded' if RAND_status() returned 0
(although maybe this static variable should be abolished totally,
it was introduced before RAND_status existed).
2000-10-23 07:37:03 +00:00
Richard Levitte
2b59a6ac14 There's no reason why app_RAND_load_file() should return 0 when
RAND_status() hasn't.
Reported by Dale Stimson <dale@accentre.com>.
2000-10-21 22:43:07 +00:00
Dr. Stephen Henson
51754ec835 Update test server certificate in apps/server.pem (it was expired). 2000-10-16 22:56:10 +00:00
Richard Levitte
3ab5651112 The experimental Rijndael code moved to the main trunk.
make update done.
2000-10-14 20:09:54 +00:00
Dr. Stephen Henson
8ca533e378 More code for X509_print_ex() support. 2000-10-06 11:51:47 +00:00
Dr. Stephen Henson
d0c9858914 Global DirectoryString mask fix.
Add support for X509_NAME_print_ex() in req.

Initial code for cutomizable X509 print routines.
2000-10-04 01:16:32 +00:00
Richard Levitte
1cbb729fdc Oops, if the target only had USE_TOD, an error message was issued... 2000-09-21 16:01:08 +00:00
Richard Levitte
c5f8bbbc0b Portability patch for HP MPE/iX. Submitted by Mark Bixby <mark_bixby@hp.com> 2000-09-21 05:42:01 +00:00
Richard Levitte
edb0d64367 AIX doesn't like ftime() either. 2000-09-20 15:10:16 +00:00
Richard Levitte
645749ef98 On VMS, stdout may very well lead to a file that is written to in a
record-oriented fashion.  That means that every write() will write a
separate record, which will be read separately by the programs trying
to read from it.  This can be very confusing.

The solution is to put a BIO filter in the way that will buffer text
until a linefeed is reached, and then write everything a line at a
time, so every record written will be an actual line, not chunks of
lines and not (usually doesn't happen, but I've seen it once) several
lines in one record.  Voila, BIO_f_linebuffer() is born.

Since we're so close to release time, I'm making this VMS-only for
now, just to make sure no code is needlessly broken by this.  After
the release, this BIO method will be enabled on all other platforms as
well.
2000-09-20 13:55:50 +00:00
Richard Levitte
b004872c59 BSDI only supports ftime() through libcompat, which means it's
better not to use it.
2000-09-19 23:14:42 +00:00
Dr. Stephen Henson
688fbf5475 Fix a typo in apps/pkcs12.c which was using the wrong part of
ASN1_TYPE (though they are both ASN1_STRING so it didn't cause
any problems).

Make 'siglen' an int in apps/dgst.c so we can check the return
value of BIO_read() etc.
2000-09-19 17:51:11 +00:00
Richard Levitte
28178bcf24 FreeBSD only supports ftime() through libcompat, which means it's
better not to use it.
2000-09-19 16:13:38 +00:00
Richard Levitte
a3829b8650 ftime() is not supported on SGI.
Reported by Steve Robb <steve@eu.c2.net>
2000-09-18 16:52:05 +00:00
Richard Levitte
62324627aa Use sk_*_new_null() instead of sk_*_new(NULL), since that takes care
of complaints from the compiler about data pointers and function
pointers not being compatible with each other.
2000-09-17 18:21:27 +00:00
Richard Levitte
623eea376a siglen is unsigned, so comparing it to less than 0 is silly, and
generates a compiler warning with Compaq C.
2000-09-17 18:08:38 +00:00
Richard Levitte
1c86d93ca5 'make update' 2000-09-15 22:13:38 +00:00
Richard Levitte
095aadc43f Move up inclusion of conf.h, so non-MONOLITH programs can benefit from
it as well, especially in apps.c.
2000-09-15 19:37:14 +00:00
Richard Levitte
5614bb91f5 rsa_num2 is no longer used, so remove it. 2000-09-14 11:09:03 +00:00
Richard Levitte
03ea28c985 Better error checking for RSA and DSA signature and verification speed
tests.  This was required to not get mysterious errors when they
wouldn't quite want to work.
2000-09-12 08:12:52 +00:00
Richard Levitte
05c2b37176 DSA_verify() and DSA_sign() might return -1... 2000-09-11 22:21:38 +00:00
Richard Levitte
16e91fe8ab OpenBSD doesn't support timeb. 2000-09-11 16:46:35 +00:00
Richard Levitte
ec6a40e278 Last minute update, in time to make it to 0.9.6-beta1 2000-09-11 13:06:48 +00:00
Richard Levitte
97d8e82c4c Marin Kraemer <Martin.Kraemer@MchP.Siemens.De> sent us patches to make
the OpenSSL commands x50 and req work better on a EBCDIC system.
2000-09-10 14:45:19 +00:00
Richard Levitte
0baed24c1b More VMS synchronisation 2000-09-09 18:05:27 +00:00
Richard Levitte
eec79f9bab Synchronise the VMS build with the Unix one. 2000-09-08 20:25:49 +00:00
Dr. Stephen Henson
709e85953d Update verify docs.
New option to verify program to print out diagnostics.
2000-09-08 00:53:58 +00:00
Richard Levitte
62ab514e98 'make update' 2000-09-07 08:46:51 +00:00
Bodo Möller
61f175f4ba Get rid of ASN1_UTCTIME_get, which cannot work with time_t
return type (on platforms where time_t is a 32 bit value).

New function ASN1_UTCTIME_cmp_time_t as a replacement
for use in apps/x509.c.
2000-09-06 15:40:52 +00:00
Bodo Möller
1af407e78f typo 2000-09-06 12:18:24 +00:00
Bodo Möller
2b40660ec1 Add OAEP. Seed the PRNG. 2000-09-06 11:49:43 +00:00
Dr. Stephen Henson
bbb720034a Fix typo in rsautl.
Add support for settable verify time in X509_verify_cert().

Document rsautl utility.
2000-09-05 22:30:38 +00:00
Dr. Stephen Henson
2f043896d1 *BIG* verify code reorganisation.
The old code was painfully primitive and couldn't handle
distinct certificates using the same subject name.

The new code performs several tests on a candidate issuer
certificate based on certificate extensions.

It also adds several callbacks to X509_VERIFY_CTX so its
behaviour can be customised.

Unfortunately some hackery was needed to persuade X509_STORE
to tolerate this. This should go away when X509_STORE is
replaced, sometime...

This must have broken something though :-(
2000-09-05 17:53:58 +00:00
Dr. Stephen Henson
34216c0422 Keep a not of original encoding in certificate requests.
Add new option to PKCS7_sign to exclude S/MIME capabilities.
2000-09-05 13:27:57 +00:00
Bodo Möller
bbb8de0966 Avoid abort() throughout the library, except when preprocessor
symbols for debugging are defined.
2000-09-04 15:34:43 +00:00
Dr. Stephen Henson
bd08a2bd0c Add 'rsautl' low level RSA utility.
Add DER public key routines.

Add -passin argument to 'ca' utility.

Document sign and verify options to dgst.
2000-09-03 23:13:48 +00:00
Dr. Stephen Henson
7df1c720f6 Fix typo in i2d_ASN1_ENUMERATED
Fix bug in read only memory BIOs so BIO_reset() works.

Add sign and verify options to dgst utility, need
to update docs.
2000-08-30 16:14:29 +00:00
Dr. Stephen Henson
d428bf8c56 New option to CA.pl to sign request using CA extensions.
This allows intermediate CAs to be created more easily.

PKCS12_create() now checks private key matches certificate.

Fix typo in x509 app.

Update docs.

New function ASN1_STRING_to_UTF8() converts any ASN1_STRING
type to UTF8.
2000-08-24 23:24:18 +00:00
Dr. Stephen Henson
eaa2818189 Various fixes...
initialize ex_pathlen to -1 so it isn't checked if pathlen
is not present.

set ucert to NULL in apps/pkcs12.c otherwise it gets freed
twice.

remove extraneous '\r' in MIME encoder.

Allow a NULL to be passed to X509_gmtime_adj()


Make PKCS#7 code use definite length encoding rather then
the indefinite stuff it used previously.
2000-08-21 22:02:23 +00:00
Richard Levitte
3009458e2f MD4 implemented. Assar Westerlund provided the digest code itself and the test utility, I added the bits to get a EVP interface, the command line utility and the speed test 2000-08-14 14:05:53 +00:00
Richard Levitte
5ce42a7e68 Memory leaks fix. It now looks like all memory leaks, at least around
building complete chains, are gone.
2000-08-11 22:50:08 +00:00
Richard Levitte
9ee1c838cb Memory leaks fix. There seems to be more in other parts of OpenSSL... 2000-08-11 21:41:08 +00:00
Richard Levitte
88364bc2bc The pkcs12 had no way of getting a CA file or path to be used when
building a complete chain.  Now added through the -CAfile and -CApath
arguments.
2000-08-11 19:43:20 +00:00
Richard Levitte
3132e196bd Unicos doesn't have sys/timeb.h. Fix it by defining the TIMEB macro unless on Unicos. 2000-08-03 21:54:31 +00:00
Bodo Möller
69764d720a Include SKIP DH parameters with OpenSSL.
These have been created by a SHA.1 based procedure, see
http://www.skip-vpn.org/spec/numbers.html.
(These values are taken from that document, I have not
implemented the prime generator.)
2000-08-02 09:04:44 +00:00
Richard Levitte
ee087bb8eb Make it so we can dynamically enable memory allocation debugging through the
environment variable OPENSSL_DEBUG_MEMORY (existence is sufficient).  At the
same time, it makes sure that CRYPTO_malloc_debug_init() gets expanded some-
where and thereby tested for compilation.
2000-08-01 17:15:36 +00:00
Bodo Möller
cc244b371d Update 'openssl passwd' documentation on selection of algorithms. 2000-07-31 12:27:44 +00:00
Dr. Stephen Henson
bd4e152791 Document the new DN printing options.
Change a few names to be more meaningful.

Fix typos in CA.pl docs.
2000-07-30 01:27:59 +00:00
Dr. Stephen Henson
a657546f9c New ASN1_STRING_print_ex() and X509_NAME_print_ex()
functions. These are intended to be replacements
for the ancient ASN1_STRING_print() and X509_NAME_print()
functions.

The new functions support RFC2253 and various pretty
printing options. It is also possible to display
international characters if the terminal properly handles
UTF8 encoding (Linux seems to tolerate this if the
"unicode_start" script is run).

Still needs to be documented, integrated into other
utilities and extensively tested.
2000-07-28 01:58:15 +00:00
Richard Levitte
ca1e465f6d Add the possibility to get hexdumps of unprintable data when using
'openssl asn1parse'.  As a side effect, the functions ASN1_parse_dump
and BIO_dump_indent are added.
2000-07-27 17:28:25 +00:00
Bodo Möller
25063f1d9b Document -purpose option in usage string. 2000-07-15 18:10:35 +00:00
Dr. Stephen Henson
fd13f0ee52 Make req seed the PRNG if signing with
an already existing DSA key.

Document the new smime options.
2000-07-12 23:55:30 +00:00
Dr. Stephen Henson
094fe66d9f Fix some typose in the i2d/d2i functions that
call the i2c/c2i (they were not using the
content length for the headers).

Fix ASN1 long form tag encoding. This never
worked but it was never tested since it is
only used for tags > 30.

New options to smime program to allow the
PKCS#7 format to be specified and the content
supplied externally.
2000-07-10 18:33:05 +00:00
Richard Levitte
c2bbf9cf6c I got sick and tired of having to keep track of NIDs when such a thing
could be done automagically, much like the numbering in libeay.num and
ssleay.num.  The solution works as follows:

  - New object identifiers are inserted in objects.txt, following the
    syntax given in objects.README.
  - objects.pl is used to process obj_mac.num and create a new
    obj_mac.h.
  - obj_dat.pl is used to create a new obj_dat.h, using the data in
    obj_mac.h.

This is currently kind of a hack, and the perl code in objects.pl
isn't very elegant, but it works as I intended.  The simplest way to
check that it worked correctly is to look in obj_dat.h and check the
array nid_objs and make sure the objects haven't moved around (this is
important!).  Additions are OK, as well as consistent name changes.
2000-07-05 02:45:36 +00:00
Ben Laurie
2bfb4dbce4 Use up-to-date functions. 2000-07-01 16:25:20 +00:00
Richard Levitte
4e74239cca Give the user the option to measure real time instead of user CPU time. 2000-06-30 17:16:46 +00:00
Richard Levitte
f365611ca3 Undo the changes I just made. I'm not sure what I was thinking of.
The message to everyone is "Do not hack OpenSSL when stressed"...
2000-06-28 16:47:45 +00:00
Richard Levitte
20d242b0de Make it possible for users of the openssl applications to specify the
EGD should be used as seeding input, and where the named socket is.
2000-06-28 16:10:56 +00:00
Bodo Möller
1f4643a2f4 BSD-style MD5-based password algorithm in 'openssl passwd'.
(Still needs to be tested against the original using sample passwords
of different length.)
2000-06-23 18:00:16 +00:00
Richard Levitte
431b0cce7d Move add_oid_section to apps.c, so it can be shared by several
applications.  Also, have it and the certificate and key loading
functions take a BIO argument for error output.
2000-06-22 22:07:27 +00:00
Richard Levitte
ff4e9d91d9 Change req so the new parameter '-rand file' uses the given file in
addition to the file given through the RANDFILE option or environment
variable.
2000-06-22 21:16:01 +00:00
Richard Levitte
90ae4673a5 Move the certificate and key loading functions to apps.c, so they can
be shared by several applications.
2000-06-22 17:42:50 +00:00
Richard Levitte
2a98f41708 Forgot the self-documentation within req. 2000-06-22 09:59:21 +00:00
Richard Levitte
ac57d15b75 Small change to accept the command line parameter '-rand file'. This
parameter takes precedence over the RANDFILE option in the
configuration file.
2000-06-22 09:13:43 +00:00
Bodo Möller
0f4805f515 Avoid unnecessary links and incomplete program file in apps/. 2000-06-19 17:38:22 +00:00
Dr. Stephen Henson
d3ed8ceb3d Add support for the modified SGC key format used in IIS. 2000-06-15 23:48:05 +00:00
Geoff Thorpe
1c4f90a05d Enable DSO support on alpha (OSF1), cc and gcc.
Also, "make update" has added some missing functions to libeay.num,
updated the TABLE for the alpha changes, and updated thousands of
dependancies that have changed from recent commits.
2000-06-13 12:59:38 +00:00
Dr. Stephen Henson
a91dedca48 Document EVP routines. Change EVP_SealInit() and EVP_OpenInit()
to support multiple calls.

New function to retrieve email address from certificates and
requests.
2000-06-11 12:18:15 +00:00
Bodo Möller
f1d92d941e Accept -F4 option in lower case, which is what the usage information
says one should use.
2000-06-08 22:40:09 +00:00
Bodo Möller
208f3688e0 No need to abort if c_rehash fails here (e.g. because Perl is not where
it is expected).
2000-06-07 21:28:15 +00:00
Bodo Möller
b598ea93e7 use consistent indentation 2000-06-07 19:43:44 +00:00
Richard Levitte
26a3a48d65 There have been a number of complaints from a number of sources that names
like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages.  That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.

This change includes all the name changes needed throughout all C files.
2000-06-01 22:19:21 +00:00
Richard Levitte
a9ef75c50d Small fix to enable reading from stdin as well.
Contributed by Yoichiro Okabe <okabe@wizsoft.co.jp>
2000-06-01 11:23:20 +00:00
Bodo Möller
d9586857d6 Add required cast. 2000-05-19 12:02:49 +00:00
Dr. Stephen Henson
439df5087f Fix c_rehash script, add -fingerprint option to crl. 2000-05-18 00:33:00 +00:00
Ben Laurie
5de603abc8 Typesafety Thought Police part 3. 2000-05-16 21:22:45 +00:00
Ben Laurie
f2716dada0 Typesafety Thought Police Part 2. 2000-05-16 19:53:50 +00:00
Ben Laurie
b4604683fa Typesafety thought police. 2000-05-16 14:38:29 +00:00
Ulf Möller
0e1c06128a Get rid of more non-ANSI declarations. 2000-05-15 22:54:43 +00:00
Ben Laurie
fd73a2121c Allow UTCTIME objects to be retrieved. Check for imminent cert expiry. 2000-05-14 12:39:53 +00:00
Dr. Stephen Henson
a331a305e9 Make PKCS#12 code handle missing passwords.
Add a couple of FAQs.
2000-05-04 00:08:35 +00:00
Bodo Möller
c4d0df0c4f Fix a memory leak, and don't generate inappropriate error message
when PEM_read_bio_X509_REQ fails.
2000-05-02 20:18:48 +00:00
Bodo Möller
7fc840cc85 Stylistic changes: Don't use a macro for the malloc'ed length since it
is not constant.
2000-04-27 09:11:28 +00:00
Bodo Möller
4adcfa052f Warn about truncation also in the case when a single password is read using
the password prompt.
2000-04-27 06:47:23 +00:00
Bodo Möller
e5c84d5152 New function ERR_error_string_n. 2000-04-14 23:36:15 +00:00
Richard Levitte
7a807ad8a7 "make update" 2000-04-09 12:52:40 +00:00
Bodo Möller
1d90f28029 In theory, TLS v1 ciphersuites are not the same as SSL v3 ciphersuites 2000-04-06 22:33:14 +00:00
Bodo Möller
3bc90f2373 Fix typo in -clrext option, but add a compatibility hack because
0.9.5a should not break anything that works in 0.9.5.
2000-03-27 18:10:08 +00:00
Ulf Möller
a1a96e54a4 Sample application using RAND_event() to collect entropy from mouse
movements, keyboard etc. and write it to a seed file.
2000-03-19 22:58:12 +00:00
Bodo Möller
6e22639f46 Eliminate memory leaks in mem_dbg.c. 2000-03-18 15:18:27 +00:00
Richard Levitte
1f515cfe09 e_os.h: don't do double work with status codes.
openssl.c: make damn sure e_os.h knows about OPENSSL_C
2000-03-18 09:09:31 +00:00
Bodo Möller
fb51beb591 Remove CRYPTO_push/pop_info invocations to improve code readability --
I hope all memory leaks that may occur here have already been tracked down.
2000-03-14 21:25:39 +00:00
Bodo Möller
cc497fb04a Avoid a warning. 2000-03-14 16:35:36 +00:00
Richard Levitte
1fff621bd7 Typo corrected 2000-03-14 04:32:24 +00:00
Richard Levitte
8824ec7cd5 Make sure strcmp() gets declared. 2000-03-14 04:09:48 +00:00
Bodo Möller
46c4647e3c "openssl no-..." commands for avoiding the need to grep
"openssl list-standard-commands".
2000-03-13 20:31:46 +00:00
Bodo Möller
863fe2ecac cleaning up a little 2000-03-12 23:27:14 +00:00
Ulf Möller
cee814f9d5 make update 2000-03-12 12:49:45 +00:00
Richard Levitte
ce301b6b0b Add the possibility (with -ign_eof) to ignore end of file on input but
still not be quiet.  Also make it clear that -quiet implicitely means
-ign_eof as well.
2000-03-10 12:18:28 +00:00
Bodo Möller
0dd3989868 Change to code generated by 'dhparam -C':
- Move DH parameter components inside the function.
- Automatically #include the required header file if it
  has not already been #included.
2000-03-10 12:17:37 +00:00
Bodo Möller
a10c512afa another typo 2000-03-10 11:47:58 +00:00
Bodo Möller
9f5d2069a4 typo 2000-03-10 11:43:45 +00:00
Dr. Stephen Henson
e743a5134e Don't Free() password if it was read from config file. 2000-03-09 01:03:44 +00:00
Dr. Stephen Henson
c61252001b Fix typo and make ca get the CA and request fields correct. 2000-03-08 12:44:10 +00:00
Bodo Möller
de83c12253 Add missing include (only MONOLITH builds were possible without it).
Submitted by: Andrew W. Gray
2000-03-05 01:11:44 +00:00
Bodo Möller
cf7fa82897 Read complete seed files given in -rand options. 2000-03-04 17:44:07 +00:00
Bodo Möller
0a150c5c9f Generate correct error reasons strings for SYSerr. 2000-03-04 01:36:53 +00:00
Bodo Möller
37634c8bc9 Add an #include. 2000-03-03 23:27:56 +00:00
Bodo Möller
bb2276abf7 Avoid potential memory leak in code generated by 'openssl dhparam -C'. 2000-03-03 22:24:43 +00:00
Bodo Möller
41918458c0 New '-dsaparam' option for 'openssl dhparam', and related fixes. 2000-03-03 22:18:19 +00:00
Richard Levitte
a8883854a3 Synchronise 2000-03-02 23:32:47 +00:00
Ulf Möller
99a97051d4 pseudo-seed for the PRNG before testing DSA 2000-03-01 17:42:06 +00:00
Bodo Möller
afbd0746cf 'rand'/'-rand' documentation. 2000-03-01 11:45:53 +00:00
Bodo Möller
55f7d65db0 Document the 'rand' application. 2000-03-01 07:57:25 +00:00
Bodo Möller
27b782732f 'rand' application for creating pseudo-random files. 2000-02-29 23:47:01 +00:00
Ulf Möller
c9e1fe33be Fix for non-monolithic build.
Submitted by: Andrew Gray <agray@iconsinc.com>
2000-02-28 20:16:06 +00:00
Richard Levitte
cde28e18bf New logical names to skip algorithms are now supported. 2000-02-27 10:41:31 +00:00
Bodo Möller
6d0d5431d4 More get0 et al. changes. Also provide fgrep targets in CHANGES
where the new functions are mentioned.
2000-02-26 08:36:46 +00:00
Richard Levitte
cb464c38b2 The OpenVMS library is most definitely not built for anything but
files, unless it's all in unixly syntax.  We can't guarantee that
right now, so let's skip the whole test suit.  There are other places
(like the open()) where errors are detected anyway.
2000-02-26 03:53:58 +00:00
Dr. Stephen Henson
c7cb16a8ff Rename functions for new convention. 2000-02-26 01:55:33 +00:00
Richard Levitte
1b8b0a8294 Correct small typo 2000-02-26 00:18:48 +00:00
Richard Levitte
3e0f27f3c9 Changes to synchronise with Unix.
(actually, much more is needed, like a real config script)
2000-02-25 20:37:46 +00:00
Ulf Möller
fea217f96f EGD bugfix.
Submitted by: Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
2000-02-25 14:16:43 +00:00
Ralf S. Engelschall
07fb39c32e Make gcc 2.95.2 happy here, too. 2000-02-24 10:37:58 +00:00
Ulf Möller
4ec2d4d2b3 Support EGD. 2000-02-24 02:51:47 +00:00
Dr. Stephen Henson
4b42658082 Make pkcs8 work again.
Make EVP_CIPHER_type() return NID_undef if the cipher has no
ASN1 OID, modify code to handle this.
2000-02-22 18:45:11 +00:00
Bodo Möller
a2a0158959 Fix some bugs and document others 2000-02-21 17:09:54 +00:00
Ulf Möller
4ec19e203c Fix gcc warnings. 2000-02-20 20:59:21 +00:00
Dr. Stephen Henson
ae1bb4e572 Add -clrext option to 'x509' 2000-02-19 00:46:02 +00:00
Bodo Möller
a91451ef13 add missing 'static' 2000-02-18 10:39:40 +00:00
Dr. Stephen Henson
8a208cba97 New functions and option to use NEW in certificate requests. 2000-02-18 00:54:21 +00:00
Bodo Möller
73c5591944 Casts now unnecessary because of changed prototype. 2000-02-17 18:36:21 +00:00
Dr. Stephen Henson
cd3c54e50f Add -pass argument to 'enc'.
Fix to make Win32 compile work again.
2000-02-17 00:41:43 +00:00
Dr. Stephen Henson
a3fe382e2d Pass phrase reorganisation. 2000-02-16 23:16:01 +00:00
Ben Laurie
bd44570322 Fix signed/unsigned warnings. 2000-02-16 12:09:17 +00:00
Richard Levitte
207c7df746 Remove the access() call altogether for VMS, since it doesn't quite
work for directory specifications (this will be reported as a bug to
DEC^H^H^HCompaq).  It could as well be removed for all others as well,
since stat() and open() will return appropriate errors as well, but I
leave that to someone else to decide.
2000-02-15 09:44:54 +00:00
Dr. Stephen Henson
d13e4eb0b5 Make pkcs12 and smime applications seed random number
generator (otherwise they don't work) and add -rand
option. Update docs.
2000-02-12 03:03:04 +00:00
Richard Levitte
07fc35519e A hack to make sure access() will give us the correct answer about the
accessability of an "empty" directory.  Thsi *is* weird, and a better
solution will be provided in apps/ca.c, when I get time to hack at it.
2000-02-11 18:12:47 +00:00
Bodo Möller
3ebf0be142 Corrections. 2000-02-11 17:18:50 +00:00
Bodo Möller
cbcc5c01f9 Update. 2000-02-11 16:31:04 +00:00
Bodo Möller
e6e7b5f3df Implement MD5-based "apr1" password hash. 2000-02-11 16:25:44 +00:00
Ben Laurie
efb416299f Fix shadow. 2000-02-11 13:11:18 +00:00
Richard Levitte
f6814ea43a Add compilation of the new passwd utility. 2000-02-11 11:21:50 +00:00
Ralf S. Engelschall
667ac4ec6a Make gcc 2.95.2 happy again, even under ``-Wall -Wshadow -Wpointer-arith -Wcast-align
-Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Winline''.
2000-02-11 09:47:18 +00:00
Bodo Möller
bb325c7d6a 'passwd' tool. 2000-02-10 21:50:52 +00:00
Dr. Stephen Henson
f07fb9b24b Add command line password options to the reamining utilities,
amend docs.
2000-02-08 01:34:59 +00:00
Bodo Möller
8652d1c22e Memory leak. 2000-02-06 02:48:53 +00:00
Bodo Möller
e290c7d4e0 Correction: openssl.c must get the long version of the apps_startup()
macro
2000-02-05 21:39:20 +00:00
Bodo Möller
29a28ee503 Cosmetic changes. 2000-02-05 21:28:09 +00:00
Dr. Stephen Henson
66430207a4 Add support for some broken PKCS#8 formats. 2000-02-05 21:07:56 +00:00
Dr. Stephen Henson
af57d84312 Rename SSLeay_add_all_algorithms() et al to
OpenSSL_add_all_algorithms(). Move these into
separate files so they work properly.
2000-02-04 14:01:38 +00:00
Ulf Möller
657e60fa00 ispell (and minor modifications) 2000-02-03 23:23:24 +00:00
Dr. Stephen Henson
82fc1d9c28 Add new -notext option to 'ca', -pubkey option to spkac.
Remove some "WTF??" casts from applications.

Fixes to keep VC++ happy and avoid warnings.

Docs tidy.
2000-02-03 02:56:48 +00:00
Ulf Möller
51ca375e7e Seek out and destroy another evil cast. 2000-01-30 23:33:40 +00:00
Ulf Möller
9d1a01be8f Source code cleanups: Use void * rather than char * in lhash,
eliminate some of the -Wcast-qual warnings (debug-ben-strict target)
2000-01-30 22:20:28 +00:00
Richard Levitte
1f36fe2835 Synchronise with Unix code 2000-01-28 12:15:20 +00:00
Dr. Stephen Henson
90644dd74d New -pkcs12 option to CA.pl.
Document CA.pl script.
Initialise and free up the extra DH fields
(nothing uses them yet though).
2000-01-28 01:35:31 +00:00
Bodo Möller
05ccd698b9 RAND_load_file(..., -1) now means "read the complete file";
this is what we now use to read $RANDFILE / $HOME/.rnd.
(Previously, after 'cat'ting lots of stuff into .rnd
only the first MB would be looked at.)

Bugfix for apps/enc.c: Continue if RAND_pseudo_bytes returns 0
(only -1 is an error).
2000-01-24 10:03:24 +00:00
Bodo Möller
f13b93d3b4 RAND_pseudo_bytes is good enough for encryption IVs,
we should not need RAND_bytes (and we cannot use the latter
unless we load a seed file)
2000-01-24 09:32:20 +00:00
Dr. Stephen Henson
fabce04122 Make s_server, s_client check cipher list return codes.
Update docs.
2000-01-23 02:28:08 +00:00
Ulf Möller
2a99e8b9df dh renamed to dhparam 2000-01-22 21:26:52 +00:00
Dr. Stephen Henson
09483c58e3 Add new program dhparam and update docs. 2000-01-22 13:58:29 +00:00
Dr. Stephen Henson
018e57c74d Apply Lutz Behnke's 56 bit cipher patch with a few
minor changes.

Docs haven't been added at this stage. They are probably
best included in the 'ciphers' program docs.
2000-01-22 03:17:06 +00:00
Bodo Möller
033db22d57 add ERR_print_errors after "end" label. 2000-01-21 11:30:52 +00:00
Dr. Stephen Henson
8100490a72 Make -CAcreateserial start from 1 instead of 0 for
serial numbers.
2000-01-21 02:42:14 +00:00
Ulf Möller
e7f97e2d22 Check RAND_bytes() return value or use RAND_pseudo_bytes(). 2000-01-21 01:15:56 +00:00
Dr. Stephen Henson
6e6bc352b1 Finish off the X509_ATTRIBUTE string stuff. 2000-01-20 01:37:17 +00:00
Richard Levitte
b058a08085 It doesn't make sense to try see if these variables are negative, since they're unsigned. 2000-01-17 00:49:52 +00:00
Ulf Möller
aa82db4fb4 Add missing #ifndefs that caused missing symbols when building libssl
as a shared library without RSA.  Use #ifndef NO_SSL2 instead of
NO_RSA in ssl/s2*.c.

Submitted by: Kris Kennaway <kris@hub.freebsd.org>
Modified by Ulf Möller
2000-01-16 21:10:00 +00:00
Ulf Möller
373b575f5a New function RAND_pseudo_bytes() generated pseudorandom numbers that
are not guaranteed to be unpredictable.
2000-01-16 15:58:17 +00:00
Bodo Möller
4fd2ead09d Enable memory checking earlier (we correctly free everything
except for the BIO through which we print the memory leak list,
and the leak printing function ignores this one block).
2000-01-15 03:08:52 +00:00
Bodo Möller
11afb40c01 Use CRYPTO_push_info to track down memory leak
(only the CRYPTO_push_info's in the apps/ directory
are included in the CVS commit, not all those I used
in crypto/)
2000-01-13 22:52:52 +00:00
Bodo Möller
2c736d077b slightly change usage information 2000-01-13 21:36:06 +00:00
Bodo Möller
a873356c00 Use CRYPTO_push_info to find a memory leak in pkcs12.c. 2000-01-13 21:10:43 +00:00
Dr. Stephen Henson
25f923ddd1 New function X509_CTX_rget_chain(), make SSL_SESSION_print() display return code.
Remove references to 'TXT' in -inform and -outform switches.
2000-01-09 14:21:40 +00:00
Ben Laurie
752d706aaf Make NO_RSA compile with pedantic. 2000-01-08 21:06:24 +00:00
Dr. Stephen Henson
c3ed3b6eab Add -prexit command to s_client and patch some BIO
functions so it doesn't crash. Document s_client.
2000-01-08 19:05:47 +00:00
Dr. Stephen Henson
ef7eaa4cb0 Manpages for the DH utils and fix for a memory leak in dh program 2000-01-08 13:36:17 +00:00
Dr. Stephen Henson
dad666fbbe Add PKCS#12 manpage and use MAC iteration counts by default. 2000-01-08 03:16:04 +00:00
Bodo Möller
918a8a16fa CA.pl is now generated automatically (using CA.pl.in as input) 2000-01-07 13:06:28 +00:00
Bodo Möller
d2b6c3f31f apps/openssl.cnf and the documentation say it's "nombstr",
but crypto/asn1/a_strnid.c had "nombchar".
2000-01-07 13:05:41 +00:00
Bodo Möller
63da21c01b make no-des and no-rc2 work. 2000-01-07 12:15:54 +00:00
Dr. Stephen Henson
35f4850ae0 More X509_ATTRIBUTE changes. 2000-01-07 00:55:54 +00:00
Dr. Stephen Henson
b38f9f66c3 Initial automation changes to 'req' and X509_ATTRIBUTE functions. 2000-01-06 01:26:48 +00:00
Bodo Möller
3a4f14f3d1 Rename CA.pl to CA.pl.in (no actual changes), and let Configure
set the #! line with the path to Perl.

Submitted by: Peter Jones
2000-01-05 01:31:22 +00:00
Dr. Stephen Henson
20432eae41 Fix some of the command line password stuff. New function
that can automatically determine the type of a DER encoded
"traditional" format private key and change some of the
d2i functions to use it instead of requiring the application
to work out the key type.
2000-01-01 16:42:49 +00:00
Dr. Stephen Henson
6447cce372 Simplify the trust structure: basically zap the bit strings and
represent everything by OIDs.
1999-12-29 00:40:28 +00:00
Dr. Stephen Henson
36217a9424 Allow passwords to be included on command line for a few
more utilities.
1999-12-24 23:53:57 +00:00
Dr. Stephen Henson
12aefe78f0 Fixes so NO_RSA works again. 1999-12-24 17:26:33 +00:00
Dr. Stephen Henson
525f51f6c9 Add PKCS#8 utility functions and add PBE options. 1999-12-23 02:02:42 +00:00
Bodo Möller
2b6313d0da Rename
CRYPTO_add_info    => CRYPTO_push_info
   CRYPTO_remove_info => CRYPTO_pop_info
in the hope that these names are more descriptive;
and "make update".
1999-12-18 13:51:47 +00:00
Bodo Möller
75acc288ca fix typos and other little errors ... 1999-12-18 13:25:45 +00:00
Bodo Möller
03c48fa07b Avoid shadowing p to make the compiler happy. 1999-12-18 05:16:30 +00:00
Bodo Möller
3db1f2d5be Add a comment. 1999-12-18 00:30:32 +00:00
Bodo Möller
e8f48dbacc Add missing semicolon to make compiler happy, and switch back
from MemCheck_start() to CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON)
because that is what applications should use
(MemCheck_start/stop never really worked for applications
unless CRYPTO_MDEBUG was defined both when compiling the library
and when compiling the application, so probably we should
get rid of it).
1999-12-18 00:28:21 +00:00
Richard Levitte
1ad9bdf253 Use MemCheck_start() instead of CRYPTO_mem_ctrl(), and generate a small leak to test (conditional) 1999-12-17 12:50:06 +00:00
Richard Levitte
8a1580096b Synchronise VMS scripts with Unix Makefiles 1999-12-16 19:57:50 +00:00
Dr. Stephen Henson
55f30198ad Various S/MIME fixes. Fix for memory leak, recipient list bug
and not excluding parameters with DSA keys.
1999-12-14 02:44:27 +00:00
Dr. Stephen Henson
e3775a33c1 Make the PKCS#7 S/MIME functions check for passed NULL pointers.
Fix the usage message of smime utility and sanitise the return
codes.

Add some documentation.
1999-12-09 01:31:32 +00:00
Dr. Stephen Henson
a2121e0aee Add i2d_ASN1_PRINTABLESTRING() function, and do 'make update' 1999-12-08 00:56:15 +00:00
Dr. Stephen Henson
55ec5861c8 Modify S/MIME application so the -signer option writes the signer(s)
to a file if we are verifying.
1999-12-07 02:35:52 +00:00
Dr. Stephen Henson
5a9a4b299c Merge in my S/MIME library and utility. 1999-12-05 00:40:59 +00:00
Bodo Möller
cddfe788fb Add functions des_set_key_checked, des_set_key_unchecked.
Never use des_set_key (it depends on the global variable des_check_key),
but usually des_set_key_unchecked.
Only destest.c bothered to look at the return values of des_set_key,
but it did not set des_check_key -- if it had done so,
most checks would have failed because of wrong parity and
because of weak keys.
1999-12-03 20:24:21 +00:00
Dr. Stephen Henson
dd4134101f Change the trust and purpose code so it doesn't need init
either and has a static and dynamic mix.
1999-12-02 02:33:56 +00:00
Dr. Stephen Henson
08cba61011 Modify the X509 V3 extension lookup code. 1999-12-01 01:49:46 +00:00
Ben Laurie
fea9afbfc7 Make salting the default. Fail gracefully if the input is not salted. 1999-11-30 20:15:19 +00:00
Dr. Stephen Henson
bb7cd4e3eb Remainder of SSL purpose and trust code: trust and purpose setting in
SSL_CTX and SSL, functions to set them and defaults if no values set.
1999-11-29 22:35:00 +00:00
Dr. Stephen Henson
13938aceca Add part of chain verify SSL support code: not complete or doing anything
yet.

Add a function X509_STORE_CTX_purpose_inherit() which implements the logic
of "inheriting" purpose and trust from a parent structure and using a default:
this will be used in the SSL code and possibly future S/MIME.

Partial documentation of the 'verify' utility. Still need to document how all
the extension checking works and the various error messages.
1999-11-29 01:09:25 +00:00
Dr. Stephen Henson
51630a3706 Add trust setting support to the verify code. It now checks the
trust settings of the root CA.

After a few fixes it seems to work OK.

Still need to add support to SSL and S/MIME code though.
1999-11-27 19:43:10 +00:00
Dr. Stephen Henson
9868232ae1 Initial trust code: allow setting of trust checking functions
in a table. Doesn't do too much yet.

Make the -<digestname> options in 'x509' affect all relevant
options.

Change the name of the 'notrust' options to 'reject' as this
causes less confusion and is a better description of the
effect.

A few constification changes.
1999-11-27 01:14:04 +00:00
Dr. Stephen Henson
d4cec6a13d New options to the -verify program which can be used for chain verification.
Extend the X509_PURPOSE structure to include shortnames for purposed and default
trust ids.

Still need some extendable trust checking code and integration with the SSL and
S/MIME code.
1999-11-26 00:27:07 +00:00
Dr. Stephen Henson
52664f5081 Transparent support for PKCS#8 private keys in RSA/DSA.
New universal public key format.

Fix CRL+cert load problem in by_file.c

Make verify report errors when loading files or dirs
1999-11-21 22:28:31 +00:00
Ben Laurie
44eca70641 Update dependencies. 1999-11-18 14:32:54 +00:00
Ben Laurie
5ef738240a Fix warning. 1999-11-18 14:10:53 +00:00
Dr. Stephen Henson
f76d8c4747 Modify verify code to handle self signed certificates. 1999-11-17 01:20:29 +00:00
Dr. Stephen Henson
91895a5938 Fix for a bug in PKCS#7 code and non-detached data.
Remove rc4-64 from ciphers since it doesn't exist...
1999-11-16 14:54:50 +00:00
Dr. Stephen Henson
fd699ac55f Add a salt to the key derivation using the 'enc' program. 1999-11-16 02:49:25 +00:00
Dr. Stephen Henson
06556a1744 'req' fixes. Reinstate length check one request fields.
Fix to stop null being added to attributes.
Modify X509_LOOKUP, X509_INFO to handle auxiliary info.
1999-11-14 23:10:50 +00:00
Dr. Stephen Henson
a0e9f529a4 Add support for the 40 and 64 bit RC2 and RC4 ciphers in 'enc'
add documentation for 'enc'.
1999-11-14 03:23:17 +00:00
Richard Levitte
849c0fe240 Adjust to changes in apps/openssl.cnf 1999-11-12 01:59:47 +00:00
Richard Levitte
ca0e2bc973 Adjust to changes in apps/Makefile.ssl 1999-11-12 01:52:59 +00:00
Dr. Stephen Henson
954ef7ef69 Merge some common functionality in the apps, delete
the encryption option in the pkcs7 utility (they never
did anything) and add a couple more options to pkcs7.
1999-11-12 01:42:25 +00:00
Dr. Stephen Henson
af29811edd Add password command line options to some utils. Fix and update man
pages.
1999-11-11 18:41:31 +00:00
Dr. Stephen Henson
53b1899e3c Fix a couple of outstanding issues: update STATUS file, fix NO_FP_API problems.
Update docs, change 'ca' to use the new callback parameter. Now moved key_callback
into app.c because some other utilities will use it soon.
1999-11-11 13:58:41 +00:00
Ben Laurie
95fdc5eef9 Fix (spurious) warnings. 1999-11-09 12:09:24 +00:00
Bodo Möller
5fe2085bba Avoid some warnings. 1999-11-09 10:00:15 +00:00
Dr. Stephen Henson
a0ad17bb6c Fix to the -revoke option in ca. It was leaking memory, crashing and just
plain not working :-(

Also fix some memory leaks in the new X509_NAME code.

Fix so new app_rand code doesn't crash 'x509' and move #include so it compiles
under Win32.
1999-11-08 13:58:08 +00:00
Dr. Stephen Henson
ce1b4fe146 Allow additional information to be attached to a
certificate: currently this includes trust settings
and a "friendly name".
1999-11-04 00:45:35 +00:00
Dr. Stephen Henson
74400f7348 Continued multibyte character support.
Add a bunch of functions to simplify the creation of X509_NAME structures.

Change the X509_NAME_entry_add stuff in req/ca so it no longer uses
X509_NAME_entry_count(): passing -1 has the same effect.
1999-10-27 00:15:11 +00:00
Bodo Möller
847c52e47f Warn about RANDFILE being overwritten. 1999-10-26 11:27:42 +00:00
Bodo Möller
640588bbfb New file app_rand.c with some functionality used in various openssl
applications.
1999-10-26 01:59:11 +00:00
Bodo Möller
a31011e8e0 Various randomness handling bugfixes and improvements --
some utilities that should have used RANDFILE did not,
and -rand handling was broken except in genrsa.
1999-10-26 01:56:29 +00:00
Bodo Möller
798757762a Improve support for running everything as a monolithic application.
Submitted by: Lennart Bång, Bodo Möller
1999-10-25 19:36:01 +00:00
Dr. Stephen Henson
673b102c5b Initial support for certificate purpose checking: this will
ultimately lead to certificate chain verification. It is
VERY EXPERIMENTAL at present though.
1999-10-13 01:11:56 +00:00
Dr. Stephen Henson
def38e38ec Fix incorrect usage messages in some commands. 1999-10-06 22:59:21 +00:00
Dr. Stephen Henson
d71c6bc5a4 Fix for bug in pkcs12 program and typo in ASN1_tag2str(). 1999-10-05 13:10:21 +00:00
Dr. Stephen Henson
2d681b779c Fix for bug in pkcs12 program and typo in ASN1_tag2str(). 1999-10-05 12:57:50 +00:00
Dr. Stephen Henson
3908cdf442 New option -dhparam to s_server to allow the DH parameter file to be set
explicitly. Previously it couldn't be changed because it was hard coded as
"server.pem".
1999-10-04 23:56:06 +00:00
Dr. Stephen Henson
3ea23631d4 Add support for public key input and output in rsa and dsa utilities with some
new DSA public key functions that were missing.

Also beginning of a cache for X509_EXTENSION structures: this will allow them
to be accessed more quickly for things like certificate chain verification...
1999-10-04 21:17:47 +00:00
Ben Laurie
18c77bf29e Fix warnings. 1999-10-03 18:09:45 +00:00
Dr. Stephen Henson
c91e125934 Modify the 'speed' application so it now uses RSA_sign and RSA_verify
instead of RSA_private_encrypt and RSA_public_decrypt
1999-10-02 01:18:19 +00:00
Bodo Möller
39b30b6ab7 "make update" 1999-09-27 15:12:30 +00:00
Bodo Möller
8569c322be Fix typo in error message.
Submitted by: Alan Batie
1999-09-25 11:26:31 +00:00
Bodo Möller
dd73193c83 Honor BUFSIZZ definition in s_server, don't use tiny 32 byte
buffer (which leads to truncation of client cipher list).
1999-09-25 11:24:53 +00:00
Bodo Möller
4ad378ea43 Bugfix: avoid opening CAfile when it's NULL. 1999-09-24 20:27:20 +00:00
Bodo Möller
f4e723f3e7 typo 1999-09-21 14:03:20 +00:00
Dr. Stephen Henson
06f4536a61 Fix to make s_client and s_server work under Windows. A bit of a hack but
an improvement on not working at all.
1999-09-20 22:09:17 +00:00
Dr. Stephen Henson
090d848ea8 Various CRL enhancements tidies and workaround for broken CRLs. 1999-09-18 01:42:02 +00:00
Bodo Möller
9a0f732d75 Document -startdate and -enddate in usage summary. 1999-09-17 16:35:29 +00:00
Dr. Stephen Henson
d79812b0fa Fix typo. 1999-09-15 21:12:23 +00:00
Bodo Möller
396f631458 some more patches for avoiding problems with non-automatic variables 1999-09-08 21:58:13 +00:00
Dr. Stephen Henson
c1cd88a0eb Oops... forgot the other RSA_NULL patches... 1999-09-08 18:19:45 +00:00
Bodo Möller
a32640b0f4 Reinitialize conf to NULL whenver ca application is started.
Submitted by: Lennart Bang
1999-09-05 20:53:08 +00:00
Bodo Möller
b74ba295da Reinitialize global variables when necessary (for monolith application). 1999-09-03 23:08:45 +00:00
Dr. Stephen Henson
8ce97163a2 Add new 'spkac' utility and several SPKAC utility functions. 1999-09-03 01:08:34 +00:00
Dr. Stephen Henson
87a25f9032 Allow the extension section specified in config files to be overridden
on the command line for various utilities.
1999-08-27 00:08:17 +00:00
Dr. Stephen Henson
f9150e5421 Allow the 1.OU="my OU" syntax in 'ca' for SPKACs. 1999-08-25 23:18:23 +00:00
Dr. Stephen Henson
c79b16e11d Allow extensions to be added to certificate requests, update the sample
config file (change RAW to DER).
1999-08-25 16:59:26 +00:00
Bodo Möller
2cfa692136 Return 0 for succesful exit when -noout is used. 1999-08-17 08:33:59 +00:00
Bodo Möller
1b1a6e7808 -crlf option. 1999-08-09 13:01:48 +00:00
Bodo Möller
204cf1abb0 Comments. 1999-08-08 14:21:04 +00:00
Ralf S. Engelschall
5a97a0b6e4 consistent style 1999-08-08 09:39:43 +00:00
Bodo Möller
1bdb8633c1 New option "-crlf" to s_client and s_server which tells them to convert
LFs into CRLFs when forwarding data from stdin to the TLS connection.
This is necessary for properly talking HTTP.
Because of the code freeze this change is by default disabled for now;
without -DAPPS_CRLF, the code is exactly as before.
1999-08-07 02:51:10 +00:00
Dr. Stephen Henson
ed7f60fbf9 Fix -startdate and -enddate arguments to 'ca' program. Also update NEWS file
with some 0.9.4 changes.
1999-08-06 21:47:09 +00:00
Bodo Möller
e42979f2c5 Dont' assume that something starting with '-' is a filename --
"openssl gendsa -help" now prints the usage summary, not error
messages that now file -help was found.
1999-08-06 11:18:44 +00:00
Bodo Möller
a851544169 avoid some NO_<cipher> problems 1999-08-02 21:44:49 +00:00
Dr. Stephen Henson
12ea44704a Tidy up pkcs12 application. 1999-07-29 21:50:34 +00:00
Ulf Möller
8c197cc55e VMS updates.
Submitted by: Richard Levitte <levitte@stacken.kth.se>
1999-07-28 23:25:59 +00:00
Bodo Möller
93c106c4b9 additional argument for key_callback 1999-07-21 22:07:35 +00:00
Bodo Möller
74678cc2f8 Additional user data argument to pem_password_cb function type
and to lots of PEM_... functions.
Submitted by: Damien Miller <dmiller@ilogic.com.au>
1999-07-21 20:57:16 +00:00
Bodo Möller
c69e361f1c Fix option processing.
Submitted by: Sam Tetherow
1999-07-14 18:37:51 +00:00
Bodo Möller
5059658219 fix memory leak in s3_clnt.c 1999-07-12 17:15:42 +00:00
Bodo Möller
3a55fc1aab correct error handling
insert spaces in products that occur in error codes
1999-07-12 09:46:34 +00:00
Bodo Möller
03cd49447f New function RSA_check_key,
openssl rsa -check
1999-07-11 22:00:55 +00:00
Dr. Stephen Henson
f7daafa442 Fix a bug in x509.c that omitted DSA parameters when they didn't match the
signers parameters. Changed it to never omit parameters.
1999-07-11 01:48:21 +00:00
Bodo Möller
777ab7e611 Fix memory checking. 1999-07-09 16:27:30 +00:00
Ulf Möller
5271ebd9a3 More no-xxx option tweaks. 1999-06-30 00:42:56 +00:00
Ulf Möller
5676d8cb76 Fix no-hmac and no-ripemd. 1999-06-29 23:52:08 +00:00
Bodo Möller
227cd06ffe Avoid some memory holes, one of which was pointed out by
"Chad C. Mulligan" <mulligan@antipope.org>.
1999-06-25 13:41:35 +00:00
Bodo Möller
a6c1b3a9ac "make update" 1999-06-21 10:04:48 +00:00
Dr. Stephen Henson
ba404b5e86 Convert the CONF library to use a typesafe stack: a STACK_OF(CONF_VALUE). It
seemed like a good idea at the time... several hours later it was rather
obvious that these are used all over the place making the changes rather
extensive.
1999-06-20 22:18:16 +00:00
Bodo Möller
d58d092bc9 Avoid warnings. 1999-06-10 16:29:32 +00:00
Ulf Möller
df63a389a5 "extern" is a C++ reserved word.
Pointed out by: Janez Jere <jj@void.si>
1999-06-09 16:33:18 +00:00
Bodo Möller
7740a1c6ef "make update" (added to top Makefile, and applied). 1999-06-09 16:18:53 +00:00
Dr. Stephen Henson
8eb57af5fe Complete support for PKCS#5 v2.0. Still needs extensive testing. 1999-06-08 00:09:51 +00:00
Bodo Möller
b1c4fe3625 Don't mix real tabs with tabs expanded as 8 spaces -- that's
a pain to read when using 4-space tabs.
1999-06-07 20:26:51 +00:00
Bodo Möller
9e06f6f601 Introduce "BIO pairs", which (when finished) will relay data
so that the SSL library can be used for applications that
have to handle all the actual I/O themselves.
1999-06-07 16:04:45 +00:00
Bodo Möller
cf2562e772 More general definition for S_ISDIR (needed not only for VMS but
also for NeXT).
1999-06-07 00:20:54 +00:00
Dr. Stephen Henson
e7871ffaa8 More PKCS#8 stuff. Support for unencrypted forms of private key. 1999-06-05 12:39:10 +00:00
Dr. Stephen Henson
3cbb7937fa Add d2i,i2d bio and fp functions for PKCS#8 and add -inform and -outform
arguments to pkcs8 application.
1999-06-05 01:45:20 +00:00
Dr. Stephen Henson
600dec1586 Add a 'pkcs8' application for initial PKCS#8 support. Still needs lots more
options to handle encrypted and unencrypted forms and DER format input and
output.
1999-06-05 00:32:16 +00:00
Ben Laurie
167f3af2ce Aha! That's how pkcs12 got missed from stackification. 1999-06-04 22:25:30 +00:00
Ben Laurie
84c15db551 Some constification and stacks that slipped through the cracks (how?). 1999-06-04 22:23:10 +00:00
Ulf Möller
a53955d8ab Support the EBCDIC character set and BS2000/OSD-POSIX (work in progress).
Submitted by: Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>
1999-06-04 21:35:58 +00:00
Ulf Möller
1e44804e33 Avoid type conflict on Unix with DEC C.
Pointed out by Sergio Rabellino <Rabellino@di.unito.it>
1999-06-04 13:41:30 +00:00
Ben Laurie
b4f76582d4 More evil cast removal. 1999-06-03 18:04:04 +00:00
Ben Laurie
6d114240b9 stack. 1999-05-31 21:00:25 +00:00
Ben Laurie
e5e932d212 Another safe stack. 1999-05-30 15:40:21 +00:00
Ben Laurie
ee8ba0b26c Another safe stack. 1999-05-30 15:25:47 +00:00
Dr. Stephen Henson
bec9e0da7a Free up 'out' before exiting pkcs12 application.
Submitted by: Wu Zhigang <zhigangwu@yahoo.com>
1999-05-27 13:10:59 +00:00
Bodo Möller
5ece777974 der_chop is now generated from der_chop.in. 1999-05-27 00:19:59 +00:00
Bodo Möller
288d2fb959 Set #!... path to Perl in apps/der_chop automatically. 1999-05-25 22:31:49 +00:00
Bodo Möller
6720e9472f Add closing parenthesis to usage output. 1999-05-25 21:38:09 +00:00
Bodo Möller
7e70181723 It was a very bad idea to use #include "../e_os.h" -- when this occurs
in cryptlib.h (which is often included as "../cryptlib.h"), then the
question remains relative to which directory this is to be interpreted.
gcc went one further directory up, as intended; but makedepend thinks
differently, and so probably do some C compilers.  So the ../ must go away;
thus e_os.h goes back into include/openssl (but I now use
#include "openssl/e_os.h" instead of <openssl/e_os.h> to make the point) --
and we have another huge bunch of dependency changes.  Argh.
1999-05-21 11:16:48 +00:00
Bodo Möller
17e3dd1c62 Don't install e_os.h in include/openssl, use it only as a local
include file.
1999-05-20 21:59:20 +00:00
Ulf Möller
9dff4cc051 Bring VMS in sync with the recent changes.
Submitted by: Richard Levitte <levitte@stacken.kth.se>
1999-05-20 21:00:29 +00:00
Ulf Möller
da70ff710c Avoid a warning.
Submitted by: Sylvain Robitaille <syl@alcor.concordia.ca>
1999-05-20 02:09:46 +00:00
Dr. Stephen Henson
257e206da6 Include some notes on basic extension usage and change openssl.cnf to usually
do sensible things with extensions.
1999-05-19 23:54:58 +00:00
Dr. Stephen Henson
e84240d422 New functions sk_set, sk_value and sk_num to replace existing macros: this is
to minimise the effects on existing code.
1999-05-19 12:45:16 +00:00
Dr. Stephen Henson
35f7324c23 Change default PKCS#12 iteration count to 2048, include rsa_oeap_test in the
test batch file.
1999-05-18 20:12:54 +00:00
Bodo Möller
12ba413c08 Get rid of some unnecessary casts and add a necessary one. 1999-05-18 15:06:20 +00:00
Bodo Möller
bc2e519a89 If we couldn't handle "-showcerts" (which happens with the current
SSL2 implementation), show at least the server certificate.
1999-05-17 20:46:43 +00:00
Bodo Möller
3f45ed82dc Rename "openssl x509" option "-config" to "-extfile", because it
doesn't have a default value like the "-config" options of other
openssl subprograms.
1999-05-17 08:28:37 +00:00
Dr. Stephen Henson
4aeb94b801 Oops! Get the pmatch test the right way round. 1999-05-16 21:50:26 +00:00
Dr. Stephen Henson
1b266dabf5 Fix various less obvious bugs in PKCS#7 handling: such as not zeroing
the secret key before we've encrypted it and using the right NID for RC2-64.
Add various arguments to the experimental programs 'dec' and 'enc' to make
testing less painful.

This stuff has now been tested against Netscape Messenger and it can encrypt
and decrypt S/MIME messages with RC2 (128, 64 and 40 bit) DES and triple DES.

Its still experimental though...
1999-05-16 17:32:32 +00:00
Bodo Möller
edf0bfb52b Change type of various DES function arguments from des_cblock
(meaning pointer to char) to des_cblock * (meaning pointer to
array with 8 char elements), which allows the compiler to
do more typechecking.  (The changed argument types were of type
des_cblock * back in SSLeay, and a lot of ugly casts were
used then to turn them into pointers to elements; but it can be
done without those casts.)

Introduce new type const_des_cblock -- before, the pointers rather
than the elements pointed to were declared const, and for
some reason gcc did not complain about this (but some other
compilers did).
1999-05-16 12:26:16 +00:00
Bodo Möller
e186bf96b4 Added a comment pointing out the behaviour of "openssl x509 -conf ...",
which cost me some time to find out about.
1999-05-16 12:17:20 +00:00
Bodo Möller
ee86c3f53d Marked probable bug, pointed out by Anonymous. 1999-05-16 12:01:49 +00:00
Dr. Stephen Henson
a74c55cd8f Various Win32 fixes. Change args in do_ms.bat to put platform last. Fix
unsigned/signed cmp error in asn1parse. Change various pem_all.c args to
use pem_password_cb.
1999-05-15 20:33:15 +00:00
Bodo Möller
127640b449 Update dependencies. 1999-05-15 13:38:48 +00:00
Ben Laurie
531b2cf7e9 Get rid of the cast. 1999-05-15 11:54:21 +00:00
Ulf Möller
09feda5cec Cut&paste error. 1999-05-13 17:25:05 +00:00
Bodo Möller
b56bce4fc7 New structure type SESS_CERT used instead of CERT inside SSL_SESSION.
While modifying the sources, I found some inconsistencies on the use of
s->cert vs. s->session->sess_cert; I don't know if those could
really have caused problems, but possibly this is a proper bug-fix
and not just a clean-up.
1999-05-13 15:09:38 +00:00
Ulf Möller
5c83b4c93f Remove redundant ifdef. 1999-05-13 13:29:41 +00:00
Ulf Möller
75e0770d96 VMS support bug fixes. 1999-05-13 13:21:17 +00:00
Ulf Möller
7d7d2cbcb0 VMS support.
Submitted by: Richard Levitte <richard@levitte.org>
1999-05-13 11:37:32 +00:00
Dr. Stephen Henson
f5eac85edc Add new -out option to asn1parse to allow the parsed data to be output.
Fixed -strparse option: it didn't work if used more than once (this was due
to the d2i_ASN1_TYPE call parsing a freed buffer). On Win32 the file wincrypt.h
#define's X509_NAME and PKCS7_SIGNER_INFO causing clashes so these are #undef'ed
1999-05-12 01:56:27 +00:00
Bodo Möller
54a29df0ec argc counting bug fixed.
Submitted by: Tomas Hulek
Reviewed by:
PR:
1999-05-11 15:44:58 +00:00
Ulf Möller
7af62c3cbb Move openssl.cnf out of lib/.
Submitted by: Richard Levitte <levitte@stacken.kth.se>
1999-05-11 10:42:28 +00:00
Ulf Möller
d5a2ea4b73 Move openssl.cnf out of lib/. 1999-05-10 23:59:28 +00:00
Ralf S. Engelschall
397f703892 Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall -Wshadow
-Wpointer-arith -Wcast-align -Wmissing-prototypes -Wmissing-declarations
-Wnested-externs -Winline'' with EGCS 1.1.2+
1999-05-10 08:33:56 +00:00
Dr. Stephen Henson
a5ab0532ca Various Win32 fixes. Win95 doesn't support MoveFileEx() (which was used for a
Win32 version of rename() ). There isn't a precise rename() equivalent under
Win95: the standard rename() complains if the destination already exists so
replaced with a combination of unlink() and MoveFile().
1999-05-08 22:46:51 +00:00
Dr. Stephen Henson
e40b7abeed Allows PKCS#12 password to be placed on command line and add allow config
file name for 'ca' to come from the environment.
1999-05-08 12:59:50 +00:00
Bodo Möller
a2aa81683f This was an unused derivate of an old version of s_client.c that had
been changed so that it almost could be used under Windows.
No one asked to keep it (and no one volunteered to bring it into useable
state), so away with it.
Submitted by:
Reviewed by:
PR:
1999-05-08 10:12:48 +00:00
Ralf S. Engelschall
20b85fdd76 Convert casted X509_INFO stacks to type-safe STACK_OF(X509_INFO).
PS: Feel free to move the IMPLEMENT_STACK_OF(X509_INFO) from
    crypto/asn1/x_info.c to any other place where you think it fits better.
    X509_INFO is a structure slightly spreaded over ASN.1, X509 and PEM code,
    so I found no definitive location for IMPLEMENT_STACK_OF(X509_INFO).  In
    crypto/asn1/x_info.c it's at least now bundled with X509_INFO_new() and
    friends.
1999-05-04 08:56:51 +00:00
Ralf S. Engelschall
0f3e604589 consistency cosmetics 1999-05-04 06:50:45 +00:00
Ben Laurie
0b3f827cf5 Yet another stack. 1999-05-02 21:36:58 +00:00
Ben Laurie
5b1b044606 Update dependencies. 1999-05-01 22:36:10 +00:00
Ben Laurie
d35ea5b00b Another stack. 1999-05-01 18:29:59 +00:00
Ben Laurie
d500de1672 Another stack. 1999-05-01 18:08:44 +00:00
Ben Laurie
65d4927b8d Another safe stack. 1999-05-01 17:40:57 +00:00
Bodo Möller
e5f3045fbf Support INSTALL_PREFIX for packagers.
Submitted by:
Reviewed by:
PR:
1999-04-29 21:52:08 +00:00
Ulf Möller
d575d2924c Ignore Makefile.save
Submitted by: Anonymous
1999-04-29 16:04:54 +00:00
Bodo Möller
cc98d9b68c Fix make target "install".
Submitted by: Niels Poppe
Reviewed by:
PR:
1999-04-29 12:30:49 +00:00
Bodo Möller
ddeee82c63 Install various scripts to $(OPENSSLDIR)/misc instead of $(INSTALLTOP)/bin.
Submitted by:
Reviewed by:
PR:
1999-04-28 22:06:19 +00:00
Ben Laurie
8b1a3a9238 Don't shadow. 1999-04-28 12:13:45 +00:00
Bodo Möller
67a4728511 A new comment.
Submitted by:
Reviewed by:
PR:
1999-04-27 16:48:06 +00:00
Ulf Möller
b5929507e3 Update NO_* macros. 1999-04-27 11:56:15 +00:00
Ulf Möller
f5d7a031a3 New Configure option no-<cipher> (rsa, idea, rc5, ...). 1999-04-27 01:14:46 +00:00
Dr. Stephen Henson
b64f825671 Add PKCS#12 documentation and new option in x509 to add certificate extensions. 1999-04-27 00:36:20 +00:00
Ulf Möller
a9be3af5ad Remove NOPROTO definitions and error code comments. 1999-04-26 16:43:10 +00:00
Ulf Möller
b0b7b1c5ae New Configure option --openssldir to replace ssldir.pl. 1999-04-24 23:01:36 +00:00
Dr. Stephen Henson
6d31193858 Complete rewrite of the error code generation script. It now runs as a single
script, translates function codes better and doesn't need the K&R function
prototypes to work (NB. the K&R prototypes can't be wiped just yet: they are
still needed by the DEF generator...). I also ran the script with the -rewrite
option to update all the header and source files.
1999-04-24 00:15:18 +00:00
Bodo Möller
bf57da0717 "make depend"
Submitted by:
Reviewed by:
PR:
1999-04-23 22:50:50 +00:00
Bodo Möller
ec577822f9 Change #include filenames from <foo.h> to <openssl.h>.
Submitted by:
Reviewed by:
PR:
1999-04-23 22:13:45 +00:00
Ben Laurie
61f5b6f338 Work with -pedantic! 1999-04-23 15:01:15 +00:00
Ulf Möller
95dc05bc6d Fix lots of warnings.
Submitted by: Richard Levitte <levitte@stacken.kth.se>
1999-04-20 22:50:42 +00:00
Ulf Möller
6b691a5c85 Change functions to ANSI C. 1999-04-19 21:31:43 +00:00
Dr. Stephen Henson
41b731f2f8 Initial support for Certificate Policies extension: print out works but setting
isn't fully implemented (yet).
1999-04-18 23:21:03 +00:00
Ben Laurie
e778802f53 Massive constification. 1999-04-17 21:25:43 +00:00
Dr. Stephen Henson
1d48dd0019 Add initial support for r2i RAW extensions which can access the config database
add various X509V3_CTX helper functions and support for LHASH as the config
database.
1999-04-16 23:57:04 +00:00
Bodo Möller
c1cf1eecdb /* Just some comments. */
Submitted by:
Reviewed by:
PR:
1999-04-14 23:47:41 +00:00
Bodo Möller
d91f8c3ce8 Cleaning up Ben's clean-ups :-)
Submitted by:
Reviewed by:
PR:
1999-04-14 23:10:11 +00:00
Bodo Möller
f0f1b4e400 Some tiny fixes.
Submitted by:
Reviewed by:
PR:

Submitted by:
Reviewed by:
PR:
1999-04-14 20:17:23 +00:00
Ben Laurie
f73e07cf42 Add type-safe STACKs and SETs. 1999-04-12 17:23:57 +00:00
Ben Laurie
a36a1a5146 gcc claims this is a shadow, though I can't find what it is shadowing... 1999-04-12 17:17:39 +00:00
Ralf S. Engelschall
f9a2593163 Add `openssl ca -revoke <certfile>' facility which revokes a certificate
specified in <certfile> by updating the entry in the index.txt file.
This way one no longer has to edit the index.txt file manually for
revoking a certificate. The -revoke option does the gory details now.

Submitted by: Massimiliano Pala <madwolf@openca.org>
Cleaned up and integrated by: Ralf S. Engelschall
1999-04-12 11:45:14 +00:00
Ralf S. Engelschall
2f0cd19533 Fix openssl crl -noout -text' combination where -noout' killed the `-text'
option at all and this way the `-noout -text' combination was inconsistent in
`openssl crl' with the friends in `openssl x509|rsa|dsa'.
1999-04-12 10:36:16 +00:00
Bodo Möller
fc8ee06b4d Submitted by:
Reviewed by:
PR:
1999-04-11 02:49:35 +00:00
Ralf S. Engelschall
7c7c88515f Fix a few typos and tabs while I'm poking around in ca.c... 1999-04-10 13:15:38 +00:00
Ben Laurie
3bb307c10c Adjust renegotiation slightly. 1999-04-10 12:08:46 +00:00
Bodo Möller
c7ac31e26e Bugfix: s_client occasionally would sleep in select() when it should
have checked SSL_pending() first.
Submitted by:
Reviewed by:
PR:
1999-04-09 20:54:25 +00:00
Ulf Möller
e8d628156f Remove obsolete files from SSLeay 0.8. 1999-04-06 15:22:55 +00:00
Ben Laurie
121bd68d1c Don't shadow. 1999-04-03 14:52:01 +00:00
Bodo Möller
cf897932ca Avoid EADDRINUSE for s_server.
Submitted by:
Reviewed by:
PR:
1999-04-02 23:35:43 +00:00
Ulf Möller
99aab1619f New Makefile variables $(RANLIB) and $(PERL). 1999-04-01 12:34:33 +00:00
Ben Laurie
3dcc1ffc52 Don't shadow. 1999-04-01 10:17:35 +00:00
Bodo Möller
6d02d8e444 New option "-showcerts" for s_client
Slight cleanup in ssl/
1999-03-31 12:06:30 +00:00
Dr. Stephen Henson
ee0508d411 Include pkcs12 program as part of openssl. This completes most of the PKCS#12
integration.
1999-03-29 17:50:26 +00:00
Ben Laurie
b4cadc6e13 Fix security hole. 1999-03-22 12:22:14 +00:00
Ben Laurie
047f1a4466 Remake cert links when the app is built. 1999-03-09 20:06:39 +00:00
Ralf S. Engelschall
15542b2847 Make it more clear what option -WWW to s_server does. 1999-03-09 13:09:07 +00:00
Ralf S. Engelschall
d10f052be5 Make `openssl version' output lines consistent. 1999-03-08 12:35:01 +00:00
Dr. Stephen Henson
1756d405cc Added support for adding extensions to CRLs, also fix a memory leak and
make 'req' check the config file syntax before it adds extensions. Added
info in the documentation as well.
1999-03-06 19:33:29 +00:00
Ben Laurie
6242bb9c63 Put the dependencies back. 1999-03-06 14:32:48 +00:00
Ralf S. Engelschall
bb8f3c5879 General source tree makefile cleanups: Made `making xxx in yyy...' display
consistent in the source tree and replaced `/bin/rm' by `rm'.  Additonally
cleaned up the `make links' target: Remove unnecessary semicolons, subsequent
redundant removes, inline point.sh into mklink.sh to speed processing and no
longer clutter the display with confusing stuff. Instead only the actually
done links are displayed.
1999-03-06 12:32:06 +00:00
Ben Laurie
1efa9c33c0 Update dependencies. 1999-02-27 18:41:04 +00:00
Ralf S. Engelschall
ea14a91f64 Move s_server -dcert and -dkey options out of the undocumented feature area
because they are useful for the DSA situation and should be recognized by the
users. Thanks to Steve for the original hint.
1999-02-25 11:26:26 +00:00
Ralf S. Engelschall
7be304acdb Make `openssl x509 -noout -modulus' functional also for DSA certificates (in
addition to RSA certificates) to match the behaviour of `openssl dsa -noout
-modulus' as it's already the case for `openssl rsa -noout -modulus'.  For RSA
the -modulus is the real "modulus" while for DSA currently the public key is
printed (a decision which was already done by `openssl dsa -modulus' in the
past) which serves a similar purpose.  Additionally the NO_RSA no longer
completely removes the whole -modulus option; it now only avoids using the RSA
stuff. Same applies to NO_DSA now, too.
1999-02-24 17:17:31 +00:00
Dr. Stephen Henson
6b313a7365 Remove debugging fprintf from req.c and fix the code so it properly skips over
the first leading XXX. in the DN.
1999-02-24 00:14:21 +00:00
Ben Laurie
15799403ad Fix more warnings. 1999-02-23 12:53:49 +00:00
Ralf S. Engelschall
3a1daca9ef Get rid of a nasty debugging message which was forgotten here... 1999-02-23 08:53:04 +00:00
Ralf S. Engelschall
f2f351ce9c Fix usage message on gendsa:
1. The dsaparam argument is mandatory and not optional
2. Add a little text what this actually is: a filename
1999-02-23 08:52:20 +00:00
Dr. Stephen Henson
a43aa73e3b Redo the way 'req' and 'ca' add objects: add support for oid_section. 1999-02-23 00:07:46 +00:00
Ben Laurie
60e31c3a4b More stuff for new TLS ciphersuites. 1999-02-21 21:58:59 +00:00
Dr. Stephen Henson
aa066b9e6e Add more functionality to issuer alt name and subject alt name. New options
to include email addresses from DN and copy details from issuer certificate.
Include examples in openssl.cnf, update Win32 ordinals.
1999-02-21 01:46:45 +00:00
Dr. Stephen Henson
0ca5f8b15c Overhaul 'crl' application, add a proper X509_CRL_print function and start
to support CRL extensions.
1999-02-19 01:29:29 +00:00
Dr. Stephen Henson
0be9747b39 Oops! Remeber to include the other patches this time... 1999-02-17 23:22:57 +00:00
Dr. Stephen Henson
a8236c8c32 Fix various memory leaks in SSL, apps and DSA 1999-02-15 21:05:21 +00:00
Dr. Stephen Henson
388ff0b076 Add support for raw extensions. This means that you can include the DER encoding
of an arbitrary extension: e.g. 1.3.4.5=critical,RAW:12:34:56 Using this
technique currently unsupported extensions can be generated if you know their
DER encoding. Even if the extension is supported in future the raw extension
will still work: that is the raw version can always be used even if it is a
supported extension.
1999-02-14 16:48:22 +00:00
Dr. Stephen Henson
5c00879ef0 More Win32 fixes and upsdate INSTALL.W32 documentation. 1999-02-14 00:40:13 +00:00
Ben Laurie
08853ba82d Finally(?) fix DES stuff. 1999-02-13 21:49:34 +00:00
Ben Laurie
4e31df2cd7 Fix ghastly DES declarations, and all consequential warnings. 1999-02-13 18:52:38 +00:00
Dr. Stephen Henson
3773d138ce Delete a few unused files in apps, restore CAST WIN32 ASM file to main
tree.
1999-02-11 00:07:39 +00:00
Dr. Stephen Henson
175b0942ec More extension code. Incomplete support for subject and issuer alt
name, issuer and authority key id. Change the i2v function parameters
and add an extra 'crl' parameter in the X509V3_CTX structure: guess
what that's for :-) Fix to ASN1 macro which messed up
IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED.
1999-02-10 01:12:59 +00:00
Ben Laurie
7ec218eb4a Process extensions when they are there. 1999-02-06 17:46:23 +00:00
Ben Laurie
9f7646da25 Diagnose errors. 1999-02-06 15:20:44 +00:00
Ben Laurie
29d2824788 Typo in arguments. 1999-02-06 15:19:16 +00:00
Ben Laurie
c106c6132c Clear error we don't care about. 1999-02-06 13:30:37 +00:00
Ralf S. Engelschall
5810a5f4c7 Reflect correct filename 1999-01-31 11:19:17 +00:00
Mark J. Cox
d1f4c83ce5 Fix some more typos
Submitted by:
Reviewed by:
PR:
1999-01-31 09:59:54 +00:00
Mark J. Cox
bc2646ef11 fix typo
Submitted by:
Reviewed by:
PR:
1999-01-31 09:57:00 +00:00
Ben Laurie
59ff713462 Break circular dependency between pem and err. 1999-01-30 13:40:34 +00:00
Ben Laurie
fc8c1a5c67 Update dependencies. 1999-01-30 12:05:42 +00:00
Dr. Stephen Henson
79dfa97555 New program 'nseq' added to apps to allow Netscape certificate sequences to
be pulled apart and built.
1999-01-29 23:34:19 +00:00
Dr. Stephen Henson
9fe84296a4 Allow the -certfile argument to be used multiple times in crl2pkcs7.
Also fix typos in the usage messages: "inout" instead of "input".
1999-01-29 01:53:55 +00:00
Ralf S. Engelschall
7ae01d4adc One more incorrect name in usage page 1999-01-28 14:48:31 +00:00
Ralf S. Engelschall
b6cff93dcf Fix names in usage page of s_time, s_server and s_client 1999-01-28 14:44:08 +00:00
Dr. Stephen Henson
b2347661ce Still more X509 V3 stuff. Modify ca.c to work with the new code and modify
openssl.cnf for the new syntax.
1999-01-26 01:19:27 +00:00
Dr. Stephen Henson
f317aa4c9c More X509 V3 stuff. Add support for extensions in the 'req' application
so that: openssl req -x509 -new -out cert.pem
will take extensions from openssl.cnf a sample for a CA is included.
Also change the directory order so pem is nearer the end. Otherwise 'make links'
wont work because pem.h can't be built.
1999-01-25 01:09:21 +00:00
Dr. Stephen Henson
834eeef995 Continuing adding X509 V3 support. This starts to integrate the code with
the main library, but only with printing at present. To see this try:
openssl x509 -in cert.pem -text
on a certificate with some extensions in it.
1999-01-24 17:50:32 +00:00
Dr. Stephen Henson
9b5cc156f3 Continued patches so certificates and CRLs now can support and use
GeneralizedTime.
1999-01-20 00:14:40 +00:00
Ben Laurie
6f93539970 This time, get it right. 1999-01-19 23:25:22 +00:00