wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7990 commits 20 branches 302 tags 153 MiB
Commit graph

159 commits

Author SHA1 Message Date
Ben Laurie
309fa55bbb Return an error if the serial number is badly formed. (Coverity ID 116). 2007-04-04 14:35:56 +00:00
Ben Laurie
96ea4ae91c Add RFC 3779 support. 2006-11-27 14:18:05 +00:00
Dr. Stephen Henson
f6e7d01450 Support for multiple CRLs with same issuer name in X509_STORE. Modify 
verify logic to try to use an unexpired CRL if possible.
 2006-07-25 17:39:38 +00:00
Dr. Stephen Henson
03919683f9 Add support for default public key digest type ctrl. 2006-05-07 17:09:39 +00:00
Dr. Stephen Henson
ee1d9ec019 Remove link between digests and signature algorithms. 
Use cross reference table in ASN1_item_sign(), ASN1_item_verify() to eliminate
the need for algorithm specific code.
 2006-04-19 17:05:59 +00:00
Andy Polyakov
ffa101872f Eliminate dependency on read/write/stat in apps under _WIN32. 2005-11-04 09:30:55 +00:00
Nils Larsch
cc29c1204b successfully updating the db shouldn't result in an error message 2005-09-30 16:47:38 +00:00
Dr. Stephen Henson
cbdac46d58 Update from stable branch. 2005-07-04 23:12:04 +00:00
Nils Larsch
ff990440ee const fixes 2005-04-15 18:29:33 +00:00
Nils Larsch
7d727231b7 some const fixes 2005-04-05 19:11:19 +00:00
Dr. Stephen Henson
10c8505734 Use the default_md config file value when signing CRLs. 
PR:662
 2004-11-11 13:47:06 +00:00
Dr. Stephen Henson
b5a93e2250 Call setup_engine after autoconfig. 2004-08-06 12:44:34 +00:00
Dr. Stephen Henson
64674bcc8c Reduce chances of issuer and serial number duplication by use of random 
initial serial numbers.

PR: 842
 2004-04-20 12:05:26 +00:00
Dr. Stephen Henson
ae44fc1ec4 Clear error if unique_subject lookup fails. 2004-04-15 00:32:19 +00:00
Richard Levitte
d420ac2c7d Use BUF_strlcpy() instead of strcpy(). 
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
 2003-12-27 14:40:17 +00:00
Richard Levitte
03ddbdd9b9 Move another common functionality (reproduced so far with cut'n'paste) 
to apps.c, and give it the hopefully descriptive name parse_yesno().
 2003-11-28 14:45:09 +00:00
Richard Levitte
6d5ffb591b Move do_subject() to apps.c and rename it to parse_name(). The 
rationale behind the move is that it's use by several applications.
The rationale behind the name change is that it describes what the
function does a bit better.
 2003-11-28 14:07:14 +00:00
Richard Levitte
7ce9e425bc Allow multi-valued rdns in subjects. This adds the -multivalue-rdn option 
to 'openssl req' and 'openssl ca'.

PR: 779
Submitted by: Michael Bell <michael.bell@cms.hu-berlin.de>
Reviewed by: Richard Levitte

(there will be some follow-up changes)
 2003-11-28 14:04:09 +00:00
Richard Levitte
4d8743f490 Netware-specific changes, 
PR: 780
Submitted by: Verdon Walker <VWalker@novell.com>
Reviewed by: Richard Levitte
 2003-11-28 13:10:58 +00:00
Geoff Thorpe
2754597013 A general spring-cleaning (in autumn) to fix up signed/unsigned warnings. 
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
 2003-10-29 20:24:15 +00:00
Richard Levitte
e6fa67fa93 Generalise the definition of strcasecmp() and strncasecmp() for 
platforms that don't (necessarely) have it.  In the case of VMS, this
means moving a couple of functions from apps/ to crypto/ and make them
general (although only used privately).
 2003-09-09 14:48:36 +00:00
Richard Levitte
fd4ef69913 Implement CRL numbers. 
Contributed in whole by Laurent Genier <Laurent.Genier@intrinsec.com>
PR: 644
 2003-06-19 17:40:16 +00:00
Richard Levitte
4c771796d5 Convert save_serial() to work like save_index(), and add a 
rotate_serial() that works like rotate_index().
 2003-04-04 15:10:35 +00:00
Richard Levitte
d6df2b281f Add documentation on the added functionality in 'openssl ca'. 2003-04-04 14:39:44 +00:00
Richard Levitte
3ae70939ba Correct a lot of printing calls. Remove extra arguments... 2003-04-03 23:39:48 +00:00
Richard Levitte
16b1b03543 Implement self-signing in 'openssl ca'. This makes it easier to have 
the CA certificate part of the CA database, and combined with
'unique_subject=no', it should make operations like CA certificate
roll-over easier.
 2003-04-03 22:33:59 +00:00
Richard Levitte
c4448f60d6 Reset the version number of the issuer certificate? I believe this 
hasn't been tested in a long while...
 2003-04-03 18:50:15 +00:00
Richard Levitte
63b6fe2bf6 Conditionalise all debug strings. 2003-04-03 18:07:39 +00:00
Richard Levitte
f85b68cd49 Make it possible to have multiple active certificates with the same 
subject.
 2003-04-03 16:33:03 +00:00
Richard Levitte
0b13e9f055 Add the possibility to build without the ENGINE framework. 
PR: 287
 2003-01-30 17:39:26 +00:00
Richard Levitte
4e78074b39 cert_sk isn't always allocated, so freeing it may cause a crash. 
PR: 481
 2003-01-30 10:27:43 +00:00
Dr. Stephen Henson
09ad2458b8 Typo. 2003-01-09 16:54:21 +00:00
Dr. Stephen Henson
5b7249f302 NULL tofree when it is freed to avoid double free. 
Make sure key is not NULL before freeing it.
 2003-01-09 13:06:49 +00:00
Richard Levitte
e235000169 Spelling error. 
This patch was taken from the OpenBSD copy of OpenSSL 0.9.7 beta3 with patches
 2002-12-25 22:16:56 +00:00
Richard Levitte
1c3e4a3660 EXIT() may mean return(). That's confusing, so let's have it really mean 
exit() in whatever way works for the intended platform, and define
OPENSSL_EXIT() to have the old meaning (the name is of course because
it's only used in the openssl program)
 2002-12-03 16:33:03 +00:00
Richard Levitte
4579924b7e Cleanse memory using the new OPENSSL_cleanse() function. 
I've covered all the memset()s I felt safe modifying, but may have missed some.
 2002-11-28 08:04:36 +00:00
Richard Levitte
c863201780 Remove warnings. 2002-11-14 15:57:38 +00:00
Ben Laurie
54a656ef08 Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
Richard Levitte
ddff68bee7 Windows doesn't know sys/file.h 2002-11-07 21:40:06 +00:00
Richard Levitte
d610d27f30 On certain platforms, we redefine certain symbols using macros in 
apps.h.  For those, it's better to include apps.h after the system
headers where those symbols may be defined, since there's otherwise a
chance that the C compiler will barf when it sees something that looks
like this after expansion:

int VMS_strcasecmp((str1),(str2))(const char *, const char *);
 2002-10-24 10:03:55 +00:00
Bodo Möller
907a8f1e6e fix warnings, and harmonize indentation 2002-10-23 13:11:38 +00:00
Richard Levitte
2245cd87d4 BN_bn2hex() returns "0" instead of "00" for zero. This disrputs the 
requirement that the serial number always be an even amount of characters.
PR: 248
 2002-10-11 09:38:56 +00:00
Richard Levitte
d7b2342a6a Add missing LF 2002-10-09 06:35:47 +00:00
Bodo Möller
5488bb6197 get rid of EVP_PKEY_ECDSA (now we have EVP_PKEY_EC instead) 
Submitted by: Nils Larsch
 2002-08-12 08:47:41 +00:00
Richard Levitte
da9b972466 Make it possible to load keys from stdin, and restore that 
functionality in the programs that had that before.
Part fo PR 164
 2002-08-01 16:28:40 +00:00
Richard Levitte
87e8feca95 If the email address is moved from the subject to the subject alternate name, 
the subject in the certificate would differ from the subject in the index file,
which has quite bad concequences.
PR: 180
 2002-07-31 14:05:57 +00:00
Bodo Möller
7e6617611f Fix bug introduced with revision 1.95 when this filed was modified to 
use the new X509_CRL_set_issuer_name() function:
The CRL issuer should be X509_get_subject_name(x509), not
X509_get_issuer_name(x509).

Submitted by: Juergen Lesny <lesnyj@informatik.tu-muenchen.de>

typo
 2002-07-18 11:23:50 +00:00
Richard Levitte
9335a5f7c0 Unixware doesn't have strings.h, so we need to declare strcasecmp() 
differently.
Unixware 2 needs to link with libresolv.
PR: 148
 2002-07-18 07:47:30 +00:00
Dr. Stephen Henson
eee6c81af8 Reorganise -subj option code, fix buffer overrun. 2002-05-19 16:31:10 +00:00
Lutz Jänicke
c0455cbb18 Fix escaping when using the -subj option of "openssl req", document 
'hidden' -nameopt support. (Robert Joop <joop@fokus.gmd.de>)
 2002-04-30 12:08:18 +00:00