Commit graph

20 commits

Author SHA1 Message Date
Dr. Stephen Henson
fbd2164044 Experimental support for partial chain verification: if an intermediate
certificate is explicitly trusted (using -addtrust option to x509 utility
for example) the verification is sucessful even if the chain is not complete.
2010-02-25 00:17:22 +00:00
Dr. Stephen Henson
2e5975285e Update obsolete email address... 2008-11-05 18:39:08 +00:00
Ulf Möller
c7235be6e3 RFC 3161 compliant time stamp request creation, response generation
and response verification.

Submitted by: Zoltan Glozik <zglozik@opentsa.org>
Reviewed by: Ulf Moeller
2006-02-12 23:11:56 +00:00
Geoff Thorpe
2754597013 A general spring-cleaning (in autumn) to fix up signed/unsigned warnings.
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
2003-10-29 20:24:15 +00:00
Richard Levitte
33862b90bb Add an entry for X509_TRUST_OBJECT_SIGN in trstandard[].
PR: 617
2003-06-11 21:22:30 +00:00
Dr. Stephen Henson
98e6654938 Typo. 2001-10-20 16:22:28 +00:00
Dr. Stephen Henson
76c919c1a3 Add missing variable length cipher flag for Blowfish.
Only use trust settings if either trust or reject settings
are present, otherwise use compatibility mode. This stops
root CAs being rejected if they have alias of keyid set.
2001-05-24 22:58:35 +00:00
Dr. Stephen Henson
926a56bfe3 Purpose and trust setting functions for X509_STORE.
Tidy existing code.
2001-05-10 00:13:59 +00:00
Dr. Stephen Henson
fafc7f9875 Enhance OCSP_request_verify() so it finds the signers certificate
properly and supports several flags.
2001-02-26 14:17:58 +00:00
Bodo Möller
78f3a2aad7 Comment and indentation 2001-01-28 14:38:11 +00:00
Dr. Stephen Henson
81f169e95c Initial OCSP certificate verify. Not complete,
it just supports a "trusted OCSP global root CA".
2001-01-17 01:31:34 +00:00
Richard Levitte
26a3a48d65 There have been a number of complaints from a number of sources that names
like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages.  That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.

This change includes all the name changes needed throughout all C files.
2000-06-01 22:19:21 +00:00
Geoff Thorpe
ccd86b68ef The previous commit to crypto/stack/*.[ch] pulled the type-safety strings
yet tighter, and also put some heat on the rest of the library by
insisting (correctly) that compare callbacks used in stacks are prototyped
with "const" parameters. This has led to a depth-first explosion of
compiler warnings in the code where 1 constification has led to 3 or 4
more. Fortunately these have all been resolved to completion and the code
seems cleaner as a result - in particular many of the _cmp() functions
should have been prototyped with "const"s, and now are. There was one
little problem however;

X509_cmp() should by rights compare "const X509 *" pointers, and it is now
declared as such. However, it's internal workings can involve
recalculating hash values and extensions if they have not already been
setup. Someone with a more intricate understanding of the flow control of
X509 might be able to tighten this up, but for now - this seemed the
obvious place to stop the "depth-first" constification of the code by
using an evil cast (they have migrated all the way here from safestack.h).

Fortunately, this is the only place in the code where this was required
to complete these type-safety changes, and it's reasonably clear and
commented, and seemed the least unacceptable of the options. Trying to
take the constification further ends up exploding out considerably, and
indeed leads directly into generalised ASN functions which are not likely
to cooperate well with this.
2000-06-01 02:36:58 +00:00
Dr. Stephen Henson
068fdce877 New compatability trust and purpose settings. 2000-03-07 14:04:29 +00:00
Bodo Möller
6d0d5431d4 More get0 et al. changes. Also provide fgrep targets in CHANGES
where the new functions are mentioned.
2000-02-26 08:36:46 +00:00
Dr. Stephen Henson
c7cb16a8ff Rename functions for new convention. 2000-02-26 01:55:33 +00:00
Ulf Möller
657e60fa00 ispell (and minor modifications) 2000-02-03 23:23:24 +00:00
Dr. Stephen Henson
6447cce372 Simplify the trust structure: basically zap the bit strings and
represent everything by OIDs.
1999-12-29 00:40:28 +00:00
Dr. Stephen Henson
dd4134101f Change the trust and purpose code so it doesn't need init
either and has a static and dynamic mix.
1999-12-02 02:33:56 +00:00
Dr. Stephen Henson
21f775522b Oops! Commit died on me :-( 1999-11-27 01:18:39 +00:00