wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
12895 commits 20 branches 302 tags 153 MiB
Commit graph

406 commits

Author SHA1 Message Date
Dr. Stephen Henson
abd2ed012b Fix two bugs which affect delta CRL handling: 
Use -1 to check all extensions in CRLs.
Always set flag for freshest CRL.
 2012-12-06 18:24:28 +00:00
Dr. Stephen Henson
472af806ce Submitted by: Florian Weimer <fweimer@redhat.com> 
PR: 2909

Update test cases to cover internal error return values.

Remove IDNA wildcard filter.
 2012-11-21 14:10:48 +00:00
Dr. Stephen Henson
d88926f181 PR: 2909 
Contributed by: Florian Weimer <fweimer@redhat.com>

Fixes to X509 hostname and email address checking. Wildcard matching support.
New test program and manual page.
 2012-11-18 15:13:55 +00:00
Dr. Stephen Henson
a70da5b3ec New functions to check a hostname email or IP address against a 
certificate. Add options to s_client, s_server and x509 utilities
to print results of checks.
 2012-10-08 15:10:07 +00:00
Dr. Stephen Henson
ef570cc869 PR: 2696 
Submitted by: Rob Austein <sra@hactrn.net>

Fix inverted range problem in RFC3779 code.

Thanks to Andrew Chi for generating test cases for this bug.
 2012-02-23 21:31:37 +00:00
Dr. Stephen Henson
7568d15acd allow key agreement for SSL/TLS certificates 2012-01-26 14:57:45 +00:00
Dr. Stephen Henson
be71c37296 Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577) 2012-01-04 23:01:54 +00:00
Dr. Stephen Henson
6074fb0979 fix warnings 2012-01-04 14:45:47 +00:00
Dr. Stephen Henson
58b75e9c26 PR: 2482 
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Don't allow inverted ranges in RFC3779 code, discovered by Frank Ellermann.
 2011-10-09 00:56:52 +00:00
Dr. Stephen Henson
df6de39fe7 Change AR to ARX to allow exclusion of fips object modules 2011-01-26 16:08:08 +00:00
Dr. Stephen Henson
09d84e03e8 oops missed an assert 2011-01-03 12:54:08 +00:00
Dr. Stephen Henson
85881c1d92 PR: 2411 
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Fix corner cases in RFC3779 code.
 2011-01-03 01:40:53 +00:00
Dr. Stephen Henson
e82f75577b PR: 2410 
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Use OPENSSL_assert() instead of assert().
 2011-01-03 01:22:41 +00:00
Dr. Stephen Henson
776654adff PR: 2295 
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve

OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.
 2010-10-11 23:49:22 +00:00
Ben Laurie
c8bbd98a2b Fix warnings. 2010-06-12 14:13:23 +00:00
Dr. Stephen Henson
ca96d38981 PR: 2251 
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org

Memleak, BIO chain leak and realloc checks in v3_pci.c
 2010-05-22 00:30:41 +00:00
Dr. Stephen Henson
b5cfc2f590 option to replace extensions with new ones: mainly for creating cross-certificates 2010-03-03 20:13:30 +00:00
Dr. Stephen Henson
ebaa2cf5b2 PR: 2183 
PR#1999 broke fork detection by assuming HAVE_FORK was set for all platforms.
Include original HAVE_FORK detection logic while allowing it to be
overridden on specific platforms with -DHAVE_FORK=1 or -DHAVE_FORK=0
 2010-03-03 19:56:34 +00:00
Dr. Stephen Henson
b1efb7161f Include self-signed flag in certificates by checking SKID/AKID as well 
as issuer and subject names. Although this is an incompatible change
it should have little impact in pratice because self-issued certificates
that are not self-signed are rarely encountered.
 2010-02-25 00:01:38 +00:00
Dr. Stephen Henson
df4c395c6d add anyExtendedKeyUsage OID 2010-02-24 15:53:58 +00:00
Dr. Stephen Henson
64f0f80eb6 PR: 2057 
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct BIO_write, BIO_printf, i2a_ASN1_INTEGER and i2a_ASN1_OBJECT
error handling in OCSP print routines.
 2009-09-30 23:55:53 +00:00
Dr. Stephen Henson
b6dcdbfc94 Audit libcrypto for unchecked return values: fix all cases enountered 2009-09-23 23:43:49 +00:00
Dr. Stephen Henson
38663fcc82 Missing break. 2009-08-31 22:19:26 +00:00
Dr. Stephen Henson
c869da8839 Update from 1.0.0-stable 2009-07-27 21:10:00 +00:00
Dr. Stephen Henson
8132d3ac40 Update from 1.0.0-stable. 2009-05-30 18:11:26 +00:00
Andy Polyakov
051742fb6c v3_alt.c: otherName parsing fix. 
Submitted by: Love Hörnquist Åstrand
 2009-04-27 19:35:16 +00:00
Dr. Stephen Henson
8711efb498 Updates from 1.0.0-stable branch. 2009-04-20 11:33:12 +00:00
Dr. Stephen Henson
e5fa864f62 Updates from 1.0.0-stable. 2009-04-15 15:27:03 +00:00
Dr. Stephen Henson
22c98d4aad Update from 1.0.0-stable 2009-04-08 16:16:35 +00:00
Dr. Stephen Henson
06ddf8eb08 Updates from 1.0.0-stable 2009-04-04 19:54:06 +00:00
Dr. Stephen Henson
14023fe352 Merge from 1.0.0-stable branch. 2009-04-03 11:45:19 +00:00
Dr. Stephen Henson
ef8e772805 Use OPENSSL_assert() instead of assert. 2009-03-15 14:04:42 +00:00
Dr. Stephen Henson
e39acc1c90 PR: 1864 
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Reviewed by: steve@openssl.org

Check return value.
 2009-03-14 12:39:05 +00:00
Dr. Stephen Henson
a0b76569b2 Update from stable branch. 2009-03-14 12:26:48 +00:00
Ben Laurie
c2a548a884 Print IPv6 all 0s correctly (Rob Austein). 2009-03-08 10:54:45 +00:00
Dr. Stephen Henson
477fd4596f PR: 1835 
Submitted by: Damien Miller <djm@mindrot.org>
Approved by: steve@openssl.org

Fix various typos.
 2009-02-14 21:49:38 +00:00
Richard Levitte
2e6a7b3efc Constify where needed 2008-12-16 13:41:49 +00:00
Dr. Stephen Henson
9d44cd1642 Oops should check zero_pos >= 0. 2008-12-08 19:13:06 +00:00
Dr. Stephen Henson
1d4e879106 Handle case where v6stat.zero_pos == 0 correctly. 
Reported by: Kurt Roeckx <kurt@roeckx.be>, Tobias Ginzler <ginzler@fgan.de> (Debian bug #506111)
 2008-12-07 23:58:44 +00:00
Dr. Stephen Henson
e9afa08cd1 Update from stable branch. 2008-11-30 16:09:04 +00:00
Dr. Stephen Henson
2e5975285e Update obsolete email address... 2008-11-05 18:39:08 +00:00
Dr. Stephen Henson
e19106f5fb Create function of the form OBJ_bsearch_xxx() in bsearch typesafe macros 
with the appropriate parameters which calls OBJ_bsearch(). A compiler will
typically inline this.

This avoids the need for cmp_xxx variables and fixes unchecked const issues
with CHECKED_PTR_OF()
 2008-10-22 15:43:01 +00:00
Ben Laurie
28b6d5020e Set comparison function in v3_add_canonize(). 2008-10-14 19:27:07 +00:00
Ben Laurie
babb379849 Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
Geoff Thorpe
fa0f834c20 Fix build warnings. 2008-09-15 04:02:37 +00:00
Dr. Stephen Henson
d43c4497ce Initial support for delta CRLs. If "use deltas" flag is set attempt to find 
a delta CRL in addition to a full CRL. Check and search delta in addition to
the base.
 2008-09-01 15:15:16 +00:00
Dr. Stephen Henson
4b96839f06 Add support for CRLs partitioned by reason code. 
Tidy CRL scoring system.

Add new CRL path validation error.
 2008-08-29 11:37:21 +00:00
Dr. Stephen Henson
249a77f5fb Add support for freshest CRL extension. 2008-08-27 15:52:05 +00:00
Dr. Stephen Henson
8c9bd89338 Support for certificateIssuer CRL entry extension. 2008-08-18 16:48:47 +00:00
Dr. Stephen Henson
002e66c0e8 Support for policy mappings extension. 
Delete X509_POLICY_REF code.

Fix handling of invalid policy extensions to return the correct error.

Add command line option to inhibit policy mappings.
 2008-08-12 10:32:56 +00:00
Dr. Stephen Henson
e9746e03ee Initial support for name constraints certificate extension. 
TODO: robustness checking on name forms.
 2008-08-08 15:35:29 +00:00
Dr. Stephen Henson
3e727a3b37 Add support for nameRelativeToCRLIssuer field in distribution point name 
fields.
 2008-08-04 15:34:27 +00:00
Dr. Stephen Henson
a9ff742e42 Make explicit_policy handling match expected RFC3280 behaviour. 2008-08-02 11:16:35 +00:00
Dr. Stephen Henson
592a207b94 Policy validation fixes. 
Inhibit any policy count should ignore self issued certificates.
Require explicit policy is the number certificate before an explict policy
is required.
 2008-07-30 15:41:42 +00:00
Dr. Stephen Henson
34d05a4023 Zero is a valid value for any_skip and map_skip 2008-07-13 22:38:18 +00:00
Dr. Stephen Henson
dcc0c29876 We support inhibit any policy extension, add to table. 2008-07-13 15:55:37 +00:00
Dr. Stephen Henson
db50661fce X509 verification fixes. 
Ignore self issued certificates when checking path length constraints.

Duplicate OIDs in policy tree in case they are allocated.

Use anyPolicy from certificate cache and not current tree level.
 2008-07-13 14:25:36 +00:00
Dr. Stephen Henson
d4cdbab99b Avoid warnings with -pedantic, specifically: 
Conversion between void * and function pointer.
Value computed not used.
Signed/unsigned argument.
 2008-07-04 23:12:52 +00:00
Ben Laurie
5ce278a77b More type-checking. 2008-06-04 11:01:43 +00:00
Ben Laurie
3c1d6bbc92 LHASH revamp. make depend. 2008-05-26 11:24:29 +00:00
Dr. Stephen Henson
a5cdb7d5bd Avoid warnings. 2008-04-01 16:29:42 +00:00
Dr. Stephen Henson
f4cc56f494 Signed Receipt Request utility functions and option on CMS utility to 
print out receipt requests.
 2008-03-26 13:10:21 +00:00
Dr. Stephen Henson
be86c7fc87 Add signed receipt ASN1 structures. Initial GENERAL_NAME utility functions. 2008-03-24 22:14:02 +00:00
Dr. Stephen Henson
67c8e7f414 Support for certificate status TLS extension. 2007-09-26 21:56:59 +00:00
Dr. Stephen Henson
a6fbcb4220 Change safestack reimplementation to match 0.9.8. 
Fix additional gcc 4.2 value not used warnings.
 2007-09-07 13:25:15 +00:00
Dr. Stephen Henson
3c07d3a3d3 Finish gcc 4.2 changes. 2007-06-07 13:14:42 +00:00
Dr. Stephen Henson
376bf1d4aa Constification. 2007-04-11 12:26:53 +00:00
Dr. Stephen Henson
bbb5cf05db Fix from stable branch. 2007-03-05 00:09:08 +00:00
Dr. Stephen Henson
af32f9fdda Update from fips2 branch. 2007-02-03 17:32:49 +00:00
Dr. Stephen Henson
560b79cbff Constify version strings and some structures. 2007-01-21 13:07:17 +00:00
Richard Levitte
ea46f5e0e5 Replace strdup() with BUF_strdup(). 2006-12-25 09:43:46 +00:00
Nils Larsch
360ff3cf58 fix order 2006-12-18 22:20:27 +00:00
Dr. Stephen Henson
10ca15f3fa Fix change to OPENSSL_NO_RFC3779 2006-12-06 13:36:48 +00:00
Dr. Stephen Henson
d137b56a5b Win32 fixes from stable branch. 2006-11-30 13:39:34 +00:00
Ben Laurie
96ea4ae91c Add RFC 3779 support. 2006-11-27 14:18:05 +00:00
Dr. Stephen Henson
47a9d527ab Update from 0.9.8 stable. Eliminate duplicate error codes. 2006-11-21 21:29:44 +00:00
Dr. Stephen Henson
55a08fac68 Typo. 2006-10-05 21:59:50 +00:00
Dr. Stephen Henson
bc7535bc7f Support for AKID in CRLs and partial support for IDP. Overhaul of CRL 
handling to support this.
 2006-09-14 17:25:02 +00:00
Dr. Stephen Henson
4d50a2b4d6 Add verify callback functions to lookup a STACK of matching certs or CRLs 
based on subject name.

New thread safe functions to retrieve matching STACK from X509_STORE.

Cache some IDP components.
 2006-09-10 12:38:37 +00:00
Dr. Stephen Henson
edc540211c Cache some CRL related extensions. 2006-07-24 12:39:22 +00:00
Ulf Möller
c3bb1f8166 unused function 2006-03-06 17:58:25 +00:00
Nils Larsch
95a0e8ab31 fix warning 2006-02-13 08:45:53 +00:00
Ulf Möller
c7235be6e3 RFC 3161 compliant time stamp request creation, response generation 
and response verification.

Submitted by: Zoltan Glozik <zglozik@opentsa.org>
Reviewed by: Ulf Moeller
 2006-02-12 23:11:56 +00:00
Dr. Stephen Henson
15ac971681 Update filenames in makefiles. 2006-02-04 01:45:59 +00:00
Nils Larsch
8c5a2bd6bb add additional checks + cleanup 
Submitted by: David Hartman <david_hartman@symantec.com>
 2006-01-29 23:12:22 +00:00
Bodo Möller
51eb1b81f6 Avoid contradictive error code assignments. 
"make errors".
 2006-01-08 21:54:24 +00:00
Nils Larsch
53b38d37a9 fix potential memory leak + improved error checking 
PR: 1182
 2005-08-05 09:42:45 +00:00
Nils Larsch
c755c5fd8b improved error checking and some fixes 
PR: 1170
Submitted by: Yair Elharrar
Reviewed and edited by: Nils Larsch
 2005-07-26 21:10:34 +00:00
Dr. Stephen Henson
8eb7217580 Add declaration for IDP ASN1 functions. 2005-07-26 11:43:11 +00:00
Dr. Stephen Henson
0537f9689c Add support for setting IDP too. 2005-07-25 22:35:36 +00:00
Dr. Stephen Henson
0c010a1517 Don't use @syntax for extended CRLDP format. 2005-07-25 18:55:40 +00:00
Dr. Stephen Henson
0745d0892d Allow setting of all fields in CRLDP. Few cosmetic changes to output. 2005-07-25 18:42:29 +00:00
Dr. Stephen Henson
5e64f8c44c Typo which prevents mult valued RDNs being created. 2005-07-25 18:39:44 +00:00
Dr. Stephen Henson
9aa9d70ddb Print out previously unsupported fields in CRLDP by i2r instead of i2v. 
Cosmetic changes to IDP printout.
 2005-07-24 00:23:57 +00:00
Dr. Stephen Henson
231493c93c Initial print only support for IDP CRL extension. 2005-07-23 23:33:06 +00:00
Dr. Stephen Henson
f5d51a9362 Fix extension ordering. 2005-06-22 13:26:23 +00:00
Andy Polyakov
ce92b6eb9c Further BUILDENV refinement, further fool-proofing of Makefiles and 
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342.
 2005-05-16 16:55:47 +00:00
Andy Polyakov
81a86fcf17 Fool-proofing Makefiles 2005-05-15 22:23:26 +00:00
Bodo Möller
8afca8d9c6 Fix more error codes. 
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
 2005-05-11 03:45:39 +00:00
Dr. Stephen Henson
29dc350813 Rebuild error codes. 2005-04-12 16:15:22 +00:00