wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
3443 commits 20 branches 302 tags 153 MiB
Commit graph

557 commits

Author SHA1 Message Date
Bodo Möller
50b8ba0201 avoid buffer overflow 2001-03-31 07:48:07 +00:00
Bodo Möller
b10ae320f7 this time *really* fix the /../ check ... 2001-03-30 14:55:50 +00:00
Bodo Möller
5d3ab9b096 For -WWW, fix test for ".." directory references (and avoid warning for 
index -1).
 2001-03-30 10:47:21 +00:00
Richard Levitte
812cb5638c make update 2001-03-24 12:39:59 +00:00
Bodo Möller
f89aebb1c4 Add missing '#ifndef OPENSSL_NO_DSA'. 2001-03-22 15:06:19 +00:00
Richard Levitte
51740b12ae Correct a typo which might have lead to a dump. 
Noted by Martin Kraemer <Martin.Kraemer@Fujitsu-Siemens.com>
 2001-03-16 10:30:10 +00:00
Dr. Stephen Henson
791bd0cd2b Add copy_extensions option to 'ca' utility. 2001-03-16 02:04:17 +00:00
Dr. Stephen Henson
e890dcdb19 Add 'align' option to nameopt. 
Add default values for display by the 'ca' utility
to openssl.cnf

Update docs.
 2001-03-15 22:45:20 +00:00
Dr. Stephen Henson
535d79da63 Overhaul the display of certificate details in 
the 'ca' utility. This can now be extensively
customised in the configuration file and handles
multibyte strings and extensions properly.

This is required when extensions copying from
certificate requests is supported: the user
must be able to view the extensions before
allowing a certificate to be issued.
 2001-03-15 19:13:40 +00:00
Dr. Stephen Henson
0a3ea5d34a Document the -certopt option to the x509 utility. 
Add no_issuer option.

Fix X509_print_ex() so it prints out newlines when
certain fields are omitted.
 2001-03-15 01:15:54 +00:00
Bodo Möller
cad4b840c8 Fix: return 0 if no error occured. 2001-03-13 22:17:10 +00:00
Bodo Möller
10654d3a74 Forcibly enable memory leak checking during "make test" 2001-03-11 14:49:46 +00:00
Richard Levitte
251cb4cfed For some experiments, it is sometimes nice to serve files with complete 
HTTP responses.
 2001-03-10 16:20:52 +00:00
Dr. Stephen Henson
1358835050 Change the EVP_somecipher() and EVP_somedigest() 
functions to return constant EVP_MD and EVP_CIPHER
pointers.

Update docs.
 2001-03-09 02:51:02 +00:00
Bodo Möller
a75d8bebd2 Bugfix: previously the serial number file could turn negative 
because an incompletely initialized ASN1_INTEGER was used.
 2001-03-08 19:13:24 +00:00
Bodo Möller
3285076c8e Integrate ec_err.[co]. 
"make depend"
 2001-03-08 12:30:12 +00:00
Richard Levitte
70d70a3c81 Code for better build under Darwin (MacOS X). 
Submitted by Brad Dominy <jdominy@darwinuser.org>
 2001-03-07 10:04:00 +00:00
Bodo Möller
65e8167079 Move ec.h to ec2.h because it is not compatible with what we will use. 
Add EC vaporware: change relevant Makefiles and add some empty source
files.

"make update".
 2001-03-05 20:13:37 +00:00
Bodo Möller
bad4058574 New option '-subj arg' for 'openssl req' and 'openssl ca'. This 
sets the subject name for a new request or supersedes the
subject name in a given request.

Add options '-batch' and '-verbose' to 'openssl req'.

Submitted by: Massimiliano Pala <madwolf@hackmasters.net>
Reviewed by: Bodo Moeller
 2001-03-05 11:09:43 +00:00
Bodo Möller
d8c2adae57 increase emailAddress_max 2001-03-04 01:33:55 +00:00
Richard Levitte
7f19d42e9d MacOSX doesn't have ftime(). 
Spotted by Pieter Bowman <bowman@math.utah.edu>
 2001-02-27 08:14:32 +00:00
Dr. Stephen Henson
f196522159 New function and options to check OCSP response validity. 2001-02-24 13:50:06 +00:00
Geoff Thorpe
e3a9164073 I missed one. 2001-02-23 00:09:50 +00:00
Richard Levitte
41d2a336ee e_os.h does not belong with the exported headers. Do not put it there 
and make all files the depend on it include it without prefixing it
with openssl/.

This means that all Makefiles will have $(TOP) as one of the include
directories.
 2001-02-22 14:45:02 +00:00
Richard Levitte
19f2192136 Windows does not know of strigs.h or strcasecmp, so when in Windows, 
make strcasecmp a macro to _stricmp.
 2001-02-22 14:21:06 +00:00
Geoff Thorpe
1aa0d94781 This adds command-line support to s_server for controlling the generation 
of session IDs. Namely, passing "-id_prefix <text>" will set a
generate_session_id() callback that generates session IDs as random data
with <text> block-copied over the top of the start of the ID. This can be
viewed by watching the session ID s_client's output when it connects.

This is mostly useful for testing any SSL/TLS code (eg. proxies) that wish
to deal with multiple servers, when each of which might be generating a
unique range of session IDs (eg. with a certain prefix).
 2001-02-21 18:38:48 +00:00
Richard Levitte
14565bedaf Some functions, like strdup() and strcasecmp(), are defined in 
strings.h according to X/Open.
 2001-02-20 19:05:59 +00:00
Richard Levitte
02cc82ff8a I forgot there was a reason why the inclusions and definition of u_int 
was made in a certain sequence.  This change restores the earlier
"chain of command".
 2001-02-20 17:37:02 +00:00
Richard Levitte
38f3b3e29c OpenVMS catches up. 2001-02-20 17:14:30 +00:00
Richard Levitte
be1bd9239f Get e_os2.h to get all the system definitions correctly. 2001-02-20 14:07:03 +00:00
Dr. Stephen Henson
569afce4b0 Fix typo. 2001-02-20 13:30:28 +00:00
Richard Levitte
56dde3ebe6 Include opensslconf.h or the like early to make sure system macros get 
correctly defined.
 2001-02-20 13:11:54 +00:00
Bodo Möller
ff055b5c89 honour '-no_tmp_rsa' 2001-02-20 12:59:48 +00:00
Richard Levitte
bc36ee6227 Use new-style system-id macros everywhere possible. I hope I haven't 
missed any.

This compiles and runs on Linux, and external applications have no
problems with it.  The definite test will be to build this on VMS.
 2001-02-20 08:13:47 +00:00
Ulf Möller
28143c66e1 Fix warning. 2001-02-20 00:43:03 +00:00
Richard Levitte
cf1b7d9664 Make all configuration macros available for application by making 
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.

I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
 2001-02-19 16:06:34 +00:00
Richard Levitte
07247321c6 make update 2001-02-19 14:00:38 +00:00
Dr. Stephen Henson
acba75c59d New -set_serial options to 'req' and 'x509'. 
Remove the old broken bio read of serial numbers in the 'ca' index
file. This would choke if a revoked certificate was specified with
a negative serial number.

Fix typo in uid.c
 2001-02-19 13:38:32 +00:00
Dr. Stephen Henson
a6b7ffddac New options to 'ca' utility to support CRL entry extensions. 
Add revelant new X509V3 extensions.

Add OIDs.

Fix ASN1 memory leak code to pop info if external allocation used.
 2001-02-16 01:35:44 +00:00
Lutz Jänicke
52b621db88 Add "-rand" option to s_client and s_server. 2001-02-15 10:22:07 +00:00
Dr. Stephen Henson
f2e5ca84d4 Option to disable standard block padding with EVP API. 
Add -nopad option to enc command.

Update docs.
 2001-02-14 02:11:52 +00:00
Dr. Stephen Henson
cdc7b8cc60 Initial OCSP SSL support. 2001-02-14 01:12:41 +00:00
Dr. Stephen Henson
67c1801924 New function OCSP_parse_url() and -url option for ocsp utility. 
Doesn't handle SSL URLs yet.
 2001-02-13 00:37:44 +00:00
Dr. Stephen Henson
46a58ab946 Modify OCSP nonce behaviour. 2001-02-12 23:28:45 +00:00
Bodo Möller
620cea37e0 disable stdin buffering in load_cert 2001-02-10 13:12:35 +00:00
Bodo Möller
c15e036398 use case-insensitive comparison in set_table_opts 
(similar to how arguments such as -inform/-outform specifications
are treated)
 2001-02-10 11:21:29 +00:00
Dr. Stephen Henson
ccb08f98ae Fix CRL printing to correctly show when there are no revoked certificates. 
Make ca.c correctly initialize the revocation date.

Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string() set the
string type: so they can initialize ASN1_TIME structures properly.
 2001-02-10 00:56:45 +00:00
Lutz Jänicke
836f996010 New Option SSL_OP_CIPHER_SERVER_PREFERENCE allows TLS/SSLv3 server to override 
the clients choice; in SSLv2 the client uses the server's preferences.
 2001-02-09 19:56:31 +00:00
Lutz Jänicke
1613c4d3bf Typo 2001-02-09 19:05:49 +00:00
Dr. Stephen Henson
c063f2c5ec Various Win32 related fixed. Make no-krb5 work in mkdef.pl . 
Fix warning in apps/engine.c

Remove definitions of deleted functions.

Add missing definition of X509_VAL.
 2001-02-09 18:16:12 +00:00