wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11418 commits 20 branches 302 tags 153 MiB
Commit graph

11418 commits

This branch
This branch
All branches
Author SHA1 Message Date
Dr. Stephen Henson
abd2ed012b Fix two bugs which affect delta CRL handling: 
Use -1 to check all extensions in CRLs.
Always set flag for freshest CRL.
 2012-12-06 18:24:28 +00:00
Dr. Stephen Henson
3bf15e2974 Integrate host, email and IP address checks into X509_verify. 
Add new verify options to set checks.

Remove previous -check* commands from s_client and s_server.
 2012-12-05 18:35:20 +00:00
Andy Polyakov
8df400cf8d aes-s390x.pl: fix XTS bugs in z196-specific code path. 2012-12-05 17:44:45 +00:00
Dr. Stephen Henson
fbeb85ecb9 don't print verbose policy check messages when -quiet is selected even on error 2012-12-04 23:18:44 +00:00
Andy Polyakov
3766e7ccab ghash-sparcv9.pl: shave off one more xmulx, improve T3 performance by 7%. 2012-12-04 20:21:24 +00:00
Dr. Stephen Henson
2e8cb108dc initial support for delta CRL generations by diffing two full CRLs 2012-12-04 18:35:36 +00:00
Dr. Stephen Henson
256f9573c5 make -subj always override config file 2012-12-04 18:35:04 +00:00
Dr. Stephen Henson
b6b094fb77 check mval for NULL too 2012-12-04 17:25:34 +00:00
Dr. Stephen Henson
0db46a7dd7 fix leak 2012-12-03 16:32:52 +00:00
Dr. Stephen Henson
2537d46903 oops, really check brief mode only ;-) 2012-12-03 03:40:57 +00:00
Dr. Stephen Henson
5447f836a0 don't check errno is zero, just print out message 2012-12-03 03:39:23 +00:00
Dr. Stephen Henson
66d9f2e521 if no error code and -brief selected print out connection closed instead of read error 2012-12-03 03:33:44 +00:00
Dr. Stephen Henson
139cd16cc5 add -badsig option to corrupt CRL signatures for testing too 2012-12-02 16:48:25 +00:00
Dr. Stephen Henson
fdb78f3d88 New option to add CRLs for s_client and s_server. 2012-12-02 16:16:28 +00:00
Dr. Stephen Henson
95ea531864 add option to get a certificate or CRL from a URL 2012-12-02 14:00:22 +00:00
Dr. Stephen Henson
4842dde80c return error if Suite B mode is selected and TLS 1.2 can't be used. Correct error coded 2012-12-01 18:33:21 +00:00
Andy Polyakov
f91926a240 cryptlib.c: fix logical error. 2012-12-01 18:24:20 +00:00
Andy Polyakov
9282c33596 aesni-x86_64.pl: CTR face lift, +25% on Bulldozer. 2012-12-01 18:20:39 +00:00
Andy Polyakov
c3cddeaec8 aes-s390x.pl: harmonize software-only code path [and minor optimization]. 2012-12-01 11:06:19 +00:00
Dr. Stephen Henson
df316fd43c Add new test option set the version in generated certificates: this 
is needed to test some profiles/protocols which reject certificates
with unsupported versions.
 2012-11-30 19:24:13 +00:00
Dr. Stephen Henson
2fceff5ba3 PR: 2803 
Submitted by: jean-etienne.schwartz@bull.net

In OCSP_basic_varify return an error if X509_STORE_CTX_init fails.
 2012-11-29 19:15:14 +00:00
Dr. Stephen Henson
f404278186 add wrapper function for certificate download 2012-11-29 01:15:09 +00:00
Dr. Stephen Henson
68f5500d31 constify 2012-11-29 01:13:38 +00:00
Dr. Stephen Henson
6f9076ff37 Generalise OCSP I/O functions to support dowloading of other ASN1 
structures using HTTP. Add wrapper function to handle CRL download.
 2012-11-28 16:22:53 +00:00
Andy Polyakov
904732f68b C64x+ assembly pack: improve EABI support. 2012-11-28 13:19:10 +00:00
Andy Polyakov
cf5ecc3e1f Update support for Intel compiler: add linux-x86_64-icc and fix problems. 2012-11-28 13:05:13 +00:00
Dr. Stephen Henson
2c340864be New functions to set lookup_crls callback and to retrieve internal X509_STORE 
from X509_STORE_CTX.
 2012-11-27 23:47:48 +00:00
Dr. Stephen Henson
84bafb7471 Print out point format list for clients too. 2012-11-26 18:39:38 +00:00
Dr. Stephen Henson
5087afa108 Use default point formats extension for server side as well as client 
side, if possible.

Don't advertise compressed char2 for SuiteB as it is not supported.
 2012-11-26 18:38:10 +00:00
Dr. Stephen Henson
93c2c9befc change inaccurate error message 2012-11-26 15:47:32 +00:00
Dr. Stephen Henson
d900c0ae14 set auto ecdh parameter selction for Suite B 2012-11-26 15:10:50 +00:00
Dr. Stephen Henson
55b66f084d set cmdline flag in s_server 2012-11-26 12:51:12 +00:00
Dr. Stephen Henson
96cfba0fb4 option to output corrupted signature in certificates for testing purposes 2012-11-25 22:29:52 +00:00
Andy Polyakov
cd68694646 AES for SPARC T4: add XTS, reorder subroutines to improve TLB locality. 2012-11-24 21:55:23 +00:00
Dr. Stephen Henson
1c16fd1f03 add Suite B 128 bit mode offering only combination 2 2012-11-24 00:59:51 +00:00
Dr. Stephen Henson
a5afc0a8f4 Don't display messages about verify depth in s_server if -quiet it set. 
Add support for separate verify and chain stores in s_client.
 2012-11-23 18:56:25 +00:00
Dr. Stephen Henson
20b431e3a9 Add support for printing out and retrieving EC point formats extension. 2012-11-22 15:20:53 +00:00
Dr. Stephen Henson
e83aefb3a0 reject zero length point format list or supported curves extensions 2012-11-22 14:15:44 +00:00
Dr. Stephen Henson
1740c9fbfc support -quiet with -msg or -trace 2012-11-21 17:11:42 +00:00
Dr. Stephen Henson
2588d4ca41 curves can be set in both client and server 2012-11-21 17:01:46 +00:00
Dr. Stephen Henson
878b5d07ef use correct return values when callin cmd 2012-11-21 16:59:33 +00:00
Dr. Stephen Henson
191b3f0ba9 only use a default curve if not already set 2012-11-21 16:47:25 +00:00
Dr. Stephen Henson
46a6cec699 Reorganise parameters for OPENSSL_gmtime_diff. 
Make ASN1_UTCTIME_cmp_time_t more robust by using the new time functions.
 2012-11-21 14:13:20 +00:00
Dr. Stephen Henson
472af806ce Submitted by: Florian Weimer <fweimer@redhat.com> 
PR: 2909

Update test cases to cover internal error return values.

Remove IDNA wildcard filter.
 2012-11-21 14:10:48 +00:00
Dr. Stephen Henson
5c1393bfc3 PR: 2908 
Submitted by: Dmitry Belyavsky <beldmit@gmail.com>

Fix DH double free if parameter generation fails.
 2012-11-21 14:02:40 +00:00
Dr. Stephen Henson
f7ac0ec89d fix printout of expiry days if -enddate is used in ca 2012-11-20 15:22:15 +00:00
Dr. Stephen Henson
598c423e65 don't use psec or pdays if NULL 2012-11-20 15:20:40 +00:00
Dr. Stephen Henson
360ef6769e first parameter is difference in days, not years 2012-11-20 15:19:53 +00:00
Dr. Stephen Henson
13cfb04343 reorganise SSL_CONF_cmd manual page and update some links 2012-11-20 01:01:33 +00:00
Dr. Stephen Henson
22b5d7c80b fix leaks 2012-11-20 00:24:52 +00:00