Commit graph

36 commits

Author SHA1 Message Date
Dr. Stephen Henson
429261d0d8 SSL_CONF additions.
Add support for loading verify and chain stores in SSL_CONF.

Commands to set verify mode and client CA names.

Add documentation.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-07-21 13:56:24 +01:00
Dr. Stephen Henson
f7d5348710 Use uint32_t consistently for flags.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-07-18 13:57:05 +01:00
Matt Caswell
e481f9b90b Remove support for OPENSSL_NO_TLSEXT
Given the pervasive nature of TLS extensions it is inadvisable to run
OpenSSL without support for them. It also means that maintaining
the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably
not well tested). Therefore it is being removed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-22 23:10:51 +01:00
Dr. Stephen Henson
fae4772c24 Add SSL_use_certificate_chain_file function
Add SSL_use_certiicate_chain file functions: this is works the same
way as SSL_CTX_use_certificate_chain_file but for an SSL structure.

Update SSL_CONF code to use the new function.
Update docs.
Update ordinals.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-08 18:43:44 +01:00
Rich Salz
86885c2895 Use "==0" instead of "!strcmp" etc
For the various string-compare routines (strcmp, strcasecmp, str.*cmp)
use "strcmp()==0" instead of "!strcmp()"

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-06 22:37:53 -04:00
Dr. Stephen Henson
656b26055c SSL_CONF table reorganisation.
Add command line switch entries to table and return SSL_CONF_TYPE_NONE for
them in SSL_CONF_cmd_value_type.

Update docs.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-06 14:17:42 +01:00
Rich Salz
b4faea50c3 Use safer sizeof variant in malloc
For a local variable:
        TYPE *p;
Allocations like this are "risky":
        p = OPENSSL_malloc(sizeof(TYPE));
if the type of p changes, and the malloc call isn't updated, you
could get memory corruption.  Instead do this:
        p = OPENSSL_malloc(sizeof(*p));
Also fixed a few memset() calls that I noticed while doing this.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-04 15:00:13 -04:00
Dr. Stephen Henson
b6eb9827a6 Add OSSL_NELEM macro.
Add OSSL_NELEM macro to e_os.h to determine the number of elements in an
array.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-03 12:53:08 +01:00
Rich Salz
b548a1f11c free null cleanup finale
Don't check for NULL before calling OPENSSL_free

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-01 10:02:07 -04:00
Rich Salz
7e1b748570 Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master.  The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt.  Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that.  There have been many other changes and code-cleanup, see
bullet list below.

Special thanks to Matt for the long and detailed code review.

TEMPORARY:
        For now, comment out CRYPTO_mem_leaks() at end of main

Tickets closed:
        RT3515: Use 3DES in pkcs12 if built with no-rc2
        RT1766: s_client -reconnect and -starttls broke
        RT2932: Catch write errors
        RT2604: port should be 'unsigned short'
        RT2983: total_bytes undeclared #ifdef RENEG
        RT1523: Add -nocert to fix output in x509 app
        RT3508: Remove unused variable introduced by b09eb24
        RT3511: doc fix; req default serial is random
        RT1325,2973: Add more extensions to c_rehash
        RT2119,3407: Updated to dgst.pod
        RT2379: Additional typo fix
        RT2693: Extra include of string.h
        RT2880: HFS is case-insensitive filenames
        RT3246: req command prints version number wrong

Other changes; incompatibilities marked with *:
        Add SCSV support
        Add -misalign to speed command
        Make dhparam, dsaparam, ecparam, x509 output C in proper style
        Make some internal ocsp.c functions void
        Only display cert usages with -help in verify
        Use global bio_err, remove "BIO*err" parameter from functions
        For filenames, - always means stdin (or stdout as appropriate)
        Add aliases for -des/aes "wrap" ciphers.
        *Remove support for IISSGC (server gated crypto)
        *The undocumented OCSP -header flag is now "-header name=value"
        *Documented the OCSP -header flag

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 15:26:15 -04:00
Rich Salz
ca3a82c3b3 free NULL cleanup
This commit handles BIO_ACCEPT_free BIO_CB_FREE BIO_CONNECT_free
BIO_free BIO_free_all BIO_vfree

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-25 11:31:18 -04:00
Dr. Stephen Henson
2011b169fa Support key loading from certificate file
Support loading of key and certificate from the same file if
SSL_CONF_FLAG_REQUIRE_PRIVATE is set. This is done by remembering the
filename used for each certificate type and attempting to load a private
key from the file when SSL_CONF_CTX_finish is called.

Update docs.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-25 14:19:04 +00:00
Rich Salz
d64070838e free NULL cleanup
Start ensuring all OpenSSL "free" routines allow NULL, and remove
any if check before calling them.
This gets DH_free, DSA_free, RSA_free

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-24 23:17:16 -04:00
Rich Salz
10bf4fc2c3 Merge OPENSSL_NO_EC{DH,DSA} into OPENSSL_NO_EC
Suggested by John Foley <foleyj@cisco.com>.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-11 09:29:37 -04:00
Kurt Roeckx
2747d73c14 Fix segfault with empty fields as last in the config.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-24 14:46:50 +01:00
Matt Caswell
0f113f3ee4 Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Kurt Roeckx
995207bedc Allow using -SSLv2 again when setting Protocol in the config.
RT#3625

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-12-15 18:09:53 +01:00
Kurt Roeckx
45f55f6a5b Remove SSLv2 support
The only support for SSLv2 left is receiving a SSLv2 compatible client hello.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-04 11:55:03 +01:00
Dr. Stephen Henson
f0ef019da2 Add -no_resumption_on_reneg to SSL_CONF.
(cherry picked from commit 1f44dac24d)
2014-03-27 16:12:40 +00:00
Dr. Stephen Henson
5b7f36e857 Add ServerInfoFile to SSL_CONF, update docs. 2014-01-03 23:14:23 +00:00
Krzysztof Kwiatkowski
44314cf64d Delete duplicate entry.
PR#3172
2013-11-13 23:48:35 +00:00
Dr. Stephen Henson
a9bc1af984 Add -ecdh_single option.
Add -ecdh_single option to set SSL_OP_SINGLE_ECDH_USE on the command line.
(cherry picked from commit f14a4a861d)
2013-11-01 21:41:52 +00:00
Dr. Stephen Henson
96e16bddb4 Fix warning. 2013-11-01 21:41:52 +00:00
Dr. Stephen Henson
c557f921dc Add SSL_CONF command to set DH Parameters. 2013-10-22 07:38:25 +01:00
Dr. Stephen Henson
abf840e4f7 Fix argument processing. 2013-10-22 05:44:23 +01:00
Dr. Stephen Henson
27f3b65f49 Constification. 2013-10-21 07:19:01 +01:00
Dr. Stephen Henson
ec2f7e568e Extend SSL_CONF
Extend SSL_CONF to return command value types.

Add certificate and key options.

Update documentation.
2013-10-20 22:07:36 +01:00
Dr. Stephen Henson
13af145159 Typo. 2013-10-20 22:07:36 +01:00
Dr. Stephen Henson
14536c8c9c Make no-ec compilation work. 2013-08-17 17:41:13 +01:00
Dr. Stephen Henson
1edf8f1b4e really fix automatic ;-) 2012-12-07 12:41:13 +00:00
Dr. Stephen Henson
f1f5c70a04 fix handling of "automatic" in file mode 2012-12-06 21:53:05 +00:00
Dr. Stephen Henson
4842dde80c return error if Suite B mode is selected and TLS 1.2 can't be used. Correct error coded 2012-12-01 18:33:21 +00:00
Dr. Stephen Henson
2588d4ca41 curves can be set in both client and server 2012-11-21 17:01:46 +00:00
Dr. Stephen Henson
878b5d07ef use correct return values when callin cmd 2012-11-21 16:59:33 +00:00
Dr. Stephen Henson
ddd13d677b fix typo and warning 2012-11-19 02:46:46 +00:00
Dr. Stephen Henson
3db935a9e5 add SSL_CONF functions and documentation 2012-11-16 19:12:24 +00:00