Dr. Stephen Henson
|
a4c4a7d5ca
|
stop warning when compiling with no-comp
|
2012-12-29 23:37:56 +00:00 |
|
Dr. Stephen Henson
|
bdcf772aa5
|
Portability fix: use BIO_snprintf and pick up strcasecmp alternative
definitions from e_os.h
|
2012-12-26 23:51:56 +00:00 |
|
Dr. Stephen Henson
|
89a5e2f704
|
missing tab
|
2012-12-26 19:12:57 +00:00 |
|
Dr. Stephen Henson
|
024e6fed62
|
typo
|
2012-12-26 15:23:42 +00:00 |
|
Dr. Stephen Henson
|
48b0951681
|
Fix tocsp: we don't need -trust_other any more.
Fix typo.
|
2012-12-21 18:32:33 +00:00 |
|
Dr. Stephen Henson
|
2dabd82236
|
Make partial chain checking work if we only have the EE certificate in
the trust store.
|
2012-12-21 18:31:32 +00:00 |
|
Dr. Stephen Henson
|
09d0d67c13
|
add missing newline
|
2012-12-21 16:24:48 +00:00 |
|
Dr. Stephen Henson
|
0028a23b9f
|
revert OCSP_basic_verify changes: they aren't needed now we support partial chain verification and can pass verify options to ocsp utility
|
2012-12-20 18:51:00 +00:00 |
|
Dr. Stephen Henson
|
032b33059e
|
Update test OCSP script "tocsp" to use shell functions and to use
December 17th as check date to avoid certificate expiry errors.
|
2012-12-20 18:48:11 +00:00 |
|
Andy Polyakov
|
3a3f964eda
|
gost_crypt.c: more intuitive ceiling.
|
2012-12-19 17:24:46 +00:00 |
|
Dr. Stephen Henson
|
b7d1a1af76
|
correct CHANGES
|
2012-12-19 14:34:39 +00:00 |
|
Andy Polyakov
|
8cfb6411ff
|
engines/cchost/gost_crypt.c: fix typo.
|
2012-12-19 11:06:00 +00:00 |
|
Andy Polyakov
|
2c0093d294
|
engines/e_capi.c: fix typo.
Submitted by: Pierre Delaage
|
2012-12-19 10:54:47 +00:00 |
|
Andy Polyakov
|
947e129219
|
engine/cchost: fix bugs.
PR: 2821
Submitted by: Dmitry Belyavsky, Serguei Leontiev
|
2012-12-19 10:45:13 +00:00 |
|
Andy Polyakov
|
0a2d5003df
|
dso/dso_win32.c: fix compiler warning.
|
2012-12-18 18:19:54 +00:00 |
|
Andy Polyakov
|
fb0a520897
|
util/pl/VC-32.pl fix typo.
|
2012-12-18 18:07:20 +00:00 |
|
Dr. Stephen Henson
|
230ec17d74
|
Use client version when deciding which cipher suites to disable.
|
2012-12-18 13:25:47 +00:00 |
|
Andy Polyakov
|
668bcfd5ca
|
util/pl/VC-32.pl: refresh, switch to ws2, add crypt32, fix typo (based on
suggestions from Pierre Delaage).
|
2012-12-18 09:42:31 +00:00 |
|
Andy Polyakov
|
8774f78d1b
|
VC-32.pl: fix typo.
Submitted by: Pierre Delaage
|
2012-12-16 19:39:24 +00:00 |
|
Andy Polyakov
|
f469880c61
|
d1_lib.c,bss_dgram.c: eliminate dependency on _ftime.
|
2012-12-16 19:02:59 +00:00 |
|
Dr. Stephen Henson
|
bbdfbacdef
|
add -rmd option to set OCSP response signing digest
|
2012-12-16 00:10:03 +00:00 |
|
Dr. Stephen Henson
|
e9754726d2
|
Check chain is not NULL before assuming we have a validated chain.
The modification to the OCSP helper purpose breaks normal OCSP verification.
It is no longer needed now we can trust partial chains.
|
2012-12-15 02:58:00 +00:00 |
|
Dr. Stephen Henson
|
99fc818e93
|
Return success when the responder is active.
Don't verify our own responses.
|
2012-12-15 02:56:02 +00:00 |
|
Dr. Stephen Henson
|
265f835e3e
|
typo
|
2012-12-15 00:29:12 +00:00 |
|
Dr. Stephen Henson
|
33826fd028
|
Add support for '-' as input and output filenames in ocsp utility.
Recognise verification arguments.
|
2012-12-14 23:30:56 +00:00 |
|
Dr. Stephen Henson
|
92821996de
|
oops, revert, committed in error
|
2012-12-14 23:29:58 +00:00 |
|
Dr. Stephen Henson
|
11e2957d5f
|
apps/ocsp.c
|
2012-12-14 23:28:19 +00:00 |
|
Ben Laurie
|
3a778a2913
|
Documentation improvements by Chris Palmer (Google).
|
2012-12-14 13:28:49 +00:00 |
|
Andy Polyakov
|
4d2654783c
|
fips/fipsld: improve cross-compile support.
|
2012-12-13 22:51:01 +00:00 |
|
Dr. Stephen Henson
|
2a21cdbe6b
|
Use new partial chain flag instead of modifying input parameters.
|
2012-12-13 18:20:47 +00:00 |
|
Dr. Stephen Henson
|
51e7a4378a
|
New verify flag to return success if we have any certificate in the
trusted store instead of the default which is to return an error if
we can't build the complete chain.
|
2012-12-13 18:14:46 +00:00 |
|
Ben Laurie
|
74cc3b583d
|
Document -pubkey.
|
2012-12-13 16:17:55 +00:00 |
|
Ben Laurie
|
e7cf2b1022
|
Improve my 64-bit debug target.
|
2012-12-12 14:14:43 +00:00 |
|
Dr. Stephen Henson
|
60938ae772
|
add -crl_download option to s_server
|
2012-12-12 03:35:31 +00:00 |
|
Dr. Stephen Henson
|
4e71d95260
|
add -cert_chain option to s_client
|
2012-12-12 00:50:26 +00:00 |
|
Ben Laurie
|
fefc111a2a
|
Make openssl verify return errors.
|
2012-12-11 16:05:14 +00:00 |
|
Ben Laurie
|
b204ab6506
|
Update ignores.
|
2012-12-11 15:52:10 +00:00 |
|
Ben Laurie
|
ec40e5ff42
|
Tabification. Remove accidental duplication.
|
2012-12-10 16:52:17 +00:00 |
|
Dr. Stephen Henson
|
b34aa49c25
|
revert SUITEB128ONLY patch, anything wanting to use P-384 can use SUITEB128 instead
|
2012-12-10 02:02:16 +00:00 |
|
Dr. Stephen Henson
|
1e8b9e7e69
|
add -badsig option to ocsp utility too.
|
2012-12-09 16:21:46 +00:00 |
|
Dr. Stephen Henson
|
d372d36592
|
allow ECDSA+SHA384 signature algorithm in SUITEB128ONLY mode
|
2012-12-09 16:03:34 +00:00 |
|
Dr. Stephen Henson
|
36b5bb6f2f
|
send out the raw SSL/TLS headers to the msg_callback and display them in SSL_trace
|
2012-12-07 23:42:33 +00:00 |
|
Ben Laurie
|
30c278aa6b
|
Fix OCSP checking.
|
2012-12-07 18:47:47 +00:00 |
|
Dr. Stephen Henson
|
083bec780d
|
typo
|
2012-12-07 13:23:49 +00:00 |
|
Dr. Stephen Henson
|
1edf8f1b4e
|
really fix automatic ;-)
|
2012-12-07 12:41:13 +00:00 |
|
Dr. Stephen Henson
|
65f2a56580
|
documentation fixes
|
2012-12-06 23:26:11 +00:00 |
|
Dr. Stephen Henson
|
f1f5c70a04
|
fix handling of "automatic" in file mode
|
2012-12-06 21:53:05 +00:00 |
|
Dr. Stephen Henson
|
0090a686c0
|
Add code to download CRLs based on CRLDP extension.
Just a sample, real world applications would have to be cleverer.
|
2012-12-06 18:43:40 +00:00 |
|
Dr. Stephen Henson
|
f5a7d5b164
|
remove print_ssl_cert_checks() from openssl application: it is no longer used
|
2012-12-06 18:36:51 +00:00 |
|
Dr. Stephen Henson
|
abd2ed012b
|
Fix two bugs which affect delta CRL handling:
Use -1 to check all extensions in CRLs.
Always set flag for freshest CRL.
|
2012-12-06 18:24:28 +00:00 |
|