Commit graph

11417 commits

Author SHA1 Message Date
Dr. Stephen Henson
a4c4a7d5ca stop warning when compiling with no-comp 2012-12-29 23:37:56 +00:00
Dr. Stephen Henson
bdcf772aa5 Portability fix: use BIO_snprintf and pick up strcasecmp alternative
definitions from e_os.h
2012-12-26 23:51:56 +00:00
Dr. Stephen Henson
89a5e2f704 missing tab 2012-12-26 19:12:57 +00:00
Dr. Stephen Henson
024e6fed62 typo 2012-12-26 15:23:42 +00:00
Dr. Stephen Henson
48b0951681 Fix tocsp: we don't need -trust_other any more.
Fix typo.
2012-12-21 18:32:33 +00:00
Dr. Stephen Henson
2dabd82236 Make partial chain checking work if we only have the EE certificate in
the trust store.
2012-12-21 18:31:32 +00:00
Dr. Stephen Henson
09d0d67c13 add missing newline 2012-12-21 16:24:48 +00:00
Dr. Stephen Henson
0028a23b9f revert OCSP_basic_verify changes: they aren't needed now we support partial chain verification and can pass verify options to ocsp utility 2012-12-20 18:51:00 +00:00
Dr. Stephen Henson
032b33059e Update test OCSP script "tocsp" to use shell functions and to use
December 17th as check date to avoid certificate expiry errors.
2012-12-20 18:48:11 +00:00
Andy Polyakov
3a3f964eda gost_crypt.c: more intuitive ceiling. 2012-12-19 17:24:46 +00:00
Dr. Stephen Henson
b7d1a1af76 correct CHANGES 2012-12-19 14:34:39 +00:00
Andy Polyakov
8cfb6411ff engines/cchost/gost_crypt.c: fix typo. 2012-12-19 11:06:00 +00:00
Andy Polyakov
2c0093d294 engines/e_capi.c: fix typo.
Submitted by: Pierre Delaage
2012-12-19 10:54:47 +00:00
Andy Polyakov
947e129219 engine/cchost: fix bugs.
PR: 2821
Submitted by: Dmitry Belyavsky, Serguei Leontiev
2012-12-19 10:45:13 +00:00
Andy Polyakov
0a2d5003df dso/dso_win32.c: fix compiler warning. 2012-12-18 18:19:54 +00:00
Andy Polyakov
fb0a520897 util/pl/VC-32.pl fix typo. 2012-12-18 18:07:20 +00:00
Dr. Stephen Henson
230ec17d74 Use client version when deciding which cipher suites to disable. 2012-12-18 13:25:47 +00:00
Andy Polyakov
668bcfd5ca util/pl/VC-32.pl: refresh, switch to ws2, add crypt32, fix typo (based on
suggestions from Pierre Delaage).
2012-12-18 09:42:31 +00:00
Andy Polyakov
8774f78d1b VC-32.pl: fix typo.
Submitted by: Pierre Delaage
2012-12-16 19:39:24 +00:00
Andy Polyakov
f469880c61 d1_lib.c,bss_dgram.c: eliminate dependency on _ftime. 2012-12-16 19:02:59 +00:00
Dr. Stephen Henson
bbdfbacdef add -rmd option to set OCSP response signing digest 2012-12-16 00:10:03 +00:00
Dr. Stephen Henson
e9754726d2 Check chain is not NULL before assuming we have a validated chain.
The modification to the OCSP helper purpose breaks normal OCSP verification.
It is no longer needed now we can trust partial chains.
2012-12-15 02:58:00 +00:00
Dr. Stephen Henson
99fc818e93 Return success when the responder is active.
Don't verify our own responses.
2012-12-15 02:56:02 +00:00
Dr. Stephen Henson
265f835e3e typo 2012-12-15 00:29:12 +00:00
Dr. Stephen Henson
33826fd028 Add support for '-' as input and output filenames in ocsp utility.
Recognise verification arguments.
2012-12-14 23:30:56 +00:00
Dr. Stephen Henson
92821996de oops, revert, committed in error 2012-12-14 23:29:58 +00:00
Dr. Stephen Henson
11e2957d5f apps/ocsp.c 2012-12-14 23:28:19 +00:00
Ben Laurie
3a778a2913 Documentation improvements by Chris Palmer (Google). 2012-12-14 13:28:49 +00:00
Andy Polyakov
4d2654783c fips/fipsld: improve cross-compile support. 2012-12-13 22:51:01 +00:00
Dr. Stephen Henson
2a21cdbe6b Use new partial chain flag instead of modifying input parameters. 2012-12-13 18:20:47 +00:00
Dr. Stephen Henson
51e7a4378a New verify flag to return success if we have any certificate in the
trusted store instead of the default which is to return an error if
we can't build the complete chain.
2012-12-13 18:14:46 +00:00
Ben Laurie
74cc3b583d Document -pubkey. 2012-12-13 16:17:55 +00:00
Ben Laurie
e7cf2b1022 Improve my 64-bit debug target. 2012-12-12 14:14:43 +00:00
Dr. Stephen Henson
60938ae772 add -crl_download option to s_server 2012-12-12 03:35:31 +00:00
Dr. Stephen Henson
4e71d95260 add -cert_chain option to s_client 2012-12-12 00:50:26 +00:00
Ben Laurie
fefc111a2a Make openssl verify return errors. 2012-12-11 16:05:14 +00:00
Ben Laurie
b204ab6506 Update ignores. 2012-12-11 15:52:10 +00:00
Ben Laurie
ec40e5ff42 Tabification. Remove accidental duplication. 2012-12-10 16:52:17 +00:00
Dr. Stephen Henson
b34aa49c25 revert SUITEB128ONLY patch, anything wanting to use P-384 can use SUITEB128 instead 2012-12-10 02:02:16 +00:00
Dr. Stephen Henson
1e8b9e7e69 add -badsig option to ocsp utility too. 2012-12-09 16:21:46 +00:00
Dr. Stephen Henson
d372d36592 allow ECDSA+SHA384 signature algorithm in SUITEB128ONLY mode 2012-12-09 16:03:34 +00:00
Dr. Stephen Henson
36b5bb6f2f send out the raw SSL/TLS headers to the msg_callback and display them in SSL_trace 2012-12-07 23:42:33 +00:00
Ben Laurie
30c278aa6b Fix OCSP checking. 2012-12-07 18:47:47 +00:00
Dr. Stephen Henson
083bec780d typo 2012-12-07 13:23:49 +00:00
Dr. Stephen Henson
1edf8f1b4e really fix automatic ;-) 2012-12-07 12:41:13 +00:00
Dr. Stephen Henson
65f2a56580 documentation fixes 2012-12-06 23:26:11 +00:00
Dr. Stephen Henson
f1f5c70a04 fix handling of "automatic" in file mode 2012-12-06 21:53:05 +00:00
Dr. Stephen Henson
0090a686c0 Add code to download CRLs based on CRLDP extension.
Just a sample, real world applications would have to be cleverer.
2012-12-06 18:43:40 +00:00
Dr. Stephen Henson
f5a7d5b164 remove print_ssl_cert_checks() from openssl application: it is no longer used 2012-12-06 18:36:51 +00:00
Dr. Stephen Henson
abd2ed012b Fix two bugs which affect delta CRL handling:
Use -1 to check all extensions in CRLs.
Always set flag for freshest CRL.
2012-12-06 18:24:28 +00:00