Dr. Stephen Henson
|
51e7a4378a
|
New verify flag to return success if we have any certificate in the
trusted store instead of the default which is to return an error if
we can't build the complete chain.
|
2012-12-13 18:14:46 +00:00 |
|
Ben Laurie
|
74cc3b583d
|
Document -pubkey.
|
2012-12-13 16:17:55 +00:00 |
|
Ben Laurie
|
e7cf2b1022
|
Improve my 64-bit debug target.
|
2012-12-12 14:14:43 +00:00 |
|
Dr. Stephen Henson
|
60938ae772
|
add -crl_download option to s_server
|
2012-12-12 03:35:31 +00:00 |
|
Dr. Stephen Henson
|
4e71d95260
|
add -cert_chain option to s_client
|
2012-12-12 00:50:26 +00:00 |
|
Ben Laurie
|
fefc111a2a
|
Make openssl verify return errors.
|
2012-12-11 16:05:14 +00:00 |
|
Ben Laurie
|
b204ab6506
|
Update ignores.
|
2012-12-11 15:52:10 +00:00 |
|
Ben Laurie
|
ec40e5ff42
|
Tabification. Remove accidental duplication.
|
2012-12-10 16:52:17 +00:00 |
|
Dr. Stephen Henson
|
b34aa49c25
|
revert SUITEB128ONLY patch, anything wanting to use P-384 can use SUITEB128 instead
|
2012-12-10 02:02:16 +00:00 |
|
Dr. Stephen Henson
|
1e8b9e7e69
|
add -badsig option to ocsp utility too.
|
2012-12-09 16:21:46 +00:00 |
|
Dr. Stephen Henson
|
d372d36592
|
allow ECDSA+SHA384 signature algorithm in SUITEB128ONLY mode
|
2012-12-09 16:03:34 +00:00 |
|
Dr. Stephen Henson
|
36b5bb6f2f
|
send out the raw SSL/TLS headers to the msg_callback and display them in SSL_trace
|
2012-12-07 23:42:33 +00:00 |
|
Ben Laurie
|
30c278aa6b
|
Fix OCSP checking.
|
2012-12-07 18:47:47 +00:00 |
|
Dr. Stephen Henson
|
083bec780d
|
typo
|
2012-12-07 13:23:49 +00:00 |
|
Dr. Stephen Henson
|
1edf8f1b4e
|
really fix automatic ;-)
|
2012-12-07 12:41:13 +00:00 |
|
Dr. Stephen Henson
|
65f2a56580
|
documentation fixes
|
2012-12-06 23:26:11 +00:00 |
|
Dr. Stephen Henson
|
f1f5c70a04
|
fix handling of "automatic" in file mode
|
2012-12-06 21:53:05 +00:00 |
|
Dr. Stephen Henson
|
0090a686c0
|
Add code to download CRLs based on CRLDP extension.
Just a sample, real world applications would have to be cleverer.
|
2012-12-06 18:43:40 +00:00 |
|
Dr. Stephen Henson
|
f5a7d5b164
|
remove print_ssl_cert_checks() from openssl application: it is no longer used
|
2012-12-06 18:36:51 +00:00 |
|
Dr. Stephen Henson
|
abd2ed012b
|
Fix two bugs which affect delta CRL handling:
Use -1 to check all extensions in CRLs.
Always set flag for freshest CRL.
|
2012-12-06 18:24:28 +00:00 |
|
Dr. Stephen Henson
|
3bf15e2974
|
Integrate host, email and IP address checks into X509_verify.
Add new verify options to set checks.
Remove previous -check* commands from s_client and s_server.
|
2012-12-05 18:35:20 +00:00 |
|
Andy Polyakov
|
8df400cf8d
|
aes-s390x.pl: fix XTS bugs in z196-specific code path.
|
2012-12-05 17:44:45 +00:00 |
|
Dr. Stephen Henson
|
fbeb85ecb9
|
don't print verbose policy check messages when -quiet is selected even on error
|
2012-12-04 23:18:44 +00:00 |
|
Andy Polyakov
|
3766e7ccab
|
ghash-sparcv9.pl: shave off one more xmulx, improve T3 performance by 7%.
|
2012-12-04 20:21:24 +00:00 |
|
Dr. Stephen Henson
|
2e8cb108dc
|
initial support for delta CRL generations by diffing two full CRLs
|
2012-12-04 18:35:36 +00:00 |
|
Dr. Stephen Henson
|
256f9573c5
|
make -subj always override config file
|
2012-12-04 18:35:04 +00:00 |
|
Dr. Stephen Henson
|
b6b094fb77
|
check mval for NULL too
|
2012-12-04 17:25:34 +00:00 |
|
Dr. Stephen Henson
|
0db46a7dd7
|
fix leak
|
2012-12-03 16:32:52 +00:00 |
|
Dr. Stephen Henson
|
2537d46903
|
oops, really check brief mode only ;-)
|
2012-12-03 03:40:57 +00:00 |
|
Dr. Stephen Henson
|
5447f836a0
|
don't check errno is zero, just print out message
|
2012-12-03 03:39:23 +00:00 |
|
Dr. Stephen Henson
|
66d9f2e521
|
if no error code and -brief selected print out connection closed instead of read error
|
2012-12-03 03:33:44 +00:00 |
|
Dr. Stephen Henson
|
139cd16cc5
|
add -badsig option to corrupt CRL signatures for testing too
|
2012-12-02 16:48:25 +00:00 |
|
Dr. Stephen Henson
|
fdb78f3d88
|
New option to add CRLs for s_client and s_server.
|
2012-12-02 16:16:28 +00:00 |
|
Dr. Stephen Henson
|
95ea531864
|
add option to get a certificate or CRL from a URL
|
2012-12-02 14:00:22 +00:00 |
|
Dr. Stephen Henson
|
4842dde80c
|
return error if Suite B mode is selected and TLS 1.2 can't be used. Correct error coded
|
2012-12-01 18:33:21 +00:00 |
|
Andy Polyakov
|
f91926a240
|
cryptlib.c: fix logical error.
|
2012-12-01 18:24:20 +00:00 |
|
Andy Polyakov
|
9282c33596
|
aesni-x86_64.pl: CTR face lift, +25% on Bulldozer.
|
2012-12-01 18:20:39 +00:00 |
|
Andy Polyakov
|
c3cddeaec8
|
aes-s390x.pl: harmonize software-only code path [and minor optimization].
|
2012-12-01 11:06:19 +00:00 |
|
Dr. Stephen Henson
|
df316fd43c
|
Add new test option set the version in generated certificates: this
is needed to test some profiles/protocols which reject certificates
with unsupported versions.
|
2012-11-30 19:24:13 +00:00 |
|
Dr. Stephen Henson
|
2fceff5ba3
|
PR: 2803
Submitted by: jean-etienne.schwartz@bull.net
In OCSP_basic_varify return an error if X509_STORE_CTX_init fails.
|
2012-11-29 19:15:14 +00:00 |
|
Dr. Stephen Henson
|
f404278186
|
add wrapper function for certificate download
|
2012-11-29 01:15:09 +00:00 |
|
Dr. Stephen Henson
|
68f5500d31
|
constify
|
2012-11-29 01:13:38 +00:00 |
|
Dr. Stephen Henson
|
6f9076ff37
|
Generalise OCSP I/O functions to support dowloading of other ASN1
structures using HTTP. Add wrapper function to handle CRL download.
|
2012-11-28 16:22:53 +00:00 |
|
Andy Polyakov
|
904732f68b
|
C64x+ assembly pack: improve EABI support.
|
2012-11-28 13:19:10 +00:00 |
|
Andy Polyakov
|
cf5ecc3e1f
|
Update support for Intel compiler: add linux-x86_64-icc and fix problems.
|
2012-11-28 13:05:13 +00:00 |
|
Dr. Stephen Henson
|
2c340864be
|
New functions to set lookup_crls callback and to retrieve internal X509_STORE
from X509_STORE_CTX.
|
2012-11-27 23:47:48 +00:00 |
|
Dr. Stephen Henson
|
84bafb7471
|
Print out point format list for clients too.
|
2012-11-26 18:39:38 +00:00 |
|
Dr. Stephen Henson
|
5087afa108
|
Use default point formats extension for server side as well as client
side, if possible.
Don't advertise compressed char2 for SuiteB as it is not supported.
|
2012-11-26 18:38:10 +00:00 |
|
Dr. Stephen Henson
|
93c2c9befc
|
change inaccurate error message
|
2012-11-26 15:47:32 +00:00 |
|
Dr. Stephen Henson
|
d900c0ae14
|
set auto ecdh parameter selction for Suite B
|
2012-11-26 15:10:50 +00:00 |
|