Commit graph

422 commits

Author SHA1 Message Date
Bodo Möller
32567c9f3b Fix X509_STORE locking 2010-02-19 18:26:23 +00:00
Dr. Stephen Henson
1699389a46 Tolerate PKCS#8 DSA format with negative private key. 2010-01-22 20:17:30 +00:00
Dr. Stephen Henson
93fac08ec3 PR: 2136
Submitted by: Willy Weisz <weisz@vcpc.univie.ac.at>

Add options to output hash using older algorithm compatible with OpenSSL
versions before 1.0.0
2010-01-12 17:27:11 +00:00
Dr. Stephen Henson
aac751832a PR: 2124
Submitted by: Jan Pechanec <Jan.Pechanec@Sun.COM>

Check for memory allocation failures.
2009-12-09 13:38:20 +00:00
Dr. Stephen Henson
5e8d95f590 PR: 2103
Submitted by: Rob Austein <sra@hactrn.net>
Approved by: steve@openssl.org

Initialise atm.flags to 0.
2009-11-17 13:25:35 +00:00
Dr. Stephen Henson
4a7f7171f5 Add missing functions to allow access to newer X509_STORE_CTX status
information. Add more informative message to verify callback to indicate
when CRL path validation is taking place.
2009-10-31 19:21:47 +00:00
Dr. Stephen Henson
0c2c2e71a6 If not checking all certificates don't attempt to find a CRL
for the leaf certificate of a CRL path.
2009-10-23 12:05:54 +00:00
Dr. Stephen Henson
d1d746afb4 Need to check <= 0 here. 2009-10-22 23:14:12 +00:00
Dr. Stephen Henson
c679fb298e Add new function X509_STORE_set_verify_cb and use it in apps 2009-10-18 14:42:27 +00:00
Dr. Stephen Henson
4b4f249e0d Oops, s can be NULL 2009-09-04 11:31:19 +00:00
Dr. Stephen Henson
e5eb96c83a PR: 2013
Submitted by: steve@openssl.org

Include a flag ASN1_STRING_FLAG_MSTRING when a multi string type is created.
This makes it possible to tell if the underlying type is UTCTime,
GeneralizedTime or Time when the structure is reused and X509_time_adj_ex()
can handle each case in an appropriate manner.

Add error checking to CRL generation in ca utility when nextUpdate is being
set.
2009-09-02 13:55:22 +00:00
Dr. Stephen Henson
43ea53a04a Inherit parameters properly in SSL contexts: any parameters set should
replace those in the current list.
2009-06-30 11:21:00 +00:00
Dr. Stephen Henson
710c1c34d1 Allow checking of self-signed certifictes if a flag is set. 2009-06-26 11:28:52 +00:00
Dr. Stephen Henson
f1ed5fa827 Update from 0.9.8-stable. 2009-06-15 15:00:19 +00:00
Dr. Stephen Henson
f16411ccfd Ensure canonical encodings of X509_NAME structures are valid. 2009-05-30 18:10:59 +00:00
Dr. Stephen Henson
268e78c305 PR: 1899
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org

Check for <= 0 when verifying CRL issuers.
2009-04-15 15:07:09 +00:00
Dr. Stephen Henson
25f6c7fd8b Update from 0.9.8-stable. 2009-04-03 16:54:37 +00:00
Dr. Stephen Henson
237d7b6cae Fix from stable branch. 2009-03-15 13:37:34 +00:00
Dr. Stephen Henson
30e5e39a3d PR: 1778
Increase default verify depth to 100.
2009-02-16 23:23:21 +00:00
Dr. Stephen Henson
b5d5c0a21f PR: 1843
Use correct array size for SHA1 hash.
2009-02-16 21:42:48 +00:00
Dr. Stephen Henson
c2c99e2860 Update certificate hash line format to handle canonical format
and avoid MD5 dependency.
2009-01-15 13:22:39 +00:00
Andy Polyakov
e527201f6b This _WIN32-specific patch makes it possible to "wrap" OpenSSL in another
.DLL, in particular static build. The issue has been discussed in RT#1230
and later on openssl-dev, and mutually exclusive approaches were suggested.
This completes compromise solution suggested in RT#1230.
PR: 1230
2008-12-22 13:54:12 +00:00
Geoff Thorpe
6343829a39 Revert the size_t modifications from HEAD that had led to more
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
2008-11-12 03:58:08 +00:00
Dr. Stephen Henson
2e5975285e Update obsolete email address... 2008-11-05 18:39:08 +00:00
Ben Laurie
5e4430e70d More size_tification. 2008-11-01 16:40:37 +00:00
Dr. Stephen Henson
e19106f5fb Create function of the form OBJ_bsearch_xxx() in bsearch typesafe macros
with the appropriate parameters which calls OBJ_bsearch(). A compiler will
typically inline this.

This avoids the need for cmp_xxx variables and fixes unchecked const issues
with CHECKED_PTR_OF()
2008-10-22 15:43:01 +00:00
Dr. Stephen Henson
606f6c477a Fix a shed load or warnings:
Duplicate const.
Use of ; outside function.
2008-10-20 15:12:00 +00:00
Ben Laurie
babb379849 Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
Dr. Stephen Henson
87d3a0cd90 Experimental new date handling routines. These fix issues with X509_time_adj()
and should avoid any OS date limitations such as the year 2038 bug.
2008-10-07 22:55:27 +00:00
Geoff Thorpe
fa0f834c20 Fix build warnings. 2008-09-15 04:02:37 +00:00
Ben Laurie
43048d13c8 Fix warning. 2008-09-07 13:22:34 +00:00
Dr. Stephen Henson
d43c4497ce Initial support for delta CRLs. If "use deltas" flag is set attempt to find
a delta CRL in addition to a full CRL. Check and search delta in addition to
the base.
2008-09-01 15:15:16 +00:00
Dr. Stephen Henson
4b96839f06 Add support for CRLs partitioned by reason code.
Tidy CRL scoring system.

Add new CRL path validation error.
2008-08-29 11:37:21 +00:00
Dr. Stephen Henson
d0fff69dc9 Initial indirect CRL support. 2008-08-20 16:42:19 +00:00
Dr. Stephen Henson
9d84d4ed5e Initial support for CRL path validation. This supports distinct certificate
and CRL signing keys.
2008-08-13 16:00:11 +00:00
Dr. Stephen Henson
2e0c7db950 Initial code to support distinct certificate and CRL signing keys where the
CRL issuer is not part of the main path.

Not complete yet and not compiled in because the CRL issuer certificate is
not validated.
2008-08-12 16:07:52 +00:00
Dr. Stephen Henson
002e66c0e8 Support for policy mappings extension.
Delete X509_POLICY_REF code.

Fix handling of invalid policy extensions to return the correct error.

Add command line option to inhibit policy mappings.
2008-08-12 10:32:56 +00:00
Dr. Stephen Henson
e9746e03ee Initial support for name constraints certificate extension.
TODO: robustness checking on name forms.
2008-08-08 15:35:29 +00:00
Dr. Stephen Henson
3e727a3b37 Add support for nameRelativeToCRLIssuer field in distribution point name
fields.
2008-08-04 15:34:27 +00:00
Dr. Stephen Henson
5cbd203302 Initial support for alternative CRL issuing certificates.
Allow inibit any policy flag to be set in apps.
2008-07-30 15:49:12 +00:00
Dr. Stephen Henson
db50661fce X509 verification fixes.
Ignore self issued certificates when checking path length constraints.

Duplicate OIDs in policy tree in case they are allocated.

Use anyPolicy from certificate cache and not current tree level.
2008-07-13 14:25:36 +00:00
Dr. Stephen Henson
8528128b2a Update from stable branch. 2008-06-26 23:27:31 +00:00
Dr. Stephen Henson
83574cf808 Fix from stable branch. 2008-05-30 10:57:49 +00:00
Lutz Jänicke
4c1a6e004a Apply mingw patches as supplied by Roumen Petrov an Alon Bar-Lev
PR: 1552
Submitted by: Roumen Petrov <openssl@roumenpetrov.info>, "Alon Bar-Lev" <alon.barlev@gmail.com>
2008-04-17 10:19:16 +00:00
Dr. Stephen Henson
8931b30d84 And so it begins...
Initial support for CMS.

Add zlib compression BIO.

Add AES key wrap implementation.

Generalize S/MIME MIME code to support CMS and/or PKCS7.
2008-03-12 21:14:28 +00:00
Dr. Stephen Henson
56c7754cab Avoid warnings. 2008-02-28 14:05:01 +00:00
Dr. Stephen Henson
a70a49a018 Fix typo and avoid warning. 2008-02-28 13:18:26 +00:00
Dr. Stephen Henson
9536b85c07 Typo. 2008-02-12 01:24:50 +00:00
Dr. Stephen Henson
4d318c79b2 Utility attribute function to retrieve attribute data from an expected
type. Useful for many attributes which are single valued and can only
have one type.
2008-02-11 17:52:38 +00:00
Dr. Stephen Henson
1ad90a916b Extend attribute setting routines to support non-string types. 2008-02-11 13:59:33 +00:00