Ben Laurie
68d2cf51bc
Reduce version skew: trivia (I hope).
2012-06-03 22:03:37 +00:00
Dr. Stephen Henson
9309ea6617
Backport PSS signature support from HEAD.
2011-10-09 23:13:50 +00:00
Dr. Stephen Henson
1fe83b4afe
use keyformat for -x509toreq, don't hard code PEM
2011-09-23 21:48:50 +00:00
Dr. Stephen Henson
e97359435e
Fix warnings (From HEAD, original patch by Ben).
2010-06-15 17:25:15 +00:00
Dr. Stephen Henson
93fac08ec3
PR: 2136
...
Submitted by: Willy Weisz <weisz@vcpc.univie.ac.at>
Add options to output hash using older algorithm compatible with OpenSSL
versions before 1.0.0
2010-01-12 17:27:11 +00:00
Dr. Stephen Henson
c679fb298e
Add new function X509_STORE_set_verify_cb and use it in apps
2009-10-18 14:42:27 +00:00
Dr. Stephen Henson
4386445c18
Change STRING to OPENSSL_STRING etc as common words such
...
as "STRING" cause conflicts with other headers/libraries.
2009-07-27 21:08:53 +00:00
Dr. Stephen Henson
5fda10c6f1
Oops, use right function name...
2009-07-14 15:14:39 +00:00
Dr. Stephen Henson
0190aa7353
Update from HEAD.
2009-07-13 11:40:46 +00:00
Dr. Stephen Henson
710c1c34d1
Allow checking of self-signed certifictes if a flag is set.
2009-06-26 11:28:52 +00:00
Dr. Stephen Henson
38b6e6c07b
Typo in usage message.
2009-03-23 21:04:23 +00:00
Dr. Stephen Henson
bab534057b
Updatde from stable branch.
2009-01-07 23:44:27 +00:00
Ben Laurie
5ce278a77b
More type-checking.
2008-06-04 11:01:43 +00:00
Dr. Stephen Henson
67c8e7f414
Support for certificate status TLS extension.
2007-09-26 21:56:59 +00:00
Dr. Stephen Henson
03919683f9
Add support for default public key digest type ctrl.
2006-05-07 17:09:39 +00:00
Dr. Stephen Henson
ee1d9ec019
Remove link between digests and signature algorithms.
...
Use cross reference table in ASN1_item_sign(), ASN1_item_verify() to eliminate
the need for algorithm specific code.
2006-04-19 17:05:59 +00:00
Dr. Stephen Henson
45e2738585
Remove ASN1_METHOD code replace with new ASN1 alternative.
2005-08-20 18:12:45 +00:00
Nils Larsch
3eeaab4bed
make
...
./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
make depend all test
work again
PR: 1159
2005-07-16 12:37:36 +00:00
Nils Larsch
7d727231b7
some const fixes
2005-04-05 19:11:19 +00:00
Nils Larsch
12bdb64375
use SHA-1 as the default digest for the apps/openssl commands
2005-04-02 09:29:15 +00:00
Ben Laurie
41a15c4f0f
Give everything prototypes (well, everything that's actually used).
2005-03-31 09:26:39 +00:00
Dr. Stephen Henson
a37e22d866
Use X509_cmp_time() in -checkend option, to support GeneralizedTime.
2004-12-05 18:26:19 +00:00
Dr. Stephen Henson
78df5a2f1e
Fix x509.c so it creates serial number file again if no
...
serial number is supplied on command line.
2004-11-13 13:26:06 +00:00
Dr. Stephen Henson
df368ecce4
Make self signing option of 'x509' use random serial numbers too.
2004-05-12 18:20:37 +00:00
Dr. Stephen Henson
77475142ec
New option to 'x509' -next_serial. This outputs the certificate
...
serial number plus 1 to the output file. Its purpose is to allow
serial number files to be initialized when random serial numbers
are used.
2004-04-21 12:46:20 +00:00
Dr. Stephen Henson
90fac84066
Use X509_get_serialNumber() instead of accessing internals in x509.c
2004-04-21 12:43:21 +00:00
Geoff Thorpe
823a67b0a9
header cleanup in apps/
2004-04-19 18:13:07 +00:00
Richard Levitte
d420ac2c7d
Use BUF_strlcpy() instead of strcpy().
...
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:40:17 +00:00
Dr. Stephen Henson
7068c8b1a6
In order to get the expected self signed error when
...
calling X509_verify_cert() in x509.c the cert should
not be added to the trusted store.
2003-09-21 02:18:15 +00:00
Richard Levitte
94805c84d1
Add -issuer_hash and make -subject_hash the default way to get the
...
subject hash, with -hash a synonym kept around for backward
compatibility reasons.
PR: 650
2003-07-03 20:45:09 +00:00
Richard Levitte
4c771796d5
Convert save_serial() to work like save_index(), and add a
...
rotate_serial() that works like rotate_index().
2003-04-04 15:10:35 +00:00
Richard Levitte
0998cfaadd
Remove unused variable.
2003-04-03 19:07:27 +00:00
Richard Levitte
f85b68cd49
Make it possible to have multiple active certificates with the same
...
subject.
2003-04-03 16:33:03 +00:00
Richard Levitte
d678cc07ed
No need to test -setalias twice.
...
PR: 556
2003-03-31 13:56:52 +00:00
Richard Levitte
0b13e9f055
Add the possibility to build without the ENGINE framework.
...
PR: 287
2003-01-30 17:39:26 +00:00
Richard Levitte
1c3e4a3660
EXIT() may mean return(). That's confusing, so let's have it really mean
...
exit() in whatever way works for the intended platform, and define
OPENSSL_EXIT() to have the old meaning (the name is of course because
it's only used in the openssl program)
2002-12-03 16:33:03 +00:00
Ben Laurie
54a656ef08
Security fixes brought forward from 0.9.7.
2002-11-13 15:43:43 +00:00
Richard Levitte
06b7c8d5ba
Variables on the stack must be initialized or we can't depend on any
...
initial value. For errline/errorline, we did depend on that, erroneously
2002-11-11 21:34:21 +00:00
Richard Levitte
3782350c14
-CAserial does take a filename argument.
...
PR: 332
2002-11-08 21:53:54 +00:00
Bodo Möller
5488bb6197
get rid of EVP_PKEY_ECDSA (now we have EVP_PKEY_EC instead)
...
Submitted by: Nils Larsch
2002-08-12 08:47:41 +00:00
Richard Levitte
da9b972466
Make it possible to load keys from stdin, and restore that
...
functionality in the programs that had that before.
Part fo PR 164
2002-08-01 16:28:40 +00:00
Lutz Jänicke
77c46bbf29
Only use DSA-functions if available.
...
Submitted by: "Hellan,Kim KHE" <KHE@kmd.dk>
Reviewed by:
PR: 167
2002-07-29 13:31:44 +00:00
Richard Levitte
a81e9d3dc4
CAformat should not be used for CA key format.
2002-05-30 16:24:18 +00:00
Dr. Stephen Henson
3647bee263
Config code updates.
...
CONF_modules_unload() now calls CONF_modules_finish()
automatically.
Default use of section openssl_conf moved to
CONF_modules_load()
Load config file in several openssl utilities.
Most utilities now load modules from the config file,
though in a few (such as version) this isn't done
because it couldn't be used for anything.
In the case of ca and req the config file used is
the same as the utility itself: that is the -config
command line option can be used to specify an
alternative file.
2002-02-22 14:01:21 +00:00
Bodo Möller
4d94ae00d5
ECDSA support
...
Submitted by: Nils Larsch <nla@trustcenter.de>
2002-02-13 18:21:51 +00:00
Geoff Thorpe
1372965e2e
Reduce the header dependencies on engine.h in apps/.
2001-09-12 02:39:06 +00:00
Geoff Thorpe
79aa04ef27
Make the necessary changes to work with the recent "ex_data" overhaul.
...
See the commit log message for that for more information.
NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.
2001-09-01 20:02:13 +00:00
Dr. Stephen Henson
b7a26e6daf
Modify apps to use NCONF code instead of old CONF code.
...
Add new extension functions which work with NCONF.
Tidy up extension config routines and remove redundant code.
Fix NCONF_get_number().
Todo: more testing of apps to see they still work...
2001-06-28 11:41:50 +00:00
Richard Levitte
c04f8cf44a
Use apps_shutdown() in all applications, in case someone decides not
...
to go the monolith way (does anyone do that these days?).
NOTE: a few applications are missing in this commit. I've a few more
changes in them that I haven't tested yet.
2001-06-23 16:37:32 +00:00
Richard Levitte
531d630b5c
Provide an application-common setup function for engines and use it
...
everywhere.
2001-06-18 06:22:33 +00:00