Dr. Stephen Henson
86f393ceb7
Show errors on CSR verification failure.
...
If CSR verify fails in ca utility print out error messages.
Otherwise some errors give misleading output: for example
if the key size exceeds the library limit.
PR#2875
(cherry picked from commit a30bdb55d1
)
2014-06-29 13:34:44 +01:00
Dr. Stephen Henson
0980992d44
Memory leak and NULL derefernce fixes.
...
PR#3403
2014-06-27 03:21:10 +01:00
Ben Laurie
af454b5bb0
Reduce version skew.
2012-06-08 09:18:47 +00:00
Andy Polyakov
9b2a29660b
Sanitize usage of <ctype.h> functions. It's important that characters
...
are passed zero-extended, not sign-extended [from HEAD].
PR: 2682
2012-01-12 16:28:03 +00:00
Dr. Stephen Henson
9309ea6617
Backport PSS signature support from HEAD.
2011-10-09 23:13:50 +00:00
Dr. Stephen Henson
3d5d81bf39
Replace the broken SPKAC certification with the correct version.
2009-12-02 14:41:24 +00:00
Dr. Stephen Henson
2280f82fc6
Fix warnings about ignoring fgets return value
2009-10-04 16:43:21 +00:00
Dr. Stephen Henson
e5eb96c83a
PR: 2013
...
Submitted by: steve@openssl.org
Include a flag ASN1_STRING_FLAG_MSTRING when a multi string type is created.
This makes it possible to tell if the underlying type is UTCTime,
GeneralizedTime or Time when the structure is reused and X509_time_adj_ex()
can handle each case in an appropriate manner.
Add error checking to CRL generation in ca utility when nextUpdate is being
set.
2009-09-02 13:55:22 +00:00
Dr. Stephen Henson
4386445c18
Change STRING to OPENSSL_STRING etc as common words such
...
as "STRING" cause conflicts with other headers/libraries.
2009-07-27 21:08:53 +00:00
Dr. Stephen Henson
33ab2e31f3
PR: 1854
...
Submitted by: Oliver Martin <oliver@volatilevoid.net>
Reviewed by: steve@openssl.org
Support GeneralizedTime in ca utility.
2009-03-09 13:59:07 +00:00
Andy Polyakov
2140659b00
Incidentally http://cvs.openssl.org/chngview?cn=17710 also made it possible
...
to build the library without -D_CRT_NONSTDC_NO_DEPRECATE. This commit
expands it even to apps catalog and actually omits the macro in question
from Configure.
2008-12-22 14:05:42 +00:00
Dr. Stephen Henson
87d3a0cd90
Experimental new date handling routines. These fix issues with X509_time_adj()
...
and should avoid any OS date limitations such as the year 2038 bug.
2008-10-07 22:55:27 +00:00
Ben Laurie
5ce278a77b
More type-checking.
2008-06-04 11:01:43 +00:00
Dr. Stephen Henson
c451bd828f
Avoid case in ca.c fix.
2008-06-02 12:10:06 +00:00
Dr. Stephen Henson
8ecfbedd85
Revert, doesn't fix warning :-(
2008-06-02 10:42:57 +00:00
Dr. Stephen Henson
c173fce4e2
Avoid cast with wrapper function.
2008-06-02 10:37:53 +00:00
Dr. Stephen Henson
c6ddacf7f8
Stop const mismatch warning.
2008-05-31 19:28:57 +00:00
Ben Laurie
3c1d6bbc92
LHASH revamp. make depend.
2008-05-26 11:24:29 +00:00
Dr. Stephen Henson
7c337e00d2
Fix some warnings.
2008-03-16 20:59:10 +00:00
Ben Laurie
309fa55bbb
Return an error if the serial number is badly formed. (Coverity ID 116).
2007-04-04 14:35:56 +00:00
Ben Laurie
96ea4ae91c
Add RFC 3779 support.
2006-11-27 14:18:05 +00:00
Dr. Stephen Henson
f6e7d01450
Support for multiple CRLs with same issuer name in X509_STORE. Modify
...
verify logic to try to use an unexpired CRL if possible.
2006-07-25 17:39:38 +00:00
Dr. Stephen Henson
03919683f9
Add support for default public key digest type ctrl.
2006-05-07 17:09:39 +00:00
Dr. Stephen Henson
ee1d9ec019
Remove link between digests and signature algorithms.
...
Use cross reference table in ASN1_item_sign(), ASN1_item_verify() to eliminate
the need for algorithm specific code.
2006-04-19 17:05:59 +00:00
Andy Polyakov
ffa101872f
Eliminate dependency on read/write/stat in apps under _WIN32.
2005-11-04 09:30:55 +00:00
Nils Larsch
cc29c1204b
successfully updating the db shouldn't result in an error message
2005-09-30 16:47:38 +00:00
Dr. Stephen Henson
cbdac46d58
Update from stable branch.
2005-07-04 23:12:04 +00:00
Nils Larsch
ff990440ee
const fixes
2005-04-15 18:29:33 +00:00
Nils Larsch
7d727231b7
some const fixes
2005-04-05 19:11:19 +00:00
Dr. Stephen Henson
10c8505734
Use the default_md config file value when signing CRLs.
...
PR:662
2004-11-11 13:47:06 +00:00
Dr. Stephen Henson
b5a93e2250
Call setup_engine after autoconfig.
2004-08-06 12:44:34 +00:00
Dr. Stephen Henson
64674bcc8c
Reduce chances of issuer and serial number duplication by use of random
...
initial serial numbers.
PR: 842
2004-04-20 12:05:26 +00:00
Dr. Stephen Henson
ae44fc1ec4
Clear error if unique_subject lookup fails.
2004-04-15 00:32:19 +00:00
Richard Levitte
d420ac2c7d
Use BUF_strlcpy() instead of strcpy().
...
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:40:17 +00:00
Richard Levitte
03ddbdd9b9
Move another common functionality (reproduced so far with cut'n'paste)
...
to apps.c, and give it the hopefully descriptive name parse_yesno().
2003-11-28 14:45:09 +00:00
Richard Levitte
6d5ffb591b
Move do_subject() to apps.c and rename it to parse_name(). The
...
rationale behind the move is that it's use by several applications.
The rationale behind the name change is that it describes what the
function does a bit better.
2003-11-28 14:07:14 +00:00
Richard Levitte
7ce9e425bc
Allow multi-valued rdns in subjects. This adds the -multivalue-rdn option
...
to 'openssl req' and 'openssl ca'.
PR: 779
Submitted by: Michael Bell <michael.bell@cms.hu-berlin.de>
Reviewed by: Richard Levitte
(there will be some follow-up changes)
2003-11-28 14:04:09 +00:00
Richard Levitte
4d8743f490
Netware-specific changes,
...
PR: 780
Submitted by: Verdon Walker <VWalker@novell.com>
Reviewed by: Richard Levitte
2003-11-28 13:10:58 +00:00
Geoff Thorpe
2754597013
A general spring-cleaning (in autumn) to fix up signed/unsigned warnings.
...
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
2003-10-29 20:24:15 +00:00
Richard Levitte
e6fa67fa93
Generalise the definition of strcasecmp() and strncasecmp() for
...
platforms that don't (necessarely) have it. In the case of VMS, this
means moving a couple of functions from apps/ to crypto/ and make them
general (although only used privately).
2003-09-09 14:48:36 +00:00
Richard Levitte
fd4ef69913
Implement CRL numbers.
...
Contributed in whole by Laurent Genier <Laurent.Genier@intrinsec.com>
PR: 644
2003-06-19 17:40:16 +00:00
Richard Levitte
4c771796d5
Convert save_serial() to work like save_index(), and add a
...
rotate_serial() that works like rotate_index().
2003-04-04 15:10:35 +00:00
Richard Levitte
d6df2b281f
Add documentation on the added functionality in 'openssl ca'.
2003-04-04 14:39:44 +00:00
Richard Levitte
3ae70939ba
Correct a lot of printing calls. Remove extra arguments...
2003-04-03 23:39:48 +00:00
Richard Levitte
16b1b03543
Implement self-signing in 'openssl ca'. This makes it easier to have
...
the CA certificate part of the CA database, and combined with
'unique_subject=no', it should make operations like CA certificate
roll-over easier.
2003-04-03 22:33:59 +00:00
Richard Levitte
c4448f60d6
Reset the version number of the issuer certificate? I believe this
...
hasn't been tested in a long while...
2003-04-03 18:50:15 +00:00
Richard Levitte
63b6fe2bf6
Conditionalise all debug strings.
2003-04-03 18:07:39 +00:00
Richard Levitte
f85b68cd49
Make it possible to have multiple active certificates with the same
...
subject.
2003-04-03 16:33:03 +00:00
Richard Levitte
0b13e9f055
Add the possibility to build without the ENGINE framework.
...
PR: 287
2003-01-30 17:39:26 +00:00
Richard Levitte
4e78074b39
cert_sk isn't always allocated, so freeing it may cause a crash.
...
PR: 481
2003-01-30 10:27:43 +00:00