Commit graph

216 commits

Author SHA1 Message Date
Dr. Stephen Henson
81bd0446a9 make update 2003-03-24 17:06:25 +00:00
Dr. Stephen Henson
520b76ffd9 Support for name constraints. 2003-03-24 17:04:44 +00:00
Dr. Stephen Henson
5cc5ec1bba make update 2003-03-21 16:28:29 +00:00
Dr. Stephen Henson
f80153e20b Support for policy constraints. 2003-03-21 16:26:20 +00:00
Dr. Stephen Henson
b24668626e make update 2003-03-20 17:59:39 +00:00
Dr. Stephen Henson
ea3675b5b6 New ASN1 macros to just implement and declare the new and free functions
and changes to mkdef.pl so it recognises them.

Use these in policyMappings extension.
2003-03-20 17:58:33 +00:00
Dr. Stephen Henson
a1d12daed2 Support for policyMappings 2003-03-20 17:26:44 +00:00
Dr. Stephen Henson
f0dc08e656 Support for dirName from config files in GeneralName extensions. 2003-02-27 01:54:11 +00:00
Richard Levitte
85d686e723 Make it possible to disable OCSP, the speed application, and the use of sockets.
PR: 358
2003-02-14 01:02:58 +00:00
Dr. Stephen Henson
4e5d3a7f98 IPv6 display and input support for extensions usingh GeneralName. 2003-02-05 00:34:31 +00:00
Richard Levitte
b637670f03 DVCS (see RFC 3029) was missing among the possible purposes.
Notified privately to me by Peter Sylvester <Peter.Sylvester@EdelWeb.fr>,
one of the authors of said RFC
2003-01-29 15:06:35 +00:00
Richard Levitte
0c055b201e Adjust the parameter lists in some not commonly used files.
PR: 428
2003-01-01 23:41:46 +00:00
Richard Levitte
5e42f9ab46 make update 2002-12-29 01:38:15 +00:00
Dr. Stephen Henson
65caee44ff Fix get_email: 0 is a valid return value 2002-11-14 00:46:11 +00:00
Ben Laurie
54a656ef08 Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
Dr. Stephen Henson
2232e262bf Fix memory leak in s2i_ASN_INTEGER and return an error
if any invalid characters are present.
2002-11-13 00:40:51 +00:00
Dr. Stephen Henson
9ea1b87862 Initial ASN1 generation code. This can construct
arbitrary encodings from strings and config files.

Documentation to follow...
2002-11-12 13:34:51 +00:00
Richard Levitte
001ab3abad Use double dashes so makedepend doesn't misunderstand the flags we
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
2002-10-09 13:25:12 +00:00
Bodo Möller
74cc4903ef make update 2002-08-09 12:16:15 +00:00
Lutz Jänicke
3aecef7697 "make update" 2002-07-30 12:44:33 +00:00
Bodo Möller
5dbd3efce7 Replace 'ecdsaparam' commandline utility by 'ecparam'
(the same keys can be used for ECC schemes other than ECDSA)
and add some new options.

Similarly, use string "EC PARAMETERS" instead of "ECDSA PARAMETERS"
in 'PEM' format.

Fix ec_asn1.c (take into account the desired conversion form).

'make update'.

Submitted by: Nils Larsch
2002-07-14 16:54:31 +00:00
Richard Levitte
17085b022c Pass CFLAG to dependency makers, so non-standard system include paths are
handled properly.
Part of PR 75
2002-06-27 16:39:25 +00:00
Dr. Stephen Henson
99889b46c9 Fix ext_dat.h extension ordering.
Reinstate -reqout code.

Avoid coredump in ocsp if setup_verify
fails.

Fix typo in ocsp usage message.
2002-06-13 12:56:27 +00:00
Dr. Stephen Henson
04cc76660a The new ASN1 code automatically allocates
structures for fields that are not OPTIONAL.

However in the AUTHORITY_INFO_ACCESS case
the 'location' field was set to NULL in
the old code.

So in 0.9.7+ we should free up the field before
overwriting it in v2i_AUTHORITY_INFO_ACCESS.
2002-06-13 00:43:27 +00:00
Richard Levitte
9cdf87f194 Check the return values where memory allocation failures may happen.
PR: 49
2002-05-30 16:47:45 +00:00
Bodo Möller
59dbdb51dc disable '#ifdef DEBUG' sections 2002-02-28 10:51:56 +00:00
Bodo Möller
4d94ae00d5 ECDSA support
Submitted by: Nils Larsch <nla@trustcenter.de>
2002-02-13 18:21:51 +00:00
Bodo Möller
072569e0f1 Undo previous change, X509_check_issued() was correct.
[See
     Message-ID: <3BB07999.30432AD2@celocom.com>
     Date: Tue, 25 Sep 2001 13:33:29 +0100
     From: Dr S N Henson <drh@celocom.com>
     To: openssl-dev@openssl.org
     Subject: Re: Error in v3_purp.c
]
2002-01-27 17:41:12 +00:00
Richard Levitte
63810d8566 Apply a small patch from Diego R. Lopez <diego.lopez@rediris.es>,
making X509_check_issued() properly match an issuer that's found in a
Authority Key Identifier.
2002-01-26 04:25:16 +00:00
Bodo Möller
4d7072f4b5 remove redundant ERR_load_... declarations 2001-12-17 19:22:23 +00:00
Dr. Stephen Henson
7d5b04db4e Add support for Subject Info Acess extension. 2001-10-27 00:16:53 +00:00
Dr. Stephen Henson
f1558bb424 Reject certificates with unhandled critical extensions. 2001-10-21 02:09:15 +00:00
Dr. Stephen Henson
20d2186c87 Retain compatibility of EVP_DigestInit() and EVP_DigestFinal()
with existing code.

Modify library to use digest *_ex() functions.
2001-10-16 01:24:29 +00:00
Richard Levitte
f8000b9345 'make update' 2001-10-04 07:49:09 +00:00
Dr. Stephen Henson
96bd6f730a Add certificate and request demos.
Fix X509V3 macro so they compile.
2001-09-12 00:19:20 +00:00
Ben Laurie
d66ace9da5 Start to reduce some of the header bloat. 2001-08-05 18:02:16 +00:00
Richard Levitte
710e5d5639 make update 2001-07-31 17:07:24 +00:00
Ben Laurie
dbad169019 Really add the EVP and all of the DES changes. 2001-07-30 23:57:25 +00:00
Dr. Stephen Henson
1241126adf More linker bloat reorganisation:
Split private key PEM and normal PEM handling. Private key
handling needs to link in stuff like PKCS#8.

Relocate the ASN1 *_dup() functions, to the relevant ASN1
modules using new macro IMPLEMENT_ASN1_DUP_FUNCTION. Previously
these were all in crypto/x509/x_all.c along with every ASN1
BIO/fp function which linked in *every* ASN1 function if
a single dup was used.

Move the authority key id ASN1 structure to a separate file.
This is used in the X509 routines and its previous location
linked in all the v3 extension code.

Also move ASN1_tag2bit to avoid linking in a_bytes.c which
is now largely obsolete.

So far under Linux stripped binary with single PEM_read_X509
is now 238K compared to 380K before these changes.
2001-07-27 02:22:42 +00:00
Dr. Stephen Henson
b7a26e6daf Modify apps to use NCONF code instead of old CONF code.
Add new extension functions which work with NCONF.

Tidy up extension config routines and remove redundant code.

Fix NCONF_get_number().

Todo: more testing of apps to see they still work...
2001-06-28 11:41:50 +00:00
Dr. Stephen Henson
926a56bfe3 Purpose and trust setting functions for X509_STORE.
Tidy existing code.
2001-05-10 00:13:59 +00:00
Richard Levitte
c9fd77e9dd Make it possible to move the emailAddress object to the subjectAltName
extension instead of just copying it.  That makes a certificate comply
even more with PKIX recommendations according to RFC 2459.
2001-04-11 12:55:06 +00:00
Dr. Stephen Henson
535d79da63 Overhaul the display of certificate details in
the 'ca' utility. This can now be extensively
customised in the configuration file and handles
multibyte strings and extensions properly.

This is required when extensions copying from
certificate requests is supported: the user
must be able to view the extensions before
allowing a certificate to be issued.
2001-03-15 19:13:40 +00:00
Bodo Möller
4e20b1a656 Instead of telling both 'make' and the user that ranlib
errors can be tolerated, hide the error from 'make'.
This gives shorter output both if ranlib fails and if
it works.
2001-03-09 14:01:42 +00:00
Dr. Stephen Henson
f23478c314 Fix bug in copy_email() which would not
find emailAddress at start of subject name.
2001-03-01 13:32:11 +00:00
Richard Levitte
d88a26c489 make update
Note that all *_it variables are suddenly non-existant according to
libeay.num.  This is a bug that will be corrected.  Please be patient.
2001-02-26 10:54:08 +00:00
Dr. Stephen Henson
d339187b1a Get rid of ASN1_ITEM_FUNCTIONS dummy function
prototype hack. This unfortunately means that
every ASN1_*_END construct cannot have a
trailing ;
2001-02-23 12:47:06 +00:00
Dr. Stephen Henson
bb5ea36b96 Initial support for ASN1_ITEM_FUNCTION option to
change the way ASN1 modules are exported.

Still needs a bit of work for example the hack which a
dummy function prototype to avoid compilers warning about
multiple ;s.
2001-02-23 03:16:09 +00:00
Richard Levitte
41d2a336ee e_os.h does not belong with the exported headers. Do not put it there
and make all files the depend on it include it without prefixing it
with openssl/.

This means that all Makefiles will have $(TOP) as one of the include
directories.
2001-02-22 14:45:02 +00:00
Richard Levitte
cf1b7d9664 Make all configuration macros available for application by making
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.

I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
2001-02-19 16:06:34 +00:00