wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11659 commits 20 branches 302 tags 153 MiB
Commit graph

11659 commits

This branch
This branch
All branches
Author SHA1 Message Date
Dr. Stephen Henson
032b33059e Update test OCSP script "tocsp" to use shell functions and to use 
December 17th as check date to avoid certificate expiry errors.
 2012-12-20 18:48:11 +00:00
Andy Polyakov
3a3f964eda gost_crypt.c: more intuitive ceiling. 2012-12-19 17:24:46 +00:00
Dr. Stephen Henson
b7d1a1af76 correct CHANGES 2012-12-19 14:34:39 +00:00
Andy Polyakov
8cfb6411ff engines/cchost/gost_crypt.c: fix typo. 2012-12-19 11:06:00 +00:00
Andy Polyakov
2c0093d294 engines/e_capi.c: fix typo. 
Submitted by: Pierre Delaage
 2012-12-19 10:54:47 +00:00
Andy Polyakov
947e129219 engine/cchost: fix bugs. 
PR: 2821
Submitted by: Dmitry Belyavsky, Serguei Leontiev
 2012-12-19 10:45:13 +00:00
Andy Polyakov
0a2d5003df dso/dso_win32.c: fix compiler warning. 2012-12-18 18:19:54 +00:00
Andy Polyakov
fb0a520897 util/pl/VC-32.pl fix typo. 2012-12-18 18:07:20 +00:00
Dr. Stephen Henson
230ec17d74 Use client version when deciding which cipher suites to disable. 2012-12-18 13:25:47 +00:00
Andy Polyakov
668bcfd5ca util/pl/VC-32.pl: refresh, switch to ws2, add crypt32, fix typo (based on 
suggestions from Pierre Delaage).
 2012-12-18 09:42:31 +00:00
Andy Polyakov
8774f78d1b VC-32.pl: fix typo. 
Submitted by: Pierre Delaage
 2012-12-16 19:39:24 +00:00
Andy Polyakov
f469880c61 d1_lib.c,bss_dgram.c: eliminate dependency on _ftime. 2012-12-16 19:02:59 +00:00
Dr. Stephen Henson
bbdfbacdef add -rmd option to set OCSP response signing digest 2012-12-16 00:10:03 +00:00
Dr. Stephen Henson
e9754726d2 Check chain is not NULL before assuming we have a validated chain. 
The modification to the OCSP helper purpose breaks normal OCSP verification.
It is no longer needed now we can trust partial chains.
 2012-12-15 02:58:00 +00:00
Dr. Stephen Henson
99fc818e93 Return success when the responder is active. 
Don't verify our own responses.
 2012-12-15 02:56:02 +00:00
Dr. Stephen Henson
265f835e3e typo 2012-12-15 00:29:12 +00:00
Dr. Stephen Henson
33826fd028 Add support for '-' as input and output filenames in ocsp utility. 
Recognise verification arguments.
 2012-12-14 23:30:56 +00:00
Dr. Stephen Henson
92821996de oops, revert, committed in error 2012-12-14 23:29:58 +00:00
Dr. Stephen Henson
11e2957d5f apps/ocsp.c 2012-12-14 23:28:19 +00:00
Ben Laurie
3a778a2913 Documentation improvements by Chris Palmer (Google). 2012-12-14 13:28:49 +00:00
Andy Polyakov
4d2654783c fips/fipsld: improve cross-compile support. 2012-12-13 22:51:01 +00:00
Dr. Stephen Henson
2a21cdbe6b Use new partial chain flag instead of modifying input parameters. 2012-12-13 18:20:47 +00:00
Dr. Stephen Henson
51e7a4378a New verify flag to return success if we have any certificate in the 
trusted store instead of the default which is to return an error if
we can't build the complete chain.
 2012-12-13 18:14:46 +00:00
Ben Laurie
74cc3b583d Document -pubkey. 2012-12-13 16:17:55 +00:00
Ben Laurie
e7cf2b1022 Improve my 64-bit debug target. 2012-12-12 14:14:43 +00:00
Dr. Stephen Henson
60938ae772 add -crl_download option to s_server 2012-12-12 03:35:31 +00:00
Dr. Stephen Henson
4e71d95260 add -cert_chain option to s_client 2012-12-12 00:50:26 +00:00
Ben Laurie
fefc111a2a Make openssl verify return errors. 2012-12-11 16:05:14 +00:00
Ben Laurie
b204ab6506 Update ignores. 2012-12-11 15:52:10 +00:00
Ben Laurie
ec40e5ff42 Tabification. Remove accidental duplication. 2012-12-10 16:52:17 +00:00
Dr. Stephen Henson
b34aa49c25 revert SUITEB128ONLY patch, anything wanting to use P-384 can use SUITEB128 instead 2012-12-10 02:02:16 +00:00
Dr. Stephen Henson
1e8b9e7e69 add -badsig option to ocsp utility too. 2012-12-09 16:21:46 +00:00
Dr. Stephen Henson
d372d36592 allow ECDSA+SHA384 signature algorithm in SUITEB128ONLY mode 2012-12-09 16:03:34 +00:00
Dr. Stephen Henson
36b5bb6f2f send out the raw SSL/TLS headers to the msg_callback and display them in SSL_trace 2012-12-07 23:42:33 +00:00
Ben Laurie
30c278aa6b Fix OCSP checking. 2012-12-07 18:47:47 +00:00
Dr. Stephen Henson
083bec780d typo 2012-12-07 13:23:49 +00:00
Dr. Stephen Henson
1edf8f1b4e really fix automatic ;-) 2012-12-07 12:41:13 +00:00
Dr. Stephen Henson
65f2a56580 documentation fixes 2012-12-06 23:26:11 +00:00
Dr. Stephen Henson
f1f5c70a04 fix handling of "automatic" in file mode 2012-12-06 21:53:05 +00:00
Dr. Stephen Henson
0090a686c0 Add code to download CRLs based on CRLDP extension. 
Just a sample, real world applications would have to be cleverer.
 2012-12-06 18:43:40 +00:00
Dr. Stephen Henson
f5a7d5b164 remove print_ssl_cert_checks() from openssl application: it is no longer used 2012-12-06 18:36:51 +00:00
Dr. Stephen Henson
abd2ed012b Fix two bugs which affect delta CRL handling: 
Use -1 to check all extensions in CRLs.
Always set flag for freshest CRL.
 2012-12-06 18:24:28 +00:00
Dr. Stephen Henson
3bf15e2974 Integrate host, email and IP address checks into X509_verify. 
Add new verify options to set checks.

Remove previous -check* commands from s_client and s_server.
 2012-12-05 18:35:20 +00:00
Andy Polyakov
8df400cf8d aes-s390x.pl: fix XTS bugs in z196-specific code path. 2012-12-05 17:44:45 +00:00
Dr. Stephen Henson
fbeb85ecb9 don't print verbose policy check messages when -quiet is selected even on error 2012-12-04 23:18:44 +00:00
Andy Polyakov
3766e7ccab ghash-sparcv9.pl: shave off one more xmulx, improve T3 performance by 7%. 2012-12-04 20:21:24 +00:00
Dr. Stephen Henson
2e8cb108dc initial support for delta CRL generations by diffing two full CRLs 2012-12-04 18:35:36 +00:00
Dr. Stephen Henson
256f9573c5 make -subj always override config file 2012-12-04 18:35:04 +00:00
Dr. Stephen Henson
b6b094fb77 check mval for NULL too 2012-12-04 17:25:34 +00:00
Dr. Stephen Henson
0db46a7dd7 fix leak 2012-12-03 16:32:52 +00:00