Dr. Stephen Henson
ba8bdea771
add suite B chain validation flags and associated verify errors
...
(backport from HEAD)
2012-12-26 16:01:31 +00:00
Dr. Stephen Henson
bd9fc1d667
New functions to retrieve certificate signatures and signature OID NID.
...
(backport from HEAD)
2012-12-26 14:31:05 +00:00
Dr. Stephen Henson
9309ea6617
Backport PSS signature support from HEAD.
2011-10-09 23:13:50 +00:00
Dr. Stephen Henson
dc100d87b5
Backport of password based CMS support from HEAD.
2011-10-09 15:28:02 +00:00
Dr. Stephen Henson
d99e6b5014
New function X509_ALGOR_set_md() to set X509_ALGOR (DigestAlgorithmIdentifier) from a digest algorithm (backport from HEAD).
2011-06-03 18:35:49 +00:00
Dr. Stephen Henson
945ba0300d
Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(),
...
this means that some implementations will be used automatically, e.g. aesni,
we do this for cryptodev anyway.
Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.
2010-10-03 18:56:25 +00:00
Dr. Stephen Henson
1699389a46
Tolerate PKCS#8 DSA format with negative private key.
2010-01-22 20:17:30 +00:00
Dr. Stephen Henson
93fac08ec3
PR: 2136
...
Submitted by: Willy Weisz <weisz@vcpc.univie.ac.at>
Add options to output hash using older algorithm compatible with OpenSSL
versions before 1.0.0
2010-01-12 17:27:11 +00:00
Dr. Stephen Henson
25f6c7fd8b
Update from 0.9.8-stable.
2009-04-03 16:54:37 +00:00
Dr. Stephen Henson
c2c99e2860
Update certificate hash line format to handle canonical format
...
and avoid MD5 dependency.
2009-01-15 13:22:39 +00:00
Geoff Thorpe
6343829a39
Revert the size_t modifications from HEAD that had led to more
...
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
2008-11-12 03:58:08 +00:00
Ben Laurie
5e4430e70d
More size_tification.
2008-11-01 16:40:37 +00:00
Dr. Stephen Henson
87d3a0cd90
Experimental new date handling routines. These fix issues with X509_time_adj()
...
and should avoid any OS date limitations such as the year 2038 bug.
2008-10-07 22:55:27 +00:00
Dr. Stephen Henson
d43c4497ce
Initial support for delta CRLs. If "use deltas" flag is set attempt to find
...
a delta CRL in addition to a full CRL. Check and search delta in addition to
the base.
2008-09-01 15:15:16 +00:00
Dr. Stephen Henson
d0fff69dc9
Initial indirect CRL support.
2008-08-20 16:42:19 +00:00
Dr. Stephen Henson
e9746e03ee
Initial support for name constraints certificate extension.
...
TODO: robustness checking on name forms.
2008-08-08 15:35:29 +00:00
Dr. Stephen Henson
8931b30d84
And so it begins...
...
Initial support for CMS.
Add zlib compression BIO.
Add AES key wrap implementation.
Generalize S/MIME MIME code to support CMS and/or PKCS7.
2008-03-12 21:14:28 +00:00
Dr. Stephen Henson
4d318c79b2
Utility attribute function to retrieve attribute data from an expected
...
type. Useful for many attributes which are single valued and can only
have one type.
2008-02-11 17:52:38 +00:00
Dr. Stephen Henson
67c8e7f414
Support for certificate status TLS extension.
2007-09-26 21:56:59 +00:00
Nils Larsch
91b73acb19
use const ASN1_TIME *
2006-12-11 22:35:51 +00:00
Dr. Stephen Henson
10ca15f3fa
Fix change to OPENSSL_NO_RFC3779
2006-12-06 13:36:48 +00:00
Ben Laurie
96ea4ae91c
Add RFC 3779 support.
2006-11-27 14:18:05 +00:00
Dr. Stephen Henson
14975faa60
Remove illegal IMPLEMENT macros from header file.
2006-11-16 00:55:33 +00:00
Nils Larsch
1611b9ed80
remove SSLEAY_MACROS code
2006-11-06 19:53:39 +00:00
Dr. Stephen Henson
f4c630abb3
Place standard CRL behaviour in default X509_CRL_METHOD new functions to
...
create, free and set default CRL method.
2006-10-03 02:47:59 +00:00
Dr. Stephen Henson
010fa0b331
Tidy up CRL handling by checking for critical extensions when it is
...
loaded. Add new function X509_CRL_get0_by_serial() to lookup a revoked
entry to avoid the need to access the structure directly.
Add new X509_CRL_METHOD to allow common CRL operations (verify, lookup) to be
redirected.
2006-09-21 12:42:15 +00:00
Dr. Stephen Henson
4d50a2b4d6
Add verify callback functions to lookup a STACK of matching certs or CRLs
...
based on subject name.
New thread safe functions to retrieve matching STACK from X509_STORE.
Cache some IDP components.
2006-09-10 12:38:37 +00:00
Dr. Stephen Henson
f6e7d01450
Support for multiple CRLs with same issuer name in X509_STORE. Modify
...
verify logic to try to use an unexpired CRL if possible.
2006-07-25 17:39:38 +00:00
Dr. Stephen Henson
edc540211c
Cache some CRL related extensions.
2006-07-24 12:39:22 +00:00
Dr. Stephen Henson
786aa98da1
Use correct pointer types for various functions.
2006-07-20 16:56:47 +00:00
Dr. Stephen Henson
450ea83495
Store canonical encodings of Name structures. Update X509_NAME_cmp() to use
...
them.
2006-07-18 12:36:19 +00:00
Dr. Stephen Henson
ae519a247f
Extended PBES2 function supporting application supplied IV and PRF NID.
2006-05-17 12:47:17 +00:00
Dr. Stephen Henson
448be74335
Initial support for pluggable public key ASN1 support. Process most public
...
key ASN1 handling through a single EVP_PKEY_ASN1_METHOD structure and move
the spaghetti algorithm specific code to a single ASN1 module for each
algorithm.
2006-03-20 12:22:24 +00:00
Ulf Möller
c7235be6e3
RFC 3161 compliant time stamp request creation, response generation
...
and response verification.
Submitted by: Zoltan Glozik <zglozik@opentsa.org>
Reviewed by: Ulf Moeller
2006-02-12 23:11:56 +00:00
Dr. Stephen Henson
b6995add5c
Make -CSP option work again in pkcs12 utility by checking for
...
attribute in EVP_PKEY structure.
2005-05-15 00:54:45 +00:00
Bodo Möller
8afca8d9c6
Fix more error codes.
...
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
2005-05-11 03:45:39 +00:00
Ben Laurie
8bb826ee53
Consistency.
2005-03-31 13:57:54 +00:00
Ben Laurie
41a15c4f0f
Give everything prototypes (well, everything that's actually used).
2005-03-31 09:26:39 +00:00
Ben Laurie
0821bcd4de
Constification.
2005-03-30 10:26:02 +00:00
Richard Levitte
6951c23afd
Add functionality needed to process proxy certificates.
2004-12-28 00:21:35 +00:00
Dr. Stephen Henson
2f605e8d24
Fix race condition when CRL checking is enabled.
2004-10-04 16:30:12 +00:00
Geoff Thorpe
60a938c6bc
(oops) Apologies all, that last header-cleanup commit was from the wrong
...
tree. This further reduces header interdependencies, and makes some
associated cleanups.
2004-04-19 18:09:28 +00:00
Dr. Stephen Henson
4acc3e907d
Initial support for certificate policy checking and evaluation.
...
This is currently *very* experimental and needs to be more fully integrated
with the main verification code.
2004-03-23 14:14:35 +00:00
Richard Levitte
875a644a90
Constify d2i, s2i, c2i and r2i functions and other associated
...
functions and macros.
This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const. Those will be removed when this change has been
properly reviewed.
2004-03-15 23:15:26 +00:00
Geoff Thorpe
8ad7e3ad2a
Remove duplicate prototypes have already been (correctly) added to rsa.h,
...
as this is already included by x509.h anyway.
2003-10-24 16:17:11 +00:00
Dr. Stephen Henson
f96d1af449
Avoid clashes with Win32 names in WinCrypt.h
2003-07-23 00:10:43 +00:00
Richard Levitte
e6526fbf4d
Add functionality to help making self-signed certificate.
2003-04-03 22:27:24 +00:00
Richard Levitte
d5ef144222
Make sure we get the definition of a number of OPENSSL_NO_* macros.
2003-03-20 23:27:17 +00:00
Richard Levitte
711f1a3c26
Add the ASN.1 structures and functions for CertificatePair, which is
...
defined as follows (according to X.509_4thEditionDraftV6.pdf):
CertificatePair ::= SEQUENCE {
forward [0] Certificate OPTIONAL,
reverse [1] Certificate OPTIONAL,
-- at least one of the pair shall be present -- }
The only thing I'm not sure about is if it's implicit or explicit tags
that I should count on. For now, I'm thinking explicit, but will
gladly stand corrected.
Also implement the PEM functions to read and write certificate pairs,
and defined the PEM tag as "CERTIFICATE PAIR".
This needed to be defined, mostly for the sake of the LDAP attribute
crossCertificatePair, but may prove useful elsewhere as well.
2002-11-18 23:54:27 +00:00
Ben Laurie
54a656ef08
Security fixes brought forward from 0.9.7.
2002-11-13 15:43:43 +00:00