Ralf S. Engelschall
f9a2593163
Add `openssl ca -revoke <certfile>' facility which revokes a certificate
...
specified in <certfile> by updating the entry in the index.txt file.
This way one no longer has to edit the index.txt file manually for
revoking a certificate. The -revoke option does the gory details now.
Submitted by: Massimiliano Pala <madwolf@openca.org>
Cleaned up and integrated by: Ralf S. Engelschall
1999-04-12 11:45:14 +00:00
Ralf S. Engelschall
2f0cd19533
Fix openssl crl -noout -text' combination where
-noout' killed the `-text'
...
option at all and this way the `-noout -text' combination was inconsistent in
`openssl crl' with the friends in `openssl x509|rsa|dsa'.
1999-04-12 10:36:16 +00:00
Bodo Möller
fc8ee06b4d
Submitted by:
...
Reviewed by:
PR:
1999-04-11 02:49:35 +00:00
Ralf S. Engelschall
7c7c88515f
Fix a few typos and tabs while I'm poking around in ca.c...
1999-04-10 13:15:38 +00:00
Ben Laurie
3bb307c10c
Adjust renegotiation slightly.
1999-04-10 12:08:46 +00:00
Bodo Möller
c7ac31e26e
Bugfix: s_client occasionally would sleep in select() when it should
...
have checked SSL_pending() first.
Submitted by:
Reviewed by:
PR:
1999-04-09 20:54:25 +00:00
Ulf Möller
e8d628156f
Remove obsolete files from SSLeay 0.8.
1999-04-06 15:22:55 +00:00
Ben Laurie
121bd68d1c
Don't shadow.
1999-04-03 14:52:01 +00:00
Bodo Möller
cf897932ca
Avoid EADDRINUSE for s_server.
...
Submitted by:
Reviewed by:
PR:
1999-04-02 23:35:43 +00:00
Ulf Möller
99aab1619f
New Makefile variables $(RANLIB) and $(PERL).
1999-04-01 12:34:33 +00:00
Ben Laurie
3dcc1ffc52
Don't shadow.
1999-04-01 10:17:35 +00:00
Bodo Möller
6d02d8e444
New option "-showcerts" for s_client
...
Slight cleanup in ssl/
1999-03-31 12:06:30 +00:00
Dr. Stephen Henson
ee0508d411
Include pkcs12 program as part of openssl. This completes most of the PKCS#12
...
integration.
1999-03-29 17:50:26 +00:00
Ben Laurie
b4cadc6e13
Fix security hole.
1999-03-22 12:22:14 +00:00
Ben Laurie
047f1a4466
Remake cert links when the app is built.
1999-03-09 20:06:39 +00:00
Ralf S. Engelschall
15542b2847
Make it more clear what option -WWW to s_server does.
1999-03-09 13:09:07 +00:00
Ralf S. Engelschall
d10f052be5
Make `openssl version' output lines consistent.
1999-03-08 12:35:01 +00:00
Dr. Stephen Henson
1756d405cc
Added support for adding extensions to CRLs, also fix a memory leak and
...
make 'req' check the config file syntax before it adds extensions. Added
info in the documentation as well.
1999-03-06 19:33:29 +00:00
Ben Laurie
6242bb9c63
Put the dependencies back.
1999-03-06 14:32:48 +00:00
Ralf S. Engelschall
bb8f3c5879
General source tree makefile cleanups: Made `making xxx in yyy...' display
...
consistent in the source tree and replaced `/bin/rm' by `rm'. Additonally
cleaned up the `make links' target: Remove unnecessary semicolons, subsequent
redundant removes, inline point.sh into mklink.sh to speed processing and no
longer clutter the display with confusing stuff. Instead only the actually
done links are displayed.
1999-03-06 12:32:06 +00:00
Ben Laurie
1efa9c33c0
Update dependencies.
1999-02-27 18:41:04 +00:00
Ralf S. Engelschall
ea14a91f64
Move s_server -dcert and -dkey options out of the undocumented feature area
...
because they are useful for the DSA situation and should be recognized by the
users. Thanks to Steve for the original hint.
1999-02-25 11:26:26 +00:00
Ralf S. Engelschall
7be304acdb
Make `openssl x509 -noout -modulus' functional also for DSA certificates (in
...
addition to RSA certificates) to match the behaviour of `openssl dsa -noout
-modulus' as it's already the case for `openssl rsa -noout -modulus'. For RSA
the -modulus is the real "modulus" while for DSA currently the public key is
printed (a decision which was already done by `openssl dsa -modulus' in the
past) which serves a similar purpose. Additionally the NO_RSA no longer
completely removes the whole -modulus option; it now only avoids using the RSA
stuff. Same applies to NO_DSA now, too.
1999-02-24 17:17:31 +00:00
Dr. Stephen Henson
6b313a7365
Remove debugging fprintf from req.c and fix the code so it properly skips over
...
the first leading XXX. in the DN.
1999-02-24 00:14:21 +00:00
Ben Laurie
15799403ad
Fix more warnings.
1999-02-23 12:53:49 +00:00
Ralf S. Engelschall
3a1daca9ef
Get rid of a nasty debugging message which was forgotten here...
1999-02-23 08:53:04 +00:00
Ralf S. Engelschall
f2f351ce9c
Fix usage message on gendsa:
...
1. The dsaparam argument is mandatory and not optional
2. Add a little text what this actually is: a filename
1999-02-23 08:52:20 +00:00
Dr. Stephen Henson
a43aa73e3b
Redo the way 'req' and 'ca' add objects: add support for oid_section.
1999-02-23 00:07:46 +00:00
Ben Laurie
60e31c3a4b
More stuff for new TLS ciphersuites.
1999-02-21 21:58:59 +00:00
Dr. Stephen Henson
aa066b9e6e
Add more functionality to issuer alt name and subject alt name. New options
...
to include email addresses from DN and copy details from issuer certificate.
Include examples in openssl.cnf, update Win32 ordinals.
1999-02-21 01:46:45 +00:00
Dr. Stephen Henson
0ca5f8b15c
Overhaul 'crl' application, add a proper X509_CRL_print function and start
...
to support CRL extensions.
1999-02-19 01:29:29 +00:00
Dr. Stephen Henson
0be9747b39
Oops! Remeber to include the other patches this time...
1999-02-17 23:22:57 +00:00
Dr. Stephen Henson
a8236c8c32
Fix various memory leaks in SSL, apps and DSA
1999-02-15 21:05:21 +00:00
Dr. Stephen Henson
388ff0b076
Add support for raw extensions. This means that you can include the DER encoding
...
of an arbitrary extension: e.g. 1.3.4.5=critical,RAW:12:34:56 Using this
technique currently unsupported extensions can be generated if you know their
DER encoding. Even if the extension is supported in future the raw extension
will still work: that is the raw version can always be used even if it is a
supported extension.
1999-02-14 16:48:22 +00:00
Dr. Stephen Henson
5c00879ef0
More Win32 fixes and upsdate INSTALL.W32 documentation.
1999-02-14 00:40:13 +00:00
Ben Laurie
08853ba82d
Finally(?) fix DES stuff.
1999-02-13 21:49:34 +00:00
Ben Laurie
4e31df2cd7
Fix ghastly DES declarations, and all consequential warnings.
1999-02-13 18:52:38 +00:00
Dr. Stephen Henson
3773d138ce
Delete a few unused files in apps, restore CAST WIN32 ASM file to main
...
tree.
1999-02-11 00:07:39 +00:00
Dr. Stephen Henson
175b0942ec
More extension code. Incomplete support for subject and issuer alt
...
name, issuer and authority key id. Change the i2v function parameters
and add an extra 'crl' parameter in the X509V3_CTX structure: guess
what that's for :-) Fix to ASN1 macro which messed up
IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED.
1999-02-10 01:12:59 +00:00
Ben Laurie
7ec218eb4a
Process extensions when they are there.
1999-02-06 17:46:23 +00:00
Ben Laurie
9f7646da25
Diagnose errors.
1999-02-06 15:20:44 +00:00
Ben Laurie
29d2824788
Typo in arguments.
1999-02-06 15:19:16 +00:00
Ben Laurie
c106c6132c
Clear error we don't care about.
1999-02-06 13:30:37 +00:00
Ralf S. Engelschall
5810a5f4c7
Reflect correct filename
1999-01-31 11:19:17 +00:00
Mark J. Cox
d1f4c83ce5
Fix some more typos
...
Submitted by:
Reviewed by:
PR:
1999-01-31 09:59:54 +00:00
Mark J. Cox
bc2646ef11
fix typo
...
Submitted by:
Reviewed by:
PR:
1999-01-31 09:57:00 +00:00
Ben Laurie
59ff713462
Break circular dependency between pem and err.
1999-01-30 13:40:34 +00:00
Ben Laurie
fc8c1a5c67
Update dependencies.
1999-01-30 12:05:42 +00:00
Dr. Stephen Henson
79dfa97555
New program 'nseq' added to apps to allow Netscape certificate sequences to
...
be pulled apart and built.
1999-01-29 23:34:19 +00:00
Dr. Stephen Henson
9fe84296a4
Allow the -certfile argument to be used multiple times in crl2pkcs7.
...
Also fix typos in the usage messages: "inout" instead of "input".
1999-01-29 01:53:55 +00:00
Ralf S. Engelschall
7ae01d4adc
One more incorrect name in usage page
1999-01-28 14:48:31 +00:00
Ralf S. Engelschall
b6cff93dcf
Fix names in usage page of s_time, s_server and s_client
1999-01-28 14:44:08 +00:00
Dr. Stephen Henson
b2347661ce
Still more X509 V3 stuff. Modify ca.c to work with the new code and modify
...
openssl.cnf for the new syntax.
1999-01-26 01:19:27 +00:00
Dr. Stephen Henson
f317aa4c9c
More X509 V3 stuff. Add support for extensions in the 'req' application
...
so that: openssl req -x509 -new -out cert.pem
will take extensions from openssl.cnf a sample for a CA is included.
Also change the directory order so pem is nearer the end. Otherwise 'make links'
wont work because pem.h can't be built.
1999-01-25 01:09:21 +00:00
Dr. Stephen Henson
834eeef995
Continuing adding X509 V3 support. This starts to integrate the code with
...
the main library, but only with printing at present. To see this try:
openssl x509 -in cert.pem -text
on a certificate with some extensions in it.
1999-01-24 17:50:32 +00:00
Dr. Stephen Henson
9b5cc156f3
Continued patches so certificates and CRLs now can support and use
...
GeneralizedTime.
1999-01-20 00:14:40 +00:00
Ben Laurie
6f93539970
This time, get it right.
1999-01-19 23:25:22 +00:00
Ben Laurie
8039257dbc
Finally lay dependencies to rest (I hope!).
1999-01-19 21:36:31 +00:00
Ben Laurie
512d222830
Remove pointless MD5 hash.
...
Contributed by: Anonymous <nobody@replay.com>
1999-01-17 14:14:41 +00:00
Ben Laurie
50acf46b92
Sort openssl functions by name.
1999-01-09 19:15:59 +00:00
Dr. Stephen Henson
7f9b7b074d
Fix the gendsa program and add it to the app list. The progs.h file is
...
auto generated but not auto updated so it is included. Also remove the
encryption from the sample DSA keys.
1999-01-09 17:29:34 +00:00
Ben Laurie
c13d4799dd
Send the right CAs to the client.
1999-01-07 00:16:37 +00:00
Ben Laurie
bc4deee07a
Fix numeric -newkey args.
...
Contributed by: Bodo Moeller <3moeller@informatik.uni-hamburg.de>
1999-01-07 00:10:32 +00:00
Dr. Stephen Henson
10061c7c47
More EVP_PKEY patches for new functionality.
1999-01-03 23:00:45 +00:00
Dr. Stephen Henson
cfcf645356
Make sure applications free up pkey structures and add netscape extension
...
handling to x509.c
1999-01-03 01:08:33 +00:00
Paul C. Sutton
c142bdf725
Update scripts to use "openssl" instead of "ssleay"
1999-01-02 16:02:24 +00:00
Paul C. Sutton
e170a5c050
Some more changes for renaming the binary from ssleay to openssl.
...
I wonder what eay.c is?
1999-01-02 14:42:23 +00:00
Ralf S. Engelschall
06d5b16225
First cut of a cleanup for apps/. First the `ssleay' program is now named
...
`openssl' and second, the shortcut symlinks for the `openssl <command>' are no
longer created. This way we have a single and consistent command line
interface `openssl <command>', similar to `cvs <command>'.
Notice, the openssl.cnf, openssl.c and progs.pl files were changed after a
repository copy, i.e. they still contain the complete file history.
1999-01-02 12:59:33 +00:00
Dr. Stephen Henson
c35f549e8b
Move DSA test in ca.c inside #ifdef and make pubkey BIT STRING always have
...
zero unused bits.
1999-01-02 01:53:06 +00:00
stephen
8f3e97bac3
This is a quick hack conversion of the 'CA.sh' script to perl. It fixes one
...
bug in the original but is otherwise just as horrible :-)
1999-01-01 00:54:48 +00:00
Ralf S. Engelschall
13e91dd365
Incorporation of RSEs assembled patches
1998-12-22 15:59:57 +00:00
Ralf S. Engelschall
651d0aff98
Various cleanups and fixed by Marc and Ralf to start the OpenTLS project
1998-12-22 15:04:48 +00:00
Ralf S. Engelschall
dfeab0689f
Import of old SSLeay release: SSLeay 0.9.1b (unreleased)
1998-12-21 11:00:56 +00:00
Ralf S. Engelschall
58964a4922
Import of old SSLeay release: SSLeay 0.9.0b
1998-12-21 10:56:39 +00:00
Ralf S. Engelschall
d02b48c63a
Import of old SSLeay release: SSLeay 0.8.1b
1998-12-21 10:52:47 +00:00