Commit graph

175 commits

Author SHA1 Message Date
Ralf S. Engelschall
f9a2593163 Add `openssl ca -revoke <certfile>' facility which revokes a certificate
specified in <certfile> by updating the entry in the index.txt file.
This way one no longer has to edit the index.txt file manually for
revoking a certificate. The -revoke option does the gory details now.

Submitted by: Massimiliano Pala <madwolf@openca.org>
Cleaned up and integrated by: Ralf S. Engelschall
1999-04-12 11:45:14 +00:00
Ralf S. Engelschall
2f0cd19533 Fix openssl crl -noout -text' combination where -noout' killed the `-text'
option at all and this way the `-noout -text' combination was inconsistent in
`openssl crl' with the friends in `openssl x509|rsa|dsa'.
1999-04-12 10:36:16 +00:00
Bodo Möller
fc8ee06b4d Submitted by:
Reviewed by:
PR:
1999-04-11 02:49:35 +00:00
Ralf S. Engelschall
7c7c88515f Fix a few typos and tabs while I'm poking around in ca.c... 1999-04-10 13:15:38 +00:00
Ben Laurie
3bb307c10c Adjust renegotiation slightly. 1999-04-10 12:08:46 +00:00
Bodo Möller
c7ac31e26e Bugfix: s_client occasionally would sleep in select() when it should
have checked SSL_pending() first.
Submitted by:
Reviewed by:
PR:
1999-04-09 20:54:25 +00:00
Ulf Möller
e8d628156f Remove obsolete files from SSLeay 0.8. 1999-04-06 15:22:55 +00:00
Ben Laurie
121bd68d1c Don't shadow. 1999-04-03 14:52:01 +00:00
Bodo Möller
cf897932ca Avoid EADDRINUSE for s_server.
Submitted by:
Reviewed by:
PR:
1999-04-02 23:35:43 +00:00
Ulf Möller
99aab1619f New Makefile variables $(RANLIB) and $(PERL). 1999-04-01 12:34:33 +00:00
Ben Laurie
3dcc1ffc52 Don't shadow. 1999-04-01 10:17:35 +00:00
Bodo Möller
6d02d8e444 New option "-showcerts" for s_client
Slight cleanup in ssl/
1999-03-31 12:06:30 +00:00
Dr. Stephen Henson
ee0508d411 Include pkcs12 program as part of openssl. This completes most of the PKCS#12
integration.
1999-03-29 17:50:26 +00:00
Ben Laurie
b4cadc6e13 Fix security hole. 1999-03-22 12:22:14 +00:00
Ben Laurie
047f1a4466 Remake cert links when the app is built. 1999-03-09 20:06:39 +00:00
Ralf S. Engelschall
15542b2847 Make it more clear what option -WWW to s_server does. 1999-03-09 13:09:07 +00:00
Ralf S. Engelschall
d10f052be5 Make `openssl version' output lines consistent. 1999-03-08 12:35:01 +00:00
Dr. Stephen Henson
1756d405cc Added support for adding extensions to CRLs, also fix a memory leak and
make 'req' check the config file syntax before it adds extensions. Added
info in the documentation as well.
1999-03-06 19:33:29 +00:00
Ben Laurie
6242bb9c63 Put the dependencies back. 1999-03-06 14:32:48 +00:00
Ralf S. Engelschall
bb8f3c5879 General source tree makefile cleanups: Made `making xxx in yyy...' display
consistent in the source tree and replaced `/bin/rm' by `rm'.  Additonally
cleaned up the `make links' target: Remove unnecessary semicolons, subsequent
redundant removes, inline point.sh into mklink.sh to speed processing and no
longer clutter the display with confusing stuff. Instead only the actually
done links are displayed.
1999-03-06 12:32:06 +00:00
Ben Laurie
1efa9c33c0 Update dependencies. 1999-02-27 18:41:04 +00:00
Ralf S. Engelschall
ea14a91f64 Move s_server -dcert and -dkey options out of the undocumented feature area
because they are useful for the DSA situation and should be recognized by the
users. Thanks to Steve for the original hint.
1999-02-25 11:26:26 +00:00
Ralf S. Engelschall
7be304acdb Make `openssl x509 -noout -modulus' functional also for DSA certificates (in
addition to RSA certificates) to match the behaviour of `openssl dsa -noout
-modulus' as it's already the case for `openssl rsa -noout -modulus'.  For RSA
the -modulus is the real "modulus" while for DSA currently the public key is
printed (a decision which was already done by `openssl dsa -modulus' in the
past) which serves a similar purpose.  Additionally the NO_RSA no longer
completely removes the whole -modulus option; it now only avoids using the RSA
stuff. Same applies to NO_DSA now, too.
1999-02-24 17:17:31 +00:00
Dr. Stephen Henson
6b313a7365 Remove debugging fprintf from req.c and fix the code so it properly skips over
the first leading XXX. in the DN.
1999-02-24 00:14:21 +00:00
Ben Laurie
15799403ad Fix more warnings. 1999-02-23 12:53:49 +00:00
Ralf S. Engelschall
3a1daca9ef Get rid of a nasty debugging message which was forgotten here... 1999-02-23 08:53:04 +00:00
Ralf S. Engelschall
f2f351ce9c Fix usage message on gendsa:
1. The dsaparam argument is mandatory and not optional
2. Add a little text what this actually is: a filename
1999-02-23 08:52:20 +00:00
Dr. Stephen Henson
a43aa73e3b Redo the way 'req' and 'ca' add objects: add support for oid_section. 1999-02-23 00:07:46 +00:00
Ben Laurie
60e31c3a4b More stuff for new TLS ciphersuites. 1999-02-21 21:58:59 +00:00
Dr. Stephen Henson
aa066b9e6e Add more functionality to issuer alt name and subject alt name. New options
to include email addresses from DN and copy details from issuer certificate.
Include examples in openssl.cnf, update Win32 ordinals.
1999-02-21 01:46:45 +00:00
Dr. Stephen Henson
0ca5f8b15c Overhaul 'crl' application, add a proper X509_CRL_print function and start
to support CRL extensions.
1999-02-19 01:29:29 +00:00
Dr. Stephen Henson
0be9747b39 Oops! Remeber to include the other patches this time... 1999-02-17 23:22:57 +00:00
Dr. Stephen Henson
a8236c8c32 Fix various memory leaks in SSL, apps and DSA 1999-02-15 21:05:21 +00:00
Dr. Stephen Henson
388ff0b076 Add support for raw extensions. This means that you can include the DER encoding
of an arbitrary extension: e.g. 1.3.4.5=critical,RAW:12:34:56 Using this
technique currently unsupported extensions can be generated if you know their
DER encoding. Even if the extension is supported in future the raw extension
will still work: that is the raw version can always be used even if it is a
supported extension.
1999-02-14 16:48:22 +00:00
Dr. Stephen Henson
5c00879ef0 More Win32 fixes and upsdate INSTALL.W32 documentation. 1999-02-14 00:40:13 +00:00
Ben Laurie
08853ba82d Finally(?) fix DES stuff. 1999-02-13 21:49:34 +00:00
Ben Laurie
4e31df2cd7 Fix ghastly DES declarations, and all consequential warnings. 1999-02-13 18:52:38 +00:00
Dr. Stephen Henson
3773d138ce Delete a few unused files in apps, restore CAST WIN32 ASM file to main
tree.
1999-02-11 00:07:39 +00:00
Dr. Stephen Henson
175b0942ec More extension code. Incomplete support for subject and issuer alt
name, issuer and authority key id. Change the i2v function parameters
and add an extra 'crl' parameter in the X509V3_CTX structure: guess
what that's for :-) Fix to ASN1 macro which messed up
IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED.
1999-02-10 01:12:59 +00:00
Ben Laurie
7ec218eb4a Process extensions when they are there. 1999-02-06 17:46:23 +00:00
Ben Laurie
9f7646da25 Diagnose errors. 1999-02-06 15:20:44 +00:00
Ben Laurie
29d2824788 Typo in arguments. 1999-02-06 15:19:16 +00:00
Ben Laurie
c106c6132c Clear error we don't care about. 1999-02-06 13:30:37 +00:00
Ralf S. Engelschall
5810a5f4c7 Reflect correct filename 1999-01-31 11:19:17 +00:00
Mark J. Cox
d1f4c83ce5 Fix some more typos
Submitted by:
Reviewed by:
PR:
1999-01-31 09:59:54 +00:00
Mark J. Cox
bc2646ef11 fix typo
Submitted by:
Reviewed by:
PR:
1999-01-31 09:57:00 +00:00
Ben Laurie
59ff713462 Break circular dependency between pem and err. 1999-01-30 13:40:34 +00:00
Ben Laurie
fc8c1a5c67 Update dependencies. 1999-01-30 12:05:42 +00:00
Dr. Stephen Henson
79dfa97555 New program 'nseq' added to apps to allow Netscape certificate sequences to
be pulled apart and built.
1999-01-29 23:34:19 +00:00
Dr. Stephen Henson
9fe84296a4 Allow the -certfile argument to be used multiple times in crl2pkcs7.
Also fix typos in the usage messages: "inout" instead of "input".
1999-01-29 01:53:55 +00:00
Ralf S. Engelschall
7ae01d4adc One more incorrect name in usage page 1999-01-28 14:48:31 +00:00
Ralf S. Engelschall
b6cff93dcf Fix names in usage page of s_time, s_server and s_client 1999-01-28 14:44:08 +00:00
Dr. Stephen Henson
b2347661ce Still more X509 V3 stuff. Modify ca.c to work with the new code and modify
openssl.cnf for the new syntax.
1999-01-26 01:19:27 +00:00
Dr. Stephen Henson
f317aa4c9c More X509 V3 stuff. Add support for extensions in the 'req' application
so that: openssl req -x509 -new -out cert.pem
will take extensions from openssl.cnf a sample for a CA is included.
Also change the directory order so pem is nearer the end. Otherwise 'make links'
wont work because pem.h can't be built.
1999-01-25 01:09:21 +00:00
Dr. Stephen Henson
834eeef995 Continuing adding X509 V3 support. This starts to integrate the code with
the main library, but only with printing at present. To see this try:
openssl x509 -in cert.pem -text
on a certificate with some extensions in it.
1999-01-24 17:50:32 +00:00
Dr. Stephen Henson
9b5cc156f3 Continued patches so certificates and CRLs now can support and use
GeneralizedTime.
1999-01-20 00:14:40 +00:00
Ben Laurie
6f93539970 This time, get it right. 1999-01-19 23:25:22 +00:00
Ben Laurie
8039257dbc Finally lay dependencies to rest (I hope!). 1999-01-19 21:36:31 +00:00
Ben Laurie
512d222830 Remove pointless MD5 hash.
Contributed by: Anonymous <nobody@replay.com>
1999-01-17 14:14:41 +00:00
Ben Laurie
50acf46b92 Sort openssl functions by name. 1999-01-09 19:15:59 +00:00
Dr. Stephen Henson
7f9b7b074d Fix the gendsa program and add it to the app list. The progs.h file is
auto generated but not auto updated so it is included. Also remove the
encryption from the sample DSA keys.
1999-01-09 17:29:34 +00:00
Ben Laurie
c13d4799dd Send the right CAs to the client. 1999-01-07 00:16:37 +00:00
Ben Laurie
bc4deee07a Fix numeric -newkey args.
Contributed by: Bodo Moeller <3moeller@informatik.uni-hamburg.de>
1999-01-07 00:10:32 +00:00
Dr. Stephen Henson
10061c7c47 More EVP_PKEY patches for new functionality. 1999-01-03 23:00:45 +00:00
Dr. Stephen Henson
cfcf645356 Make sure applications free up pkey structures and add netscape extension
handling to x509.c
1999-01-03 01:08:33 +00:00
Paul C. Sutton
c142bdf725 Update scripts to use "openssl" instead of "ssleay" 1999-01-02 16:02:24 +00:00
Paul C. Sutton
e170a5c050 Some more changes for renaming the binary from ssleay to openssl.
I wonder what eay.c is?
1999-01-02 14:42:23 +00:00
Ralf S. Engelschall
06d5b16225 First cut of a cleanup for apps/. First the `ssleay' program is now named
`openssl' and second, the shortcut symlinks for the `openssl <command>' are no
longer created. This way we have a single and consistent command line
interface `openssl <command>', similar to `cvs <command>'.

Notice, the openssl.cnf, openssl.c and progs.pl files were changed after a
repository copy, i.e. they still contain the complete file history.
1999-01-02 12:59:33 +00:00
Dr. Stephen Henson
c35f549e8b Move DSA test in ca.c inside #ifdef and make pubkey BIT STRING always have
zero unused bits.
1999-01-02 01:53:06 +00:00
stephen
8f3e97bac3 This is a quick hack conversion of the 'CA.sh' script to perl. It fixes one
bug in the original but is otherwise just as horrible :-)
1999-01-01 00:54:48 +00:00
Ralf S. Engelschall
13e91dd365 Incorporation of RSEs assembled patches 1998-12-22 15:59:57 +00:00
Ralf S. Engelschall
651d0aff98 Various cleanups and fixed by Marc and Ralf to start the OpenTLS project 1998-12-22 15:04:48 +00:00
Ralf S. Engelschall
dfeab0689f Import of old SSLeay release: SSLeay 0.9.1b (unreleased) 1998-12-21 11:00:56 +00:00
Ralf S. Engelschall
58964a4922 Import of old SSLeay release: SSLeay 0.9.0b 1998-12-21 10:56:39 +00:00
Ralf S. Engelschall
d02b48c63a Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00