wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7689 commits 20 branches 302 tags 153 MiB
Commit graph

858 commits

Author SHA1 Message Date
Richard Levitte
cd52956357 Make an explicit check during certificate validation to see that the 
CA setting in each certificate on the chain is correct.  As a side-
effect always do the following basic checks on extensions, not just
when there's an associated purpose to the check:
- if there is an unhandled critical extension (unless the user has
  chosen to ignore this fault)
- if the path length has been exceeded (if one is set at all)
- that certain extensions fit the associated purpose (if one has been
  given)
 2004-11-29 11:18:00 +00:00
Dr. Stephen Henson
6826d26ea7 Remove unnecessary check and call BIO_free_all() on bio_out to avoid a 
leak on VMS.
 2004-11-27 13:02:34 +00:00
Dr. Stephen Henson
18ad97bbe7 Fix leaks and give an error if no argument specified in prime.c 2004-11-27 12:55:26 +00:00
Dr. Stephen Henson
14c8986f75 Typo. 2004-11-23 21:40:32 +00:00
Dr. Stephen Henson
6237528c82 Fix memory leak. 2004-11-23 21:22:54 +00:00
Dr. Stephen Henson
2b354390b8 In "req" exit immediately if configuration file is needed and it can't 
be loaded instead of giving the misleading:

"unable to find 'distinguised_name' in config"

error message.
 2004-11-17 18:36:43 +00:00
Dr. Stephen Henson
1ec0d15e54 PR: 940 
Typo: use prompt_info, not cb_data->prompt_info.
 2004-11-14 15:40:25 +00:00
Dr. Stephen Henson
22a7a3b91b Zap obsolete der_chop script. 2004-11-13 23:56:15 +00:00
Dr. Stephen Henson
e510c62a38 Fix x509.c so it creates serial number file again if no 
serial number is supplied on command line.
 2004-11-13 13:26:24 +00:00
Richard Levitte
671c1bcfce Cut'n'paste mistake. All tested OK now... 2004-11-11 19:36:25 +00:00
Richard Levitte
28a896f7fe Whoops, syntactic mistake... 2004-11-11 18:57:30 +00:00
Richard Levitte
f6549efa61 Some find it confusing that environment variables are set when shared 
libraries aren't built or used.  I can see the point, so I'm
reorganising a little for clarity.
 2004-11-11 18:18:10 +00:00
Dr. Stephen Henson
4ae135eb0d Use the default_md config file value when signing CRLs. 
PR:662
 2004-11-11 13:46:44 +00:00
Dr. Stephen Henson
9262f5a3fa Don't return an error with crl -noout. 
PR:917
Sumbmitted by: Michael Konietzka <konietzka@schlund.de>
 2004-11-11 02:12:48 +00:00
Richard Levitte
17f847af21 Make sure LD_PRELOAD is only set when we build shared libraries (and 
therefore link with them).  Add LD_PRELOAD setting code where it was
still missing.

PR: 966
 2004-11-05 09:12:18 +00:00
Richard Levitte
8bcd746e84 Another missing module in the VMS build files. I believe this is the 
last, though...
 2004-08-11 20:34:12 +00:00
Richard Levitte
1033449613 make update 2004-08-10 09:09:08 +00:00
Dr. Stephen Henson
efeb352163 In ca.c setup engine after autoconfig so any dynamic engines are visible. 2004-08-06 12:43:54 +00:00
Dr. Stephen Henson
bb82123707 Don't ignore return values of EVP_DigestInit_ex() in md BIOs and dgst. 2004-08-05 18:10:46 +00:00
Dr. Stephen Henson
7c6cf1b176 Don't try to parse none string types. 2004-07-01 18:50:12 +00:00
Richard Levitte
83f22920c2 Changes for VOS, submitted by Paul Green <Paul.Green@stratus.com>. 
PR: 499
 2004-06-28 22:01:07 +00:00
Richard Levitte
43c0d77296 Make the tests of EVP operations without padding. As a consequence, 
there's no need for a larger BUFSIZE any more...

PR: 904
 2004-06-28 16:32:14 +00:00
Richard Levitte
46b7624b8e Make sure that the buffers are large enough to contain padding. 
PR: 904
 2004-06-28 12:23:40 +00:00
Dr. Stephen Henson
7ca482062f Memory leak fixes from main branch. 2004-06-24 13:05:50 +00:00
Dr. Stephen Henson
ef4c5802ec Reformat source for pkcs8.c 2004-06-24 12:54:38 +00:00
Dr. Stephen Henson
c116de76ad Include <string.h> to get definition of strcmp. 2004-06-24 12:12:43 +00:00
Ben Laurie
2663f39ff9 Add primality tester. 2004-06-19 13:54:59 +00:00
Richard Levitte
4313847660 Make sure o_str.h is reachable. 2004-05-27 10:19:04 +00:00
Richard Levitte
07bf82a71d Typo corretced. 2004-05-17 04:47:26 +00:00
Richard Levitte
43d6233a22 Rewrite the usage to avoid confusion. 2004-05-17 04:40:49 +00:00
Richard Levitte
736ce650c6 Make it possible for the user to choose the digest used to create the 
key.
 2004-05-17 04:39:00 +00:00
Richard Levitte
a8bb3d0e15 When in FIPS mode, use SHA1 to digest the key, rather than MD5, as MD5 
isn't a FIPS-approved algorithm.

Note: this means the user needs to keep track of this, and we need to
add support for that...
 2004-05-17 04:31:14 +00:00
Richard Levitte
f27a152f69 Make sure the applications know when we are running in FIPS mode. We 
can't use the variable in libcrypto, since it's supposedly unknown.

Note: currently only supported in MONOLITH mode.
 2004-05-17 04:30:06 +00:00
Richard Levitte
4108d365bf make update 2004-05-13 21:38:37 +00:00
Dr. Stephen Henson
7922ba2feb Make self signing option of 'x509' use random serial numbers too. 2004-05-12 18:20:57 +00:00
Dr. Stephen Henson
d94b22235f Fix memory leak. 2004-05-12 17:53:22 +00:00
Richard Levitte
d529f2a8f7 The functions OPENSSL_strcasen?cmp() were forgotten when merging the 
FIPS branch into this.  It's needed at least for certain OpenVMS
versions, and should really be used in a more general way.
 2004-05-12 10:09:00 +00:00
Richard Levitte
4eeaf52ed9 Only check for FIPS signatures when FIPS is enabled. 2004-05-12 08:27:38 +00:00
Ben Laurie
3642f632d3 Pull FIPS back into stable. 2004-05-11 12:46:24 +00:00
Dr. Stephen Henson
5a9d2d9081 Port the random serial number generation to 0.9.7-stable. 
Due to the changes in CA.pl in 0.9.8 (use of -self_sign) a slightly different
technique is used to ensure that 'ca' uses the next serial number. It
now initializes the serial number using 'openssl x509 -next_serial'.
 2004-04-22 12:19:48 +00:00
Dr. Stephen Henson
8e94e99ccb Clear error if unique_subject lookup fails. 2004-04-15 00:33:24 +00:00
Richard Levitte
5cf7908a86 Move the definition of Win32_rename(), since the macro rename gets undefined 
in the middle of the code on Windows, and that disrupts operations in functions
later that use rename()...
PR: 853
 2004-03-25 20:09:02 +00:00
Richard Levitte
a9d9b07167 Merge from HEAD: 
2003-04-03 22:03  levitte

	* apps/apps.c (1.70): Don't try to free NULL values...

Notified by "Steven Reddie" <smr@essemer.com.au>
 2004-03-19 00:20:12 +00:00
Dr. Stephen Henson
8e6a84e730 Avoid warnings. 2004-03-16 13:50:18 +00:00
Dr. Stephen Henson
00b9c1be7d Incorporate crlNumber functionality from 0.9.8 except it is commented out 
in openssl.cnf .
 2004-03-08 13:07:07 +00:00
Richard Levitte
051bb5c457 Incorporate the following changes from 0.9.8-dev: 
2003-04-04 17:10  levitte

	* apps/: apps.c (1.72), apps.h (1.56), ca.c (1.135), x509.c (1.82):
	  Convert save_serial() to work like save_index(), and add a
	  rotate_serial() that works like rotate_index().

2003-04-03 20:07  levitte

	* apps/: apps.c (1.69), ca.c (1.130): Conditionalise all debug
	  strings.

2003-04-03 18:33  levitte

	* apps/apps.c (1.68), apps/apps.h (1.55), apps/ca.c (1.129),
	  apps/ocsp.c (1.31), apps/openssl.cnf (1.24), apps/x509.c (1.80),
	  CHANGES (1.1139): Make it possible to have multiple active
	  certificates with the same subject.
 2004-03-08 02:53:46 +00:00
Dr. Stephen Henson
be21fe59aa Call autoconfig code in pkcs7 utility. 2004-03-05 23:45:08 +00:00
Dr. Stephen Henson
ae43f344af -passin argument to rsautl 2004-03-04 21:58:13 +00:00
Dr. Stephen Henson
489885cf84 Fix from head. 2004-03-01 13:23:41 +00:00
Dr. Stephen Henson
dd10343e75 Fix handling of -offset and -length in asn1parse tool. 
If -offset exceeds -length of data available exit with an error.

Don't read past end of total data available when -offset supplied.

If -length exceeds total available truncate it.
 2004-02-08 13:30:33 +00:00