Viktor Dukhovni
297c67fcd8
Update API to use (char *) for email addresses and hostnames
...
Reduces number of silly casts in OpenSSL code and likely most
applications. Consistent with (char *) for "peername" value from
X509_check_host() and X509_VERIFY_PARAM_get0_peername().
2014-07-07 19:11:38 +10:00
Martin Kaiser
189ae368d9
Add an NSS output format to sess_id to export to export the session id and the master key in NSS keylog format. PR#3352
2014-05-24 00:02:24 +01:00
Piotr Sikora
2911575c6e
Fix compilation with no-nextprotoneg.
...
PR#3106
2013-11-14 01:20:12 +00:00
Ben Laurie
c45a48c186
Constification.
2013-10-07 12:45:26 +01:00
Dr. Stephen Henson
fcb2bcfe65
Typo: don't call RAND_cleanup during app startup.
...
(cherry picked from commit 90e7f983b5
)
2013-08-18 19:06:51 +01:00
Dr. Stephen Henson
3d1160d58b
Call RAND_cleanup in openssl application.
...
(cherry picked from commit 944bc29f90
)
2013-03-28 14:29:39 +00:00
Andy Polyakov
a006fef78e
Improve WINCE support.
...
Submitted by: Pierre Delaage
2013-01-19 21:23:13 +01:00
Dr. Stephen Henson
4badfebefc
Typo (PR2959).
2013-01-17 18:20:18 +00:00
Dr. Stephen Henson
0090a686c0
Add code to download CRLs based on CRLDP extension.
...
Just a sample, real world applications would have to be cleverer.
2012-12-06 18:43:40 +00:00
Dr. Stephen Henson
fdb78f3d88
New option to add CRLs for s_client and s_server.
2012-12-02 16:16:28 +00:00
Dr. Stephen Henson
95ea531864
add option to get a certificate or CRL from a URL
2012-12-02 14:00:22 +00:00
Dr. Stephen Henson
a70da5b3ec
New functions to check a hostname email or IP address against a
...
certificate. Add options to s_client, s_server and x509 utilities
to print results of checks.
2012-10-08 15:10:07 +00:00
Ben Laurie
71fa451343
Version skew reduction: trivia (I hope).
2012-06-03 22:00:21 +00:00
Dr. Stephen Henson
08557cf22c
Initial "opaque SSL" framework. If an application defines
...
OPENSSL_NO_SSL_INTERN all ssl related structures are opaque
and internals cannot be directly accessed. Many applications
will need some modification to support this and most likely some
additional functions added to OpenSSL.
The advantage of this option is that any application supporting
it will still be binary compatible if SSL structures change.
2011-04-29 22:37:12 +00:00
Ben Laurie
bf48836c7c
Fixes to NPN from Adam Langley.
2010-09-05 17:14:01 +00:00
Ben Laurie
ee2ffc2794
Add Next Protocol Negotiation.
2010-07-28 10:06:55 +00:00
Dr. Stephen Henson
4c623cddbe
add -sigopt option to ca utility
2010-03-14 12:54:45 +00:00
Dr. Stephen Henson
cdb182b55a
new sigopt and PSS support for req and x509 utilities
2010-03-12 14:41:00 +00:00
Dr. Stephen Henson
245d2ee3d0
Add option to allow in-band CRL loading in verify utility. Add function
...
load_crls and tidy up load_certs. Remove useless purpose variable from
verify utility: now done with args_verify.
2009-10-31 13:33:57 +00:00
Dr. Stephen Henson
18e503f30f
PR: 2064, 728
...
Submitted by: steve@openssl.org
Add support for custom headers in OCSP requests.
2009-09-30 21:40:55 +00:00
Dr. Stephen Henson
f10f4447da
Update from 1.0.0-stable.
2009-08-05 15:29:58 +00:00
Dr. Stephen Henson
c869da8839
Update from 1.0.0-stable
2009-07-27 21:10:00 +00:00
Dr. Stephen Henson
79bd20fd17
Update from stable-branch.
2008-11-24 17:27:08 +00:00
Ben Laurie
f3b7bdadbc
Integrate J-PAKE and TLS-PSK. Increase PSK buffer size. Fix memory leaks.
2008-11-16 12:47:12 +00:00
Dr. Stephen Henson
ed551cddf7
Update from stable branch.
2008-11-12 17:28:18 +00:00
Ben Laurie
6caa4edd3e
Add JPAKE.
2008-10-26 18:40:52 +00:00
Geoff Thorpe
4c3296960d
Remove the dual-callback scheme for numeric and pointer thread IDs,
...
deprecate the original (numeric-only) scheme, and replace with the
CRYPTO_THREADID object. This hides the platform-specifics and should reduce
the possibility for programming errors (where failing to explicitly check
both thread ID forms could create subtle, platform-specific bugs).
Thanks to Bodo, for invaluable review and feedback.
2008-08-06 15:54:15 +00:00
Geoff Thorpe
5f834ab123
Revert my earlier CRYPTO_THREADID commit, I will commit a reworked
...
version some time soon.
2008-07-03 19:59:25 +00:00
Dr. Stephen Henson
c451bd828f
Avoid case in ca.c fix.
2008-06-02 12:10:06 +00:00
Dr. Stephen Henson
dd043cd501
Stop const mismatch warning in VC++.
2008-05-31 18:55:23 +00:00
Ben Laurie
3c1d6bbc92
LHASH revamp. make depend.
2008-05-26 11:24:29 +00:00
Geoff Thorpe
f7ccba3edf
There was a need to support thread ID types that couldn't be reliably cast
...
to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed
version was added but it required portable code to check *both* modes to
determine equality. This commit maintains the availability of both thread
ID types, but deprecates the type-specific accessor APIs that invoke the
callbacks - instead a single type-independent API is used. This simplifies
software that calls into this interface, and should also make it less
error-prone - as forgetting to call and compare *both* thread ID accessors
could have led to hard-to-debug/infrequent bugs (that might only affect
certain platforms or thread implementations). As the CHANGES note says,
there were corresponding deprecations and replacements in the
thread-related functions for BN_BLINDING and ERR too.
2008-03-28 02:49:43 +00:00
Dr. Stephen Henson
8931b30d84
And so it begins...
...
Initial support for CMS.
Add zlib compression BIO.
Add AES key wrap implementation.
Generalize S/MIME MIME code to support CMS and/or PKCS7.
2008-03-12 21:14:28 +00:00
Dr. Stephen Henson
67c8e7f414
Support for certificate status TLS extension.
2007-09-26 21:56:59 +00:00
Dr. Stephen Henson
2022cfe07e
New -mac and -macopt options to dgst utility. Reimplement -hmac option in
...
terms of new API.
2007-04-11 17:20:40 +00:00
Dr. Stephen Henson
7bf7333d68
If we include winsock2.h then FD_SET wants an unsigned type for an fd.
2006-04-17 12:22:13 +00:00
Dr. Stephen Henson
4a3dc3c0e3
Add RSA ctrl for padding mode, add ctrl support in pkeyutl.
2006-04-09 12:42:09 +00:00
Dr. Stephen Henson
a9164153d1
Reformat pkeyutl.c, add support for verify operation but nothing actually
...
supports it (yet).
2006-04-08 22:25:47 +00:00
Dr. Stephen Henson
246e09319c
Fix bug where freed OIDs could be accessed in EVP_cleanup() by
...
defering freeing in OBJ_cleanup().
2006-03-28 17:23:48 +00:00
Andy Polyakov
0a39d8f207
Collect timing procedures in apps/apps.c. It's a bit cruel patch, as it
...
temporarily[!] removes support for couple of esoteric platforms [well,
Netware, vxWorks and VMS].
2005-11-06 11:40:59 +00:00
Andy Polyakov
a1ad253f17
Eliminate remaining calls to stat in apps/apps.c and unify WIN32_rename for
...
all Windows targets.
2005-11-04 16:12:05 +00:00
Andy Polyakov
ffa101872f
Eliminate dependency on read/write/stat in apps under _WIN32.
2005-11-04 09:30:55 +00:00
Andy Polyakov
53261831f1
Get rid of arcane reference to _fmode in apps/apps.h. Binary open is
...
handles properly by bss_file.c, which renders _fmode redundant.
2005-11-03 16:42:57 +00:00
Dr. Stephen Henson
a0156a926f
Integrated support for PVK files.
2005-08-31 16:37:54 +00:00
Dr. Stephen Henson
eea374fd19
Command line support for RSAPublicKey format.
2005-08-21 00:18:26 +00:00
Dr. Stephen Henson
f68854b4c3
Various Win32 and other fixes for warnings and compilation errors.
...
Fix Win32 build system to use 'Makefile' instead of 'Makefile.ssl'.
2005-04-19 00:12:36 +00:00
Nils Larsch
ff990440ee
const fixes
2005-04-15 18:29:33 +00:00
Nils Larsch
7d727231b7
some const fixes
2005-04-05 19:11:19 +00:00
Dr. Stephen Henson
c431798e82
Reformat smime utility.
...
Add support for policy checking in verify utility.
2004-09-07 18:38:46 +00:00
Dr. Stephen Henson
5d7c222db8
New X509_VERIFY_PARAM structure and associated functionality.
...
This tidies up verify parameters and adds support for integrated policy
checking.
Add support for policy related command line options. Currently only in smime
application.
WARNING: experimental code subject to change.
2004-09-06 18:43:01 +00:00