wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
12080 commits 20 branches 302 tags 153 MiB
Commit graph

521 commits

Author SHA1 Message Date
Dr. Stephen Henson
1699389a46 Tolerate PKCS#8 DSA format with negative private key. 2010-01-22 20:17:30 +00:00
Dr. Stephen Henson
93fac08ec3 PR: 2136 
Submitted by: Willy Weisz <weisz@vcpc.univie.ac.at>

Add options to output hash using older algorithm compatible with OpenSSL
versions before 1.0.0
 2010-01-12 17:27:11 +00:00
Dr. Stephen Henson
aac751832a PR: 2124 
Submitted by: Jan Pechanec <Jan.Pechanec@Sun.COM>

Check for memory allocation failures.
 2009-12-09 13:38:20 +00:00
Dr. Stephen Henson
5e8d95f590 PR: 2103 
Submitted by: Rob Austein <sra@hactrn.net>
Approved by: steve@openssl.org

Initialise atm.flags to 0.
 2009-11-17 13:25:35 +00:00
Dr. Stephen Henson
4a7f7171f5 Add missing functions to allow access to newer X509_STORE_CTX status 
information. Add more informative message to verify callback to indicate
when CRL path validation is taking place.
 2009-10-31 19:21:47 +00:00
Dr. Stephen Henson
0c2c2e71a6 If not checking all certificates don't attempt to find a CRL 
for the leaf certificate of a CRL path.
 2009-10-23 12:05:54 +00:00
Dr. Stephen Henson
d1d746afb4 Need to check <= 0 here. 2009-10-22 23:14:12 +00:00
Dr. Stephen Henson
c679fb298e Add new function X509_STORE_set_verify_cb and use it in apps 2009-10-18 14:42:27 +00:00
Dr. Stephen Henson
4b4f249e0d Oops, s can be NULL 2009-09-04 11:31:19 +00:00
Dr. Stephen Henson
e5eb96c83a PR: 2013 
Submitted by: steve@openssl.org

Include a flag ASN1_STRING_FLAG_MSTRING when a multi string type is created.
This makes it possible to tell if the underlying type is UTCTime,
GeneralizedTime or Time when the structure is reused and X509_time_adj_ex()
can handle each case in an appropriate manner.

Add error checking to CRL generation in ca utility when nextUpdate is being
set.
 2009-09-02 13:55:22 +00:00
Dr. Stephen Henson
43ea53a04a Inherit parameters properly in SSL contexts: any parameters set should 
replace those in the current list.
 2009-06-30 11:21:00 +00:00
Dr. Stephen Henson
710c1c34d1 Allow checking of self-signed certifictes if a flag is set. 2009-06-26 11:28:52 +00:00
Dr. Stephen Henson
f1ed5fa827 Update from 0.9.8-stable. 2009-06-15 15:00:19 +00:00
Dr. Stephen Henson
f16411ccfd Ensure canonical encodings of X509_NAME structures are valid. 2009-05-30 18:10:59 +00:00
Dr. Stephen Henson
268e78c305 PR: 1899 
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org

Check for <= 0 when verifying CRL issuers.
 2009-04-15 15:07:09 +00:00
Dr. Stephen Henson
25f6c7fd8b Update from 0.9.8-stable. 2009-04-03 16:54:37 +00:00
Dr. Stephen Henson
237d7b6cae Fix from stable branch. 2009-03-15 13:37:34 +00:00
Dr. Stephen Henson
30e5e39a3d PR: 1778 
Increase default verify depth to 100.
 2009-02-16 23:23:21 +00:00
Dr. Stephen Henson
b5d5c0a21f PR: 1843 
Use correct array size for SHA1 hash.
 2009-02-16 21:42:48 +00:00
Dr. Stephen Henson
c2c99e2860 Update certificate hash line format to handle canonical format 
and avoid MD5 dependency.
 2009-01-15 13:22:39 +00:00
Andy Polyakov
e527201f6b This _WIN32-specific patch makes it possible to "wrap" OpenSSL in another 
.DLL, in particular static build. The issue has been discussed in RT#1230
and later on openssl-dev, and mutually exclusive approaches were suggested.
This completes compromise solution suggested in RT#1230.
PR: 1230
 2008-12-22 13:54:12 +00:00
Geoff Thorpe
6343829a39 Revert the size_t modifications from HEAD that had led to more 
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
 2008-11-12 03:58:08 +00:00
Dr. Stephen Henson
2e5975285e Update obsolete email address... 2008-11-05 18:39:08 +00:00
Ben Laurie
5e4430e70d More size_tification. 2008-11-01 16:40:37 +00:00
Dr. Stephen Henson
e19106f5fb Create function of the form OBJ_bsearch_xxx() in bsearch typesafe macros 
with the appropriate parameters which calls OBJ_bsearch(). A compiler will
typically inline this.

This avoids the need for cmp_xxx variables and fixes unchecked const issues
with CHECKED_PTR_OF()
 2008-10-22 15:43:01 +00:00
Dr. Stephen Henson
606f6c477a Fix a shed load or warnings: 
Duplicate const.
Use of ; outside function.
 2008-10-20 15:12:00 +00:00
Ben Laurie
babb379849 Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
Dr. Stephen Henson
87d3a0cd90 Experimental new date handling routines. These fix issues with X509_time_adj() 
and should avoid any OS date limitations such as the year 2038 bug.
 2008-10-07 22:55:27 +00:00
Geoff Thorpe
fa0f834c20 Fix build warnings. 2008-09-15 04:02:37 +00:00
Ben Laurie
43048d13c8 Fix warning. 2008-09-07 13:22:34 +00:00
Dr. Stephen Henson
d43c4497ce Initial support for delta CRLs. If "use deltas" flag is set attempt to find 
a delta CRL in addition to a full CRL. Check and search delta in addition to
the base.
 2008-09-01 15:15:16 +00:00
Dr. Stephen Henson
4b96839f06 Add support for CRLs partitioned by reason code. 
Tidy CRL scoring system.

Add new CRL path validation error.
 2008-08-29 11:37:21 +00:00
Dr. Stephen Henson
d0fff69dc9 Initial indirect CRL support. 2008-08-20 16:42:19 +00:00
Dr. Stephen Henson
9d84d4ed5e Initial support for CRL path validation. This supports distinct certificate 
and CRL signing keys.
 2008-08-13 16:00:11 +00:00
Dr. Stephen Henson
2e0c7db950 Initial code to support distinct certificate and CRL signing keys where the 
CRL issuer is not part of the main path.

Not complete yet and not compiled in because the CRL issuer certificate is
not validated.
 2008-08-12 16:07:52 +00:00
Dr. Stephen Henson
002e66c0e8 Support for policy mappings extension. 
Delete X509_POLICY_REF code.

Fix handling of invalid policy extensions to return the correct error.

Add command line option to inhibit policy mappings.
 2008-08-12 10:32:56 +00:00
Dr. Stephen Henson
e9746e03ee Initial support for name constraints certificate extension. 
TODO: robustness checking on name forms.
 2008-08-08 15:35:29 +00:00
Dr. Stephen Henson
3e727a3b37 Add support for nameRelativeToCRLIssuer field in distribution point name 
fields.
 2008-08-04 15:34:27 +00:00
Dr. Stephen Henson
5cbd203302 Initial support for alternative CRL issuing certificates. 
Allow inibit any policy flag to be set in apps.
 2008-07-30 15:49:12 +00:00
Dr. Stephen Henson
db50661fce X509 verification fixes. 
Ignore self issued certificates when checking path length constraints.

Duplicate OIDs in policy tree in case they are allocated.

Use anyPolicy from certificate cache and not current tree level.
 2008-07-13 14:25:36 +00:00
Dr. Stephen Henson
8528128b2a Update from stable branch. 2008-06-26 23:27:31 +00:00
Dr. Stephen Henson
83574cf808 Fix from stable branch. 2008-05-30 10:57:49 +00:00
Lutz Jänicke
4c1a6e004a Apply mingw patches as supplied by Roumen Petrov an Alon Bar-Lev 
PR: 1552
Submitted by: Roumen Petrov <openssl@roumenpetrov.info>, "Alon Bar-Lev" <alon.barlev@gmail.com>
 2008-04-17 10:19:16 +00:00
Dr. Stephen Henson
8931b30d84 And so it begins... 
Initial support for CMS.

Add zlib compression BIO.

Add AES key wrap implementation.

Generalize S/MIME MIME code to support CMS and/or PKCS7.
 2008-03-12 21:14:28 +00:00
Dr. Stephen Henson
56c7754cab Avoid warnings. 2008-02-28 14:05:01 +00:00
Dr. Stephen Henson
a70a49a018 Fix typo and avoid warning. 2008-02-28 13:18:26 +00:00
Dr. Stephen Henson
9536b85c07 Typo. 2008-02-12 01:24:50 +00:00
Dr. Stephen Henson
4d318c79b2 Utility attribute function to retrieve attribute data from an expected 
type. Useful for many attributes which are single valued and can only
have one type.
 2008-02-11 17:52:38 +00:00
Dr. Stephen Henson
1ad90a916b Extend attribute setting routines to support non-string types. 2008-02-11 13:59:33 +00:00
Dr. Stephen Henson
0e1dba934f 1. Changes for s_client.c to make it return non-zero exit code in case 
of handshake failure

2. Changes to x509_certificate_type function (crypto/x509/x509type.c) to
make it recognize GOST certificates as EVP_PKT_SIGN|EVP_PKT_EXCH
(required for s3_srvr to accept GOST client certificates).

3. Changes to EVP
	- adding of function EVP_PKEY_CTX_get0_peerkey
	- Make function EVP_PKEY_derive_set_peerkey work for context with
	  ENCRYPT operation, because we use peerkey field in the context to
	  pass non-ephemeral secret key to GOST encrypt operation.
	- added EVP_PKEY_CTRL_SET_IV control command. It is really
	  GOST-specific, but it is used in SSL code, so it has to go
	  in some header file, available during libssl compilation

4. Fix to HMAC to avoid call of OPENSSL_cleanse on undefined data

5. Include des.h if KSSL_DEBUG is defined into some libssl files, to
  make debugging output which depends on constants defined there, work
  and other KSSL_DEBUG output fixes

6. Declaration of real GOST ciphersuites, two authentication methods
   SSL_aGOST94 and SSL_aGOST2001 and one key exchange method SSL_kGOST

7. Implementation  of these methods.

8. Support for sending unsolicited serverhello extension if GOST
  ciphersuite is selected. It is require for interoperability with
  CryptoPro CSP 3.0 and 3.6 and controlled by
  SSL_OP_CRYPTOPRO_TLSEXT_BUG constant.
  This constant is added to SSL_OP_ALL, because it does nothing, if
  non-GOST ciphersuite is selected, and all implementation of GOST
  include compatibility with CryptoPro.

9. Support for CertificateVerify message without length field. It is
   another CryptoPro bug, but support is made unconditional, because it
   does no harm for draft-conforming implementation.

10. In tls1_mac extra copy of stream mac context is no more done.
  When I've written currently commited code I haven't read
  EVP_DigestSignFinal manual carefully enough and haven't noticed that
  it does an internal digest ctx copying.

This implementation was tested against
1. CryptoPro CSP 3.6 client and server
2. Cryptopro CSP 3.0 server
 2007-10-26 12:06:36 +00:00
Andy Polyakov
ebc06fba67 Bunch of constifications. 2007-10-13 15:51:32 +00:00
Dr. Stephen Henson
67c8e7f414 Support for certificate status TLS extension. 2007-09-26 21:56:59 +00:00
Ben Laurie
9311c4421a Fix dependencies. Make depend. 2007-09-19 14:53:18 +00:00
Dr. Stephen Henson
a6fbcb4220 Change safestack reimplementation to match 0.9.8. 
Fix additional gcc 4.2 value not used warnings.
 2007-09-07 13:25:15 +00:00
Dr. Stephen Henson
3c07d3a3d3 Finish gcc 4.2 changes. 2007-06-07 13:14:42 +00:00
Andy Polyakov
3005764c18 Typo in x509_txt.c. 
Submitted by: Martin.Kraemer@Fujitsu-Siemens.com
 2007-05-19 18:03:21 +00:00
Dr. Stephen Henson
5d5ca32fa1 Updates from 0.9.8-stable branch. 2007-02-18 18:21:57 +00:00
Richard Levitte
82bf227e91 After objects have been freed, NULLify the pointers so there will be no double 
free of those objects
 2007-02-07 01:42:46 +00:00
Dr. Stephen Henson
560b79cbff Constify version strings and some structures. 2007-01-21 13:07:17 +00:00
Nils Larsch
91b73acb19 use const ASN1_TIME * 2006-12-11 22:35:51 +00:00
Dr. Stephen Henson
10ca15f3fa Fix change to OPENSSL_NO_RFC3779 2006-12-06 13:36:48 +00:00
Nils Larsch
fa9ac569b8 avoid duplicate entries in add_cert_dir() 
PR: 1407
Submitted by: Tomas Mraz <tmraz@redhat.com>
 2006-12-05 21:21:37 +00:00
Nils Larsch
0f997d0dc3 allocate a new attributes entry in X509_REQ_add_extensions() 
if it's NULL (in case of a malformed pkcs10 request)

PR: 1347
Submitted by: Remo Inverardi <invi@your.toilet.ch>
 2006-12-04 19:11:57 +00:00
Ben Laurie
96ea4ae91c Add RFC 3779 support. 2006-11-27 14:18:05 +00:00
Dr. Stephen Henson
47a9d527ab Update from 0.9.8 stable. Eliminate duplicate error codes. 2006-11-21 21:29:44 +00:00
Dr. Stephen Henson
14975faa60 Remove illegal IMPLEMENT macros from header file. 2006-11-16 00:55:33 +00:00
Nils Larsch
1611b9ed80 remove SSLEAY_MACROS code 2006-11-06 19:53:39 +00:00
Dr. Stephen Henson
f4c630abb3 Place standard CRL behaviour in default X509_CRL_METHOD new functions to 
create, free and set default CRL method.
 2006-10-03 02:47:59 +00:00
Dr. Stephen Henson
019bfef899 Initialize new callbacks and make sure hent is always initialized. 2006-09-26 13:25:19 +00:00
Richard Levitte
0709249f4c Complete the change for VMS. 2006-09-25 08:35:35 +00:00
Dr. Stephen Henson
010fa0b331 Tidy up CRL handling by checking for critical extensions when it is 
loaded. Add new function X509_CRL_get0_by_serial() to lookup a revoked
entry to avoid the need to access the structure directly.

Add new X509_CRL_METHOD to allow common CRL operations (verify, lookup) to be
redirected.
 2006-09-21 12:42:15 +00:00
Dr. Stephen Henson
5d20c4fb35 Overhaul of by_dir code to handle dynamic loading of CRLs. 2006-09-17 17:16:28 +00:00
Dr. Stephen Henson
bc7535bc7f Support for AKID in CRLs and partial support for IDP. Overhaul of CRL 
handling to support this.
 2006-09-14 17:25:02 +00:00
Dr. Stephen Henson
016bc5ceb3 Fixes for new CRL/cert callbacks. Update CRL processing code to use new 
callbacks.
 2006-09-11 13:00:52 +00:00
Dr. Stephen Henson
4d50a2b4d6 Add verify callback functions to lookup a STACK of matching certs or CRLs 
based on subject name.

New thread safe functions to retrieve matching STACK from X509_STORE.

Cache some IDP components.
 2006-09-10 12:38:37 +00:00
Dr. Stephen Henson
f6e7d01450 Support for multiple CRLs with same issuer name in X509_STORE. Modify 
verify logic to try to use an unexpired CRL if possible.
 2006-07-25 17:39:38 +00:00
Dr. Stephen Henson
edc540211c Cache some CRL related extensions. 2006-07-24 12:39:22 +00:00
Dr. Stephen Henson
786aa98da1 Use correct pointer types for various functions. 2006-07-20 16:56:47 +00:00
Dr. Stephen Henson
450ea83495 Store canonical encodings of Name structures. Update X509_NAME_cmp() to use 
them.
 2006-07-18 12:36:19 +00:00
Dr. Stephen Henson
ae519a247f Extended PBES2 function supporting application supplied IV and PRF NID. 2006-05-17 12:47:17 +00:00
Dr. Stephen Henson
e881f6175a Update from stable branch. 2006-05-03 13:19:06 +00:00
Dr. Stephen Henson
b46343583c Update EVP_PKEY_cmp() and X509_check_private() to return sensible values and 
handle unsupported key types.
 2006-04-28 12:27:37 +00:00
Dr. Stephen Henson
448be74335 Initial support for pluggable public key ASN1 support. Process most public 
key ASN1 handling through a single EVP_PKEY_ASN1_METHOD structure and move
the spaghetti algorithm specific code to a single ASN1 module for each
algorithm.
 2006-03-20 12:22:24 +00:00
Nils Larsch
036bbcc53f no need to cast away the const 2006-03-04 13:55:55 +00:00
Ulf Möller
c7235be6e3 RFC 3161 compliant time stamp request creation, response generation 
and response verification.

Submitted by: Zoltan Glozik <zglozik@opentsa.org>
Reviewed by: Ulf Moeller
 2006-02-12 23:11:56 +00:00
Dr. Stephen Henson
15ac971681 Update filenames in makefiles. 2006-02-04 01:45:59 +00:00
Nils Larsch
8c5a2bd6bb add additional checks + cleanup 
Submitted by: David Hartman <david_hartman@symantec.com>
 2006-01-29 23:12:22 +00:00
Andy Polyakov
be7b4458f2 Keep disclaiming 16-bit platform support. For now remove WIN16 references 
from .h files...
 2005-12-18 19:11:37 +00:00
Andy Polyakov
49e3c9d8e6 Mask libcrypto references to stat with OPENSSL_NO_POSIX_IO. 2005-11-03 16:22:40 +00:00
Dr. Stephen Henson
f022c177db Two new verify flags functions. 2005-09-02 22:49:54 +00:00
Nils Larsch
c755c5fd8b improved error checking and some fixes 
PR: 1170
Submitted by: Yair Elharrar
Reviewed and edited by: Nils Larsch
 2005-07-26 21:10:34 +00:00
Nils Larsch
3eeaab4bed make 
./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
    	make depend all test
work again

PR: 1159
 2005-07-16 12:37:36 +00:00
Andy Polyakov
109080ae48 Fix bugs in bug-fix to x509/by_dir.c. 
PR: 1131
 2005-07-03 13:10:45 +00:00
Richard Levitte
816f74d1c7 Initialise dir to avoid a compiler warning. 2005-06-23 21:49:21 +00:00
Richard Levitte
0e441bc2be Change dir_ctrl to check for the environment variable before using the default 
directory instead of the other way around.

PR: 1131
 2005-06-23 21:14:15 +00:00
Richard Levitte
0b0a60d861 Old typo... 
PR: 1097
 2005-06-05 21:54:48 +00:00
Dr. Stephen Henson
3f791ca818 Assing check_{cert,crl}_time to 'ok' variable so it returns errors on 
expiry.
 2005-05-27 13:19:25 +00:00
Andy Polyakov
ce92b6eb9c Further BUILDENV refinement, further fool-proofing of Makefiles and 
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342.
 2005-05-16 16:55:47 +00:00
Andy Polyakov
81a86fcf17 Fool-proofing Makefiles 2005-05-15 22:23:26 +00:00
Dr. Stephen Henson
b6995add5c Make -CSP option work again in pkcs12 utility by checking for 
attribute in EVP_PKEY structure.
 2005-05-15 00:54:45 +00:00
Bodo Möller
8afca8d9c6 Fix more error codes. 
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
 2005-05-11 03:45:39 +00:00
Dr. Stephen Henson
2c45bf2bc9 Rename typed version of M_ASN1_get M_ASN1_get_x to avoid conflicts. 
Remove more bogus shadow warnings.
 2005-04-20 21:48:06 +00:00
Dr. Stephen Henson
f68854b4c3 Various Win32 and other fixes for warnings and compilation errors. 
Fix Win32 build system to use 'Makefile' instead of 'Makefile.ssl'.
 2005-04-19 00:12:36 +00:00
Dr. Stephen Henson
29dc350813 Rebuild error codes. 2005-04-12 16:15:22 +00:00
Richard Levitte
4bb61becbb Add emacs cache files to .cvsignore. 2005-04-11 14:17:07 +00:00
Dr. Stephen Henson
b392e52050 Move allow_proxy_certs declaration to start of function. 2005-04-10 23:41:09 +00:00
Richard Levitte
d9bfe4f97c Added restrictions on the use of proxy certificates, as they may pose 
a security threat on unexpecting applications.  Document and test.
 2005-04-09 16:07:12 +00:00
Ben Laurie
8bb826ee53 Consistency. 2005-03-31 13:57:54 +00:00
Ben Laurie
41a15c4f0f Give everything prototypes (well, everything that's actually used). 2005-03-31 09:26:39 +00:00
Ben Laurie
42ba5d2329 Blow away Makefile.ssl. 2005-03-30 13:05:57 +00:00
Ben Laurie
0821bcd4de Constification. 2005-03-30 10:26:02 +00:00
Richard Levitte
a7201e9a1b Changes concering RFC 3820 (proxy certificates) integration: 
- Enforce that there should be no policy settings when the language
   is one of id-ppl-independent or id-ppl-inheritAll.
 - Add functionality to ssltest.c so that it can process proxy rights
   and check that they are set correctly.  Rights consist of ASCII
   letters, and the condition is a boolean expression that includes
   letters, parenthesis, &, | and ^.
 - Change the proxy certificate configurations so they get proxy
   rights that are understood by ssltest.c.
 - Add a script that tests proxy certificates with SSL operations.

Other changes:

 - Change the copyright end year in mkerr.pl.
 - make update.
 2005-01-17 17:06:58 +00:00
Richard Levitte
6951c23afd Add functionality needed to process proxy certificates. 2004-12-28 00:21:35 +00:00
Dr. Stephen Henson
c162b132eb Automatically mark the CRL cached encoding as invalid when some operations 
are performed.
 2004-12-09 13:35:06 +00:00
Dr. Stephen Henson
a0e7c8eede Add lots of checks for memory allocation failure, error codes to indicate 
failure and freeing up memory if a failure occurs.

PR:620
 2004-12-05 01:03:15 +00:00
Dr. Stephen Henson
3e66ee9f01 In by_file.c check last error for no start line, not first error. 2004-12-04 21:25:51 +00:00
Dr. Stephen Henson
1862dae862 Perform partial comparison of different character types in X509_NAME_cmp(). 2004-12-01 01:45:30 +00:00
Richard Levitte
30b415b076 Make an explicit check during certificate validation to see that the 
CA setting in each certificate on the chain is correct.  As a side-
effect always do the following basic checks on extensions, not just
when there's an associated purpose to the check:
- if there is an unhandled critical extension (unless the user has
  chosen to ignore this fault)
- if the path length has been exceeded (if one is set at all)
- that certain extensions fit the associated purpose (if one has been
  given)
 2004-11-29 11:28:08 +00:00
Richard Levitte
a2ac429da2 Don't use $(EXHEADER) directly in for loops, as most shells will break 
if $(EXHEADER) is empty.

Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
 2004-11-02 23:55:01 +00:00
Dr. Stephen Henson
2f605e8d24 Fix race condition when CRL checking is enabled. 2004-10-04 16:30:12 +00:00
Dr. Stephen Henson
175ac6811a Don't use C++ reserved work "explicit". 2004-10-01 11:21:53 +00:00
Geoff Thorpe
6ef2ff62fc Make -Werror happy again. 2004-09-18 01:32:32 +00:00
Dr. Stephen Henson
58606421ae When looking for request extensions in a certificate look first 
for the PKCS#9 OID then the non standard MS OID.
 2004-09-10 20:20:54 +00:00
Richard Levitte
d813ff2ac1 make update 2004-09-10 10:30:33 +00:00
Dr. Stephen Henson
5d7c222db8 New X509_VERIFY_PARAM structure and associated functionality. 
This tidies up verify parameters and adds support for integrated policy
checking.

Add support for policy related command line options. Currently only in smime
application.

WARNING: experimental code subject to change.
 2004-09-06 18:43:01 +00:00
Dr. Stephen Henson
eda52e175a Delete obsolete and unimplemented function. 2004-05-19 17:05:02 +00:00
Richard Levitte
c4fc8b5bf4 X509_policy_lib_init is declared but not defined, so it raises havoc 
when trying to build a shared library on VMS or Windows...
 2004-05-19 14:19:51 +00:00
Geoff Thorpe
9c52d2cc75 After the latest round of header-hacking, regenerate the dependencies in 
the Makefiles. NB: this commit is probably going to generate a huge posting
and it is highly uninteresting to read.
 2004-05-17 19:26:06 +00:00
Geoff Thorpe
c57bc2dc51 make update 2004-04-19 18:33:41 +00:00
Geoff Thorpe
60a938c6bc (oops) Apologies all, that last header-cleanup commit was from the wrong 
tree. This further reduces header interdependencies, and makes some
associated cleanups.
 2004-04-19 18:09:28 +00:00
Dr. Stephen Henson
b6a5fdb8a7 Don't use C++ reserved word. 2004-04-01 22:23:46 +00:00
Dr. Stephen Henson
e1a27eb34a Allow CRLs to be passed into X509_STORE_CTX. This is useful when the 
verified structure can contain its own CRLs (such as PKCS#7 signedData).

Tidy up some of the verify code.
 2004-03-27 22:49:28 +00:00
Dr. Stephen Henson
b79c82eaab Fix loads of warnings in policy code. 
I'll remember to try to compile this with warnings enabled next time :-)
 2004-03-25 13:45:58 +00:00
Dr. Stephen Henson
4acc3e907d Initial support for certificate policy checking and evaluation. 
This is currently *very* experimental and needs to be more fully integrated
with the main verification code.
 2004-03-23 14:14:35 +00:00
Richard Levitte
875a644a90 Constify d2i, s2i, c2i and r2i functions and other associated 
functions and macros.

This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const.  Those will be removed when this change has been
properly reviewed.
 2004-03-15 23:15:26 +00:00
Dr. Stephen Henson
bc50157010 Various X509 fixes. Disable broken certificate workarounds 
when X509_V_FLAG_X509_STRICT is set. Check for CRLSign in
CRL issuer certificates. Reject CRLs with unhandled (any)
critical extensions.
 2004-03-05 17:16:35 +00:00
Richard Levitte
9d5c3c1939 Typo... 2004-01-22 22:36:46 +00:00
Richard Levitte
af6dab9b00 Adding a slash between the directoryt and the file is a problem with 
VMS.  The C RTL can handle it well if the "directory" is a logical
name with no colon, therefore ending being 'logname/file'.  However,
if the given logical names actually has a colon, or if you use a full
VMS-syntax directory, you end up with 'logname:/file' or
'dev:[dir1.dir2]/file', and that isn't handled in any good way.

So, on VMS, we need to check if the directory string ends with a
separator (one of ':', ']' or '>' (< and > can be used instead [ and
])), and handle that by not inserting anything between the directory
spec and the file name.  In all other cases, it's assumed the
directory spec is a logical name, so we need to place a colon between
it and the file.

Notified by Kevin Greaney <kevin.greaney@hp.com>.
 2004-01-10 18:04:38 +00:00
Richard Levitte
79b42e7654 Use sh explicitely to run point.sh 
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
 2003-12-27 14:59:07 +00:00
Richard Levitte
d420ac2c7d Use BUF_strlcpy() instead of strcpy(). 
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
 2003-12-27 14:40:17 +00:00
Richard Levitte
b727907ae8 1024 is the export key bits limit according to current regulations, not 512. 
PR: 771
Submitted by: c zhang <czhang2005@hotmail.com>
 2003-11-28 22:39:19 +00:00
Geoff Thorpe
2754597013 A general spring-cleaning (in autumn) to fix up signed/unsigned warnings. 
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
 2003-10-29 20:24:15 +00:00
Geoff Thorpe
8ad7e3ad2a Remove duplicate prototypes have already been (correctly) added to rsa.h, 
as this is already included by x509.h anyway.
 2003-10-24 16:17:11 +00:00
Dr. Stephen Henson
2990244980 ASN1 parse fix and release file changes. 2003-09-30 16:47:33 +00:00
Dr. Stephen Henson
f96d1af449 Avoid clashes with Win32 names in WinCrypt.h 2003-07-23 00:10:43 +00:00
Richard Levitte
f6b9cd7f82 We set the export flag for 512 *bit* keys, not 512 *byte* ones. 
PR: 587
 2003-06-19 18:55:50 +00:00
Richard Levitte
33862b90bb Add an entry for X509_TRUST_OBJECT_SIGN in trstandard[]. 
PR: 617
 2003-06-11 21:22:30 +00:00
Dr. Stephen Henson
50078051bd Really get X509_CRL_CHECK_ALL right this time... 2003-06-04 00:40:05 +00:00
Bodo Möller
eec7968f18 fix typo 
Submitted by: Nils Larsch
 2003-04-22 08:29:21 +00:00
Richard Levitte
e6526fbf4d Add functionality to help making self-signed certificate. 2003-04-03 22:27:24 +00:00