Dr. Stephen Henson
a523276786
Backport certificate status request TLS extension support to 0.9.8.
2007-10-12 00:00:36 +00:00
Dr. Stephen Henson
927a28ba3b
gcc 4.2 fixes to avoid use or function pointer casts in OpenSSL.
...
Fix various "computed value not used" warnings too.
2007-09-06 12:43:54 +00:00
Andy Polyakov
81fc4c93ef
Typo in x509_txt.c [from HEAD].
2007-05-19 18:04:21 +00:00
Dr. Stephen Henson
d1049ad93e
Fix Win32 warnings.
2007-02-18 17:23:20 +00:00
Richard Levitte
53707e2eec
After objects have been freed, NULLify the pointers so there will be no double
...
free of those objects
2007-02-07 01:42:51 +00:00
Dr. Stephen Henson
4a0d3530e0
Update from HEAD.
2007-01-21 13:16:49 +00:00
Dr. Stephen Henson
9b945233b1
Update from HEAD.
2006-12-06 13:38:59 +00:00
Nils Larsch
66c4bb1a70
avoid duplicate entries in add_cert_dir()
...
PR: 1407
Submitted by: Tomas Mraz <tmraz@redhat.com>
2006-12-05 21:21:10 +00:00
Nils Larsch
3c786aa6c8
allocate a new attributes entry in X509_REQ_add_extensions()
...
if it's NULL (in case of a malformed pkcs10 request)
PR: 1347
Submitted by: Remo Inverardi <invi@your.toilet.ch>
2006-12-04 19:10:58 +00:00
Ben Laurie
4636341b05
Add RFC 3779 support, contributed by ARIN.
2006-11-27 13:36:55 +00:00
Dr. Stephen Henson
115fc340cb
Rebuild error file C source files.
2006-11-21 20:14:46 +00:00
Dr. Stephen Henson
db0edc3273
Inherit check time if appropriate.
2006-05-03 13:16:02 +00:00
Nils Larsch
22d1087e16
backport recent changes from the cvs head
2006-02-08 19:16:33 +00:00
Dr. Stephen Henson
9f85fcefdc
Update filenames in makefiles
2006-02-04 01:49:36 +00:00
Dr. Stephen Henson
0fce007b8e
Add two extra verify flags functions.
2005-09-02 22:48:21 +00:00
Nils Larsch
3de6d65ea3
improved error checking and some fixes
...
PR: 1170
Submitted by: Yair Elharrar
Reviewed and edited by: Nils Larsch
2005-07-26 20:55:17 +00:00
Nils Larsch
4913b88f70
make
...
./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
make all test
work again (+ make update)
PR: 1159
2005-07-16 11:13:10 +00:00
Andy Polyakov
2e39604021
Fix bugs in bug-fix to x509/by_dir.c [from HEAD].
...
PR: 1131
2005-07-03 13:15:53 +00:00
Richard Levitte
46e7a9797e
Initialise dir to avoid a compiler warning.
2005-06-23 21:49:18 +00:00
Richard Levitte
40ba0257de
Change dir_ctrl to check for the environment variable before using the default
...
directory instead of the other way around.
PR: 1131
2005-06-23 21:14:10 +00:00
Dr. Stephen Henson
ce2c19e357
Update from head.
2005-06-16 02:05:57 +00:00
Richard Levitte
8a41bcc934
Old typo...
...
PR: 1097
2005-06-05 21:55:09 +00:00
Andy Polyakov
ce92b6eb9c
Further BUILDENV refinement, further fool-proofing of Makefiles and
...
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342 .
2005-05-16 16:55:47 +00:00
Andy Polyakov
81a86fcf17
Fool-proofing Makefiles
2005-05-15 22:23:26 +00:00
Dr. Stephen Henson
b6995add5c
Make -CSP option work again in pkcs12 utility by checking for
...
attribute in EVP_PKEY structure.
2005-05-15 00:54:45 +00:00
Bodo Möller
8afca8d9c6
Fix more error codes.
...
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
2005-05-11 03:45:39 +00:00
Dr. Stephen Henson
2c45bf2bc9
Rename typed version of M_ASN1_get M_ASN1_get_x to avoid conflicts.
...
Remove more bogus shadow warnings.
2005-04-20 21:48:06 +00:00
Dr. Stephen Henson
f68854b4c3
Various Win32 and other fixes for warnings and compilation errors.
...
Fix Win32 build system to use 'Makefile' instead of 'Makefile.ssl'.
2005-04-19 00:12:36 +00:00
Dr. Stephen Henson
29dc350813
Rebuild error codes.
2005-04-12 16:15:22 +00:00
Richard Levitte
4bb61becbb
Add emacs cache files to .cvsignore.
2005-04-11 14:17:07 +00:00
Dr. Stephen Henson
b392e52050
Move allow_proxy_certs declaration to start of function.
2005-04-10 23:41:09 +00:00
Richard Levitte
d9bfe4f97c
Added restrictions on the use of proxy certificates, as they may pose
...
a security threat on unexpecting applications. Document and test.
2005-04-09 16:07:12 +00:00
Ben Laurie
8bb826ee53
Consistency.
2005-03-31 13:57:54 +00:00
Ben Laurie
41a15c4f0f
Give everything prototypes (well, everything that's actually used).
2005-03-31 09:26:39 +00:00
Ben Laurie
42ba5d2329
Blow away Makefile.ssl.
2005-03-30 13:05:57 +00:00
Ben Laurie
0821bcd4de
Constification.
2005-03-30 10:26:02 +00:00
Richard Levitte
a7201e9a1b
Changes concering RFC 3820 (proxy certificates) integration:
...
- Enforce that there should be no policy settings when the language
is one of id-ppl-independent or id-ppl-inheritAll.
- Add functionality to ssltest.c so that it can process proxy rights
and check that they are set correctly. Rights consist of ASCII
letters, and the condition is a boolean expression that includes
letters, parenthesis, &, | and ^.
- Change the proxy certificate configurations so they get proxy
rights that are understood by ssltest.c.
- Add a script that tests proxy certificates with SSL operations.
Other changes:
- Change the copyright end year in mkerr.pl.
- make update.
2005-01-17 17:06:58 +00:00
Richard Levitte
6951c23afd
Add functionality needed to process proxy certificates.
2004-12-28 00:21:35 +00:00
Dr. Stephen Henson
c162b132eb
Automatically mark the CRL cached encoding as invalid when some operations
...
are performed.
2004-12-09 13:35:06 +00:00
Dr. Stephen Henson
a0e7c8eede
Add lots of checks for memory allocation failure, error codes to indicate
...
failure and freeing up memory if a failure occurs.
PR:620
2004-12-05 01:03:15 +00:00
Dr. Stephen Henson
3e66ee9f01
In by_file.c check last error for no start line, not first error.
2004-12-04 21:25:51 +00:00
Dr. Stephen Henson
1862dae862
Perform partial comparison of different character types in X509_NAME_cmp().
2004-12-01 01:45:30 +00:00
Richard Levitte
30b415b076
Make an explicit check during certificate validation to see that the
...
CA setting in each certificate on the chain is correct. As a side-
effect always do the following basic checks on extensions, not just
when there's an associated purpose to the check:
- if there is an unhandled critical extension (unless the user has
chosen to ignore this fault)
- if the path length has been exceeded (if one is set at all)
- that certain extensions fit the associated purpose (if one has been
given)
2004-11-29 11:28:08 +00:00
Richard Levitte
a2ac429da2
Don't use $(EXHEADER) directly in for loops, as most shells will break
...
if $(EXHEADER) is empty.
Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
2004-11-02 23:55:01 +00:00
Dr. Stephen Henson
2f605e8d24
Fix race condition when CRL checking is enabled.
2004-10-04 16:30:12 +00:00
Dr. Stephen Henson
175ac6811a
Don't use C++ reserved work "explicit".
2004-10-01 11:21:53 +00:00
Geoff Thorpe
6ef2ff62fc
Make -Werror happy again.
2004-09-18 01:32:32 +00:00
Dr. Stephen Henson
58606421ae
When looking for request extensions in a certificate look first
...
for the PKCS#9 OID then the non standard MS OID.
2004-09-10 20:20:54 +00:00
Richard Levitte
d813ff2ac1
make update
2004-09-10 10:30:33 +00:00
Dr. Stephen Henson
5d7c222db8
New X509_VERIFY_PARAM structure and associated functionality.
...
This tidies up verify parameters and adds support for integrated policy
checking.
Add support for policy related command line options. Currently only in smime
application.
WARNING: experimental code subject to change.
2004-09-06 18:43:01 +00:00