Dr. Stephen Henson
a5cdb7d5bd
Avoid warnings.
2008-04-01 16:29:42 +00:00
Dr. Stephen Henson
f4cc56f494
Signed Receipt Request utility functions and option on CMS utility to
...
print out receipt requests.
2008-03-26 13:10:21 +00:00
Dr. Stephen Henson
be86c7fc87
Add signed receipt ASN1 structures. Initial GENERAL_NAME utility functions.
2008-03-24 22:14:02 +00:00
Dr. Stephen Henson
67c8e7f414
Support for certificate status TLS extension.
2007-09-26 21:56:59 +00:00
Dr. Stephen Henson
a6fbcb4220
Change safestack reimplementation to match 0.9.8.
...
Fix additional gcc 4.2 value not used warnings.
2007-09-07 13:25:15 +00:00
Dr. Stephen Henson
3c07d3a3d3
Finish gcc 4.2 changes.
2007-06-07 13:14:42 +00:00
Dr. Stephen Henson
376bf1d4aa
Constification.
2007-04-11 12:26:53 +00:00
Dr. Stephen Henson
bbb5cf05db
Fix from stable branch.
2007-03-05 00:09:08 +00:00
Dr. Stephen Henson
af32f9fdda
Update from fips2 branch.
2007-02-03 17:32:49 +00:00
Dr. Stephen Henson
560b79cbff
Constify version strings and some structures.
2007-01-21 13:07:17 +00:00
Richard Levitte
ea46f5e0e5
Replace strdup() with BUF_strdup().
2006-12-25 09:43:46 +00:00
Nils Larsch
360ff3cf58
fix order
2006-12-18 22:20:27 +00:00
Dr. Stephen Henson
10ca15f3fa
Fix change to OPENSSL_NO_RFC3779
2006-12-06 13:36:48 +00:00
Dr. Stephen Henson
d137b56a5b
Win32 fixes from stable branch.
2006-11-30 13:39:34 +00:00
Ben Laurie
96ea4ae91c
Add RFC 3779 support.
2006-11-27 14:18:05 +00:00
Dr. Stephen Henson
47a9d527ab
Update from 0.9.8 stable. Eliminate duplicate error codes.
2006-11-21 21:29:44 +00:00
Dr. Stephen Henson
55a08fac68
Typo.
2006-10-05 21:59:50 +00:00
Dr. Stephen Henson
bc7535bc7f
Support for AKID in CRLs and partial support for IDP. Overhaul of CRL
...
handling to support this.
2006-09-14 17:25:02 +00:00
Dr. Stephen Henson
4d50a2b4d6
Add verify callback functions to lookup a STACK of matching certs or CRLs
...
based on subject name.
New thread safe functions to retrieve matching STACK from X509_STORE.
Cache some IDP components.
2006-09-10 12:38:37 +00:00
Dr. Stephen Henson
edc540211c
Cache some CRL related extensions.
2006-07-24 12:39:22 +00:00
Ulf Möller
c3bb1f8166
unused function
2006-03-06 17:58:25 +00:00
Nils Larsch
95a0e8ab31
fix warning
2006-02-13 08:45:53 +00:00
Ulf Möller
c7235be6e3
RFC 3161 compliant time stamp request creation, response generation
...
and response verification.
Submitted by: Zoltan Glozik <zglozik@opentsa.org>
Reviewed by: Ulf Moeller
2006-02-12 23:11:56 +00:00
Dr. Stephen Henson
15ac971681
Update filenames in makefiles.
2006-02-04 01:45:59 +00:00
Nils Larsch
8c5a2bd6bb
add additional checks + cleanup
...
Submitted by: David Hartman <david_hartman@symantec.com>
2006-01-29 23:12:22 +00:00
Bodo Möller
51eb1b81f6
Avoid contradictive error code assignments.
...
"make errors".
2006-01-08 21:54:24 +00:00
Nils Larsch
53b38d37a9
fix potential memory leak + improved error checking
...
PR: 1182
2005-08-05 09:42:45 +00:00
Nils Larsch
c755c5fd8b
improved error checking and some fixes
...
PR: 1170
Submitted by: Yair Elharrar
Reviewed and edited by: Nils Larsch
2005-07-26 21:10:34 +00:00
Dr. Stephen Henson
8eb7217580
Add declaration for IDP ASN1 functions.
2005-07-26 11:43:11 +00:00
Dr. Stephen Henson
0537f9689c
Add support for setting IDP too.
2005-07-25 22:35:36 +00:00
Dr. Stephen Henson
0c010a1517
Don't use @syntax for extended CRLDP format.
2005-07-25 18:55:40 +00:00
Dr. Stephen Henson
0745d0892d
Allow setting of all fields in CRLDP. Few cosmetic changes to output.
2005-07-25 18:42:29 +00:00
Dr. Stephen Henson
5e64f8c44c
Typo which prevents mult valued RDNs being created.
2005-07-25 18:39:44 +00:00
Dr. Stephen Henson
9aa9d70ddb
Print out previously unsupported fields in CRLDP by i2r instead of i2v.
...
Cosmetic changes to IDP printout.
2005-07-24 00:23:57 +00:00
Dr. Stephen Henson
231493c93c
Initial print only support for IDP CRL extension.
2005-07-23 23:33:06 +00:00
Dr. Stephen Henson
f5d51a9362
Fix extension ordering.
2005-06-22 13:26:23 +00:00
Andy Polyakov
ce92b6eb9c
Further BUILDENV refinement, further fool-proofing of Makefiles and
...
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342 .
2005-05-16 16:55:47 +00:00
Andy Polyakov
81a86fcf17
Fool-proofing Makefiles
2005-05-15 22:23:26 +00:00
Bodo Möller
8afca8d9c6
Fix more error codes.
...
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
2005-05-11 03:45:39 +00:00
Dr. Stephen Henson
29dc350813
Rebuild error codes.
2005-04-12 16:15:22 +00:00
Richard Levitte
4bb61becbb
Add emacs cache files to .cvsignore.
2005-04-11 14:17:07 +00:00
Richard Levitte
d9bfe4f97c
Added restrictions on the use of proxy certificates, as they may pose
...
a security threat on unexpecting applications. Document and test.
2005-04-09 16:07:12 +00:00
Ben Laurie
42ba5d2329
Blow away Makefile.ssl.
2005-03-30 13:05:57 +00:00
Richard Levitte
a7201e9a1b
Changes concering RFC 3820 (proxy certificates) integration:
...
- Enforce that there should be no policy settings when the language
is one of id-ppl-independent or id-ppl-inheritAll.
- Add functionality to ssltest.c so that it can process proxy rights
and check that they are set correctly. Rights consist of ASCII
letters, and the condition is a boolean expression that includes
letters, parenthesis, &, | and ^.
- Change the proxy certificate configurations so they get proxy
rights that are understood by ssltest.c.
- Add a script that tests proxy certificates with SSL operations.
Other changes:
- Change the copyright end year in mkerr.pl.
- make update.
2005-01-17 17:06:58 +00:00
Richard Levitte
6951c23afd
Add functionality needed to process proxy certificates.
2004-12-28 00:21:35 +00:00
Dr. Stephen Henson
a0e7c8eede
Add lots of checks for memory allocation failure, error codes to indicate
...
failure and freeing up memory if a failure occurs.
PR:620
2004-12-05 01:03:15 +00:00
Dr. Stephen Henson
8f284faaec
V1 certificates that aren't self signed can't be accepted as CAs.
2004-12-03 00:10:34 +00:00
Richard Levitte
5073ff0346
Split X509_check_ca() into a small self and an internal function
...
check_ca(), to resolve constness issue. check_ca() is called from the
purpose checkers instead of X509_check_ca(), since the stuff done by
the latter (except for calling check_ca()) is also done by
X509_check_purpose().
2004-11-30 12:18:55 +00:00
Richard Levitte
30b415b076
Make an explicit check during certificate validation to see that the
...
CA setting in each certificate on the chain is correct. As a side-
effect always do the following basic checks on extensions, not just
when there's an associated purpose to the check:
- if there is an unhandled critical extension (unless the user has
chosen to ignore this fault)
- if the path length has been exceeded (if one is set at all)
- that certain extensions fit the associated purpose (if one has been
given)
2004-11-29 11:28:08 +00:00
Richard Levitte
a2ac429da2
Don't use $(EXHEADER) directly in for loops, as most shells will break
...
if $(EXHEADER) is empty.
Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
2004-11-02 23:55:01 +00:00