Ben Laurie
3642f632d3
Pull FIPS back into stable.
2004-05-11 12:46:24 +00:00
Dr. Stephen Henson
0902c559fb
Typos.
...
Reported by: Jose Castejon-Amenedo <Jose.Castejon-Amenedo@hp.com>
2004-03-04 21:41:59 +00:00
Richard Levitte
4d6b383680
Avoid a memory leak in OCSP_parse_url().
...
Notified by Paul Siegel <psiegel@corestreet.com>
2004-03-01 14:58:25 +00:00
Dr. Stephen Henson
33ad6eca7a
Use an OCTET STRING for the encoding of an OCSP nonce value.
...
The old raw format can't be handled by some implementations
and updates to RFC2560 will make the OCTET STRING mandatory.
2004-02-19 18:17:35 +00:00
Richard Levitte
cc056d6395
Use sh explicitely to run point.sh
...
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 15:00:24 +00:00
Dr. Stephen Henson
2007fe63f8
Don't give an error if response reason absent in OCSP HTTP.
2003-03-14 23:37:17 +00:00
Lutz Jänicke
282382cc14
Armor against systems without ranlib...
...
Submitted by: Thierry Lelegard <thierry.lelegard@canal-plus.fr>
PR: 461
2003-01-16 17:21:15 +00:00
Richard Levitte
7ab58bf012
Correct support for SunOS 4.1.3_U1.
...
PR: 227
2002-11-13 15:49:51 +00:00
Ben Laurie
9831d941ca
Many security improvements (CHATS) and a warning fix.
2002-11-12 13:23:40 +00:00
Dr. Stephen Henson
ddab3c9327
Typo in OCSP ASN1 module
2002-11-07 17:43:45 +00:00
Richard Levitte
ff90d659e6
Use double dashes so makedepend doesn't misunderstand the flags we
...
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
2002-10-09 13:21:33 +00:00
Richard Levitte
c2decc56b0
OCSP and KRB5 Makefil.ssl should be consistent with all the others
2002-08-01 14:19:08 +00:00
Lutz Jänicke
3720ea24f0
"make update"
...
Submitted by:
Reviewed by:
PR:
2002-07-30 07:18:03 +00:00
Richard Levitte
ca55c617e5
Pass CFLAG to dependency makers, so non-standard system include paths are
...
handled properly.
Part of PR 75
2002-06-27 16:44:52 +00:00
Bodo Möller
4d7072f4b5
remove redundant ERR_load_... declarations
2001-12-17 19:22:23 +00:00
Richard Levitte
b476df64a1
make update
...
perl util/mkerr.pl -recurse -write -rebuild
2001-11-15 12:25:14 +00:00
Dr. Stephen Henson
20d2186c87
Retain compatibility of EVP_DigestInit() and EVP_DigestFinal()
...
with existing code.
Modify library to use digest *_ex() functions.
2001-10-16 01:24:29 +00:00
Richard Levitte
f8000b9345
'make update'
2001-10-04 07:49:09 +00:00
Geoff Thorpe
79aa04ef27
Make the necessary changes to work with the recent "ex_data" overhaul.
...
See the commit log message for that for more information.
NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.
2001-09-01 20:02:13 +00:00
Ben Laurie
d66ace9da5
Start to reduce some of the header bloat.
2001-08-05 18:02:16 +00:00
Richard Levitte
710e5d5639
make update
2001-07-31 17:07:24 +00:00
Ben Laurie
dbad169019
Really add the EVP and all of the DES changes.
2001-07-30 23:57:25 +00:00
Dr. Stephen Henson
192ebef8cf
In ocsp_match_issuerid() we are passed the CA that signed the responder
...
certificate so need to match its subject with the certificate IDs in the
response.
2001-07-11 22:42:20 +00:00
Dr. Stephen Henson
d7bbd31efe
Typo in comment.
2001-02-26 23:34:14 +00:00
Dr. Stephen Henson
fafc7f9875
Enhance OCSP_request_verify() so it finds the signers certificate
...
properly and supports several flags.
2001-02-26 14:17:58 +00:00
Richard Levitte
d88a26c489
make update
...
Note that all *_it variables are suddenly non-existant according to
libeay.num. This is a bug that will be corrected. Please be patient.
2001-02-26 10:54:08 +00:00
Dr. Stephen Henson
f196522159
New function and options to check OCSP response validity.
2001-02-24 13:50:06 +00:00
Dr. Stephen Henson
d7c06e9ec7
Make OCSP cert id code tolerate a missing issuer certificate
...
or serial number.
2001-02-23 13:04:24 +00:00
Dr. Stephen Henson
d339187b1a
Get rid of ASN1_ITEM_FUNCTIONS dummy function
...
prototype hack. This unfortunately means that
every ASN1_*_END construct cannot have a
trailing ;
2001-02-23 12:47:06 +00:00
Dr. Stephen Henson
bb5ea36b96
Initial support for ASN1_ITEM_FUNCTION option to
...
change the way ASN1 modules are exported.
Still needs a bit of work for example the hack which a
dummy function prototype to avoid compilers warning about
multiple ;s.
2001-02-23 03:16:09 +00:00
Richard Levitte
41d2a336ee
e_os.h does not belong with the exported headers. Do not put it there
...
and make all files the depend on it include it without prefixing it
with openssl/.
This means that all Makefiles will have $(TOP) as one of the include
directories.
2001-02-22 14:45:02 +00:00
Richard Levitte
e28e42a549
Use sk_*_new_null() instead of sk_*_new(NULL). That avoids getting
...
lots of silly warnings from the compiler.
2001-02-20 13:06:10 +00:00
Richard Levitte
3ebac273f5
Include string.h so mem* functions get properly declared.
2001-02-20 12:43:11 +00:00
Richard Levitte
cf1b7d9664
Make all configuration macros available for application by making
...
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.
I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
2001-02-19 16:06:34 +00:00
Dr. Stephen Henson
67c1801924
New function OCSP_parse_url() and -url option for ocsp utility.
...
Doesn't handle SSL URLs yet.
2001-02-13 00:37:44 +00:00
Dr. Stephen Henson
46a58ab946
Modify OCSP nonce behaviour.
2001-02-12 23:28:45 +00:00
Richard Levitte
c2bf70a27c
The check for request including a nonce and response not having it was
...
inversed. Corrected. Hopefully, this will make it work without
dumping core.
2001-02-08 19:28:10 +00:00
Dr. Stephen Henson
deb2c1a1c5
Fix AES code.
...
Update Rijndael source to v3.0
Add AES OIDs.
Change most references of Rijndael to AES.
Add new draft AES ciphersuites.
2001-02-07 18:15:18 +00:00
Dr. Stephen Henson
26e083ccb7
New function to copy nonce values from OCSP
...
request to response.
2001-02-05 00:35:06 +00:00
Ben Laurie
4978361212
Make depend.
2001-02-04 21:06:55 +00:00
Dr. Stephen Henson
2b916952a8
Fix ASN1_TIME_to_generlizedtime().
...
Add protoype for OCSP_response_create().
Add OCSP_request_sign() and OCSP_basic_sign()
private key and certificate checks and make
OCSP_NOCERTS consistent with PKCS7_NOCERTS
2001-02-04 03:04:43 +00:00
Dr. Stephen Henson
02e4fbed3d
Various OCSP responder utility functions.
...
Delete obsolete OCSP functions.
Largely untested at present...
2001-02-03 19:20:45 +00:00
Dr. Stephen Henson
88ce56f8c1
Various function for commmon operations.
2001-02-02 00:45:54 +00:00
Dr. Stephen Henson
50d5199120
New OCSP response verify option OCSP_TRUSTOTHER
2001-01-26 01:55:52 +00:00
Dr. Stephen Henson
73758d435b
Additional functionality in ocsp utility: print summary
...
of status info. Check nonce values. Option to disable
verify. Update usage message.
Rename status to string functions and make them global.
2001-01-19 01:32:23 +00:00
Dr. Stephen Henson
e8af92fcb1
Implement remaining OCSP verify checks in
...
accordance with RFC2560.
2001-01-18 01:35:39 +00:00
Dr. Stephen Henson
81f169e95c
Initial OCSP certificate verify. Not complete,
...
it just supports a "trusted OCSP global root CA".
2001-01-17 01:31:34 +00:00
Dr. Stephen Henson
5782ceb298
New OCSP utility. This can generate, parse and print
...
OCSP requests. It can also query reponders and parse or
print out responses.
Still needs some more work: OCSP response checks and
of course documentation.
2001-01-13 01:48:38 +00:00
Bodo Möller
af5473c45a
isspace must be used only on *unsigned* chars
2001-01-12 14:45:12 +00:00
Dr. Stephen Henson
adf87b2df5
Fix typo in OCSP ASN1 module, this caused
...
invalid format in OCSP request signatures.
Add spaces to OCSP HTTP header.
Change X509_NAME_set() there's no reason
why it should return an error if the
destination points to NULL... though it
should if the destination is NULL.
2001-01-11 23:24:28 +00:00