Rich Salz
4ce5ed5f39
RT3682: Avoid double-free on OCSP parse error
...
Found by Kurt Cancemi
(Manual cherry-pick of f8e427154bbc0c33f29fa7aad001b1b655e5995b)
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-06-23 08:14:24 -04:00
Matt Caswell
017a06c7d1
Add -no_alt_chains option to apps to implement the new
...
X509_V_FLAG_NO_ALT_CHAINS flag. Using this option means that when building
certificate chains, the first chain found will be the one used. Without this
flag, if the first chain found is not trusted then we will keep looking to
see if we can build an alternative chain instead.
Conflicts:
apps/cms.c
apps/ocsp.c
apps/s_client.c
apps/s_server.c
apps/smime.c
apps/verify.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-20 13:42:17 +01:00
Matt Caswell
ae5c8664e5
Run util/openssl-format-source -v -c .
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:31:38 +00:00
Kurt Roeckx
e9f47de1f0
Use the SSLv23 method by default
...
If SSLv2 and SSLv3 are both disabled we still support SSL/TLS.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-02 11:28:42 +01:00
Matt Caswell
e164582690
Tidy up ocsp help output
...
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 5e31a40f47
)
Conflicts:
apps/ocsp.c
2014-11-27 14:16:49 +00:00
André Guerreiro
4d3df37bc7
Add documentation on -timeout option in the ocsp utility
...
PR#3612
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit de87dd46c1
)
2014-11-27 14:14:52 +00:00
Dr. Stephen Henson
361fd136e9
Typo.
...
PR#3107
(cherry picked from commit 7c206db928
)
2014-06-28 12:42:59 +01:00
Dr. Stephen Henson
b9ce05acc4
Fix free errors in ocsp utility.
...
Keep copy of any host, path and port values allocated by
OCSP_parse_url and free as necessary.
(cherry picked from commit 5219d3dd35
)
2014-04-09 15:45:16 +01:00
Ben Laurie
1ebaf97c44
Constification.
2013-10-07 12:44:40 +01:00
Dr. Stephen Henson
708454f010
add missing \n
2012-12-23 18:12:28 +00:00
Dr. Stephen Henson
9b157602e0
Backport enhancements to OCSP utility from HEAD:
...
Support - as a file for standard input or output.
Add -badsig option to generate invalid signatures for testing.
New -rmd option to specify digest to sign OCSP responses with.
2012-12-20 19:06:39 +00:00
Dr. Stephen Henson
67e217c84c
revert, missing commit message
2012-12-20 19:01:55 +00:00
Dr. Stephen Henson
7b7b667ddc
apps/ocsp.c
2012-12-20 18:59:09 +00:00
Dr. Stephen Henson
db05bc512d
Return success when the responder is active.
...
Don't verify our own responses.
(backport from HEAD)
2012-12-19 15:02:58 +00:00
Ben Laurie
d65b8b2162
Backport OCSP fixes.
2012-12-14 12:53:53 +00:00
Dr. Stephen Henson
0c690586e0
PR: 2064, 728
...
Submitted by: steve@openssl.org
Add support for custom headers in OCSP requests.
2009-09-30 21:41:53 +00:00
Dr. Stephen Henson
bc8c5fe58d
Free SSL_CTX after BIO
2009-09-30 21:35:26 +00:00
Dr. Stephen Henson
4386445c18
Change STRING to OPENSSL_STRING etc as common words such
...
as "STRING" cause conflicts with other headers/libraries.
2009-07-27 21:08:53 +00:00
Dr. Stephen Henson
9ccd4e224f
Add USE_SOCKETS.
2009-04-02 15:19:03 +00:00
Dr. Stephen Henson
3859d7ee78
Just to be awkward Ubuntu 8.10 doesn't like _XOPEN_SOURCE_EXTENDED...
2009-02-06 16:43:52 +00:00
Richard Levitte
5871ddb016
Because DEC C - sorry, HP C - is picky about features, we need to
...
define _XOPEN_SOURCE_EXTENDED to reach fd_set and timeval types and
functionality.
2009-01-28 07:38:14 +00:00
Dr. Stephen Henson
2e5975285e
Update obsolete email address...
2008-11-05 18:39:08 +00:00
Ben Laurie
5ce278a77b
More type-checking.
2008-06-04 11:01:43 +00:00
Geoff Thorpe
1e26a8baed
Fix a variety of warnings generated by some elevated compiler-fascism,
...
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
2008-03-16 21:05:46 +00:00
Andy Polyakov
637f90621d
Cygwin compatibility fix to apps/ocsp.c.
2008-01-05 21:32:29 +00:00
Dr. Stephen Henson
eef0c1f34c
Netware support.
...
Submitted by: Guenter Knauf <eflash@gmx.net>
2008-01-03 22:43:04 +00:00
Dr. Stephen Henson
341e18b497
Handle non-SHA1 digests for certids in OCSP test responder.
2007-12-14 12:43:50 +00:00
Dr. Stephen Henson
cec2538ca9
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>, steve
...
Use default algorithms for OCSP request and response signing. New command
line option to support other digest use for OCSP certificate IDs.
2007-12-04 12:41:28 +00:00
Dr. Stephen Henson
67c8e7f414
Support for certificate status TLS extension.
2007-09-26 21:56:59 +00:00
Dr. Stephen Henson
710069c19e
Fix warnings.
2007-08-12 17:44:32 +00:00
Dr. Stephen Henson
ad35cdac74
PR: 1516
...
Revert change in 1516 because it breaks Windows build. Use a modified version
of the headers from s_client.c which has used similar functionality without
any problems.
2007-05-16 12:16:49 +00:00
Ben Laurie
313fce7b61
Don't free a NULL. Coverity ID 112.
2007-04-04 14:59:20 +00:00
Ben Laurie
4b8747e440
Die if serial number is invalid.
2007-04-04 13:41:33 +00:00
Richard Levitte
a1d915990b
Apply a more modern way to get the definition of select(), except for VMS.
...
Submitted by Corinna Vinschen <vinschen@redhat.com>
2007-03-29 18:34:57 +00:00
Richard Levitte
8bbf6bcf17
Needed definition of _XOPEN_SOURCE_EXTENDED so DEC C on VMS will see
...
the declarations of fd_set, select() and so on.
2006-12-25 10:54:14 +00:00
Nils Larsch
5dfe910023
properly initialize SSL context, check return value
2006-12-13 22:06:37 +00:00
Richard Levitte
5776c3c4c6
According to documentation, including time.h declares select() on
...
OpenVMS, and possibly more.
Ref: http://h71000.www7.hp.com/doc/82final/6529/6529pro_019.html#r_select
2006-08-20 05:54:35 +00:00
Dr. Stephen Henson
b589427941
WIN32 fixes signed/unsigned issues and slightly socket semantics.
2006-07-17 18:52:51 +00:00
Dr. Stephen Henson
454dbbc593
Add -timeout option to ocsp utility.
2006-07-17 13:26:54 +00:00
Geoff Thorpe
f0eae953e2
Remove some unnecessary recursive includes from the internal apps.h header,
...
and include bn.h in those C files that need bignum functionality.
2004-05-17 19:05:32 +00:00
Dr. Stephen Henson
560dfd2a02
New -ignore_err option in ocsp application to stop the server
...
exiting on the first error in a request.
2003-09-03 23:56:01 +00:00
Richard Levitte
3ae70939ba
Correct a lot of printing calls. Remove extra arguments...
2003-04-03 23:39:48 +00:00
Richard Levitte
f85b68cd49
Make it possible to have multiple active certificates with the same
...
subject.
2003-04-03 16:33:03 +00:00
Dr. Stephen Henson
e5b0508a14
Update ocsp usage message and docs.
2003-03-26 00:46:47 +00:00
Richard Levitte
e270cf9c5e
Pay attention to disabled SSL versions.
...
PR: 500
2003-02-14 05:24:22 +00:00
Richard Levitte
85d686e723
Make it possible to disable OCSP, the speed application, and the use of sockets.
...
PR: 358
2003-02-14 01:02:58 +00:00
Richard Levitte
1c3e4a3660
EXIT() may mean return(). That's confusing, so let's have it really mean
...
exit() in whatever way works for the intended platform, and define
OPENSSL_EXIT() to have the old meaning (the name is of course because
it's only used in the openssl program)
2002-12-03 16:33:03 +00:00
Ben Laurie
54a656ef08
Security fixes brought forward from 0.9.7.
2002-11-13 15:43:43 +00:00
Richard Levitte
2245cd87d4
BN_bn2hex() returns "0" instead of "00" for zero. This disrputs the
...
requirement that the serial number always be an even amount of characters.
PR: 248
2002-10-11 09:38:56 +00:00
Richard Levitte
da9b972466
Make it possible to load keys from stdin, and restore that
...
functionality in the programs that had that before.
Part fo PR 164
2002-08-01 16:28:40 +00:00