Dr. Stephen Henson
60790aff6f
PR: 627
...
Allocate certificatePolicies correctly if CPS field is absent.
Fix various memory leaks in certificatePolicies.
2003-05-28 17:28:11 +00:00
Dr. Stephen Henson
ff160dba54
PR: 631
...
Submitted by: Doug Sauder <dws+001@hunnysoft.com>
Fix bug in X509V3_get_d2i() when idx in not NULL.
2003-05-28 16:57:22 +00:00
Dr. Stephen Henson
e19d0ef068
PR: 631
...
Submitted by: Doug Sauder <dws+001@hunnysoft.com>
Fix bug in X509V3_get_d2i() when idx in not NULL.
2003-05-28 16:57:08 +00:00
Dr. Stephen Henson
8c5e375c8e
Typo.
2003-05-02 11:42:17 +00:00
Dr. Stephen Henson
b9d2d20086
Make DER option work again.
...
Fix typo.
2003-05-02 11:41:40 +00:00
Richard Levitte
3ae70939ba
Correct a lot of printing calls. Remove extra arguments...
2003-04-03 23:39:48 +00:00
Richard Levitte
8382ec5d37
Reindent for readability.
2003-04-03 19:10:32 +00:00
Richard Levitte
54e73364f1
Don't feil when indent is 0.
...
PR: 559
2003-03-31 13:24:04 +00:00
Richard Levitte
6dd6da6005
Don't feil when indent is 0.
...
PR: 559
2003-03-31 13:24:02 +00:00
Dr. Stephen Henson
1a15c89988
Multi valued AVA support.
2003-03-30 01:51:16 +00:00
Dr. Stephen Henson
81bd0446a9
make update
2003-03-24 17:06:25 +00:00
Dr. Stephen Henson
520b76ffd9
Support for name constraints.
2003-03-24 17:04:44 +00:00
Dr. Stephen Henson
5cc5ec1bba
make update
2003-03-21 16:28:29 +00:00
Dr. Stephen Henson
f80153e20b
Support for policy constraints.
2003-03-21 16:26:20 +00:00
Dr. Stephen Henson
b24668626e
make update
2003-03-20 17:59:39 +00:00
Dr. Stephen Henson
ea3675b5b6
New ASN1 macros to just implement and declare the new and free functions
...
and changes to mkdef.pl so it recognises them.
Use these in policyMappings extension.
2003-03-20 17:58:33 +00:00
Dr. Stephen Henson
a1d12daed2
Support for policyMappings
2003-03-20 17:26:44 +00:00
Dr. Stephen Henson
f0dc08e656
Support for dirName from config files in GeneralName extensions.
2003-02-27 01:54:11 +00:00
Richard Levitte
b9447ec1bc
Make it possible to disable OCSP, the speed application, and the use of sockets.
...
PR: 358
2003-02-14 01:03:06 +00:00
Richard Levitte
85d686e723
Make it possible to disable OCSP, the speed application, and the use of sockets.
...
PR: 358
2003-02-14 01:02:58 +00:00
Dr. Stephen Henson
4e5d3a7f98
IPv6 display and input support for extensions usingh GeneralName.
2003-02-05 00:34:31 +00:00
Richard Levitte
40b676aa4f
DVCS (see RFC 3029) was missing among the possible purposes.
...
Notified privately to me by Peter Sylvester <Peter.Sylvester@EdelWeb.fr>,
one of the authors of said RFC
2003-01-29 15:06:38 +00:00
Richard Levitte
b637670f03
DVCS (see RFC 3029) was missing among the possible purposes.
...
Notified privately to me by Peter Sylvester <Peter.Sylvester@EdelWeb.fr>,
one of the authors of said RFC
2003-01-29 15:06:35 +00:00
Richard Levitte
6983b4615c
Adjust the parameter lists in some not commonly used files.
...
PR: 428
2003-01-01 23:41:50 +00:00
Richard Levitte
0c055b201e
Adjust the parameter lists in some not commonly used files.
...
PR: 428
2003-01-01 23:41:46 +00:00
Richard Levitte
5e42f9ab46
make update
2002-12-29 01:38:15 +00:00
Dr. Stephen Henson
65caee44ff
Fix get_email: 0 is a valid return value
2002-11-14 00:46:11 +00:00
Dr. Stephen Henson
327e113775
Fix get_email: 0 is a valid return value
2002-11-14 00:45:04 +00:00
Ben Laurie
54a656ef08
Security fixes brought forward from 0.9.7.
2002-11-13 15:43:43 +00:00
Dr. Stephen Henson
2232e262bf
Fix memory leak in s2i_ASN_INTEGER and return an error
...
if any invalid characters are present.
2002-11-13 00:40:51 +00:00
Dr. Stephen Henson
9ea1b87862
Initial ASN1 generation code. This can construct
...
arbitrary encodings from strings and config files.
Documentation to follow...
2002-11-12 13:34:51 +00:00
Ben Laurie
9831d941ca
Many security improvements (CHATS) and a warning fix.
2002-11-12 13:23:40 +00:00
Richard Levitte
001ab3abad
Use double dashes so makedepend doesn't misunderstand the flags we
...
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
2002-10-09 13:25:12 +00:00
Richard Levitte
ff90d659e6
Use double dashes so makedepend doesn't misunderstand the flags we
...
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
2002-10-09 13:21:33 +00:00
Bodo Möller
74cc4903ef
make update
2002-08-09 12:16:15 +00:00
Lutz Jänicke
3aecef7697
"make update"
2002-07-30 12:44:33 +00:00
Lutz Jänicke
3720ea24f0
"make update"
...
Submitted by:
Reviewed by:
PR:
2002-07-30 07:18:03 +00:00
Bodo Möller
5dbd3efce7
Replace 'ecdsaparam' commandline utility by 'ecparam'
...
(the same keys can be used for ECC schemes other than ECDSA)
and add some new options.
Similarly, use string "EC PARAMETERS" instead of "ECDSA PARAMETERS"
in 'PEM' format.
Fix ec_asn1.c (take into account the desired conversion form).
'make update'.
Submitted by: Nils Larsch
2002-07-14 16:54:31 +00:00
Richard Levitte
ca55c617e5
Pass CFLAG to dependency makers, so non-standard system include paths are
...
handled properly.
Part of PR 75
2002-06-27 16:44:52 +00:00
Richard Levitte
17085b022c
Pass CFLAG to dependency makers, so non-standard system include paths are
...
handled properly.
Part of PR 75
2002-06-27 16:39:25 +00:00
Dr. Stephen Henson
99889b46c9
Fix ext_dat.h extension ordering.
...
Reinstate -reqout code.
Avoid coredump in ocsp if setup_verify
fails.
Fix typo in ocsp usage message.
2002-06-13 12:56:27 +00:00
Dr. Stephen Henson
2e674fc611
Fix ext_dat.h extension ordering.
...
Reinstate -reqout code.
Avoid coredump in ocsp if setup_verify
fails.
Fix typo in ocsp usage message.
2002-06-13 12:54:52 +00:00
Dr. Stephen Henson
b2e85f9d93
The new ASN1 code automatically allocates
...
structures for fields that are not OPTIONAL.
However in the AUTHORITY_INFO_ACCESS case
the 'location' field was set to NULL in
the old code.
So in 0.9.7+ we should free up the field before
overwriting it in v2i_AUTHORITY_INFO_ACCESS.
2002-06-13 00:43:59 +00:00
Dr. Stephen Henson
04cc76660a
The new ASN1 code automatically allocates
...
structures for fields that are not OPTIONAL.
However in the AUTHORITY_INFO_ACCESS case
the 'location' field was set to NULL in
the old code.
So in 0.9.7+ we should free up the field before
overwriting it in v2i_AUTHORITY_INFO_ACCESS.
2002-06-13 00:43:27 +00:00
Richard Levitte
c4ac954c59
Check the return values where memory allocation failures may happen.
...
PR: 49
2002-05-30 16:50:38 +00:00
Richard Levitte
9cdf87f194
Check the return values where memory allocation failures may happen.
...
PR: 49
2002-05-30 16:47:45 +00:00
Bodo Möller
59dbdb51dc
disable '#ifdef DEBUG' sections
2002-02-28 10:51:56 +00:00
Bodo Möller
de603b75fc
disable '#ifdef DEBUG' sections
2002-02-21 14:08:47 +00:00
Bodo Möller
4d94ae00d5
ECDSA support
...
Submitted by: Nils Larsch <nla@trustcenter.de>
2002-02-13 18:21:51 +00:00
Bodo Möller
072569e0f1
Undo previous change, X509_check_issued() was correct.
...
[See
Message-ID: <3BB07999.30432AD2@celocom.com>
Date: Tue, 25 Sep 2001 13:33:29 +0100
From: Dr S N Henson <drh@celocom.com>
To: openssl-dev@openssl.org
Subject: Re: Error in v3_purp.c
]
2002-01-27 17:41:12 +00:00
Richard Levitte
63810d8566
Apply a small patch from Diego R. Lopez <diego.lopez@rediris.es>,
...
making X509_check_issued() properly match an issuer that's found in a
Authority Key Identifier.
2002-01-26 04:25:16 +00:00
Bodo Möller
4d7072f4b5
remove redundant ERR_load_... declarations
2001-12-17 19:22:23 +00:00
Dr. Stephen Henson
7d5b04db4e
Add support for Subject Info Acess extension.
2001-10-27 00:16:53 +00:00
Dr. Stephen Henson
f1558bb424
Reject certificates with unhandled critical extensions.
2001-10-21 02:09:15 +00:00
Dr. Stephen Henson
20d2186c87
Retain compatibility of EVP_DigestInit() and EVP_DigestFinal()
...
with existing code.
Modify library to use digest *_ex() functions.
2001-10-16 01:24:29 +00:00
Richard Levitte
f8000b9345
'make update'
2001-10-04 07:49:09 +00:00
Dr. Stephen Henson
96bd6f730a
Add certificate and request demos.
...
Fix X509V3 macro so they compile.
2001-09-12 00:19:20 +00:00
Ben Laurie
d66ace9da5
Start to reduce some of the header bloat.
2001-08-05 18:02:16 +00:00
Richard Levitte
710e5d5639
make update
2001-07-31 17:07:24 +00:00
Ben Laurie
dbad169019
Really add the EVP and all of the DES changes.
2001-07-30 23:57:25 +00:00
Dr. Stephen Henson
1241126adf
More linker bloat reorganisation:
...
Split private key PEM and normal PEM handling. Private key
handling needs to link in stuff like PKCS#8.
Relocate the ASN1 *_dup() functions, to the relevant ASN1
modules using new macro IMPLEMENT_ASN1_DUP_FUNCTION. Previously
these were all in crypto/x509/x_all.c along with every ASN1
BIO/fp function which linked in *every* ASN1 function if
a single dup was used.
Move the authority key id ASN1 structure to a separate file.
This is used in the X509 routines and its previous location
linked in all the v3 extension code.
Also move ASN1_tag2bit to avoid linking in a_bytes.c which
is now largely obsolete.
So far under Linux stripped binary with single PEM_read_X509
is now 238K compared to 380K before these changes.
2001-07-27 02:22:42 +00:00
Dr. Stephen Henson
b7a26e6daf
Modify apps to use NCONF code instead of old CONF code.
...
Add new extension functions which work with NCONF.
Tidy up extension config routines and remove redundant code.
Fix NCONF_get_number().
Todo: more testing of apps to see they still work...
2001-06-28 11:41:50 +00:00
Dr. Stephen Henson
926a56bfe3
Purpose and trust setting functions for X509_STORE.
...
Tidy existing code.
2001-05-10 00:13:59 +00:00
Richard Levitte
c9fd77e9dd
Make it possible to move the emailAddress object to the subjectAltName
...
extension instead of just copying it. That makes a certificate comply
even more with PKIX recommendations according to RFC 2459.
2001-04-11 12:55:06 +00:00
Dr. Stephen Henson
535d79da63
Overhaul the display of certificate details in
...
the 'ca' utility. This can now be extensively
customised in the configuration file and handles
multibyte strings and extensions properly.
This is required when extensions copying from
certificate requests is supported: the user
must be able to view the extensions before
allowing a certificate to be issued.
2001-03-15 19:13:40 +00:00
Bodo Möller
4e20b1a656
Instead of telling both 'make' and the user that ranlib
...
errors can be tolerated, hide the error from 'make'.
This gives shorter output both if ranlib fails and if
it works.
2001-03-09 14:01:42 +00:00
Dr. Stephen Henson
f23478c314
Fix bug in copy_email() which would not
...
find emailAddress at start of subject name.
2001-03-01 13:32:11 +00:00
Richard Levitte
d88a26c489
make update
...
Note that all *_it variables are suddenly non-existant according to
libeay.num. This is a bug that will be corrected. Please be patient.
2001-02-26 10:54:08 +00:00
Dr. Stephen Henson
d339187b1a
Get rid of ASN1_ITEM_FUNCTIONS dummy function
...
prototype hack. This unfortunately means that
every ASN1_*_END construct cannot have a
trailing ;
2001-02-23 12:47:06 +00:00
Dr. Stephen Henson
bb5ea36b96
Initial support for ASN1_ITEM_FUNCTION option to
...
change the way ASN1 modules are exported.
Still needs a bit of work for example the hack which a
dummy function prototype to avoid compilers warning about
multiple ;s.
2001-02-23 03:16:09 +00:00
Richard Levitte
41d2a336ee
e_os.h does not belong with the exported headers. Do not put it there
...
and make all files the depend on it include it without prefixing it
with openssl/.
This means that all Makefiles will have $(TOP) as one of the include
directories.
2001-02-22 14:45:02 +00:00
Richard Levitte
cf1b7d9664
Make all configuration macros available for application by making
...
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.
I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
2001-02-19 16:06:34 +00:00
Dr. Stephen Henson
a6b7ffddac
New options to 'ca' utility to support CRL entry extensions.
...
Add revelant new X509V3 extensions.
Add OIDs.
Fix ASN1 memory leak code to pop info if external allocation used.
2001-02-16 01:35:44 +00:00
Ulf Möller
741a9690df
Fix potential buffer overrun for EBCDIC.
2001-02-06 02:54:02 +00:00
Dr. Stephen Henson
88ce56f8c1
Various function for commmon operations.
2001-02-02 00:45:54 +00:00
Dr. Stephen Henson
8cff6331c9
Tolerate some "variations" used in some
...
certificates.
One is a valid CA which has no basicConstraints
but does have certSign keyUsage.
Other is S/MIME signer with nonRepudiation but
no digitalSignature.
2001-02-01 01:57:32 +00:00
Dr. Stephen Henson
8e8972bb68
Fixes to various ASN1_INTEGER routines for negative case.
...
Enhance s2i_ASN1_INTEGER().
2001-01-19 14:21:48 +00:00
Dr. Stephen Henson
81f169e95c
Initial OCSP certificate verify. Not complete,
...
it just supports a "trusted OCSP global root CA".
2001-01-17 01:31:34 +00:00
Dr. Stephen Henson
a8312c0e24
Fix typo in OCSP nonce extension.
...
Set correct type in ASN1_STRING for
INTEGER and ENUMERATED types.
Make ASN1_INTEGER_get() and ASN1_ENUMERATED_get()
return -1 for invalid type rather than 0 (which is
often valid). -1 may also be valid but this is less
likely.
Load OCSP error strings in ERR_load_crypto_strings().
2001-01-04 19:53:48 +00:00
Dr. Stephen Henson
bf0d176e48
Update OCSP API.
...
Remove extensions argument from various functions
because it is not needed with the new extension
code.
New function OCSP_cert_to_id() to convert a pair
of certificates into an OCSP_CERTID.
New simple OCSP HTTP function. This is rather primitive
but just about adequate to send OCSP requests and
parse the response.
Fix typo in CRL distribution points extension.
Fix ASN1 code so it adds a final null to constructed
strings.
2001-01-04 01:46:36 +00:00
Richard Levitte
701adceb12
"make update" plus a rewrite of both .num files.
2000-12-29 00:19:12 +00:00
Dr. Stephen Henson
28ddfc61dc
X509V3_add_i2d() needs to be able to allocate a
...
STACK_OF(X509_EXTENSION) so it should be passed
STACK_OF(X509_EXTENSION) ** in the first argument.
Modify wrappers appropriately.
2000-12-27 13:42:43 +00:00
Dr. Stephen Henson
57d2f21782
New function X509V3_add_i2d() this is used for
...
encoding, replacing and deleting extensions.
Fix X509V3_get_d2i() so it uses takes note of
new critical behaviour.
2000-12-24 18:02:33 +00:00
Dr. Stephen Henson
5755cab49d
Fixes to OCSP print code.
...
Don't try to print request certificates if signature is not present.
Remove unnecessary test for certificates being NULL.
Fix typos in printed output.
Tidy up output.
Fix for typo in OCSP_SERVICELOC ASN1 template.
Also give a bit more info in CHANGES about the ASN1 revision.
2000-12-20 00:46:44 +00:00
Dr. Stephen Henson
6546fdfaf8
Add OCSP service locator extension.
2000-12-16 12:51:58 +00:00
Dr. Stephen Henson
f1a6a0d4dd
Add support for the noCheck OCSP extension. This is
...
just a NULL and appears in a certificate.
2000-12-16 01:58:58 +00:00
Dr. Stephen Henson
c08523d862
Implement some standard OCSP extensions in the v3 code. These
...
are all raw print only extensions at present.
2000-12-15 13:42:00 +00:00
Dr. Stephen Henson
2fc0d1f15e
Add OCSP nonce extension to supported extensions.
...
This is a little unusual because it can contain no
structure i.e. the extension OCTET STRING content
octets do not contain a DER encoded structure.
2000-12-14 23:27:20 +00:00
Dr. Stephen Henson
2c15d426b9
New function X509V3_extensions_print() this removes extension duplication
...
from the print routines.
Reorganisation of OCSP code: initial print routines in ocsp_prn.c. Doesn't
work fully because OCSP extensions aren't reimplemented yet.
Implement some ASN1 functions needed to compile OCSP code.
2000-12-14 18:42:28 +00:00
Dr. Stephen Henson
36ac656a1b
Stop extension creation code core dumping.
...
This was caused by no initialising the buffer
to NULL when using the auto allocating version
if i2d.
2000-12-13 13:55:03 +00:00
Dr. Stephen Henson
2aff7727f7
Rewrite the extension code to use an ASN1_ITEM structure
...
for its ASN1 operations as well as the old style function
pointers (i2d, d2i, new, free). Change standard extensions
to support this.
Fix a warning in BN_mul(), bn_mul.c about uninitialised 'j'.
2000-12-13 13:47:33 +00:00
Dr. Stephen Henson
9d6b1ce644
Merge from the ASN1 branch of new ASN1 code
...
to main trunk.
Lets see if the makes it to openssl-cvs :-)
2000-12-08 19:09:35 +00:00
Ulf Möller
6a8ba34f9d
in some new file names the first 8 characters were not unique
2000-11-12 22:32:18 +00:00
Richard Levitte
eb64730b9c
The majority of the OCSP code from CertCo.
2000-10-27 11:05:35 +00:00
Richard Levitte
3ab5651112
The experimental Rijndael code moved to the main trunk.
...
make update done.
2000-10-14 20:09:54 +00:00
Dr. Stephen Henson
8ca533e378
More code for X509_print_ex() support.
2000-10-06 11:51:47 +00:00
Richard Levitte
4e20a4e688
'ranlib' doesn't always run on some systems. That's actually
...
acceptable, since all that happens if it fails is a library with
an index, which makes linking slower, but still working correctly.
2000-09-25 08:53:15 +00:00
Richard Levitte
62324627aa
Use sk_*_new_null() instead of sk_*_new(NULL), since that takes care
...
of complaints from the compiler about data pointers and function
pointers not being compatible with each other.
2000-09-17 18:21:27 +00:00
Richard Levitte
97d8e82c4c
Marin Kraemer <Martin.Kraemer@MchP.Siemens.De> sent us patches to make
...
the OpenSSL commands x50 and req work better on a EBCDIC system.
2000-09-10 14:45:19 +00:00
Richard Levitte
62ab514e98
'make update'
2000-09-07 08:46:51 +00:00