FdaSilvaYY
0d4fb84390
GH601: Various spelling fixes.
...
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-05 15:25:50 -05:00
Rich Salz
349807608f
Remove /* foo.c */ comments
...
This was done by the following
find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
print unless $. == 1 && m@/\* .*\.[ch] \*/@;
close ARGV if eof; # Close file to reset $.
And then some hand-editing of other files.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-26 16:40:43 -05:00
Dr. Stephen Henson
8382fd3a93
Use X509_get0_pubkey where appropriate
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-31 18:44:46 +00:00
Dr. Stephen Henson
af170194a8
embed OCSP_CERTID
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-11 20:33:57 +01:00
Dr. Stephen Henson
a332635ea0
Embed various OCSP fields.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-11 20:33:57 +01:00
Dr. Stephen Henson
a8d8e06b0a
Avoid direct X509 structure access
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-06 00:17:37 +01:00
Rich Salz
75ebbd9aa4
Use p==NULL not !p (in if statements, mainly)
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-11 10:06:38 -04:00
Rich Salz
222561fe8e
free NULL cleanup 5a
...
Don't check for NULL before calling a free routine. This gets X509_.*free:
x509_name_ex_free X509_policy_tree_free X509_VERIFY_PARAM_free
X509_STORE_free X509_STORE_CTX_free X509_PKEY_free
X509_OBJECT_free_contents X509_LOOKUP_free X509_INFO_free
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30 17:33:59 -04:00
Dr. Stephen Henson
4ca5efc287
Make OCSP response verification more flexible.
...
If a set of certificates is supplied to OCSP_basic_verify use those in
addition to any present in the OCSP response as untrusted CAs when
verifying a certificate chain.
PR#3668
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-24 12:12:49 +00:00
Dr. Stephen Henson
6ef869d7d0
Make OCSP structures opaque.
...
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-05 14:47:48 +00:00
Matt Caswell
0f113f3ee4
Run util/openssl-format-source -v -c .
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Rich Salz
b2aa38a980
RT2560: missing NULL check in ocsp_req_find_signer
...
If we don't find a signer in the internal list, then fall
through and look at the internal list; don't just return NULL.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-10 12:18:50 -04:00
Dr. Stephen Henson
b48310627d
Don't try and verify signatures if key is NULL (CVE-2013-0166)
...
Add additional check to catch this in ASN1_item_verify too.
(cherry picked from commit 66e8211c0b
)
2014-04-01 16:37:51 +01:00
Dr. Stephen Henson
0028a23b9f
revert OCSP_basic_verify changes: they aren't needed now we support partial chain verification and can pass verify options to ocsp utility
2012-12-20 18:51:00 +00:00
Dr. Stephen Henson
e9754726d2
Check chain is not NULL before assuming we have a validated chain.
...
The modification to the OCSP helper purpose breaks normal OCSP verification.
It is no longer needed now we can trust partial chains.
2012-12-15 02:58:00 +00:00
Dr. Stephen Henson
2a21cdbe6b
Use new partial chain flag instead of modifying input parameters.
2012-12-13 18:20:47 +00:00
Ben Laurie
ec40e5ff42
Tabification. Remove accidental duplication.
2012-12-10 16:52:17 +00:00
Ben Laurie
30c278aa6b
Fix OCSP checking.
2012-12-07 18:47:47 +00:00
Dr. Stephen Henson
2fceff5ba3
PR: 2803
...
Submitted by: jean-etienne.schwartz@bull.net
In OCSP_basic_varify return an error if X509_STORE_CTX_init fails.
2012-11-29 19:15:14 +00:00
Ben Laurie
0eab41fb78
If we're going to return errors (no matter how stupid), then we should
...
test for them!
2008-12-29 16:11:58 +00:00
Dr. Stephen Henson
2e5975285e
Update obsolete email address...
2008-11-05 18:39:08 +00:00
Dr. Stephen Henson
cec2538ca9
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>, steve
...
Use default algorithms for OCSP request and response signing. New command
line option to support other digest use for OCSP certificate IDs.
2007-12-04 12:41:28 +00:00
Dr. Stephen Henson
28b987aec9
Don't assume requestorName is present for signed requests. ASN1 OCSP module
...
fix: certs field is OPTIONAL.
2006-11-13 13:21:47 +00:00
Dr. Stephen Henson
91180d45f9
Typos.
...
Reported by: Jose Castejon-Amenedo <Jose.Castejon-Amenedo@hp.com>
2004-03-04 21:44:39 +00:00
Geoff Thorpe
79aa04ef27
Make the necessary changes to work with the recent "ex_data" overhaul.
...
See the commit log message for that for more information.
NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.
2001-09-01 20:02:13 +00:00
Dr. Stephen Henson
192ebef8cf
In ocsp_match_issuerid() we are passed the CA that signed the responder
...
certificate so need to match its subject with the certificate IDs in the
response.
2001-07-11 22:42:20 +00:00
Dr. Stephen Henson
d7bbd31efe
Typo in comment.
2001-02-26 23:34:14 +00:00
Dr. Stephen Henson
fafc7f9875
Enhance OCSP_request_verify() so it finds the signers certificate
...
properly and supports several flags.
2001-02-26 14:17:58 +00:00
Richard Levitte
3ebac273f5
Include string.h so mem* functions get properly declared.
2001-02-20 12:43:11 +00:00
Dr. Stephen Henson
88ce56f8c1
Various function for commmon operations.
2001-02-02 00:45:54 +00:00
Dr. Stephen Henson
50d5199120
New OCSP response verify option OCSP_TRUSTOTHER
2001-01-26 01:55:52 +00:00
Dr. Stephen Henson
73758d435b
Additional functionality in ocsp utility: print summary
...
of status info. Check nonce values. Option to disable
verify. Update usage message.
Rename status to string functions and make them global.
2001-01-19 01:32:23 +00:00
Dr. Stephen Henson
e8af92fcb1
Implement remaining OCSP verify checks in
...
accordance with RFC2560.
2001-01-18 01:35:39 +00:00
Dr. Stephen Henson
81f169e95c
Initial OCSP certificate verify. Not complete,
...
it just supports a "trusted OCSP global root CA".
2001-01-17 01:31:34 +00:00
Dr. Stephen Henson
9b4dc8308f
OCSP basic response verify. Very incomplete
...
but will verify the signatures on a response
and locate the signers certifcate.
Still needs to implement a proper OCSP certificate
verify.
Fix warning in RAND_egd().
2001-01-11 00:52:50 +00:00