wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7377 commits 20 branches 302 tags 153 MiB
Commit graph

850 commits

Author SHA1 Message Date
Richard Levitte
ec4e600da6 Include the instance in the Kerberos ticket information. 
In s_server, print the received Kerberos information.
PR: 693
 2003-09-27 17:55:18 +00:00
Dr. Stephen Henson
5f444c8fcd In order to get the expected self signed error when 
calling X509_verify_cert() in x509.c the cert should
not be added to the trusted store.
 2003-09-21 02:15:07 +00:00
Dr. Stephen Henson
bd69ac5c93 New -ignore_err option in ocsp application to stop the server 
exiting on the first error in a request.
 2003-09-03 23:54:00 +00:00
Bodo Möller
9cc513a000 fix out-of-bounds check in lock_dbg_cb (was too lose to detect all 
invalid cases)

PR: 674
 2003-08-14 10:33:26 +00:00
Richard Levitte
cac32e5acd Undo the change that left LD_LIBRARY_PATH unchanged. The errors I saw 
weren't due to that, but to a change on the SCO machines I used for
testing, where my $PATH was suddenly incorrect.
 2003-08-14 06:54:29 +00:00
Richard Levitte
f56c451143 Oops, removed a little too much. 2003-08-11 09:56:17 +00:00
Dr. Stephen Henson
3410aa1aa8 Various S/MIME bug and compatibility fixes. 2003-06-01 20:45:44 +00:00
Lutz Jänicke
a598524ad6 Add minimum POP3 STLS hack to s_client.c (as was provided for STARTTLS before) 
Submitted by: dg@sunet.ru (Daniel Ginsburg)

PR: #613
 2003-05-28 20:24:20 +00:00
Richard Levitte
e4e049e489 Dont forget req. 2003-04-09 06:50:39 +00:00
Richard Levitte
9f81f23742 Set LD_LIBRARY_PATH when linking, since OpenUnix' ld uses it to create 
a library search path.

Correct typos.
 2003-04-08 11:54:32 +00:00
Richard Levitte
2bdcfbd7a3 Reset the version number of the issuer certificate? I believe this 
hasn't been tested in a long while...
 2003-04-03 18:50:48 +00:00
Richard Levitte
be34231656 No need to test -setalias twice. 
PR: 556
 2003-03-31 13:56:55 +00:00
Richard Levitte
c6b220d933 Add usage string for -fingerprint. 
PR: 560
 2003-03-31 13:06:27 +00:00
Dr. Stephen Henson
39e76bc454 Update ocsp usage message and docs. 2003-03-26 00:47:07 +00:00
Richard Levitte
f077cf68af Make sure that all the library paths are modified in prepend mode, not 
replace mode.
PR: 528
 2003-03-20 11:37:55 +00:00
Dr. Stephen Henson
3f691235da Get the PEDANTIC stuff right this time... 2003-03-13 21:26:31 +00:00
Dr. Stephen Henson
b575dff21a Avoid warnings for no-engine and PEDANTIC 2003-03-12 02:38:35 +00:00
Ulf Möller
37d9503a67 mingw related cleanups, as in head 2003-02-22 18:02:46 +00:00
Richard Levitte
6c0118ee8e Handle krb5 libraries separately and make sure only libssl.so depends 
on it.
 2003-02-14 13:11:44 +00:00
Richard Levitte
97333eaff7 Pay attention to disabled SSL versions. 
PR: 500
 2003-02-14 05:24:25 +00:00
Richard Levitte
b9447ec1bc Make it possible to disable OCSP, the speed application, and the use of sockets. 
PR: 358
 2003-02-14 01:03:06 +00:00
Richard Levitte
6d85cd36e2 Add the possibility to build without the ENGINE framework. 
PR: 287
 2003-01-30 17:37:49 +00:00
Richard Levitte
d48e6a47bd cert_sk isn't always allocated, so freeing it may cause a crash. 
PR: 481
 2003-01-30 10:27:47 +00:00
Dr. Stephen Henson
624feae8af Check return value of gmtime() and add error codes 
where it fails in ASN1_TIME_set().

Clear error queue in req.c if *_min or *_max is absent.
 2003-01-24 00:42:50 +00:00
Richard Levitte
881cb8b108 DJGPP doesn't have DLLs, so skip adding to %PATH% in that environment. 
PR: 453
 2003-01-13 15:16:48 +00:00
Dr. Stephen Henson
df77232bdc Oops, left debugging malloc include file in... 2003-01-09 16:53:26 +00:00
Dr. Stephen Henson
8ce7348625 NULL tofree when it is freed to avoid double free. 
Make sure key is not NULL before freeing it.
 2003-01-09 13:05:57 +00:00
Dr. Stephen Henson
e78a012305 Add EVP_CIPHER_CTX_cleanup() to avoid memory leak. 2003-01-04 18:23:11 +00:00
Richard Levitte
718d8a931d Spelling error. 
This patch was taken from the OpenBSD copy of OpenSSL 0.9.7 beta3 with patches
 2002-12-25 22:17:00 +00:00
Richard Levitte
39db27cb83 Avoid double definition of config. 
PR: 420
 2002-12-24 23:53:50 +00:00
Richard Levitte
542e010aa5 Cygwin needs the library locatin for .DLLs to be set in PATH. Unfortunately, 
the conditional was set to add the library directory to PATH when the
platform is NOT Cygwin.  Corrected.
PR: 404
 2002-12-24 10:50:18 +00:00
Richard Levitte
ab79ac44d5 There was a mixup between INSTALLTOP and OPENSSLDIR... 2002-12-20 07:51:08 +00:00
Richard Levitte
e286dfe6ed We stupidly had a separate LIBKRB5 variable for KRB5 library dependencies, 
and then didn't support it very well.  And that when there already is a
useful variable for exactly this kind of thing; EX_LIBS...
 2002-12-19 22:10:20 +00:00
Richard Levitte
d5bf2e06b3 I have no idea what possesed me to compile s_socket.c as POSIXly code. 
Incidently, it now compiles so much better without _POSIX_C_SOURCE.
 2002-12-19 19:42:55 +00:00
Richard Levitte
bf683ec609 Update the make system for installations: 
- define a HERE variable to indicate where the source tree is (not
  used right now)
- make more use of copying and making attribute changes to {file}.new,
  and then move it to {file}
- use 'mv -f' to avoid all those questions to the user when the file
  in question doesn't have write attributes for that user.
 2002-12-15 06:00:29 +00:00
Richard Levitte
7f87c1c0fc Apparently, bash is more forgiving than sh. To be backward 
compatible, don't use ==, use = instead...
 2002-12-06 08:44:24 +00:00
Richard Levitte
bb9104f0ee Corrected DJGPP patch 2002-12-05 20:50:52 +00:00
Richard Levitte
27498a3330 EXIT() may mean return(). That's confusing, so let's have it really mean 
exit() in whatever way works for the intended platform, and define
OPENSSL_EXIT() to have the old meaning (the name is of course because
it's only used in the openssl program)
 2002-12-03 16:34:28 +00:00
Richard Levitte
75e3026a14 Cleanse memory using the new OPENSSL_cleanse() function. 
I've covered all the memset()s I felt safe modifying, but may have missed some.
 2002-11-28 08:09:03 +00:00
Richard Levitte
273c624442 Make sure sysconf exists (it doesn't in the VMS C RTL lesser than version 7). 2002-11-18 23:05:50 +00:00
Bodo Möller
8f4a23e3b7 allocate bio_err before memory debugging is enabled to avoid memory leaks 
(we can't release it before the CRYPTO_mem_leaks() call!)

Submitted by: Nils Larsch
 2002-11-18 13:38:30 +00:00
Richard Levitte
29ca164513 WinCE patches 2002-11-15 22:44:08 +00:00
Richard Levitte
082cd4e564 Changes to make shared library building and use work better with Cygwin 2002-11-15 16:49:34 +00:00
Richard Levitte
5bf0d0ea1e Remove warnings. 2002-11-14 15:58:01 +00:00
Richard Levitte
40bace2da6 Fix to build better with DJGPP. 
PR: 338

Here's the description, submitted by Gisle Vanem <giva@bgnett.no>:

1. sock_init() renamed to ssl_sock_init() in ./apps/s_socket.c due
   to name-clash with Watt-32.

2. rand() renamed to Rand() in ./crypto/bn/divtest.c due to name-clash
   with <stdlib.h>

3. Added calls to dbug_init()/sock_init() in some demo programs.

4. Changed cflags/lflags in configure. Watt-32 install root now taken
   from $WATT_ROOT.
 2002-11-14 11:22:46 +00:00
Ben Laurie
9831d941ca Many security improvements (CHATS) and a warning fix. 2002-11-12 13:23:40 +00:00
Richard Levitte
edb7b28a00 Variables on the stack must be initialized or we can't depend on any 
initial value.  For errline/errorline, we did depend on that, erroneously
 2002-11-11 21:35:00 +00:00
Richard Levitte
a1edc87664 Make the programs link against the static library on MacOS X. 
PR: 335
 2002-11-11 20:49:01 +00:00
Richard Levitte
95900b8592 -CAserial does take a filename argument. 
PR: 332
 2002-11-09 21:53:56 +00:00
Richard Levitte
8b6ee018c2 Windows doesn't know sys/file.h 2002-11-07 21:40:17 +00:00
Richard Levitte
c752563e43 Remove all referenses to RSAref, since that's been gone for more than 
a year.
 2002-10-31 16:46:18 +00:00
Richard Levitte
0bf76767b0 Make sure toupper() is declared 2002-10-25 09:51:50 +00:00
Richard Levitte
4f99ab58f7 On certain platforms, we redefine certain symbols using macros in 
apps.h.  For those, it's better to include apps.h after the system
headers where those symbols may be defined, since there's otherwise a
chance that the C compiler will barf when it sees something that looks
like this after expansion:

int VMS_strcasecmp((str1),(str2))(const char *, const char *);
 2002-10-24 09:41:45 +00:00
Richard Levitte
4407fbc2d4 Signal an error if the entered output password didn't match itself. 
PR: 314
 2002-10-23 15:07:18 +00:00
Bodo Möller
27f08d6d48 fix warnings, and harmonize indentation 2002-10-23 13:14:10 +00:00
Richard Levitte
f6733ae577 makedepend complains when a header file is included more than once in 
the same source file.
 2002-10-14 09:53:46 +00:00
Richard Levitte
a61050ad96 BN_bn2hex() returns "0" instead of "00" for zero. This disrputs the 
requirement that the serial number always be an even amount of characters.
PR: 248
 2002-10-11 09:39:32 +00:00
Richard Levitte
d19370b617 VMS below version 7 doesn't have strcasecmp, so let's roll our own on VMS. 
PR: 184
 2002-10-10 09:05:46 +00:00
Richard Levitte
4fd5e85a18 Make sure that the 'config' variable is correctly defined and declared 
for monolithic as well as non-monolithic biuld.
More work is probably needed in this area.
PR: 144
 2002-10-09 15:36:42 +00:00
Richard Levitte
e9a9211e75 Remove redundancy and use the main makefile better 2002-10-09 15:13:34 +00:00
Richard Levitte
ff90d659e6 Use double dashes so makedepend doesn't misunderstand the flags we 
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
 2002-10-09 13:21:33 +00:00
Richard Levitte
052c0f276e Add missing LF 2002-10-09 06:36:30 +00:00
Richard Levitte
27a80b7906 -elapsed is also useful when using gettimeofday 2002-09-25 12:42:04 +00:00
Dr. Stephen Henson
a98beb3a2d Apply -nameopt patches to 0.9.7 2002-08-30 18:26:26 +00:00
Dr. Stephen Henson
3d2aa62cb6 Fix crahses and leaks in pkcs12 utility -chain option 2002-08-22 21:54:24 +00:00
Bodo Möller
1e9858a28b fix warnings (CHARSET_EBCDIC) 
Submitted by: Lorinczy Zsigmond <lzsiga@mail.ahiv.hu>
 2002-08-15 14:52:22 +00:00
Richard Levitte
b84e473d63 Sometimes, the value of the variable containing the compiler call can 
become rather large.  This becomes a problem when the default 1024
character large buffer that WRITE uses isn't enough.  WRITE/SYMBOL
uses a 2048 byte large buffer instead.
 2002-08-15 08:29:26 +00:00
Richard Levitte
90832c891e make update 2002-08-01 19:44:43 +00:00
Richard Levitte
13ac37d01a Make it possible to load keys from stdin, and restore that 
functionality in the programs that had that before.
Part fo PR 164
 2002-08-01 16:27:47 +00:00
Richard Levitte
f8279b8ea3 Cut'n'paste error with other reposnder certificates cleared. 
PR: 190
 2002-08-01 13:39:46 +00:00
Richard Levitte
8d37f07e09 If the email address is moved from the subject to the subject alternate name, 
the subject in the certificate would differ from the subject in the index file,
which has quite bad concequences.
PR: 180
 2002-07-31 14:06:09 +00:00
Lutz Jänicke
72a37c03be Only use DSA-functions if available. 
Submitted by: "Hellan,Kim KHE" <KHE@kmd.dk>
Reviewed by:
PR: 167
 2002-07-29 13:28:57 +00:00
Richard Levitte
81f1338613 Allow subjects with more than 255 characters to be properly printed. 
PR: 147
 2002-07-18 17:59:38 +00:00
Bodo Möller
13793a0ddf Fix bug introduced with revision 1.95 when this filed was modified to 
use the new X509_CRL_set_issuer_name() function:
The CRL issuer should be X509_get_subject_name(x509), not
X509_get_issuer_name(x509).

Submitted by: Juergen Lesny <lesnyj@informatik.tu-muenchen.de>

typo
 2002-07-18 11:19:05 +00:00
Richard Levitte
b334853d72 Reverse the change with the following log, it needs further investigation: 
Make S/MIME output conform with the mail and MIME standards.
PR: 151
 2002-07-18 10:39:49 +00:00
Richard Levitte
4b5d50e26b Make S/MIME output conform with the mail and MIME standards. 
PR: 151
 2002-07-18 08:47:56 +00:00
Richard Levitte
6d454e6ab2 Unixware doesn't have strings.h, so we need to declare strcasecmp() 
differently.
Unixware 2 needs to link with libresolv.
PR: 148
 2002-07-18 07:47:49 +00:00
Richard Levitte
362be34a2f On MacOS X, the shared library editor uses DYLD_LIBRARY_PATH 2002-07-17 11:09:59 +00:00
Richard Levitte
50d1c3fd85 Set up the engine before doing anything random-related, since engine randomness 
is only used for seeding and doing it in the wrong order will mean seeding
is done before the engine randomness is hooked in.
Notified by Frederic DONNAT <frederic.donnat@zencod.com>
 2002-07-16 06:51:45 +00:00
Lutz Jänicke
7e8852c549 Reorder inclusion of header files: 
des_old.h redefines crypt:
#define crypt(b,s)\
	DES_crypt((b),(s))

This scheme leads to failure, if header files with the OS's true definition
of crypt() are processed _after_ des_old.h was processed. This is e.g. the
case on HP-UX with unistd.h.
As evp.h now again includes des.h (which includes des_old.h), this problem
only came up after this modification.
Solution: move header files (indirectly) including e_os.h before the header
files (indirectly) including evp.h.
Submitted by:
Reviewed by:
PR:
 2002-07-10 06:57:54 +00:00
Richard Levitte
ca55c617e5 Pass CFLAG to dependency makers, so non-standard system include paths are 
handled properly.
Part of PR 75
 2002-06-27 16:44:52 +00:00
Richard Levitte
ea9a52d124 have 'openssl pkcs7' exit with code 1 on error instead of 0. 
PR: 119
 2002-06-27 10:26:52 +00:00
Lutz Jänicke
081cdf3f63 <sys/select.h> is included for AIX, when USE_SOCKETS is defined. 
Submitted by: Bernhard Simon <bs@bsws.zid.tuwien.ac.at>
Reviewed by:
PR:
 2002-06-20 20:13:12 +00:00
Geoff Thorpe
af629a19d7 This apparently fixes compilation on OSX that was failing in 0.9.7 betas. 
Submitted by: Pieter Bowman <bowman@math.utah.edu>
 2002-06-20 15:17:02 +00:00
Lutz Jänicke
9a3eaa1117 load_netscape_key is static. 
Submitted by:
Reviewed by:
PR:
 2002-06-18 17:44:01 +00:00
Lutz Jänicke
7d210e5194 Add missing prototypes. 
Submitted by: Goetz Babin-Ebell <babinebell@trustcenter.de>
Reviewed by:
PR: 89
 2002-06-13 17:38:58 +00:00
Dr. Stephen Henson
2e674fc611 Fix ext_dat.h extension ordering. 
Reinstate -reqout code.

Avoid coredump in ocsp if setup_verify
fails.

Fix typo in ocsp usage message.
 2002-06-13 12:54:52 +00:00
Ben Laurie
461f00dd53 Handle read failures better. 2002-06-11 11:41:26 +00:00
Lutz Jänicke
3b66e34e74 Make sure that settings are passed back and forth when walking around 
in the tree during build.
Reinstall default PERL settings in Makefiles, as the real reason for the
failure was that the settings were not passed.
Submitted by:
Reviewed by:
PR:
 2002-06-06 10:14:16 +00:00
Lutz Jänicke
5795665a7d The correct PERL interpreter is passed via commandline. 
Submitted by:
Reviewed by:
PR:
 2002-06-05 07:01:39 +00:00
Richard Levitte
2640aec227 CAformat should not be used for CA key format. 2002-05-30 16:24:26 +00:00
Richard Levitte
9634acedaf Remove the duplicate description of -out. 
PR: 28
 2002-05-30 06:24:46 +00:00
Richard Levitte
b093ef7445 There is a chance that the input string is larger than size, and on VMS, 
this wasn't checked and could possibly be exploitable (slim chance, but still)
 2002-05-29 08:31:45 +00:00
Richard Levitte
7d2ff3f081 Allow the use of the TCP/IP stack keyword TCPIP and NONE 2002-05-22 11:37:02 +00:00
Richard Levitte
1522c23470 Remove warnings about unused symbols when configured with no-rsa. 2002-05-22 07:53:53 +00:00
Dr. Stephen Henson
7448f5e5ed Reorganise -subj option code, fix buffer overrun. 2002-05-19 16:32:21 +00:00
Richard Levitte
14ef32631c Generate an error if rewinding wasn't possible. 
Notified by Ken Hirsch <kenhirsch@myself.com>.
PR: 23
 2002-05-08 15:12:49 +00:00
Dr. Stephen Henson
b27dfeacc9 Add apps_startup and bio_err init code to smime.c 2002-05-01 20:06:24 +00:00
Lutz Jänicke
fb0f53b2e0 Fix escaping when using the -subj option of "openssl req", document 
'hidden' -nameopt support. (Robert Joop <joop@fokus.gmd.de>)
Submitted by:
Reviewed by:
PR: #2
 2002-04-30 12:10:10 +00:00
Richard Levitte
b23b3272dc Potential memory leak removed. Notified by <threaded@totalise.co.uk> 2002-04-25 10:11:08 +00:00