Commit graph

163 commits

Author SHA1 Message Date
Piotr Sikora
edc687ba0f Fix compilation with no-nextprotoneg.
PR#3106
2013-11-14 01:20:58 +00:00
Dr. Stephen Henson
57912ed329 Add code to download CRLs based on CRLDP extension.
Just a sample, real world applications would have to be cleverer.
2013-01-18 15:38:13 +00:00
Dr. Stephen Henson
e318431e54 New option to add CRLs for s_client and s_server. 2013-01-18 14:37:14 +00:00
Dr. Stephen Henson
7c283d9e97 add option to get a certificate or CRL from a URL 2013-01-17 16:08:02 +00:00
Dr. Stephen Henson
5477ff9ba2 make JPAKE work again, fix memory leaks 2012-12-29 23:58:44 +00:00
Dr. Stephen Henson
fde8dc1798 add Suite B verification flags 2012-12-26 16:57:39 +00:00
Dr. Stephen Henson
70cd3c6b95 Integrate host, email and IP address checks into X509_verify.
Add new verify options to set checks.

(backport from HEAD)
2012-12-19 15:14:10 +00:00
Dr. Stephen Henson
45da1efcdb Backport X509 hostname, IP address and email checking code from HEAD. 2012-12-19 15:01:59 +00:00
Dr. Stephen Henson
9a1f59cd31 New verify flag to return success if we have any certificate in the trusted
store instead of the default which is to return an error if we can't build
the complete chain. [backport from HEAD]
2012-12-14 14:30:46 +00:00
Dr. Stephen Henson
38680fa466 check mval for NULL too 2012-12-04 17:26:04 +00:00
Dr. Stephen Henson
a902b6bd98 fix leak 2012-12-03 16:33:15 +00:00
Dr. Stephen Henson
9d2006d8ed add -trusted_first option and verify flag (backport from HEAD) 2012-09-26 13:50:42 +00:00
Dr. Stephen Henson
c714e43c8d PR: 2717
Submitted by: Tim Rice <tim@multitalents.net>

Make compilation work on OpenServer 5.0.7
2012-02-11 23:38:49 +00:00
Dr. Stephen Henson
26c6857a59 PR: 2710
Submitted by: Tomas Mraz <tmraz@redhat.com>

Check return codes for load_certs_crls.
2012-02-10 19:54:46 +00:00
Dr. Stephen Henson
f2e590942e implement -attime option as a verify parameter then it works with all relevant applications 2011-12-10 00:37:42 +00:00
Ben Laurie
68b33cc5c7 Add Next Protocol Negotiation. 2011-11-13 21:55:42 +00:00
Richard Levitte
01d2e27a2b Apply all the changes submitted by Steven M. Schweda <sms@antinode.info> 2011-03-19 09:47:47 +00:00
Dr. Stephen Henson
84fbc56fd0 PR: 2366
Submitted by: Damien Miller <djm@mindrot.org>
Reviewed by: steve

Stop pkeyutl crashing if some arguments are missing. Also make str2fmt
tolerate NULL parameter.
2010-11-11 14:42:34 +00:00
Dr. Stephen Henson
e97359435e Fix warnings (From HEAD, original patch by Ben). 2010-06-15 17:25:15 +00:00
Dr. Stephen Henson
6938440d68 PR: 2262
Submitted By: Victor Wagner <vitus@cryptocom.ru>

Fix error reporting in load_key function.
2010-05-27 14:09:13 +00:00
Dr. Stephen Henson
5b0a79a27a PR: 2220
Fixes to make OpenSSL compile with no-rc4
2010-04-06 11:18:32 +00:00
Dr. Stephen Henson
961092281f Add option to allow in-band CRL loading in verify utility. Add function
load_crls and tidy up load_certs. Remove useless purpose variable from
verify utility: now done with args_verify.
2009-10-31 13:34:19 +00:00
Dr. Stephen Henson
4386445c18 Change STRING to OPENSSL_STRING etc as common words such
as "STRING" cause conflicts with other headers/libraries.
2009-07-27 21:08:53 +00:00
Dr. Stephen Henson
fa07f00aaf Update from HEAD. 2009-06-29 16:09:58 +00:00
Dr. Stephen Henson
710c1c34d1 Allow checking of self-signed certifictes if a flag is set. 2009-06-26 11:28:52 +00:00
Dr. Stephen Henson
43dc001b62 Update from HEAD. 2009-06-17 11:33:17 +00:00
Dr. Stephen Henson
756d2074b8 PR: 1924
Submitted by: "Green, Paul" <Paul.Green@stratus.com>
Approved by: steve@openssl.org

Fix _POSIX_C_SOURCE usage.
2009-05-13 11:32:24 +00:00
Dr. Stephen Henson
7134507de0 Make no-rsa, no-dsa and no-dh compile again. 2009-04-23 17:16:40 +00:00
Dr. Stephen Henson
6abbc68188 PR: 1870
Submitted by: kilroy <kilroy@mail.zutom.sk>
Approved by: steve@openssl.org

Handle pkcs12 format correctly by not assuming PEM format straight away.
2009-04-03 17:06:35 +00:00
Dr. Stephen Henson
617298dca3 Update from stable branch. 2009-03-12 17:10:26 +00:00
Dr. Stephen Henson
79bd20fd17 Update from stable-branch. 2008-11-24 17:27:08 +00:00
Ben Laurie
f3b7bdadbc Integrate J-PAKE and TLS-PSK. Increase PSK buffer size. Fix memory leaks. 2008-11-16 12:47:12 +00:00
Dr. Stephen Henson
ed551cddf7 Update from stable branch. 2008-11-12 17:28:18 +00:00
Dr. Stephen Henson
c76fd290be Fix warnings about mismatched prototypes, undefined size_t and value computed
not used.
2008-11-02 12:50:48 +00:00
Dr. Stephen Henson
e9eda23ae6 Fix warnings and various issues.
C++ style comments.
Signed/unsigned warning in apps.c
Missing targets in jpake/Makefile
2008-10-27 12:02:52 +00:00
Ben Laurie
6caa4edd3e Add JPAKE. 2008-10-26 18:40:52 +00:00
Dr. Stephen Henson
d43c4497ce Initial support for delta CRLs. If "use deltas" flag is set attempt to find
a delta CRL in addition to a full CRL. Check and search delta in addition to
the base.
2008-09-01 15:15:16 +00:00
Dr. Stephen Henson
9d84d4ed5e Initial support for CRL path validation. This supports distinct certificate
and CRL signing keys.
2008-08-13 16:00:11 +00:00
Dr. Stephen Henson
002e66c0e8 Support for policy mappings extension.
Delete X509_POLICY_REF code.

Fix handling of invalid policy extensions to return the correct error.

Add command line option to inhibit policy mappings.
2008-08-12 10:32:56 +00:00
Dr. Stephen Henson
5cbd203302 Initial support for alternative CRL issuing certificates.
Allow inibit any policy flag to be set in apps.
2008-07-30 15:49:12 +00:00
Dr. Stephen Henson
dd043cd501 Stop const mismatch warning in VC++. 2008-05-31 18:55:23 +00:00
Ben Laurie
3c1d6bbc92 LHASH revamp. make depend. 2008-05-26 11:24:29 +00:00
Lutz Jänicke
44a877aa88 Fix incorrect return value in apps/apps.c:parse_yesno()
PR: 1607
Submitted by: "Christophe Macé" <mace.christophe@gmail.com>
2008-04-17 14:15:27 +00:00
Geoff Thorpe
7e8481afd1 Fix a nasty cast issue that my compiler was choking on. 2008-03-16 20:57:12 +00:00
Dr. Stephen Henson
52108cecc0 <strings.h> does not exist under WIN32. 2008-01-14 18:10:55 +00:00
Ben Laurie
f12797a447 Missing headers. 2008-01-12 11:22:31 +00:00
Dr. Stephen Henson
eef0c1f34c Netware support.
Submitted by: Guenter Knauf <eflash@gmx.net>
2008-01-03 22:43:04 +00:00
Ben Laurie
e28eddc51f Typo? Why did this work, anyway? 2007-09-08 15:58:51 +00:00
Dr. Stephen Henson
1bd06bd0c4 In interactive mode only config OpenSSL once. 2006-05-12 17:11:58 +00:00
Ulf Möller
fb05e1cdf6 declare as in prototype
Submitted by: Gisle Vanem
2006-04-12 19:24:45 +00:00