wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7346 commits 20 branches 302 tags 153 MiB
Commit graph

276 commits

Author SHA1 Message Date
Ulf Möller
c3bb1f8166 unused function 2006-03-06 17:58:25 +00:00
Nils Larsch
95a0e8ab31 fix warning 2006-02-13 08:45:53 +00:00
Ulf Möller
c7235be6e3 RFC 3161 compliant time stamp request creation, response generation 
and response verification.

Submitted by: Zoltan Glozik <zglozik@opentsa.org>
Reviewed by: Ulf Moeller
 2006-02-12 23:11:56 +00:00
Dr. Stephen Henson
15ac971681 Update filenames in makefiles. 2006-02-04 01:45:59 +00:00
Nils Larsch
8c5a2bd6bb add additional checks + cleanup 
Submitted by: David Hartman <david_hartman@symantec.com>
 2006-01-29 23:12:22 +00:00
Bodo Möller
51eb1b81f6 Avoid contradictive error code assignments. 
"make errors".
 2006-01-08 21:54:24 +00:00
Nils Larsch
53b38d37a9 fix potential memory leak + improved error checking 
PR: 1182
 2005-08-05 09:42:45 +00:00
Nils Larsch
c755c5fd8b improved error checking and some fixes 
PR: 1170
Submitted by: Yair Elharrar
Reviewed and edited by: Nils Larsch
 2005-07-26 21:10:34 +00:00
Dr. Stephen Henson
8eb7217580 Add declaration for IDP ASN1 functions. 2005-07-26 11:43:11 +00:00
Dr. Stephen Henson
0537f9689c Add support for setting IDP too. 2005-07-25 22:35:36 +00:00
Dr. Stephen Henson
0c010a1517 Don't use @syntax for extended CRLDP format. 2005-07-25 18:55:40 +00:00
Dr. Stephen Henson
0745d0892d Allow setting of all fields in CRLDP. Few cosmetic changes to output. 2005-07-25 18:42:29 +00:00
Dr. Stephen Henson
5e64f8c44c Typo which prevents mult valued RDNs being created. 2005-07-25 18:39:44 +00:00
Dr. Stephen Henson
9aa9d70ddb Print out previously unsupported fields in CRLDP by i2r instead of i2v. 
Cosmetic changes to IDP printout.
 2005-07-24 00:23:57 +00:00
Dr. Stephen Henson
231493c93c Initial print only support for IDP CRL extension. 2005-07-23 23:33:06 +00:00
Dr. Stephen Henson
f5d51a9362 Fix extension ordering. 2005-06-22 13:26:23 +00:00
Andy Polyakov
ce92b6eb9c Further BUILDENV refinement, further fool-proofing of Makefiles and 
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342.
 2005-05-16 16:55:47 +00:00
Andy Polyakov
81a86fcf17 Fool-proofing Makefiles 2005-05-15 22:23:26 +00:00
Bodo Möller
8afca8d9c6 Fix more error codes. 
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
 2005-05-11 03:45:39 +00:00
Dr. Stephen Henson
29dc350813 Rebuild error codes. 2005-04-12 16:15:22 +00:00
Richard Levitte
4bb61becbb Add emacs cache files to .cvsignore. 2005-04-11 14:17:07 +00:00
Richard Levitte
d9bfe4f97c Added restrictions on the use of proxy certificates, as they may pose 
a security threat on unexpecting applications.  Document and test.
 2005-04-09 16:07:12 +00:00
Ben Laurie
42ba5d2329 Blow away Makefile.ssl. 2005-03-30 13:05:57 +00:00
Richard Levitte
a7201e9a1b Changes concering RFC 3820 (proxy certificates) integration: 
- Enforce that there should be no policy settings when the language
   is one of id-ppl-independent or id-ppl-inheritAll.
 - Add functionality to ssltest.c so that it can process proxy rights
   and check that they are set correctly.  Rights consist of ASCII
   letters, and the condition is a boolean expression that includes
   letters, parenthesis, &, | and ^.
 - Change the proxy certificate configurations so they get proxy
   rights that are understood by ssltest.c.
 - Add a script that tests proxy certificates with SSL operations.

Other changes:

 - Change the copyright end year in mkerr.pl.
 - make update.
 2005-01-17 17:06:58 +00:00
Richard Levitte
6951c23afd Add functionality needed to process proxy certificates. 2004-12-28 00:21:35 +00:00
Dr. Stephen Henson
a0e7c8eede Add lots of checks for memory allocation failure, error codes to indicate 
failure and freeing up memory if a failure occurs.

PR:620
 2004-12-05 01:03:15 +00:00
Dr. Stephen Henson
8f284faaec V1 certificates that aren't self signed can't be accepted as CAs. 2004-12-03 00:10:34 +00:00
Richard Levitte
5073ff0346 Split X509_check_ca() into a small self and an internal function 
check_ca(), to resolve constness issue.  check_ca() is called from the
purpose checkers instead of X509_check_ca(), since the stuff done by
the latter (except for calling check_ca()) is also done by
X509_check_purpose().
 2004-11-30 12:18:55 +00:00
Richard Levitte
30b415b076 Make an explicit check during certificate validation to see that the 
CA setting in each certificate on the chain is correct.  As a side-
effect always do the following basic checks on extensions, not just
when there's an associated purpose to the check:
- if there is an unhandled critical extension (unless the user has
  chosen to ignore this fault)
- if the path length has been exceeded (if one is set at all)
- that certain extensions fit the associated purpose (if one has been
  given)
 2004-11-29 11:28:08 +00:00
Richard Levitte
a2ac429da2 Don't use $(EXHEADER) directly in for loops, as most shells will break 
if $(EXHEADER) is empty.

Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
 2004-11-02 23:55:01 +00:00
Dr. Stephen Henson
637ff35ef6 Delta CRL support in extension code. 2004-07-06 17:16:40 +00:00
Dr. Stephen Henson
eea674567c Delete non-POSIX header file. 2004-07-04 16:48:27 +00:00
Geoff Thorpe
9c52d2cc75 After the latest round of header-hacking, regenerate the dependencies in 
the Makefiles. NB: this commit is probably going to generate a huge posting
and it is highly uninteresting to read.
 2004-05-17 19:26:06 +00:00
Geoff Thorpe
0f814687b9 Deprecate the recursive includes of bn.h from various API headers (asn1.h, 
dh.h, dsa.h, ec.h, ecdh.h, ecdsa.h, rsa.h), as the opaque bignum types are
already declared in ossl_typ.h. Add explicit includes for bn.h in those C
files that need access to structure internals or API functions+macros.
 2004-05-17 19:14:22 +00:00
Geoff Thorpe
c57bc2dc51 make update 2004-04-19 18:33:41 +00:00
Dr. Stephen Henson
b6a5fdb8a7 Don't use C++ reserved word. 2004-04-01 22:23:46 +00:00
Dr. Stephen Henson
ecf139917d New function X509_POLICY_NODE_print() 2004-03-31 12:17:24 +00:00
Dr. Stephen Henson
5d6383c83f Make {i2v,v2i}_ASN1_BIT_STRING global. 
make update
 2004-03-28 12:40:11 +00:00
Dr. Stephen Henson
b79c82eaab Fix loads of warnings in policy code. 
I'll remember to try to compile this with warnings enabled next time :-)
 2004-03-25 13:45:58 +00:00
Geoff Thorpe
2d2a5ba32a Damn, I was a bit hasty with my fix and hadn't spotted the linker 
dependency from asn1.
 2004-03-25 02:41:35 +00:00
Geoff Thorpe
2bd4e3379f Remove some warnings. 2004-03-25 02:24:38 +00:00
Richard Levitte
e725a9660b make update 2004-03-23 15:06:33 +00:00
Dr. Stephen Henson
4acc3e907d Initial support for certificate policy checking and evaluation. 
This is currently *very* experimental and needs to be more fully integrated
with the main verification code.
 2004-03-23 14:14:35 +00:00
Richard Levitte
875a644a90 Constify d2i, s2i, c2i and r2i functions and other associated 
functions and macros.

This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const.  Those will be removed when this change has been
properly reviewed.
 2004-03-15 23:15:26 +00:00
Geoff Thorpe
93825dddad static 2004-03-10 01:20:26 +00:00
Dr. Stephen Henson
a4e3150f00 Fix policy constraints syntax. 2004-03-08 18:15:32 +00:00
Dr. Stephen Henson
edec614efd Support for inhibitAnyPolicy extension. 2004-03-08 13:56:31 +00:00
Dr. Stephen Henson
bc50157010 Various X509 fixes. Disable broken certificate workarounds 
when X509_V_FLAG_X509_STRICT is set. Check for CRLSign in
CRL issuer certificates. Reject CRLs with unhandled (any)
critical extensions.
 2004-03-05 17:16:35 +00:00
Richard Levitte
79b42e7654 Use sh explicitely to run point.sh 
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
 2003-12-27 14:59:07 +00:00
Richard Levitte
d420ac2c7d Use BUF_strlcpy() instead of strcpy(). 
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
 2003-12-27 14:40:17 +00:00