Matt Caswell
c80fd6b215
Further comment changes for reformat (master)
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:19:59 +00:00
Rich Salz
4b618848f9
Cleanup OPENSSL_NO_xxx, part 1
...
OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160
OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO
Two typo's on #endif comments fixed:
OPENSSL_NO_ECB fixed to OPENSSL_NO_OCB
OPENSSL_NO_HW_SureWare fixed to OPENSSL_NO_HW_SUREWARE
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-14 15:57:28 -05:00
Rich Salz
31d1d3741f
Allow multiple IDN xn-- indicators
...
Update the X509v3 name parsing to allow multiple xn-- international
domain name indicators in a name. Previously, only allowed one at
the beginning of a name, which was wrong.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-01-12 12:39:00 -05:00
Dr. Stephen Henson
77ff1f3b8b
RT3662: Allow leading . in nameConstraints
...
Change by SteveH from original by John Denker (in the RT)
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-01-06 15:29:28 -05:00
Matt Caswell
3a83462dfe
Further comment amendments to preserve formatting prior to source reformat
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-06 15:45:25 +00:00
Tim Hudson
1d97c84351
mark all block comments that need format preserving so that
...
indent will not alter them when reformatting comments
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-30 22:10:26 +00:00
Jonas Maebe
3a7581bf5a
tree_print: check for NULL after allocating err
...
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-10 18:35:18 +01:00
Dr. Stephen Henson
f072785eb4
Remove fipscanister build functionality from makefiles.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:23:45 +00:00
Rich Salz
8cfe08b4ec
Remove all .cvsignore files
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-11-28 18:32:43 -05:00
Bjoern Zeeb
6452a139fe
RT671: export(i2s|s2i|i2v|v2i)_ASN1_(IA5|BIT)STRING
...
The EXT_BITSTRING and EXT_IA5STRING are defined in x509v3.h, but
the low-level functions are not public. They are useful, no need
to make them static. Note that BITSTRING already was exposed since
this RT was created, so now we just export IA5STRING functions.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-08 11:27:07 -04:00
Robin Lee
83e4e03eeb
RT3031: Need to #undef some names for win32
...
Copy the ifdef/undef stanza from x509.h to x509v3.h
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-08 11:05:48 -04:00
Jonas Maebe
9f01a8acb3
process_pci_value: free (*policy)->data before setting to NULL after failed realloc
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-08-17 18:56:35 +02:00
Jonas Maebe
259ac68aeb
do_ext_i2d: free ext_der or ext_oct on error path
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-08-17 18:56:24 +02:00
Jonas Maebe
54298141d3
do_othername: check for NULL after allocating objtmp
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-08-17 18:56:05 +02:00
Istvan Noszticzius
865886553d
Fix use after free bug.
...
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-08-15 16:50:16 +01:00
Rob Austein
cf8bac4456
RT2465: Silence some gcc warnings
...
"Another machine, another version of gcc, another batch
of compiler warnings." Add "=NULL" to some local variable
declarations that are set by passing thier address into a
utility function; confuses GCC it might not be set.
Reviewed-by: Emilia Ksper <emilia@silkandcyanide.net>
2014-08-15 10:52:06 -04:00
Viktor Dukhovni
297c67fcd8
Update API to use (char *) for email addresses and hostnames
...
Reduces number of silly casts in OpenSSL code and likely most
applications. Consistent with (char *) for "peername" value from
X509_check_host() and X509_VERIFY_PARAM_get0_peername().
2014-07-07 19:11:38 +10:00
Viktor Dukhovni
ced3d9158a
Set optional peername when X509_check_host() succeeds.
...
Pass address of X509_VERIFY_PARAM_ID peername to X509_check_host().
Document modified interface.
2014-07-06 01:50:50 +10:00
Ben Laurie
e3ba6a5f83
Make depend.
2014-06-30 16:03:29 +01:00
Viktor Dukhovni
29edebe95c
More complete input validation of X509_check_mumble
2014-06-22 20:18:53 -04:00
Viktor Dukhovni
b3012c698a
Drop hostlen from X509_VERIFY_PARAM_ID.
...
Just store NUL-terminated strings. This works better when we add
support for multiple hostnames.
2014-06-22 19:52:44 -04:00
Viktor Dukhovni
7241a4c7fd
Enforce _X509_CHECK_FLAG_DOT_SUBDOMAINS internal-only
2014-06-14 22:31:29 +01:00
Viktor Dukhovni
a09e4d24ad
Client-side namecheck wildcards.
...
A client reference identity of ".example.com" matches a server
certificate presented identity that is any sub-domain of "example.com"
(e.g. "www.sub.example.com).
With the X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS flag, it matches
only direct child sub-domains (e.g. "www.sub.example.com").
2014-06-12 23:19:25 +01:00
Rob Stradling
fd2309aa29
Separate the SCT List parser from the SCT List viewer
2014-06-10 23:44:13 +01:00
Luiz Angelo Daros de Luca
dd36fce023
OpenSSL is able to generate a certificate with name constraints with any possible
...
subjectAltName field. The Name Contraint example in x509v3_config(5) even use IP
as an example:
nameConstraints=permitted;IP:192.168.0.0/255.255.0.0
However, until now, the verify code for IP name contraints did not exist. Any
check with a IP Address Name Constraint results in a "unsupported name constraint
type" error.
This patch implements support for IP Address Name Constraint (v4 and v6). This code
validaded correcly certificates with multiple IPv4/IPv6 address checking against
a CA certificate with these constraints:
permitted;IP.1=10.9.0.0/255.255.0.0
permitted;IP.2=10.48.0.0/255.255.0.0
permitted;IP.3=10.148.0.0/255.255.0.0
permitted;IP.4=fdc8:123f:e31f::/ffff:ffff:ffff::
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2014-05-23 23:05:38 +01:00
Viktor Dukhovni
397a8e747d
Fixes to host checking.
...
Fixes to host checking wild card support and add support for
setting host checking flags when verifying a certificate
chain.
2014-05-21 11:31:28 +01:00
Geoff Thorpe
79c6c4e828
make depend
2014-04-25 14:31:05 -04:00
Dr. Stephen Henson
300b9f0b70
Extension checking fixes.
...
When looking for an extension we need to set the last found
position to -1 to properly search all extensions.
PR#3309.
2014-04-15 18:50:53 +01:00
Dr. Stephen Henson
e0520c65d5
Don't use BN_ULLONG in n2l8 use SCTS_TIMESTAMP.
...
(cherry picked from commit 3678161d71
)
2014-02-25 15:06:51 +00:00
Dr. Stephen Henson
3a325c60a3
Fix for v3_scts.c
...
Not all platforms define BN_ULLONG. Define SCTS_TIMESTAMP as a type
which should work on all platforms.
(cherry picked from commit 6634416732
)
2014-02-25 14:56:31 +00:00
Rob Stradling
19f65ddbab
Parse non-v1 SCTs less awkwardly.
2014-02-25 10:14:51 +00:00
Dr. Stephen Henson
47739161c6
fix WIN32 warnings
...
(cherry picked from commit b709f8ef54
)
2014-02-20 22:55:24 +00:00
Dr. Stephen Henson
ded18639d7
Move CT viewer extension code to crypto/x509v3
2014-02-20 18:48:56 +00:00
Veres Lajos
478b50cf67
misspellings fixes by https://github.com/vlajos/misspell_fixer
2013-09-05 21:39:42 +01:00
Dr. Stephen Henson
bdcf772aa5
Portability fix: use BIO_snprintf and pick up strcasecmp alternative
...
definitions from e_os.h
2012-12-26 23:51:56 +00:00
Dr. Stephen Henson
e9754726d2
Check chain is not NULL before assuming we have a validated chain.
...
The modification to the OCSP helper purpose breaks normal OCSP verification.
It is no longer needed now we can trust partial chains.
2012-12-15 02:58:00 +00:00
Ben Laurie
30c278aa6b
Fix OCSP checking.
2012-12-07 18:47:47 +00:00
Dr. Stephen Henson
abd2ed012b
Fix two bugs which affect delta CRL handling:
...
Use -1 to check all extensions in CRLs.
Always set flag for freshest CRL.
2012-12-06 18:24:28 +00:00
Dr. Stephen Henson
472af806ce
Submitted by: Florian Weimer <fweimer@redhat.com>
...
PR: 2909
Update test cases to cover internal error return values.
Remove IDNA wildcard filter.
2012-11-21 14:10:48 +00:00
Dr. Stephen Henson
d88926f181
PR: 2909
...
Contributed by: Florian Weimer <fweimer@redhat.com>
Fixes to X509 hostname and email address checking. Wildcard matching support.
New test program and manual page.
2012-11-18 15:13:55 +00:00
Dr. Stephen Henson
a70da5b3ec
New functions to check a hostname email or IP address against a
...
certificate. Add options to s_client, s_server and x509 utilities
to print results of checks.
2012-10-08 15:10:07 +00:00
Dr. Stephen Henson
ef570cc869
PR: 2696
...
Submitted by: Rob Austein <sra@hactrn.net>
Fix inverted range problem in RFC3779 code.
Thanks to Andrew Chi for generating test cases for this bug.
2012-02-23 21:31:37 +00:00
Dr. Stephen Henson
7568d15acd
allow key agreement for SSL/TLS certificates
2012-01-26 14:57:45 +00:00
Dr. Stephen Henson
be71c37296
Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577)
2012-01-04 23:01:54 +00:00
Dr. Stephen Henson
6074fb0979
fix warnings
2012-01-04 14:45:47 +00:00
Dr. Stephen Henson
58b75e9c26
PR: 2482
...
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve
Don't allow inverted ranges in RFC3779 code, discovered by Frank Ellermann.
2011-10-09 00:56:52 +00:00
Dr. Stephen Henson
df6de39fe7
Change AR to ARX to allow exclusion of fips object modules
2011-01-26 16:08:08 +00:00
Dr. Stephen Henson
09d84e03e8
oops missed an assert
2011-01-03 12:54:08 +00:00
Dr. Stephen Henson
85881c1d92
PR: 2411
...
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve
Fix corner cases in RFC3779 code.
2011-01-03 01:40:53 +00:00
Dr. Stephen Henson
e82f75577b
PR: 2410
...
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve
Use OPENSSL_assert() instead of assert().
2011-01-03 01:22:41 +00:00
Dr. Stephen Henson
776654adff
PR: 2295
...
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve
OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.
2010-10-11 23:49:22 +00:00
Ben Laurie
c8bbd98a2b
Fix warnings.
2010-06-12 14:13:23 +00:00
Dr. Stephen Henson
ca96d38981
PR: 2251
...
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org
Memleak, BIO chain leak and realloc checks in v3_pci.c
2010-05-22 00:30:41 +00:00
Dr. Stephen Henson
b5cfc2f590
option to replace extensions with new ones: mainly for creating cross-certificates
2010-03-03 20:13:30 +00:00
Dr. Stephen Henson
ebaa2cf5b2
PR: 2183
...
PR#1999 broke fork detection by assuming HAVE_FORK was set for all platforms.
Include original HAVE_FORK detection logic while allowing it to be
overridden on specific platforms with -DHAVE_FORK=1 or -DHAVE_FORK=0
2010-03-03 19:56:34 +00:00
Dr. Stephen Henson
b1efb7161f
Include self-signed flag in certificates by checking SKID/AKID as well
...
as issuer and subject names. Although this is an incompatible change
it should have little impact in pratice because self-issued certificates
that are not self-signed are rarely encountered.
2010-02-25 00:01:38 +00:00
Dr. Stephen Henson
df4c395c6d
add anyExtendedKeyUsage OID
2010-02-24 15:53:58 +00:00
Dr. Stephen Henson
64f0f80eb6
PR: 2057
...
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BIO_write, BIO_printf, i2a_ASN1_INTEGER and i2a_ASN1_OBJECT
error handling in OCSP print routines.
2009-09-30 23:55:53 +00:00
Dr. Stephen Henson
b6dcdbfc94
Audit libcrypto for unchecked return values: fix all cases enountered
2009-09-23 23:43:49 +00:00
Dr. Stephen Henson
38663fcc82
Missing break.
2009-08-31 22:19:26 +00:00
Dr. Stephen Henson
c869da8839
Update from 1.0.0-stable
2009-07-27 21:10:00 +00:00
Dr. Stephen Henson
8132d3ac40
Update from 1.0.0-stable.
2009-05-30 18:11:26 +00:00
Andy Polyakov
051742fb6c
v3_alt.c: otherName parsing fix.
...
Submitted by: Love Hörnquist Åstrand
2009-04-27 19:35:16 +00:00
Dr. Stephen Henson
8711efb498
Updates from 1.0.0-stable branch.
2009-04-20 11:33:12 +00:00
Dr. Stephen Henson
e5fa864f62
Updates from 1.0.0-stable.
2009-04-15 15:27:03 +00:00
Dr. Stephen Henson
22c98d4aad
Update from 1.0.0-stable
2009-04-08 16:16:35 +00:00
Dr. Stephen Henson
06ddf8eb08
Updates from 1.0.0-stable
2009-04-04 19:54:06 +00:00
Dr. Stephen Henson
14023fe352
Merge from 1.0.0-stable branch.
2009-04-03 11:45:19 +00:00
Dr. Stephen Henson
ef8e772805
Use OPENSSL_assert() instead of assert.
2009-03-15 14:04:42 +00:00
Dr. Stephen Henson
e39acc1c90
PR: 1864
...
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Reviewed by: steve@openssl.org
Check return value.
2009-03-14 12:39:05 +00:00
Dr. Stephen Henson
a0b76569b2
Update from stable branch.
2009-03-14 12:26:48 +00:00
Ben Laurie
c2a548a884
Print IPv6 all 0s correctly (Rob Austein).
2009-03-08 10:54:45 +00:00
Dr. Stephen Henson
477fd4596f
PR: 1835
...
Submitted by: Damien Miller <djm@mindrot.org>
Approved by: steve@openssl.org
Fix various typos.
2009-02-14 21:49:38 +00:00
Richard Levitte
2e6a7b3efc
Constify where needed
2008-12-16 13:41:49 +00:00
Dr. Stephen Henson
9d44cd1642
Oops should check zero_pos >= 0.
2008-12-08 19:13:06 +00:00
Dr. Stephen Henson
1d4e879106
Handle case where v6stat.zero_pos == 0 correctly.
...
Reported by: Kurt Roeckx <kurt@roeckx.be>, Tobias Ginzler <ginzler@fgan.de> (Debian bug #506111 )
2008-12-07 23:58:44 +00:00
Dr. Stephen Henson
e9afa08cd1
Update from stable branch.
2008-11-30 16:09:04 +00:00
Dr. Stephen Henson
2e5975285e
Update obsolete email address...
2008-11-05 18:39:08 +00:00
Dr. Stephen Henson
e19106f5fb
Create function of the form OBJ_bsearch_xxx() in bsearch typesafe macros
...
with the appropriate parameters which calls OBJ_bsearch(). A compiler will
typically inline this.
This avoids the need for cmp_xxx variables and fixes unchecked const issues
with CHECKED_PTR_OF()
2008-10-22 15:43:01 +00:00
Ben Laurie
28b6d5020e
Set comparison function in v3_add_canonize().
2008-10-14 19:27:07 +00:00
Ben Laurie
babb379849
Type-checked (and modern C compliant) OBJ_bsearch.
2008-10-12 14:32:47 +00:00
Geoff Thorpe
fa0f834c20
Fix build warnings.
2008-09-15 04:02:37 +00:00
Dr. Stephen Henson
d43c4497ce
Initial support for delta CRLs. If "use deltas" flag is set attempt to find
...
a delta CRL in addition to a full CRL. Check and search delta in addition to
the base.
2008-09-01 15:15:16 +00:00
Dr. Stephen Henson
4b96839f06
Add support for CRLs partitioned by reason code.
...
Tidy CRL scoring system.
Add new CRL path validation error.
2008-08-29 11:37:21 +00:00
Dr. Stephen Henson
249a77f5fb
Add support for freshest CRL extension.
2008-08-27 15:52:05 +00:00
Dr. Stephen Henson
8c9bd89338
Support for certificateIssuer CRL entry extension.
2008-08-18 16:48:47 +00:00
Dr. Stephen Henson
002e66c0e8
Support for policy mappings extension.
...
Delete X509_POLICY_REF code.
Fix handling of invalid policy extensions to return the correct error.
Add command line option to inhibit policy mappings.
2008-08-12 10:32:56 +00:00
Dr. Stephen Henson
e9746e03ee
Initial support for name constraints certificate extension.
...
TODO: robustness checking on name forms.
2008-08-08 15:35:29 +00:00
Dr. Stephen Henson
3e727a3b37
Add support for nameRelativeToCRLIssuer field in distribution point name
...
fields.
2008-08-04 15:34:27 +00:00
Dr. Stephen Henson
a9ff742e42
Make explicit_policy handling match expected RFC3280 behaviour.
2008-08-02 11:16:35 +00:00
Dr. Stephen Henson
592a207b94
Policy validation fixes.
...
Inhibit any policy count should ignore self issued certificates.
Require explicit policy is the number certificate before an explict policy
is required.
2008-07-30 15:41:42 +00:00
Dr. Stephen Henson
34d05a4023
Zero is a valid value for any_skip and map_skip
2008-07-13 22:38:18 +00:00
Dr. Stephen Henson
dcc0c29876
We support inhibit any policy extension, add to table.
2008-07-13 15:55:37 +00:00
Dr. Stephen Henson
db50661fce
X509 verification fixes.
...
Ignore self issued certificates when checking path length constraints.
Duplicate OIDs in policy tree in case they are allocated.
Use anyPolicy from certificate cache and not current tree level.
2008-07-13 14:25:36 +00:00
Dr. Stephen Henson
d4cdbab99b
Avoid warnings with -pedantic, specifically:
...
Conversion between void * and function pointer.
Value computed not used.
Signed/unsigned argument.
2008-07-04 23:12:52 +00:00
Ben Laurie
5ce278a77b
More type-checking.
2008-06-04 11:01:43 +00:00
Ben Laurie
3c1d6bbc92
LHASH revamp. make depend.
2008-05-26 11:24:29 +00:00
Dr. Stephen Henson
a5cdb7d5bd
Avoid warnings.
2008-04-01 16:29:42 +00:00
Dr. Stephen Henson
f4cc56f494
Signed Receipt Request utility functions and option on CMS utility to
...
print out receipt requests.
2008-03-26 13:10:21 +00:00
Dr. Stephen Henson
be86c7fc87
Add signed receipt ASN1 structures. Initial GENERAL_NAME utility functions.
2008-03-24 22:14:02 +00:00
Dr. Stephen Henson
67c8e7f414
Support for certificate status TLS extension.
2007-09-26 21:56:59 +00:00
Dr. Stephen Henson
a6fbcb4220
Change safestack reimplementation to match 0.9.8.
...
Fix additional gcc 4.2 value not used warnings.
2007-09-07 13:25:15 +00:00
Dr. Stephen Henson
3c07d3a3d3
Finish gcc 4.2 changes.
2007-06-07 13:14:42 +00:00
Dr. Stephen Henson
376bf1d4aa
Constification.
2007-04-11 12:26:53 +00:00
Dr. Stephen Henson
bbb5cf05db
Fix from stable branch.
2007-03-05 00:09:08 +00:00
Dr. Stephen Henson
af32f9fdda
Update from fips2 branch.
2007-02-03 17:32:49 +00:00
Dr. Stephen Henson
560b79cbff
Constify version strings and some structures.
2007-01-21 13:07:17 +00:00
Richard Levitte
ea46f5e0e5
Replace strdup() with BUF_strdup().
2006-12-25 09:43:46 +00:00
Nils Larsch
360ff3cf58
fix order
2006-12-18 22:20:27 +00:00
Dr. Stephen Henson
10ca15f3fa
Fix change to OPENSSL_NO_RFC3779
2006-12-06 13:36:48 +00:00
Dr. Stephen Henson
d137b56a5b
Win32 fixes from stable branch.
2006-11-30 13:39:34 +00:00
Ben Laurie
96ea4ae91c
Add RFC 3779 support.
2006-11-27 14:18:05 +00:00
Dr. Stephen Henson
47a9d527ab
Update from 0.9.8 stable. Eliminate duplicate error codes.
2006-11-21 21:29:44 +00:00
Dr. Stephen Henson
55a08fac68
Typo.
2006-10-05 21:59:50 +00:00
Dr. Stephen Henson
bc7535bc7f
Support for AKID in CRLs and partial support for IDP. Overhaul of CRL
...
handling to support this.
2006-09-14 17:25:02 +00:00
Dr. Stephen Henson
4d50a2b4d6
Add verify callback functions to lookup a STACK of matching certs or CRLs
...
based on subject name.
New thread safe functions to retrieve matching STACK from X509_STORE.
Cache some IDP components.
2006-09-10 12:38:37 +00:00
Dr. Stephen Henson
edc540211c
Cache some CRL related extensions.
2006-07-24 12:39:22 +00:00
Ulf Möller
c3bb1f8166
unused function
2006-03-06 17:58:25 +00:00
Nils Larsch
95a0e8ab31
fix warning
2006-02-13 08:45:53 +00:00
Ulf Möller
c7235be6e3
RFC 3161 compliant time stamp request creation, response generation
...
and response verification.
Submitted by: Zoltan Glozik <zglozik@opentsa.org>
Reviewed by: Ulf Moeller
2006-02-12 23:11:56 +00:00
Dr. Stephen Henson
15ac971681
Update filenames in makefiles.
2006-02-04 01:45:59 +00:00
Nils Larsch
8c5a2bd6bb
add additional checks + cleanup
...
Submitted by: David Hartman <david_hartman@symantec.com>
2006-01-29 23:12:22 +00:00
Bodo Möller
51eb1b81f6
Avoid contradictive error code assignments.
...
"make errors".
2006-01-08 21:54:24 +00:00
Nils Larsch
53b38d37a9
fix potential memory leak + improved error checking
...
PR: 1182
2005-08-05 09:42:45 +00:00
Nils Larsch
c755c5fd8b
improved error checking and some fixes
...
PR: 1170
Submitted by: Yair Elharrar
Reviewed and edited by: Nils Larsch
2005-07-26 21:10:34 +00:00
Dr. Stephen Henson
8eb7217580
Add declaration for IDP ASN1 functions.
2005-07-26 11:43:11 +00:00
Dr. Stephen Henson
0537f9689c
Add support for setting IDP too.
2005-07-25 22:35:36 +00:00
Dr. Stephen Henson
0c010a1517
Don't use @syntax for extended CRLDP format.
2005-07-25 18:55:40 +00:00
Dr. Stephen Henson
0745d0892d
Allow setting of all fields in CRLDP. Few cosmetic changes to output.
2005-07-25 18:42:29 +00:00
Dr. Stephen Henson
5e64f8c44c
Typo which prevents mult valued RDNs being created.
2005-07-25 18:39:44 +00:00
Dr. Stephen Henson
9aa9d70ddb
Print out previously unsupported fields in CRLDP by i2r instead of i2v.
...
Cosmetic changes to IDP printout.
2005-07-24 00:23:57 +00:00
Dr. Stephen Henson
231493c93c
Initial print only support for IDP CRL extension.
2005-07-23 23:33:06 +00:00
Dr. Stephen Henson
f5d51a9362
Fix extension ordering.
2005-06-22 13:26:23 +00:00
Andy Polyakov
ce92b6eb9c
Further BUILDENV refinement, further fool-proofing of Makefiles and
...
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342 .
2005-05-16 16:55:47 +00:00
Andy Polyakov
81a86fcf17
Fool-proofing Makefiles
2005-05-15 22:23:26 +00:00
Bodo Möller
8afca8d9c6
Fix more error codes.
...
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
2005-05-11 03:45:39 +00:00
Dr. Stephen Henson
29dc350813
Rebuild error codes.
2005-04-12 16:15:22 +00:00
Richard Levitte
4bb61becbb
Add emacs cache files to .cvsignore.
2005-04-11 14:17:07 +00:00
Richard Levitte
d9bfe4f97c
Added restrictions on the use of proxy certificates, as they may pose
...
a security threat on unexpecting applications. Document and test.
2005-04-09 16:07:12 +00:00
Ben Laurie
42ba5d2329
Blow away Makefile.ssl.
2005-03-30 13:05:57 +00:00
Richard Levitte
a7201e9a1b
Changes concering RFC 3820 (proxy certificates) integration:
...
- Enforce that there should be no policy settings when the language
is one of id-ppl-independent or id-ppl-inheritAll.
- Add functionality to ssltest.c so that it can process proxy rights
and check that they are set correctly. Rights consist of ASCII
letters, and the condition is a boolean expression that includes
letters, parenthesis, &, | and ^.
- Change the proxy certificate configurations so they get proxy
rights that are understood by ssltest.c.
- Add a script that tests proxy certificates with SSL operations.
Other changes:
- Change the copyright end year in mkerr.pl.
- make update.
2005-01-17 17:06:58 +00:00
Richard Levitte
6951c23afd
Add functionality needed to process proxy certificates.
2004-12-28 00:21:35 +00:00
Dr. Stephen Henson
a0e7c8eede
Add lots of checks for memory allocation failure, error codes to indicate
...
failure and freeing up memory if a failure occurs.
PR:620
2004-12-05 01:03:15 +00:00
Dr. Stephen Henson
8f284faaec
V1 certificates that aren't self signed can't be accepted as CAs.
2004-12-03 00:10:34 +00:00
Richard Levitte
5073ff0346
Split X509_check_ca() into a small self and an internal function
...
check_ca(), to resolve constness issue. check_ca() is called from the
purpose checkers instead of X509_check_ca(), since the stuff done by
the latter (except for calling check_ca()) is also done by
X509_check_purpose().
2004-11-30 12:18:55 +00:00
Richard Levitte
30b415b076
Make an explicit check during certificate validation to see that the
...
CA setting in each certificate on the chain is correct. As a side-
effect always do the following basic checks on extensions, not just
when there's an associated purpose to the check:
- if there is an unhandled critical extension (unless the user has
chosen to ignore this fault)
- if the path length has been exceeded (if one is set at all)
- that certain extensions fit the associated purpose (if one has been
given)
2004-11-29 11:28:08 +00:00
Richard Levitte
a2ac429da2
Don't use $(EXHEADER) directly in for loops, as most shells will break
...
if $(EXHEADER) is empty.
Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
2004-11-02 23:55:01 +00:00
Dr. Stephen Henson
637ff35ef6
Delta CRL support in extension code.
2004-07-06 17:16:40 +00:00
Dr. Stephen Henson
eea674567c
Delete non-POSIX header file.
2004-07-04 16:48:27 +00:00
Geoff Thorpe
9c52d2cc75
After the latest round of header-hacking, regenerate the dependencies in
...
the Makefiles. NB: this commit is probably going to generate a huge posting
and it is highly uninteresting to read.
2004-05-17 19:26:06 +00:00
Geoff Thorpe
0f814687b9
Deprecate the recursive includes of bn.h from various API headers (asn1.h,
...
dh.h, dsa.h, ec.h, ecdh.h, ecdsa.h, rsa.h), as the opaque bignum types are
already declared in ossl_typ.h. Add explicit includes for bn.h in those C
files that need access to structure internals or API functions+macros.
2004-05-17 19:14:22 +00:00
Geoff Thorpe
c57bc2dc51
make update
2004-04-19 18:33:41 +00:00
Dr. Stephen Henson
b6a5fdb8a7
Don't use C++ reserved word.
2004-04-01 22:23:46 +00:00
Dr. Stephen Henson
ecf139917d
New function X509_POLICY_NODE_print()
2004-03-31 12:17:24 +00:00
Dr. Stephen Henson
5d6383c83f
Make {i2v,v2i}_ASN1_BIT_STRING global.
...
make update
2004-03-28 12:40:11 +00:00
Dr. Stephen Henson
b79c82eaab
Fix loads of warnings in policy code.
...
I'll remember to try to compile this with warnings enabled next time :-)
2004-03-25 13:45:58 +00:00
Geoff Thorpe
2d2a5ba32a
Damn, I was a bit hasty with my fix and hadn't spotted the linker
...
dependency from asn1.
2004-03-25 02:41:35 +00:00
Geoff Thorpe
2bd4e3379f
Remove some warnings.
2004-03-25 02:24:38 +00:00
Richard Levitte
e725a9660b
make update
2004-03-23 15:06:33 +00:00
Dr. Stephen Henson
4acc3e907d
Initial support for certificate policy checking and evaluation.
...
This is currently *very* experimental and needs to be more fully integrated
with the main verification code.
2004-03-23 14:14:35 +00:00
Richard Levitte
875a644a90
Constify d2i, s2i, c2i and r2i functions and other associated
...
functions and macros.
This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const. Those will be removed when this change has been
properly reviewed.
2004-03-15 23:15:26 +00:00
Geoff Thorpe
93825dddad
static
2004-03-10 01:20:26 +00:00
Dr. Stephen Henson
a4e3150f00
Fix policy constraints syntax.
2004-03-08 18:15:32 +00:00
Dr. Stephen Henson
edec614efd
Support for inhibitAnyPolicy extension.
2004-03-08 13:56:31 +00:00
Dr. Stephen Henson
bc50157010
Various X509 fixes. Disable broken certificate workarounds
...
when X509_V_FLAG_X509_STRICT is set. Check for CRLSign in
CRL issuer certificates. Reject CRLs with unhandled (any)
critical extensions.
2004-03-05 17:16:35 +00:00
Richard Levitte
79b42e7654
Use sh explicitely to run point.sh
...
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:59:07 +00:00
Richard Levitte
d420ac2c7d
Use BUF_strlcpy() instead of strcpy().
...
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:40:17 +00:00
Dr. Stephen Henson
a8287a90ea
Give CRLDP its standard name.
...
Max req -x509 use V1 if extensions section absent.
2003-11-20 22:45:06 +00:00
Geoff Thorpe
2754597013
A general spring-cleaning (in autumn) to fix up signed/unsigned warnings.
...
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
2003-10-29 20:24:15 +00:00
Richard Levitte
3c02e24bb3
Change the indentation from 12 to indent+4.
...
PR: 657
2003-09-27 22:48:33 +00:00
Dr. Stephen Henson
60790aff6f
PR: 627
...
Allocate certificatePolicies correctly if CPS field is absent.
Fix various memory leaks in certificatePolicies.
2003-05-28 17:28:11 +00:00
Dr. Stephen Henson
e19d0ef068
PR: 631
...
Submitted by: Doug Sauder <dws+001@hunnysoft.com>
Fix bug in X509V3_get_d2i() when idx in not NULL.
2003-05-28 16:57:08 +00:00
Dr. Stephen Henson
b9d2d20086
Make DER option work again.
...
Fix typo.
2003-05-02 11:41:40 +00:00
Richard Levitte
3ae70939ba
Correct a lot of printing calls. Remove extra arguments...
2003-04-03 23:39:48 +00:00
Richard Levitte
8382ec5d37
Reindent for readability.
2003-04-03 19:10:32 +00:00
Richard Levitte
6dd6da6005
Don't feil when indent is 0.
...
PR: 559
2003-03-31 13:24:02 +00:00
Dr. Stephen Henson
1a15c89988
Multi valued AVA support.
2003-03-30 01:51:16 +00:00
Dr. Stephen Henson
81bd0446a9
make update
2003-03-24 17:06:25 +00:00
Dr. Stephen Henson
520b76ffd9
Support for name constraints.
2003-03-24 17:04:44 +00:00
Dr. Stephen Henson
5cc5ec1bba
make update
2003-03-21 16:28:29 +00:00
Dr. Stephen Henson
f80153e20b
Support for policy constraints.
2003-03-21 16:26:20 +00:00
Dr. Stephen Henson
b24668626e
make update
2003-03-20 17:59:39 +00:00
Dr. Stephen Henson
ea3675b5b6
New ASN1 macros to just implement and declare the new and free functions
...
and changes to mkdef.pl so it recognises them.
Use these in policyMappings extension.
2003-03-20 17:58:33 +00:00
Dr. Stephen Henson
a1d12daed2
Support for policyMappings
2003-03-20 17:26:44 +00:00
Dr. Stephen Henson
f0dc08e656
Support for dirName from config files in GeneralName extensions.
2003-02-27 01:54:11 +00:00
Richard Levitte
85d686e723
Make it possible to disable OCSP, the speed application, and the use of sockets.
...
PR: 358
2003-02-14 01:02:58 +00:00
Dr. Stephen Henson
4e5d3a7f98
IPv6 display and input support for extensions usingh GeneralName.
2003-02-05 00:34:31 +00:00
Richard Levitte
b637670f03
DVCS (see RFC 3029) was missing among the possible purposes.
...
Notified privately to me by Peter Sylvester <Peter.Sylvester@EdelWeb.fr>,
one of the authors of said RFC
2003-01-29 15:06:35 +00:00
Richard Levitte
0c055b201e
Adjust the parameter lists in some not commonly used files.
...
PR: 428
2003-01-01 23:41:46 +00:00
Richard Levitte
5e42f9ab46
make update
2002-12-29 01:38:15 +00:00
Dr. Stephen Henson
65caee44ff
Fix get_email: 0 is a valid return value
2002-11-14 00:46:11 +00:00
Ben Laurie
54a656ef08
Security fixes brought forward from 0.9.7.
2002-11-13 15:43:43 +00:00
Dr. Stephen Henson
2232e262bf
Fix memory leak in s2i_ASN_INTEGER and return an error
...
if any invalid characters are present.
2002-11-13 00:40:51 +00:00
Dr. Stephen Henson
9ea1b87862
Initial ASN1 generation code. This can construct
...
arbitrary encodings from strings and config files.
Documentation to follow...
2002-11-12 13:34:51 +00:00
Richard Levitte
001ab3abad
Use double dashes so makedepend doesn't misunderstand the flags we
...
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
2002-10-09 13:25:12 +00:00
Bodo Möller
74cc4903ef
make update
2002-08-09 12:16:15 +00:00
Lutz Jänicke
3aecef7697
"make update"
2002-07-30 12:44:33 +00:00
Bodo Möller
5dbd3efce7
Replace 'ecdsaparam' commandline utility by 'ecparam'
...
(the same keys can be used for ECC schemes other than ECDSA)
and add some new options.
Similarly, use string "EC PARAMETERS" instead of "ECDSA PARAMETERS"
in 'PEM' format.
Fix ec_asn1.c (take into account the desired conversion form).
'make update'.
Submitted by: Nils Larsch
2002-07-14 16:54:31 +00:00
Richard Levitte
17085b022c
Pass CFLAG to dependency makers, so non-standard system include paths are
...
handled properly.
Part of PR 75
2002-06-27 16:39:25 +00:00
Dr. Stephen Henson
99889b46c9
Fix ext_dat.h extension ordering.
...
Reinstate -reqout code.
Avoid coredump in ocsp if setup_verify
fails.
Fix typo in ocsp usage message.
2002-06-13 12:56:27 +00:00
Dr. Stephen Henson
04cc76660a
The new ASN1 code automatically allocates
...
structures for fields that are not OPTIONAL.
However in the AUTHORITY_INFO_ACCESS case
the 'location' field was set to NULL in
the old code.
So in 0.9.7+ we should free up the field before
overwriting it in v2i_AUTHORITY_INFO_ACCESS.
2002-06-13 00:43:27 +00:00
Richard Levitte
9cdf87f194
Check the return values where memory allocation failures may happen.
...
PR: 49
2002-05-30 16:47:45 +00:00
Bodo Möller
59dbdb51dc
disable '#ifdef DEBUG' sections
2002-02-28 10:51:56 +00:00
Bodo Möller
4d94ae00d5
ECDSA support
...
Submitted by: Nils Larsch <nla@trustcenter.de>
2002-02-13 18:21:51 +00:00
Bodo Möller
072569e0f1
Undo previous change, X509_check_issued() was correct.
...
[See
Message-ID: <3BB07999.30432AD2@celocom.com>
Date: Tue, 25 Sep 2001 13:33:29 +0100
From: Dr S N Henson <drh@celocom.com>
To: openssl-dev@openssl.org
Subject: Re: Error in v3_purp.c
]
2002-01-27 17:41:12 +00:00
Richard Levitte
63810d8566
Apply a small patch from Diego R. Lopez <diego.lopez@rediris.es>,
...
making X509_check_issued() properly match an issuer that's found in a
Authority Key Identifier.
2002-01-26 04:25:16 +00:00
Bodo Möller
4d7072f4b5
remove redundant ERR_load_... declarations
2001-12-17 19:22:23 +00:00
Dr. Stephen Henson
7d5b04db4e
Add support for Subject Info Acess extension.
2001-10-27 00:16:53 +00:00
Dr. Stephen Henson
f1558bb424
Reject certificates with unhandled critical extensions.
2001-10-21 02:09:15 +00:00
Dr. Stephen Henson
20d2186c87
Retain compatibility of EVP_DigestInit() and EVP_DigestFinal()
...
with existing code.
Modify library to use digest *_ex() functions.
2001-10-16 01:24:29 +00:00
Richard Levitte
f8000b9345
'make update'
2001-10-04 07:49:09 +00:00
Dr. Stephen Henson
96bd6f730a
Add certificate and request demos.
...
Fix X509V3 macro so they compile.
2001-09-12 00:19:20 +00:00
Ben Laurie
d66ace9da5
Start to reduce some of the header bloat.
2001-08-05 18:02:16 +00:00
Richard Levitte
710e5d5639
make update
2001-07-31 17:07:24 +00:00
Ben Laurie
dbad169019
Really add the EVP and all of the DES changes.
2001-07-30 23:57:25 +00:00
Dr. Stephen Henson
1241126adf
More linker bloat reorganisation:
...
Split private key PEM and normal PEM handling. Private key
handling needs to link in stuff like PKCS#8.
Relocate the ASN1 *_dup() functions, to the relevant ASN1
modules using new macro IMPLEMENT_ASN1_DUP_FUNCTION. Previously
these were all in crypto/x509/x_all.c along with every ASN1
BIO/fp function which linked in *every* ASN1 function if
a single dup was used.
Move the authority key id ASN1 structure to a separate file.
This is used in the X509 routines and its previous location
linked in all the v3 extension code.
Also move ASN1_tag2bit to avoid linking in a_bytes.c which
is now largely obsolete.
So far under Linux stripped binary with single PEM_read_X509
is now 238K compared to 380K before these changes.
2001-07-27 02:22:42 +00:00
Dr. Stephen Henson
b7a26e6daf
Modify apps to use NCONF code instead of old CONF code.
...
Add new extension functions which work with NCONF.
Tidy up extension config routines and remove redundant code.
Fix NCONF_get_number().
Todo: more testing of apps to see they still work...
2001-06-28 11:41:50 +00:00
Dr. Stephen Henson
926a56bfe3
Purpose and trust setting functions for X509_STORE.
...
Tidy existing code.
2001-05-10 00:13:59 +00:00
Richard Levitte
c9fd77e9dd
Make it possible to move the emailAddress object to the subjectAltName
...
extension instead of just copying it. That makes a certificate comply
even more with PKIX recommendations according to RFC 2459.
2001-04-11 12:55:06 +00:00
Dr. Stephen Henson
535d79da63
Overhaul the display of certificate details in
...
the 'ca' utility. This can now be extensively
customised in the configuration file and handles
multibyte strings and extensions properly.
This is required when extensions copying from
certificate requests is supported: the user
must be able to view the extensions before
allowing a certificate to be issued.
2001-03-15 19:13:40 +00:00
Bodo Möller
4e20b1a656
Instead of telling both 'make' and the user that ranlib
...
errors can be tolerated, hide the error from 'make'.
This gives shorter output both if ranlib fails and if
it works.
2001-03-09 14:01:42 +00:00
Dr. Stephen Henson
f23478c314
Fix bug in copy_email() which would not
...
find emailAddress at start of subject name.
2001-03-01 13:32:11 +00:00
Richard Levitte
d88a26c489
make update
...
Note that all *_it variables are suddenly non-existant according to
libeay.num. This is a bug that will be corrected. Please be patient.
2001-02-26 10:54:08 +00:00
Dr. Stephen Henson
d339187b1a
Get rid of ASN1_ITEM_FUNCTIONS dummy function
...
prototype hack. This unfortunately means that
every ASN1_*_END construct cannot have a
trailing ;
2001-02-23 12:47:06 +00:00
Dr. Stephen Henson
bb5ea36b96
Initial support for ASN1_ITEM_FUNCTION option to
...
change the way ASN1 modules are exported.
Still needs a bit of work for example the hack which a
dummy function prototype to avoid compilers warning about
multiple ;s.
2001-02-23 03:16:09 +00:00
Richard Levitte
41d2a336ee
e_os.h does not belong with the exported headers. Do not put it there
...
and make all files the depend on it include it without prefixing it
with openssl/.
This means that all Makefiles will have $(TOP) as one of the include
directories.
2001-02-22 14:45:02 +00:00
Richard Levitte
cf1b7d9664
Make all configuration macros available for application by making
...
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.
I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
2001-02-19 16:06:34 +00:00
Dr. Stephen Henson
a6b7ffddac
New options to 'ca' utility to support CRL entry extensions.
...
Add revelant new X509V3 extensions.
Add OIDs.
Fix ASN1 memory leak code to pop info if external allocation used.
2001-02-16 01:35:44 +00:00
Ulf Möller
741a9690df
Fix potential buffer overrun for EBCDIC.
2001-02-06 02:54:02 +00:00
Dr. Stephen Henson
88ce56f8c1
Various function for commmon operations.
2001-02-02 00:45:54 +00:00
Dr. Stephen Henson
8cff6331c9
Tolerate some "variations" used in some
...
certificates.
One is a valid CA which has no basicConstraints
but does have certSign keyUsage.
Other is S/MIME signer with nonRepudiation but
no digitalSignature.
2001-02-01 01:57:32 +00:00
Dr. Stephen Henson
8e8972bb68
Fixes to various ASN1_INTEGER routines for negative case.
...
Enhance s2i_ASN1_INTEGER().
2001-01-19 14:21:48 +00:00
Dr. Stephen Henson
81f169e95c
Initial OCSP certificate verify. Not complete,
...
it just supports a "trusted OCSP global root CA".
2001-01-17 01:31:34 +00:00
Dr. Stephen Henson
a8312c0e24
Fix typo in OCSP nonce extension.
...
Set correct type in ASN1_STRING for
INTEGER and ENUMERATED types.
Make ASN1_INTEGER_get() and ASN1_ENUMERATED_get()
return -1 for invalid type rather than 0 (which is
often valid). -1 may also be valid but this is less
likely.
Load OCSP error strings in ERR_load_crypto_strings().
2001-01-04 19:53:48 +00:00
Dr. Stephen Henson
bf0d176e48
Update OCSP API.
...
Remove extensions argument from various functions
because it is not needed with the new extension
code.
New function OCSP_cert_to_id() to convert a pair
of certificates into an OCSP_CERTID.
New simple OCSP HTTP function. This is rather primitive
but just about adequate to send OCSP requests and
parse the response.
Fix typo in CRL distribution points extension.
Fix ASN1 code so it adds a final null to constructed
strings.
2001-01-04 01:46:36 +00:00
Richard Levitte
701adceb12
"make update" plus a rewrite of both .num files.
2000-12-29 00:19:12 +00:00
Dr. Stephen Henson
28ddfc61dc
X509V3_add_i2d() needs to be able to allocate a
...
STACK_OF(X509_EXTENSION) so it should be passed
STACK_OF(X509_EXTENSION) ** in the first argument.
Modify wrappers appropriately.
2000-12-27 13:42:43 +00:00
Dr. Stephen Henson
57d2f21782
New function X509V3_add_i2d() this is used for
...
encoding, replacing and deleting extensions.
Fix X509V3_get_d2i() so it uses takes note of
new critical behaviour.
2000-12-24 18:02:33 +00:00
Dr. Stephen Henson
5755cab49d
Fixes to OCSP print code.
...
Don't try to print request certificates if signature is not present.
Remove unnecessary test for certificates being NULL.
Fix typos in printed output.
Tidy up output.
Fix for typo in OCSP_SERVICELOC ASN1 template.
Also give a bit more info in CHANGES about the ASN1 revision.
2000-12-20 00:46:44 +00:00
Dr. Stephen Henson
6546fdfaf8
Add OCSP service locator extension.
2000-12-16 12:51:58 +00:00
Dr. Stephen Henson
f1a6a0d4dd
Add support for the noCheck OCSP extension. This is
...
just a NULL and appears in a certificate.
2000-12-16 01:58:58 +00:00
Dr. Stephen Henson
c08523d862
Implement some standard OCSP extensions in the v3 code. These
...
are all raw print only extensions at present.
2000-12-15 13:42:00 +00:00
Dr. Stephen Henson
2fc0d1f15e
Add OCSP nonce extension to supported extensions.
...
This is a little unusual because it can contain no
structure i.e. the extension OCTET STRING content
octets do not contain a DER encoded structure.
2000-12-14 23:27:20 +00:00
Dr. Stephen Henson
2c15d426b9
New function X509V3_extensions_print() this removes extension duplication
...
from the print routines.
Reorganisation of OCSP code: initial print routines in ocsp_prn.c. Doesn't
work fully because OCSP extensions aren't reimplemented yet.
Implement some ASN1 functions needed to compile OCSP code.
2000-12-14 18:42:28 +00:00
Dr. Stephen Henson
36ac656a1b
Stop extension creation code core dumping.
...
This was caused by no initialising the buffer
to NULL when using the auto allocating version
if i2d.
2000-12-13 13:55:03 +00:00
Dr. Stephen Henson
2aff7727f7
Rewrite the extension code to use an ASN1_ITEM structure
...
for its ASN1 operations as well as the old style function
pointers (i2d, d2i, new, free). Change standard extensions
to support this.
Fix a warning in BN_mul(), bn_mul.c about uninitialised 'j'.
2000-12-13 13:47:33 +00:00
Dr. Stephen Henson
9d6b1ce644
Merge from the ASN1 branch of new ASN1 code
...
to main trunk.
Lets see if the makes it to openssl-cvs :-)
2000-12-08 19:09:35 +00:00
Ulf Möller
6a8ba34f9d
in some new file names the first 8 characters were not unique
2000-11-12 22:32:18 +00:00
Richard Levitte
eb64730b9c
The majority of the OCSP code from CertCo.
2000-10-27 11:05:35 +00:00
Richard Levitte
3ab5651112
The experimental Rijndael code moved to the main trunk.
...
make update done.
2000-10-14 20:09:54 +00:00