Commit graph

136 commits

Author SHA1 Message Date
Richard Levitte
14565bedaf Some functions, like strdup() and strcasecmp(), are defined in
strings.h according to X/Open.
2001-02-20 19:05:59 +00:00
Richard Levitte
bc36ee6227 Use new-style system-id macros everywhere possible. I hope I haven't
missed any.

This compiles and runs on Linux, and external applications have no
problems with it.  The definite test will be to build this on VMS.
2001-02-20 08:13:47 +00:00
Richard Levitte
cf1b7d9664 Make all configuration macros available for application by making
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.

I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
2001-02-19 16:06:34 +00:00
Dr. Stephen Henson
acba75c59d New -set_serial options to 'req' and 'x509'.
Remove the old broken bio read of serial numbers in the 'ca' index
file. This would choke if a revoked certificate was specified with
a negative serial number.

Fix typo in uid.c
2001-02-19 13:38:32 +00:00
Dr. Stephen Henson
a6b7ffddac New options to 'ca' utility to support CRL entry extensions.
Add revelant new X509V3 extensions.

Add OIDs.

Fix ASN1 memory leak code to pop info if external allocation used.
2001-02-16 01:35:44 +00:00
Dr. Stephen Henson
ccb08f98ae Fix CRL printing to correctly show when there are no revoked certificates.
Make ca.c correctly initialize the revocation date.

Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string() set the
string type: so they can initialize ASN1_TIME structures properly.
2001-02-10 00:56:45 +00:00
Ulf Möller
4327aae816 format strings 2001-02-06 02:57:35 +00:00
Dr. Stephen Henson
90f63e8f83 Don't shadow. 2001-01-18 01:36:54 +00:00
Bodo Möller
dfebac32c0 New '-extfile' option for 'openssl ca'.
This allows keeping extensions in a separate configuration file.

Submitted by: Massimiliano Pala <madwolf@comune.modena.it>
2001-01-15 11:35:24 +00:00
Dr. Stephen Henson
8e5b6314ef Fix warning in apps/ca.c 2001-01-14 13:58:49 +00:00
Bodo Möller
c67cdb50d2 New 'openssl ca -status <serial>' and 'openssl ca -updatedb'
commands.

Submitted by: Massimiliano Pala <madwolf@comune.modena.it>
2001-01-12 14:50:44 +00:00
Bodo Möller
2c0d10123e If CONF_get_string returns NULL and we want to tolerate this
(e.g., use a default), we have to call ERR_clear_error().
2000-12-15 16:59:49 +00:00
Dr. Stephen Henson
9d6b1ce644 Merge from the ASN1 branch of new ASN1 code
to main trunk.

Lets see if the makes it to openssl-cvs :-)
2000-12-08 19:09:35 +00:00
Ben Laurie
b0dc680f71 Fix warnings. 2000-12-03 10:04:22 +00:00
Geoff Thorpe
35a99b6380 Use the new LHASH macros to declare type-safe wrapper functions that can
be used as the hash/compare callbacks without function pointer casting.

For now, this is just happening in the apps/ directory whilst a few people
check the approach. The rest of the library will be moved across to the
same idea if there's no problems with this.
2000-12-02 23:16:54 +00:00
Geoff Thorpe
385d81380c First step in tidying up the LHASH code. The callback prototypes (and
casts) used in the lhash code are about as horrible and evil as they can
be. For starters, the callback prototypes contain empty parameter lists.
Yuck.

This first change defines clearer prototypes - including "typedef"'d
function pointer types to use as "hash" and "compare" callbacks, as well as
the callbacks passed to the lh_doall and lh_doall_arg iteration functions.
Now at least more explicit (and clear) casting is required in all of the
dependant code - and that should be included in this commit.

The next step will be to hunt down and obliterate some of the function
pointer casting being used when it's not necessary - a particularly evil
variant exists in the implementation of lh_doall.
2000-12-01 20:31:52 +00:00
Richard Levitte
32d862ede4 Add the possibility to use keys handled by engines in more
applications.
2000-10-28 22:40:40 +00:00
Richard Levitte
5270e7025e Merge the engine branch into the main trunk. All conflicts resolved.
At the same time, add VMS support for Rijndael.
2000-10-26 21:07:28 +00:00
Richard Levitte
645749ef98 On VMS, stdout may very well lead to a file that is written to in a
record-oriented fashion.  That means that every write() will write a
separate record, which will be read separately by the programs trying
to read from it.  This can be very confusing.

The solution is to put a BIO filter in the way that will buffer text
until a linefeed is reached, and then write everything a line at a
time, so every record written will be an actual line, not chunks of
lines and not (usually doesn't happen, but I've seen it once) several
lines in one record.  Voila, BIO_f_linebuffer() is born.

Since we're so close to release time, I'm making this VMS-only for
now, just to make sure no code is needlessly broken by this.  After
the release, this BIO method will be enabled on all other platforms as
well.
2000-09-20 13:55:50 +00:00
Dr. Stephen Henson
bd08a2bd0c Add 'rsautl' low level RSA utility.
Add DER public key routines.

Add -passin argument to 'ca' utility.

Document sign and verify options to dgst.
2000-09-03 23:13:48 +00:00
Richard Levitte
431b0cce7d Move add_oid_section to apps.c, so it can be shared by several
applications.  Also, have it and the certificate and key loading
functions take a BIO argument for error output.
2000-06-22 22:07:27 +00:00
Richard Levitte
26a3a48d65 There have been a number of complaints from a number of sources that names
like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages.  That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.

This change includes all the name changes needed throughout all C files.
2000-06-01 22:19:21 +00:00
Ben Laurie
b4604683fa Typesafety thought police. 2000-05-16 14:38:29 +00:00
Ulf Möller
0e1c06128a Get rid of more non-ANSI declarations. 2000-05-15 22:54:43 +00:00
Dr. Stephen Henson
c61252001b Fix typo and make ca get the CA and request fields correct. 2000-03-08 12:44:10 +00:00
Richard Levitte
cb464c38b2 The OpenVMS library is most definitely not built for anything but
files, unless it's all in unixly syntax.  We can't guarantee that
right now, so let's skip the whole test suit.  There are other places
(like the open()) where errors are detected anyway.
2000-02-26 03:53:58 +00:00
Dr. Stephen Henson
a3fe382e2d Pass phrase reorganisation. 2000-02-16 23:16:01 +00:00
Richard Levitte
207c7df746 Remove the access() call altogether for VMS, since it doesn't quite
work for directory specifications (this will be reported as a bug to
DEC^H^H^HCompaq).  It could as well be removed for all others as well,
since stat() and open() will return appropriate errors as well, but I
leave that to someone else to decide.
2000-02-15 09:44:54 +00:00
Ralf S. Engelschall
667ac4ec6a Make gcc 2.95.2 happy again, even under ``-Wall -Wshadow -Wpointer-arith -Wcast-align
-Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Winline''.
2000-02-11 09:47:18 +00:00
Ulf Möller
657e60fa00 ispell (and minor modifications) 2000-02-03 23:23:24 +00:00
Dr. Stephen Henson
82fc1d9c28 Add new -notext option to 'ca', -pubkey option to spkac.
Remove some "WTF??" casts from applications.

Fixes to keep VC++ happy and avoid warnings.

Docs tidy.
2000-02-03 02:56:48 +00:00
Dr. Stephen Henson
36217a9424 Allow passwords to be included on command line for a few
more utilities.
1999-12-24 23:53:57 +00:00
Dr. Stephen Henson
08cba61011 Modify the X509 V3 extension lookup code. 1999-12-01 01:49:46 +00:00
Dr. Stephen Henson
af29811edd Add password command line options to some utils. Fix and update man
pages.
1999-11-11 18:41:31 +00:00
Dr. Stephen Henson
53b1899e3c Fix a couple of outstanding issues: update STATUS file, fix NO_FP_API problems.
Update docs, change 'ca' to use the new callback parameter. Now moved key_callback
into app.c because some other utilities will use it soon.
1999-11-11 13:58:41 +00:00
Ben Laurie
95fdc5eef9 Fix (spurious) warnings. 1999-11-09 12:09:24 +00:00
Dr. Stephen Henson
a0ad17bb6c Fix to the -revoke option in ca. It was leaking memory, crashing and just
plain not working :-(

Also fix some memory leaks in the new X509_NAME code.

Fix so new app_rand code doesn't crash 'x509' and move #include so it compiles
under Win32.
1999-11-08 13:58:08 +00:00
Dr. Stephen Henson
74400f7348 Continued multibyte character support.
Add a bunch of functions to simplify the creation of X509_NAME structures.

Change the X509_NAME_entry_add stuff in req/ca so it no longer uses
X509_NAME_entry_count(): passing -1 has the same effect.
1999-10-27 00:15:11 +00:00
Bodo Möller
a31011e8e0 Various randomness handling bugfixes and improvements --
some utilities that should have used RANDFILE did not,
and -rand handling was broken except in genrsa.
1999-10-26 01:56:29 +00:00
Bodo Möller
798757762a Improve support for running everything as a monolithic application.
Submitted by: Lennart Bång, Bodo Möller
1999-10-25 19:36:01 +00:00
Bodo Möller
9a0f732d75 Document -startdate and -enddate in usage summary. 1999-09-17 16:35:29 +00:00
Bodo Möller
a32640b0f4 Reinitialize conf to NULL whenver ca application is started.
Submitted by: Lennart Bang
1999-09-05 20:53:08 +00:00
Bodo Möller
b74ba295da Reinitialize global variables when necessary (for monolith application). 1999-09-03 23:08:45 +00:00
Dr. Stephen Henson
8ce97163a2 Add new 'spkac' utility and several SPKAC utility functions. 1999-09-03 01:08:34 +00:00
Dr. Stephen Henson
87a25f9032 Allow the extension section specified in config files to be overridden
on the command line for various utilities.
1999-08-27 00:08:17 +00:00
Dr. Stephen Henson
f9150e5421 Allow the 1.OU="my OU" syntax in 'ca' for SPKACs. 1999-08-25 23:18:23 +00:00
Dr. Stephen Henson
ed7f60fbf9 Fix -startdate and -enddate arguments to 'ca' program. Also update NEWS file
with some 0.9.4 changes.
1999-08-06 21:47:09 +00:00
Bodo Möller
93c106c4b9 additional argument for key_callback 1999-07-21 22:07:35 +00:00
Bodo Möller
74678cc2f8 Additional user data argument to pem_password_cb function type
and to lots of PEM_... functions.
Submitted by: Damien Miller <dmiller@ilogic.com.au>
1999-07-21 20:57:16 +00:00
Dr. Stephen Henson
ba404b5e86 Convert the CONF library to use a typesafe stack: a STACK_OF(CONF_VALUE). It
seemed like a good idea at the time... several hours later it was rather
obvious that these are used all over the place making the changes rather
extensive.
1999-06-20 22:18:16 +00:00
Bodo Möller
d58d092bc9 Avoid warnings. 1999-06-10 16:29:32 +00:00
Bodo Möller
b1c4fe3625 Don't mix real tabs with tabs expanded as 8 spaces -- that's
a pain to read when using 4-space tabs.
1999-06-07 20:26:51 +00:00
Ben Laurie
ee8ba0b26c Another safe stack. 1999-05-30 15:25:47 +00:00
Ulf Möller
7d7d2cbcb0 VMS support.
Submitted by: Richard Levitte <richard@levitte.org>
1999-05-13 11:37:32 +00:00
Ulf Möller
d5a2ea4b73 Move openssl.cnf out of lib/. 1999-05-10 23:59:28 +00:00
Dr. Stephen Henson
e40b7abeed Allows PKCS#12 password to be placed on command line and add allow config
file name for 'ca' to come from the environment.
1999-05-08 12:59:50 +00:00
Ben Laurie
0b3f827cf5 Yet another stack. 1999-05-02 21:36:58 +00:00
Ulf Möller
a9be3af5ad Remove NOPROTO definitions and error code comments. 1999-04-26 16:43:10 +00:00
Bodo Möller
ec577822f9 Change #include filenames from <foo.h> to <openssl.h>.
Submitted by:
Reviewed by:
PR:
1999-04-23 22:13:45 +00:00
Ulf Möller
95dc05bc6d Fix lots of warnings.
Submitted by: Richard Levitte <levitte@stacken.kth.se>
1999-04-20 22:50:42 +00:00
Ulf Möller
6b691a5c85 Change functions to ANSI C. 1999-04-19 21:31:43 +00:00
Dr. Stephen Henson
41b731f2f8 Initial support for Certificate Policies extension: print out works but setting
isn't fully implemented (yet).
1999-04-18 23:21:03 +00:00
Ben Laurie
e778802f53 Massive constification. 1999-04-17 21:25:43 +00:00
Dr. Stephen Henson
1d48dd0019 Add initial support for r2i RAW extensions which can access the config database
add various X509V3_CTX helper functions and support for LHASH as the config
database.
1999-04-16 23:57:04 +00:00
Ben Laurie
a36a1a5146 gcc claims this is a shadow, though I can't find what it is shadowing... 1999-04-12 17:17:39 +00:00
Ralf S. Engelschall
f9a2593163 Add `openssl ca -revoke <certfile>' facility which revokes a certificate
specified in <certfile> by updating the entry in the index.txt file.
This way one no longer has to edit the index.txt file manually for
revoking a certificate. The -revoke option does the gory details now.

Submitted by: Massimiliano Pala <madwolf@openca.org>
Cleaned up and integrated by: Ralf S. Engelschall
1999-04-12 11:45:14 +00:00
Ralf S. Engelschall
7c7c88515f Fix a few typos and tabs while I'm poking around in ca.c... 1999-04-10 13:15:38 +00:00
Dr. Stephen Henson
1756d405cc Added support for adding extensions to CRLs, also fix a memory leak and
make 'req' check the config file syntax before it adds extensions. Added
info in the documentation as well.
1999-03-06 19:33:29 +00:00
Ben Laurie
15799403ad Fix more warnings. 1999-02-23 12:53:49 +00:00
Dr. Stephen Henson
a43aa73e3b Redo the way 'req' and 'ca' add objects: add support for oid_section. 1999-02-23 00:07:46 +00:00
Dr. Stephen Henson
aa066b9e6e Add more functionality to issuer alt name and subject alt name. New options
to include email addresses from DN and copy details from issuer certificate.
Include examples in openssl.cnf, update Win32 ordinals.
1999-02-21 01:46:45 +00:00
Ben Laurie
08853ba82d Finally(?) fix DES stuff. 1999-02-13 21:49:34 +00:00
Dr. Stephen Henson
175b0942ec More extension code. Incomplete support for subject and issuer alt
name, issuer and authority key id. Change the i2v function parameters
and add an extra 'crl' parameter in the X509V3_CTX structure: guess
what that's for :-) Fix to ASN1 macro which messed up
IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED.
1999-02-10 01:12:59 +00:00
Ben Laurie
7ec218eb4a Process extensions when they are there. 1999-02-06 17:46:23 +00:00
Ben Laurie
29d2824788 Typo in arguments. 1999-02-06 15:19:16 +00:00
Ben Laurie
c106c6132c Clear error we don't care about. 1999-02-06 13:30:37 +00:00
Mark J. Cox
bc2646ef11 fix typo
Submitted by:
Reviewed by:
PR:
1999-01-31 09:57:00 +00:00
Dr. Stephen Henson
b2347661ce Still more X509 V3 stuff. Modify ca.c to work with the new code and modify
openssl.cnf for the new syntax.
1999-01-26 01:19:27 +00:00
Ben Laurie
512d222830 Remove pointless MD5 hash.
Contributed by: Anonymous <nobody@replay.com>
1999-01-17 14:14:41 +00:00
Dr. Stephen Henson
10061c7c47 More EVP_PKEY patches for new functionality. 1999-01-03 23:00:45 +00:00
Paul C. Sutton
e170a5c050 Some more changes for renaming the binary from ssleay to openssl.
I wonder what eay.c is?
1999-01-02 14:42:23 +00:00
Dr. Stephen Henson
c35f549e8b Move DSA test in ca.c inside #ifdef and make pubkey BIT STRING always have
zero unused bits.
1999-01-02 01:53:06 +00:00
Ralf S. Engelschall
13e91dd365 Incorporation of RSEs assembled patches 1998-12-22 15:59:57 +00:00
Ralf S. Engelschall
dfeab0689f Import of old SSLeay release: SSLeay 0.9.1b (unreleased) 1998-12-21 11:00:56 +00:00
Ralf S. Engelschall
58964a4922 Import of old SSLeay release: SSLeay 0.9.0b 1998-12-21 10:56:39 +00:00
Ralf S. Engelschall
d02b48c63a Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00