Andy Polyakov
|
a006fef78e
|
Improve WINCE support.
Submitted by: Pierre Delaage
|
2013-01-19 21:23:13 +01:00 |
|
Dr. Stephen Henson
|
4badfebefc
|
Typo (PR2959).
|
2013-01-17 18:20:18 +00:00 |
|
Dr. Stephen Henson
|
abd01ea214
|
Change default bits to 1024
|
2013-01-07 16:18:31 +00:00 |
|
Dr. Stephen Henson
|
b252cf0d98
|
make JPAKE work again, fix memory leaks
|
2012-12-29 23:38:20 +00:00 |
|
Dr. Stephen Henson
|
89a5e2f704
|
missing tab
|
2012-12-26 19:12:57 +00:00 |
|
Dr. Stephen Henson
|
09d0d67c13
|
add missing newline
|
2012-12-21 16:24:48 +00:00 |
|
Dr. Stephen Henson
|
bbdfbacdef
|
add -rmd option to set OCSP response signing digest
|
2012-12-16 00:10:03 +00:00 |
|
Dr. Stephen Henson
|
99fc818e93
|
Return success when the responder is active.
Don't verify our own responses.
|
2012-12-15 02:56:02 +00:00 |
|
Dr. Stephen Henson
|
265f835e3e
|
typo
|
2012-12-15 00:29:12 +00:00 |
|
Dr. Stephen Henson
|
33826fd028
|
Add support for '-' as input and output filenames in ocsp utility.
Recognise verification arguments.
|
2012-12-14 23:30:56 +00:00 |
|
Dr. Stephen Henson
|
92821996de
|
oops, revert, committed in error
|
2012-12-14 23:29:58 +00:00 |
|
Dr. Stephen Henson
|
11e2957d5f
|
apps/ocsp.c
|
2012-12-14 23:28:19 +00:00 |
|
Dr. Stephen Henson
|
51e7a4378a
|
New verify flag to return success if we have any certificate in the
trusted store instead of the default which is to return an error if
we can't build the complete chain.
|
2012-12-13 18:14:46 +00:00 |
|
Dr. Stephen Henson
|
60938ae772
|
add -crl_download option to s_server
|
2012-12-12 03:35:31 +00:00 |
|
Dr. Stephen Henson
|
4e71d95260
|
add -cert_chain option to s_client
|
2012-12-12 00:50:26 +00:00 |
|
Ben Laurie
|
fefc111a2a
|
Make openssl verify return errors.
|
2012-12-11 16:05:14 +00:00 |
|
Dr. Stephen Henson
|
1e8b9e7e69
|
add -badsig option to ocsp utility too.
|
2012-12-09 16:21:46 +00:00 |
|
Ben Laurie
|
30c278aa6b
|
Fix OCSP checking.
|
2012-12-07 18:47:47 +00:00 |
|
Dr. Stephen Henson
|
0090a686c0
|
Add code to download CRLs based on CRLDP extension.
Just a sample, real world applications would have to be cleverer.
|
2012-12-06 18:43:40 +00:00 |
|
Dr. Stephen Henson
|
f5a7d5b164
|
remove print_ssl_cert_checks() from openssl application: it is no longer used
|
2012-12-06 18:36:51 +00:00 |
|
Dr. Stephen Henson
|
3bf15e2974
|
Integrate host, email and IP address checks into X509_verify.
Add new verify options to set checks.
Remove previous -check* commands from s_client and s_server.
|
2012-12-05 18:35:20 +00:00 |
|
Dr. Stephen Henson
|
fbeb85ecb9
|
don't print verbose policy check messages when -quiet is selected even on error
|
2012-12-04 23:18:44 +00:00 |
|
Dr. Stephen Henson
|
2e8cb108dc
|
initial support for delta CRL generations by diffing two full CRLs
|
2012-12-04 18:35:36 +00:00 |
|
Dr. Stephen Henson
|
256f9573c5
|
make -subj always override config file
|
2012-12-04 18:35:04 +00:00 |
|
Dr. Stephen Henson
|
b6b094fb77
|
check mval for NULL too
|
2012-12-04 17:25:34 +00:00 |
|
Dr. Stephen Henson
|
0db46a7dd7
|
fix leak
|
2012-12-03 16:32:52 +00:00 |
|
Dr. Stephen Henson
|
2537d46903
|
oops, really check brief mode only ;-)
|
2012-12-03 03:40:57 +00:00 |
|
Dr. Stephen Henson
|
5447f836a0
|
don't check errno is zero, just print out message
|
2012-12-03 03:39:23 +00:00 |
|
Dr. Stephen Henson
|
66d9f2e521
|
if no error code and -brief selected print out connection closed instead of read error
|
2012-12-03 03:33:44 +00:00 |
|
Dr. Stephen Henson
|
139cd16cc5
|
add -badsig option to corrupt CRL signatures for testing too
|
2012-12-02 16:48:25 +00:00 |
|
Dr. Stephen Henson
|
fdb78f3d88
|
New option to add CRLs for s_client and s_server.
|
2012-12-02 16:16:28 +00:00 |
|
Dr. Stephen Henson
|
95ea531864
|
add option to get a certificate or CRL from a URL
|
2012-12-02 14:00:22 +00:00 |
|
Dr. Stephen Henson
|
df316fd43c
|
Add new test option set the version in generated certificates: this
is needed to test some profiles/protocols which reject certificates
with unsupported versions.
|
2012-11-30 19:24:13 +00:00 |
|
Dr. Stephen Henson
|
84bafb7471
|
Print out point format list for clients too.
|
2012-11-26 18:39:38 +00:00 |
|
Dr. Stephen Henson
|
55b66f084d
|
set cmdline flag in s_server
|
2012-11-26 12:51:12 +00:00 |
|
Dr. Stephen Henson
|
96cfba0fb4
|
option to output corrupted signature in certificates for testing purposes
|
2012-11-25 22:29:52 +00:00 |
|
Dr. Stephen Henson
|
a5afc0a8f4
|
Don't display messages about verify depth in s_server if -quiet it set.
Add support for separate verify and chain stores in s_client.
|
2012-11-23 18:56:25 +00:00 |
|
Dr. Stephen Henson
|
20b431e3a9
|
Add support for printing out and retrieving EC point formats extension.
|
2012-11-22 15:20:53 +00:00 |
|
Dr. Stephen Henson
|
1740c9fbfc
|
support -quiet with -msg or -trace
|
2012-11-21 17:11:42 +00:00 |
|
Dr. Stephen Henson
|
191b3f0ba9
|
only use a default curve if not already set
|
2012-11-21 16:47:25 +00:00 |
|
Dr. Stephen Henson
|
5c1393bfc3
|
PR: 2908
Submitted by: Dmitry Belyavsky <beldmit@gmail.com>
Fix DH double free if parameter generation fails.
|
2012-11-21 14:02:40 +00:00 |
|
Dr. Stephen Henson
|
f7ac0ec89d
|
fix printout of expiry days if -enddate is used in ca
|
2012-11-20 15:22:15 +00:00 |
|
Dr. Stephen Henson
|
22b5d7c80b
|
fix leaks
|
2012-11-20 00:24:52 +00:00 |
|
Dr. Stephen Henson
|
685755937a
|
with -rev close connection if client sends "CLOSE"
|
2012-11-19 23:41:24 +00:00 |
|
Dr. Stephen Henson
|
7c8ac50504
|
update usage messages
|
2012-11-19 23:20:40 +00:00 |
|
Dr. Stephen Henson
|
98a7edf9f0
|
make depend
|
2012-11-19 13:18:09 +00:00 |
|
Dr. Stephen Henson
|
7831969634
|
don't call gethostbyname if OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL is set
|
2012-11-19 12:36:04 +00:00 |
|
Dr. Stephen Henson
|
9ba297e49f
|
remove obsolete code
|
2012-11-19 03:46:49 +00:00 |
|
Dr. Stephen Henson
|
b5cadfb564
|
add -naccept <n> option to s_server to automatically exit after <n> connections
|
2012-11-18 15:45:16 +00:00 |
|
Dr. Stephen Henson
|
9fc81acae6
|
fix error messages
|
2012-11-17 15:22:50 +00:00 |
|