Kurt Roeckx
e9f47de1f0
Use the SSLv23 method by default
...
If SSLv2 and SSLv3 are both disabled we still support SSL/TLS.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-02 11:28:42 +01:00
Matt Caswell
e164582690
Tidy up ocsp help output
...
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 5e31a40f47
)
Conflicts:
apps/ocsp.c
2014-11-27 14:16:49 +00:00
André Guerreiro
4d3df37bc7
Add documentation on -timeout option in the ocsp utility
...
PR#3612
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit de87dd46c1
)
2014-11-27 14:14:52 +00:00
Dr. Stephen Henson
361fd136e9
Typo.
...
PR#3107
(cherry picked from commit 7c206db928
)
2014-06-28 12:42:59 +01:00
Dr. Stephen Henson
b9ce05acc4
Fix free errors in ocsp utility.
...
Keep copy of any host, path and port values allocated by
OCSP_parse_url and free as necessary.
(cherry picked from commit 5219d3dd35
)
2014-04-09 15:45:16 +01:00
Ben Laurie
1ebaf97c44
Constification.
2013-10-07 12:44:40 +01:00
Dr. Stephen Henson
708454f010
add missing \n
2012-12-23 18:12:28 +00:00
Dr. Stephen Henson
9b157602e0
Backport enhancements to OCSP utility from HEAD:
...
Support - as a file for standard input or output.
Add -badsig option to generate invalid signatures for testing.
New -rmd option to specify digest to sign OCSP responses with.
2012-12-20 19:06:39 +00:00
Dr. Stephen Henson
67e217c84c
revert, missing commit message
2012-12-20 19:01:55 +00:00
Dr. Stephen Henson
7b7b667ddc
apps/ocsp.c
2012-12-20 18:59:09 +00:00
Dr. Stephen Henson
db05bc512d
Return success when the responder is active.
...
Don't verify our own responses.
(backport from HEAD)
2012-12-19 15:02:58 +00:00
Ben Laurie
d65b8b2162
Backport OCSP fixes.
2012-12-14 12:53:53 +00:00
Dr. Stephen Henson
0c690586e0
PR: 2064, 728
...
Submitted by: steve@openssl.org
Add support for custom headers in OCSP requests.
2009-09-30 21:41:53 +00:00
Dr. Stephen Henson
bc8c5fe58d
Free SSL_CTX after BIO
2009-09-30 21:35:26 +00:00
Dr. Stephen Henson
4386445c18
Change STRING to OPENSSL_STRING etc as common words such
...
as "STRING" cause conflicts with other headers/libraries.
2009-07-27 21:08:53 +00:00
Dr. Stephen Henson
9ccd4e224f
Add USE_SOCKETS.
2009-04-02 15:19:03 +00:00
Dr. Stephen Henson
3859d7ee78
Just to be awkward Ubuntu 8.10 doesn't like _XOPEN_SOURCE_EXTENDED...
2009-02-06 16:43:52 +00:00
Richard Levitte
5871ddb016
Because DEC C - sorry, HP C - is picky about features, we need to
...
define _XOPEN_SOURCE_EXTENDED to reach fd_set and timeval types and
functionality.
2009-01-28 07:38:14 +00:00
Dr. Stephen Henson
2e5975285e
Update obsolete email address...
2008-11-05 18:39:08 +00:00
Ben Laurie
5ce278a77b
More type-checking.
2008-06-04 11:01:43 +00:00
Geoff Thorpe
1e26a8baed
Fix a variety of warnings generated by some elevated compiler-fascism,
...
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
2008-03-16 21:05:46 +00:00
Andy Polyakov
637f90621d
Cygwin compatibility fix to apps/ocsp.c.
2008-01-05 21:32:29 +00:00
Dr. Stephen Henson
eef0c1f34c
Netware support.
...
Submitted by: Guenter Knauf <eflash@gmx.net>
2008-01-03 22:43:04 +00:00
Dr. Stephen Henson
341e18b497
Handle non-SHA1 digests for certids in OCSP test responder.
2007-12-14 12:43:50 +00:00
Dr. Stephen Henson
cec2538ca9
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>, steve
...
Use default algorithms for OCSP request and response signing. New command
line option to support other digest use for OCSP certificate IDs.
2007-12-04 12:41:28 +00:00
Dr. Stephen Henson
67c8e7f414
Support for certificate status TLS extension.
2007-09-26 21:56:59 +00:00
Dr. Stephen Henson
710069c19e
Fix warnings.
2007-08-12 17:44:32 +00:00
Dr. Stephen Henson
ad35cdac74
PR: 1516
...
Revert change in 1516 because it breaks Windows build. Use a modified version
of the headers from s_client.c which has used similar functionality without
any problems.
2007-05-16 12:16:49 +00:00
Ben Laurie
313fce7b61
Don't free a NULL. Coverity ID 112.
2007-04-04 14:59:20 +00:00
Ben Laurie
4b8747e440
Die if serial number is invalid.
2007-04-04 13:41:33 +00:00
Richard Levitte
a1d915990b
Apply a more modern way to get the definition of select(), except for VMS.
...
Submitted by Corinna Vinschen <vinschen@redhat.com>
2007-03-29 18:34:57 +00:00
Richard Levitte
8bbf6bcf17
Needed definition of _XOPEN_SOURCE_EXTENDED so DEC C on VMS will see
...
the declarations of fd_set, select() and so on.
2006-12-25 10:54:14 +00:00
Nils Larsch
5dfe910023
properly initialize SSL context, check return value
2006-12-13 22:06:37 +00:00
Richard Levitte
5776c3c4c6
According to documentation, including time.h declares select() on
...
OpenVMS, and possibly more.
Ref: http://h71000.www7.hp.com/doc/82final/6529/6529pro_019.html#r_select
2006-08-20 05:54:35 +00:00
Dr. Stephen Henson
b589427941
WIN32 fixes signed/unsigned issues and slightly socket semantics.
2006-07-17 18:52:51 +00:00
Dr. Stephen Henson
454dbbc593
Add -timeout option to ocsp utility.
2006-07-17 13:26:54 +00:00
Geoff Thorpe
f0eae953e2
Remove some unnecessary recursive includes from the internal apps.h header,
...
and include bn.h in those C files that need bignum functionality.
2004-05-17 19:05:32 +00:00
Dr. Stephen Henson
560dfd2a02
New -ignore_err option in ocsp application to stop the server
...
exiting on the first error in a request.
2003-09-03 23:56:01 +00:00
Richard Levitte
3ae70939ba
Correct a lot of printing calls. Remove extra arguments...
2003-04-03 23:39:48 +00:00
Richard Levitte
f85b68cd49
Make it possible to have multiple active certificates with the same
...
subject.
2003-04-03 16:33:03 +00:00
Dr. Stephen Henson
e5b0508a14
Update ocsp usage message and docs.
2003-03-26 00:46:47 +00:00
Richard Levitte
e270cf9c5e
Pay attention to disabled SSL versions.
...
PR: 500
2003-02-14 05:24:22 +00:00
Richard Levitte
85d686e723
Make it possible to disable OCSP, the speed application, and the use of sockets.
...
PR: 358
2003-02-14 01:02:58 +00:00
Richard Levitte
1c3e4a3660
EXIT() may mean return(). That's confusing, so let's have it really mean
...
exit() in whatever way works for the intended platform, and define
OPENSSL_EXIT() to have the old meaning (the name is of course because
it's only used in the openssl program)
2002-12-03 16:33:03 +00:00
Ben Laurie
54a656ef08
Security fixes brought forward from 0.9.7.
2002-11-13 15:43:43 +00:00
Richard Levitte
2245cd87d4
BN_bn2hex() returns "0" instead of "00" for zero. This disrputs the
...
requirement that the serial number always be an even amount of characters.
PR: 248
2002-10-11 09:38:56 +00:00
Richard Levitte
da9b972466
Make it possible to load keys from stdin, and restore that
...
functionality in the programs that had that before.
Part fo PR 164
2002-08-01 16:28:40 +00:00
Richard Levitte
5575f781ad
Cut'n'paste error with other reposnder certificates cleared.
...
PR: 190
2002-08-01 13:39:39 +00:00
Lutz Jänicke
7b63c0fa8c
Reorder inclusion of header files:
...
des_old.h redefines crypt:
#define crypt(b,s)\
DES_crypt((b),(s))
This scheme leads to failure, if header files with the OS's true definition
of crypt() are processed _after_ des_old.h was processed. This is e.g. the
case on HP-UX with unistd.h.
As evp.h now again includes des.h (which includes des_old.h), this problem
only came up after this modification.
Solution: move header files (indirectly) including e_os.h before the header
files (indirectly) including evp.h.
Submitted by:
Reviewed by:
PR:
2002-07-10 07:01:54 +00:00
Dr. Stephen Henson
99889b46c9
Fix ext_dat.h extension ordering.
...
Reinstate -reqout code.
Avoid coredump in ocsp if setup_verify
fails.
Fix typo in ocsp usage message.
2002-06-13 12:56:27 +00:00