wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
6150 commits 20 branches 302 tags 153 MiB
Commit graph

827 commits

Author SHA1 Message Date
Bodo Möller
9ccadf1c6f In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if 
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.
 2001-10-20 17:52:40 +00:00
Bodo Möller
2dbdcd9734 Fix ssl3_get_message to handle message fragmentation correctly. 2001-10-15 17:42:43 +00:00
Bodo Möller
029dfa64d4 bugfix: handle HelloRequest received during handshake correctly 2001-09-21 11:19:26 +00:00
Bodo Möller
f8845509b6 Disable session related stuff in SSL_ST_OK case of ssl3_accept if we 
just sent a HelloRequest.
 2001-09-21 07:01:04 +00:00
Bodo Möller
3f98e1dd11 Bugfix: correct cleanup after sending a HelloRequest 2001-09-21 00:03:00 +00:00
Bodo Möller
e53afa9e9b fix ssl3_accept: don't call ssl_init_wbio_buffer() in HelloRequest case 2001-09-20 21:36:39 +00:00
Bodo Möller
e41c5bd730 Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't 
reveal whether illegal block cipher padding was found or a MAC
verification error occured.

In ssl/s2_pkt.c, verify that the purported number of padding bytes is in
the legal range.
 2001-09-20 18:34:36 +00:00
Lutz Jänicke
b90f36d240 Support for OpenUNIX-8 (Boyd Lynn Gerber <gerberb@zenez.com>) 2001-09-07 13:22:41 +00:00
Bodo Möller
a7113d645f improve OAEP check 2001-09-06 10:43:42 +00:00
Ulf Möller
3f345dc653 bn_sqr bug fix as in main 2001-09-05 04:45:45 +00:00
Bodo Möller
f4681b0864 Use uniformly chosen witnesses for Miller-Rabin test 
(by using new BN_pseudo_rand_range function)
 2001-09-03 13:01:28 +00:00
Lutz Jänicke
a04baf9b5c Allow client certificate lists > 16kB ("Douglas E. Engert" <deengert@anl.gov>.) 2001-08-25 11:48:35 +00:00
Lutz Jänicke
653cc07b51 Alert description strings for TLSv1 and documentation. 2001-08-19 16:23:57 +00:00
Lutz Jänicke
86cd2530db Bugfixes provided by "Stephen Hinton" <shinton@netopia.com>. 2001-08-16 15:30:37 +00:00
Richard Levitte
ec578380c9 Apply the Tru64 patch from Tim Mooney <mooney@dogbert.cc.ndsu.NoDak.edu> 
His comments are:

1) Changes all references for `True64' to be `Tru64', which is the correct
spelling for the OS name.

2) Makes `alpha-cc' be the same as `alpha164-cc', and adds an `alphaold-cc'
entry that is the same as the previous `alpha-cc'.  The reason is that most
people these days are using the newer compiler, so it should be the default.

3) Adds a bit of commentary to Configure, regarding the name changes of
the OS over the years, so it's not so confusing to people that haven't been
with the OS for a while.

4) Adds an `alpha-cc-rpath' target (which is *not* selected automatically
by Configure under any circumstance) that builds an RPATH into the
shared libraries.  This is explained in the comment in Configure.  It's
very very useful for people that want it, and people that don't want it
just shouldn't choose that target.

5) Adds the `-pthread' flag as the best way to get POSIX thread support
from the newer compiler.

6) Updates the Makefile targets, so that when the `alpha164-cc', `alpha-cc',
or `alpha-cc-rpath' target is what Configure is set to use, it uses a Makefile
target that includes the `-msym' option when building the shared library.
This is a performance enhancement.

7) Updates `config' so that if it detects you're running version 4 or 5
of the OS, it automatically selects `alpha-cc', but uses `alphaold-cc'
for versions 1-3 of the OS.

8) Updates the comment in opensslv.h, fixing both the OS name typo and
adding a reference to IRIX 6.x, since the shared library semantics are
virtually identical there.
 2001-08-10 15:25:50 +00:00
Bodo Möller
904de6e4f5 Bugfix: larger message size in ssl3_get_key_exchange() because 
ServerKeyExchange message may be skipped.

Submitted by:  Petr Lampa <lampa@fee.vutbr.cz>
 2001-08-07 09:31:03 +00:00
Lutz Jänicke
03a70bad4f Fix inconsistent behaviour with respect to verify_callback handling. 2001-07-30 11:48:20 +00:00
Lutz Jänicke
7146221bbe Forgot to mention second fix. 2001-07-30 11:44:14 +00:00
Bodo Möller
1a76a85c93 Undo DH_generate_key() change: s3_srvr.c was using it correctly 2001-07-27 22:34:00 +00:00
Lutz Jänicke
44d4b684f9 Fix problem occuring when used from OpenSSH on Solaris 8. 2001-07-26 09:03:42 +00:00
Bodo Möller
475e21bc7b Don't preserve existing keys in DH_generate_key. 2001-07-25 17:20:16 +00:00
Bodo Möller
5204726bfe md_rand.c thread safety 2001-07-25 17:18:02 +00:00
Bodo Möller
27f3a1bd9c always reject data >= n 2001-07-25 17:03:22 +00:00
Bodo Möller
c6719ffb77 Avoid race condition. 
Submitted by: Travis Vitek <vitek@roguewave.com>
 2001-07-24 12:33:41 +00:00
Richard Levitte
0410b6c50b Tagging has been done, move on to 0.9.6c-dev. 2001-07-09 15:10:56 +00:00
Richard Levitte
483c4e0682 Add security patch and create release. 
Tags will be OpenSSL_0_9_6b and OpenSSL-engine-0_9_6b
 2001-07-09 14:36:30 +00:00
Bodo Möller
731e14031c Andy's mips3.s fix (as in main branch). 2001-07-04 20:17:52 +00:00
Lutz Jänicke
93074b2509 When only the key is given to "enc", the IV is undefined 
(found by Andy Brown <logic@warthog.com>).
 2001-07-03 10:32:30 +00:00
Dr. Stephen Henson
e319a89f84 Handle empty X509_NAME in printing routines. 2001-06-26 12:04:12 +00:00
Bodo Möller
9fa5786340 DSA verification should insist that r and s are in the allowed range. 2001-06-26 09:48:56 +00:00
Dr. Stephen Henson
1b822decb8 Don't set *pointer if add_lock_callback used. 2001-06-19 00:09:20 +00:00
Bodo Möller
dab4c2824f pay attention to blocksize before attempting decryption 2001-06-15 18:06:06 +00:00
Bodo Möller
630c1aedd2 OAEP fix 2001-06-06 21:44:48 +00:00
Bodo Möller
83583e9479 Fix Bleichenbacher PKCS #1 1.5 countermeasure. 
(The attack against SSL 3.1 and TLS 1.0 is impractical anyway,
otherwise this would be a security relevant patch.)
 2001-06-01 09:43:23 +00:00
Dr. Stephen Henson
39bed15e53 Add missing variable length cipher flag for Blowfish. 
Only use trust settings if either trust or reject settings
are present, otherwise use compatibility mode. This stops
root CAs being rejected if they have alias of keyid set.
 2001-05-24 23:00:46 +00:00
Dr. Stephen Henson
4b04466f14 Fix for missing DSA parameters. 2001-05-24 22:33:16 +00:00
Bodo Möller
77c6edc1d1 fix an old entry 2001-05-08 12:46:33 +00:00
Bodo Möller
99bd4baa54 .rnd issues 2001-05-03 09:28:19 +00:00
Bodo Möller
ecacb136c5 typo 2001-04-18 15:12:26 +00:00
Bodo Möller
db17ecdae3 fix md_rand.c locking bugs 2001-04-18 15:08:19 +00:00
Bodo Möller
d349c5f8fd some updates from 0.9.7-dev 2001-04-12 12:09:07 +00:00
Richard Levitte
fa528639e3 Tagging has been done, move on to development of 0.9.6b. 
(Hopefully, it will never be needed)
 2001-04-05 17:59:14 +00:00
Richard Levitte
4f647957c5 Release OpenSSL 0.9.6a. 
The tag will be OpenSSL_0_9_6a
 2001-04-05 16:43:07 +00:00
Dr. Stephen Henson
592f5c5797 Fix couple of memory leaks in PKCS7_dataDecode(). 2001-04-04 22:30:26 +00:00
Bodo Möller
b9a96c0134 don't use shell functions 2001-04-04 16:27:44 +00:00
Richard Levitte
75c3c831db Incorporate some changes that make OpenSSL compilable in CygWin. 2001-04-04 15:51:36 +00:00
Ulf Möller
323fd27435 Note that alpha.s is no longer used. 2001-03-31 01:19:42 +00:00
Dr. Stephen Henson
ce3fc3956d Fix asn1_GetSequence() for indefinite length sequences. 2001-03-30 13:42:32 +00:00
Bodo Möller
83c4e75be9 Use enhanced bctest (as in main trunk), and add a workaround that 
should solve the problems with FreeBSD's /bin/sh.
 2001-03-30 09:23:14 +00:00
Richard Levitte
44924fb2b4 Since there has been reports of clashes between OpenSSL's 
des_encrypt() and des_encrypt() defined on some systems (Solaris and
Unixware and maybe others), we rename des_encrypt() to des_encrypt1().
This should have very little impact on external software unless
someone has written a mode of DES, since that's all des_encrypt() is
meant for.
 2001-03-29 07:45:01 +00:00
Ulf Möller
1777e3fd5e check the CRT result. 2001-03-28 04:49:39 +00:00
Ulf Möller
509ca689b0 Note the MIPS assembler bug fix. 2001-03-28 02:39:22 +00:00
Richard Levitte
ae17135ab5 Bring in the rest of the corrections for shared libraries from the 
main trunk.
 2001-03-24 12:26:03 +00:00
Bodo Möller
ea09a504ef Add another "[This change does not apply to 0.9.7.]" line so 
that we can combine the CHANGES files later on.
 2001-03-22 14:56:55 +00:00
Dr. Stephen Henson
8d82218269 Fix bug in PKCS#7 decode routines when indefinite length 
encoding is used inside definite length encoding.
 2001-03-22 13:49:15 +00:00
Bodo Möller
a8e738f9ad Harmonize CHANGES and STATUS files between the 0.9.6a branch and 
the trunk to keep diffs small.
 2001-03-22 10:59:18 +00:00
Dr. Stephen Henson
0bf5d40787 Fix PKCS#12 key generation bug. 2001-03-18 02:10:25 +00:00
Richard Levitte
9f56705f96 The change on handling shared libraries was never applied in 
0.9.6a-dev...
 2001-03-15 21:44:17 +00:00
Bodo Möller
ba61b14f1d More err_data memory leaks 2001-03-15 11:33:00 +00:00
Ulf Möller
42b848bcf1 that was useless - still fails with GCC 2001-03-13 07:12:02 +00:00
Ulf Möller
a1c769a5f6 Alpha workaround. This is a lot slower! 2001-03-13 06:31:36 +00:00
Bodo Möller
2c89d56a1d fix memory leak in err.c 2001-03-12 18:39:47 +00:00
Bodo Möller
ba41d8a556 ssl23_peek 2001-03-08 21:56:34 +00:00
Ulf Möller
5fb0aa6487 Note the rand_win.c change 2001-03-08 16:58:07 +00:00
Richard Levitte
3e0d891828 SSLv2 session reuse bugfix from main development branch. 2001-03-05 14:52:30 +00:00
Dr. Stephen Henson
95d334f2db Fix bug in copy_email() which would not 
find emailAddress at start of subject name.
 2001-03-01 13:33:53 +00:00
Ulf Möller
98486a9310 improved bignum test as in 0.9.7. 
We need this to find out if the bignum failures on Irix and Alpha are
caused by new 0.9.7 code or just aren't triggered in the 0.9.6 test suite.
 2001-02-27 23:00:42 +00:00
Geoff Thorpe
4910cbf6db Backfit a bugfix from 0.9.7-dev to 0.9.6-stable. init() and finish() 
handlers were previously getting called before (and after, respectively)
the "ex_data" structures - this meant init() had very little that it
could initialise, and finish() had very little it could cleanup.
 2001-02-24 17:32:34 +00:00
Dr. Stephen Henson
75090e0365 Stop PKCS7_verify() core dumping with unknown public 
key algorithms and leaking if the signature verify
fails.
 2001-02-24 01:46:46 +00:00
Bodo Möller
6d82a20624 Fix BN_[pseudo_]rand: 'mask' must be used even if top=-1. 
Mention BN_[pseudo_]rand with top=-1 in CHANGES.
 2001-02-20 08:22:25 +00:00
Ulf Möller
15ed15d3e4 OPENSSL_issetugid() as in the main branch. 2001-02-19 23:57:18 +00:00
Bodo Möller
b6fefec364 Memory leak checking bugfixes for multi-threading. 2001-02-19 10:30:13 +00:00
Lutz Jänicke
6a0fb6083c Move entry to match chronologic ordering. 2001-02-15 14:19:43 +00:00
Lutz Jänicke
0dbfc1da4a Add '-rand' option to s_server and s_client. 2001-02-15 10:35:29 +00:00
Ulf Möller
f945040633 IRIX bugfix 2001-02-14 00:23:27 +00:00
Dr. Stephen Henson
e15abbc69f Make X509_NAME produce correct encoding when empty. 2001-02-12 03:16:13 +00:00
Dr. Stephen Henson
c6b523d3dd Workaround for libsafe "error". 2001-02-12 03:04:59 +00:00
Ulf Möller
38b3a46ffa DSA fix from main branch. 2001-02-07 22:35:11 +00:00
Ulf Möller
60b3b2c9d0 EBCDIC bug fix from main branch. 2001-02-07 22:13:10 +00:00
Bodo Möller
c7410f2693 Avoid coredumps for CONF_get_...(NULL, ...) 2001-02-06 10:14:57 +00:00
Richard Levitte
28b1bceb2f 0.9.6a will not be release in Y2K. :-) 2001-02-05 13:32:33 +00:00
Dr. Stephen Henson
2e1d669cba Tolerate some "variations" used in some 
certificates.

One is a valid CA which has no basicConstraints
but does have certSign keyUsage.

Other is S/MIME signer with nonRepudiation but
no digitalSignature.
 2001-02-01 02:03:58 +00:00
Richard Levitte
3b1f393ae7 Transport from development branch. 2001-01-30 13:54:44 +00:00
Lutz Jänicke
61433519af Backported manual pages from 0.9.7. 2001-01-28 18:35:10 +00:00
Dr. Stephen Henson
7a60df7dd3 New ASN1 macros which will encode an empty SEQUENCE OF. 
Fix CRL encoders to encode empty SEQUENCE OF.

The old code was breaking CRL signatures.

Note: it is best to add new macros because changing the
old ones could break other code which expects that behaviour.
None of this is needed with the new ASN1 code anyway...
 2001-01-28 14:18:20 +00:00
Dr. Stephen Henson
de0b3ab7fb Zero the premaster secret after deriving the master secret in DH 
ciphersuites.
 2001-01-25 13:20:39 +00:00
Bodo Möller
c4fd88f519 EVP_add_digest_alias additions to SSL_library_init 2001-01-23 16:38:15 +00:00
Ulf Möller
0a0a261d64 Irix fix as in main branch 2001-01-23 16:29:06 +00:00
Ulf Möller
70f74dd946 remove newline 2001-01-21 18:51:01 +00:00
Ulf Möller
92fdeb37a0 config bug fixes from the main branch. 2001-01-21 18:48:11 +00:00
Bodo Möller
ffac355834 Fix openssl passwd -1 2001-01-19 07:38:55 +00:00
Dr. Stephen Henson
8bcceacf34 Fix PKCS#12 PBE routines to cope with passwords 
from PEM callbacks which are not null terminated.
 2001-01-14 14:14:45 +00:00
Bodo Möller
f99267cffc Fix C code generate by 'openssl dsaparam -C'. 2001-01-10 14:27:04 +00:00
Dr. Stephen Henson
5860ecb8ec Fix uni2asc() so it can properly convert zero length 
unicode strings. Certain PKCS#12 files contain these
in BMPStrings and it used to crash on them.
 2001-01-10 01:14:23 +00:00
Bodo Möller
beaea31a96 Finish SSL_peek/SSL_pending fixes. 2000-12-26 12:06:48 +00:00
Bodo Möller
a9c3dc60b9 Fix SSL_peek and SSL_pending. 2000-12-25 18:41:37 +00:00
Bodo Möller
2fb0c899c6 Include CRYPTO_mem_leaks deadlock fix. 2000-12-20 10:07:31 +00:00
Bodo Möller
cbfa030de7 Don't hold CRYPTO_LOCK_RSA during time-consuming operations. 2000-12-19 12:19:16 +00:00
Bodo Möller
bb617a9646 Obtain lock CRYPTO_LOCK_RSA before creating BN_MONT_CTX 
structures and setting rsa->_method_mod_{n,p,q}.

Submitted by: "Reddie, Steven" <Steven.Reddie@ca.com>
 2000-12-18 16:36:07 +00:00
Bodo Möller
fc4868cb47 Increase wbuf by one byte to fix the bug reported by 
Eric Day <eday@concentric.net> to openssl-dev@openssl.org,
Message-ID: <20001218013437.A5526@concentric.net>
 2000-12-18 11:23:23 +00:00
Bodo Möller
2452e013aa The first step towards a SSL_peek fix. 
The main thing to verify about these changes is that nothing at all
has changed, as far as behaviour is concerned (except that some
SSLerr() invocations now have a different function code): SSL_read
(ssl2_read, ssl3_read) behaves exactly as before, and SSL_peek refuses
to do any work exactly as before.  But now the functions actually
doing the work have a 'peek' flag, so it should be easy to change them
to behave accordingly.
 2000-12-14 17:34:42 +00:00
Ulf Möller
99cf5acd5c fix for Borland C 2000-12-01 03:06:55 +00:00
Bodo Möller
d2c38b1c73 Fix BN_rshift. 2000-11-30 22:35:52 +00:00
Lutz Jänicke
673d7ac121 Store verify_result with sessions to avoid potential security hole. 
For the server side this was already done one year ago :-(
 2000-11-29 18:12:32 +00:00
Bodo Möller
666d437538 Disable SSL_peek. 2000-11-28 11:14:39 +00:00
Bodo Möller
ddf72ed59f SSL_CTX-related fixes. 2000-11-08 10:09:10 +00:00
Richard Levitte
bee4756251 Fix from main trunk, 2000-10-15 01:51 steve: 
Fix for typo in certificate directory lookup code.
 2000-10-27 20:09:13 +00:00
Richard Levitte
24802a6d91 Fix from main trunk, 2000-09-26 13:39 bodo: 
Note read_ahead-flag related fixes.
 2000-10-11 09:16:47 +00:00
Richard Levitte
1f1f23a882 Fix from main trunk, 2000-09-25 13:12 levitte: 
Document the change.
 2000-10-11 02:28:39 +00:00
Richard Levitte
0e8f2fdfdd Time to build the release. Bump the version info accordingly. 2000-09-24 15:21:30 +00:00
Ulf Möller
d49da3aa5b Add some missing info. 2000-09-23 05:17:40 +00:00
Bodo Möller
5a5accdd64 typo 2000-09-22 21:45:49 +00:00
Bodo Möller
f1192b7f2e Avoid protocol rollback. 2000-09-22 21:39:33 +00:00
Dr. Stephen Henson
dbba890cf1 Only use the new informational verify codes if we 
specifically ask for them.

Fix typo in docs.
 2000-09-22 21:32:08 +00:00
Dr. Stephen Henson
6cffb201f3 Fix ASN1_TYPE bug. 2000-09-21 18:57:00 +00:00
Richard Levitte
645749ef98 On VMS, stdout may very well lead to a file that is written to in a 
record-oriented fashion.  That means that every write() will write a
separate record, which will be read separately by the programs trying
to read from it.  This can be very confusing.

The solution is to put a BIO filter in the way that will buffer text
until a linefeed is reached, and then write everything a line at a
time, so every record written will be an actual line, not chunks of
lines and not (usually doesn't happen, but I've seen it once) several
lines in one record.  Voila, BIO_f_linebuffer() is born.

Since we're so close to release time, I'm making this VMS-only for
now, just to make sure no code is needlessly broken by this.  After
the release, this BIO method will be enabled on all other platforms as
well.
 2000-09-20 13:55:50 +00:00
Bodo Möller
fe03519704 Totally remove the supposedly 'faster' variant in 
BN_mod_mul_montgomery, which calls bn_sqr_recursive
without much preparation.

bn_sqr_recursive requires the length of its argument to be
a power of 2, which is not always the case here.
There's no reason for not using BN_sqr -- if a simpler
approach to squaring made sense, then why not change
BN_sqr?  (Using BN_sqr should also speed up DH where g is chosen
such that it becomes small [e.g., 2] when converted
to Montgomery representation.)

Case closed :-)
 2000-09-19 23:25:00 +00:00
Bodo Möller
cb1fbf8e6a Clarification about Montgomery problem 2000-09-19 23:06:14 +00:00
Bodo Möller
a45bd29535 Document BN_mod_mul_montgomery bug; 
make disabled code slightly more correct (this does not solve
the problem though).
 2000-09-19 18:02:15 +00:00
Dr. Stephen Henson
730e37edb6 Work around for Netscape PKCS#7 signedData bug. 2000-09-18 12:30:57 +00:00
Bodo Möller
07fcf422a1 Rename new BIO_set_shutdown_wr macro to just BIO_shutdown_wr 
(it's similar to the shutdown(..., SHUT_WR) system call
for sockets).
 2000-09-17 01:23:53 +00:00
Richard Levitte
0e05f54516 A DSO method for VMS was missing, and I had the code lying around... 2000-09-15 21:22:50 +00:00
Ulf Möller
1d84fd64fc Bug fix: Montgomery multiplication could produce results with the wrong 
sign.
 2000-09-14 18:37:53 +00:00
Richard Levitte
775bcebde5 Add Damien Miller's RPM specification file with a few modifications. 2000-09-14 15:28:44 +00:00
Richard Levitte
cc99526db1 Add a number of documentation files, mostly for SSL routines, but also 
for a few BIO routines.
Submitted by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
 2000-09-14 13:11:56 +00:00
Richard Levitte
72660f5f15 Add a configuration for Sony News 4. 
Submitted by NAKAJI Hiroyuki <nakaji@tutrp.tut.ac.jp>
 2000-09-14 12:48:48 +00:00
Ulf Möller
523d778aef The other log message should have read "Note the DSA change". 2000-09-13 02:01:35 +00:00
Ulf Möller
5401c4c2bf Not the DSA change. 2000-09-13 01:48:05 +00:00
Bodo Möller
54f10e6adc New SSL API mode 'SSL_MODE_AUTO_RETRY', which disables the default 
behaviour that SSL_read may result in SSL_ERROR_WANT_READ.
 2000-09-12 20:28:30 +00:00
Ben Laurie
2959f292db Document an old change. 2000-09-11 17:58:09 +00:00
Richard Levitte
97d8e82c4c Marin Kraemer <Martin.Kraemer@MchP.Siemens.De> sent us patches to make 
the OpenSSL commands x50 and req work better on a EBCDIC system.
 2000-09-10 14:45:19 +00:00
Dr. Stephen Henson
84b65340e1 Two new PKCS#12 demo programs. 
Update PKCS12_parse().

Make the keyid in certificate aux info more usable.
 2000-09-07 23:14:26 +00:00
Dr. Stephen Henson
f50c11ca40 Ugh, BIO_find_type() cannot be passed a NULL. 
Fix doc example, and fix BIO_find_type().

Fix PKCS7_verify(). It was using 'i' for both the
loop variable and the verify return value.
 2000-09-07 17:42:25 +00:00
Richard Levitte
948d0125db Major hack of mkdef.pl. There should be no more need to redo the 
process when some symbols are missing.  Instead, all needed info is
saved in the .num files, including what conditions are needed for a
specific symbol to exist.

This was needed for the work I'm doing with shared libraries under
VMS.
 2000-09-07 08:43:08 +00:00
Dr. Stephen Henson
bbb720034a Fix typo in rsautl. 
Add support for settable verify time in X509_verify_cert().

Document rsautl utility.
 2000-09-05 22:30:38 +00:00
Dr. Stephen Henson
2f043896d1 *BIG* verify code reorganisation. 
The old code was painfully primitive and couldn't handle
distinct certificates using the same subject name.

The new code performs several tests on a candidate issuer
certificate based on certificate extensions.

It also adds several callbacks to X509_VERIFY_CTX so its
behaviour can be customised.

Unfortunately some hackery was needed to persuade X509_STORE
to tolerate this. This should go away when X509_STORE is
replaced, sometime...

This must have broken something though :-(
 2000-09-05 17:53:58 +00:00
Dr. Stephen Henson
34216c0422 Keep a not of original encoding in certificate requests. 
Add new option to PKCS7_sign to exclude S/MIME capabilities.
 2000-09-05 13:27:57 +00:00
Bodo Möller
22c7ea4068 Mention fix in bio_lib.c. 2000-09-05 12:46:10 +00:00
Bodo Möller
affadbef0b Consistency 2000-09-04 15:47:17 +00:00
Bodo Möller
bbb8de0966 Avoid abort() throughout the library, except when preprocessor 
symbols for debugging are defined.
 2000-09-04 15:34:43 +00:00
Dr. Stephen Henson
bd08a2bd0c Add 'rsautl' low level RSA utility. 
Add DER public key routines.

Add -passin argument to 'ca' utility.

Document sign and verify options to dgst.
 2000-09-03 23:13:48 +00:00
Bodo Möller
a545c6f6b1 QNX 4 support. 2000-09-01 09:54:25 +00:00
Ben Laurie
7049ef5f90 Add demo state machine. 2000-08-30 18:14:28 +00:00
Dr. Stephen Henson
7df1c720f6 Fix typo in i2d_ASN1_ENUMERATED 
Fix bug in read only memory BIOs so BIO_reset() works.

Add sign and verify options to dgst utility, need
to update docs.
 2000-08-30 16:14:29 +00:00
Dr. Stephen Henson
d096b524af Add support for 'other' PKCS#7 content types. 2000-08-22 22:20:25 +00:00
Dr. Stephen Henson
469938cb40 Fixes to d2i_ASN1_OBJECT, ASN1_INTEGER_to_BN and a_strex.c 2000-08-22 12:54:21 +00:00
Dr. Stephen Henson
eaa2818189 Various fixes... 
initialize ex_pathlen to -1 so it isn't checked if pathlen
is not present.

set ucert to NULL in apps/pkcs12.c otherwise it gets freed
twice.

remove extraneous '\r' in MIME encoder.

Allow a NULL to be passed to X509_gmtime_adj()


Make PKCS#7 code use definite length encoding rather then
the indefinite stuff it used previously.
 2000-08-21 22:02:23 +00:00
Richard Levitte
bb531a0a1c Assar wanted an address change. 2000-08-18 09:50:41 +00:00
Richard Levitte
e6629837a9 Added BIO_vprintf() and BIO_vsnprintf(). The former because I've 
found myself needing it a number of times, the latter for completeness.
 2000-08-18 09:36:59 +00:00
Richard Levitte
6fd5a04729 Document the added diversity to the possible log levels. 2000-08-17 23:27:03 +00:00