Commit graph

30 commits

Author SHA1 Message Date
Dr. Stephen Henson
39e76bc454 Update ocsp usage message and docs. 2003-03-26 00:47:07 +00:00
Richard Levitte
97333eaff7 Pay attention to disabled SSL versions.
PR: 500
2003-02-14 05:24:25 +00:00
Richard Levitte
b9447ec1bc Make it possible to disable OCSP, the speed application, and the use of sockets.
PR: 358
2003-02-14 01:03:06 +00:00
Richard Levitte
27498a3330 EXIT() may mean return(). That's confusing, so let's have it really mean
exit() in whatever way works for the intended platform, and define
OPENSSL_EXIT() to have the old meaning (the name is of course because
it's only used in the openssl program)
2002-12-03 16:34:28 +00:00
Ben Laurie
9831d941ca Many security improvements (CHATS) and a warning fix. 2002-11-12 13:23:40 +00:00
Richard Levitte
a61050ad96 BN_bn2hex() returns "0" instead of "00" for zero. This disrputs the
requirement that the serial number always be an even amount of characters.
PR: 248
2002-10-11 09:39:32 +00:00
Richard Levitte
13ac37d01a Make it possible to load keys from stdin, and restore that
functionality in the programs that had that before.
Part fo PR 164
2002-08-01 16:27:47 +00:00
Richard Levitte
f8279b8ea3 Cut'n'paste error with other reposnder certificates cleared.
PR: 190
2002-08-01 13:39:46 +00:00
Lutz Jänicke
7e8852c549 Reorder inclusion of header files:
des_old.h redefines crypt:
#define crypt(b,s)\
	DES_crypt((b),(s))

This scheme leads to failure, if header files with the OS's true definition
of crypt() are processed _after_ des_old.h was processed. This is e.g. the
case on HP-UX with unistd.h.
As evp.h now again includes des.h (which includes des_old.h), this problem
only came up after this modification.
Solution: move header files (indirectly) including e_os.h before the header
files (indirectly) including evp.h.
Submitted by:
Reviewed by:
PR:
2002-07-10 06:57:54 +00:00
Dr. Stephen Henson
2e674fc611 Fix ext_dat.h extension ordering.
Reinstate -reqout code.

Avoid coredump in ocsp if setup_verify
fails.

Fix typo in ocsp usage message.
2002-06-13 12:54:52 +00:00
Dr. Stephen Henson
0cd8572b2d Config code updates.
CONF_modules_unload() now calls CONF_modules_finish()
automatically.

Default use of section openssl_conf moved to
CONF_modules_load()

Load config file in several openssl utilities.

Most utilities now load modules from the config file,
though in a few (such as version) this isn't done
because it couldn't be used for anything.

In the case of ca and req the config file used is
the same as the utility itself: that is the -config
command line option can be used to specify an
alternative file.
2002-02-22 13:58:15 +00:00
Dr. Stephen Henson
b439a74620 Load OCSP responder key before waiting for an incoming
connection so it can prompt for pass phrase on startup
instead of after the first connection.

Add -port switch to usage message.
2001-08-23 23:54:11 +00:00
Dr. Stephen Henson
534a1ed0cb Allow OCSP server to handle multiple requests.
Document new OCSP options.
2001-07-13 13:13:44 +00:00
Dr. Stephen Henson
ee306a1332 Initial OCSP server support, using index.txt format.
This can process internal requests or behave like a
mini responder.

Todo: documentation, update usage info.
2001-07-12 20:41:51 +00:00
Richard Levitte
30b4c2724e Extend all the loading functions to take an engine pointer, a pass
string (some engines may have certificates protected by a PIN!) and
a description to put into error messages.

Also, have our own password callback that we can send both a password
and some prompt info to.  The default password callback in EVP assumes
that the passed parameter is a password, which isn't always the right
thing, and the ENGINE code (at least the nCipher one) makes other
assumptions...

Also, in spite of having the functions to load keys, some utilities
did the loading all by themselves...  That's changed too.
2001-05-30 15:29:28 +00:00
Dr. Stephen Henson
f196522159 New function and options to check OCSP response validity. 2001-02-24 13:50:06 +00:00
Dr. Stephen Henson
569afce4b0 Fix typo. 2001-02-20 13:30:28 +00:00
Dr. Stephen Henson
cdc7b8cc60 Initial OCSP SSL support. 2001-02-14 01:12:41 +00:00
Dr. Stephen Henson
67c1801924 New function OCSP_parse_url() and -url option for ocsp utility.
Doesn't handle SSL URLs yet.
2001-02-13 00:37:44 +00:00
Dr. Stephen Henson
46a58ab946 Modify OCSP nonce behaviour. 2001-02-12 23:28:45 +00:00
Dr. Stephen Henson
b3f2e399d2 Add missing \n's to ocsp usage message. 2001-02-09 03:09:05 +00:00
Dr. Stephen Henson
8c950429a9 Allow various options to be included for signing and verify of
OCSP responses.

Documentation to follow...

Urgh.. this conflicted with the -VAfile patch I hope I haven't
broken it.
2001-02-08 19:36:10 +00:00
Richard Levitte
9235adbf47 Add the -VAfile option to 'openssl ocsp'. This option will give the
client code certificates to use to only check response signatures.
I'm not entirely sure if the way I just implemented the verification
is the right way to do it, and would be happy if someone would like to
review this.
2001-02-08 17:59:29 +00:00
Dr. Stephen Henson
88ce56f8c1 Various function for commmon operations. 2001-02-02 00:45:54 +00:00
Dr. Stephen Henson
8e8972bb68 Fixes to various ASN1_INTEGER routines for negative case.
Enhance s2i_ASN1_INTEGER().
2001-01-19 14:21:48 +00:00
Dr. Stephen Henson
73758d435b Additional functionality in ocsp utility: print summary
of status info. Check nonce values. Option to disable
verify. Update usage message.

Rename status to string functions and make them global.
2001-01-19 01:32:23 +00:00
Dr. Stephen Henson
e8af92fcb1 Implement remaining OCSP verify checks in
accordance with RFC2560.
2001-01-18 01:35:39 +00:00
Dr. Stephen Henson
81f169e95c Initial OCSP certificate verify. Not complete,
it just supports a "trusted OCSP global root CA".
2001-01-17 01:31:34 +00:00
Dr. Stephen Henson
b4b1bdd5d3 Preliminary ocsp utility documentation.
Fix ocsp usage message.
2001-01-14 00:52:19 +00:00
Dr. Stephen Henson
5782ceb298 New OCSP utility. This can generate, parse and print
OCSP requests. It can also query reponders and parse or
print out responses.

Still needs some more work: OCSP response checks and
of course documentation.
2001-01-13 01:48:38 +00:00