Matt Caswell
8f8e4e4f52
Fix RAND_(pseudo_)?_bytes returns
...
Ensure all calls to RAND_bytes and RAND_pseudo_bytes have their return
value checked correctly
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-25 12:41:28 +00:00
Dr. Stephen Henson
4ba9a4265b
Make OCSP response verification more flexible.
...
If a set of certificates is supplied to OCSP_basic_verify use those in
addition to any present in the OCSP response as untrusted CAs when
verifying a certificate chain.
PR#3668
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 4ca5efc287
2015-03-24 12:14:04 +00:00
Matt Caswell
ae5c8664e5
Run util/openssl-format-source -v -c .
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:31:38 +00:00
Matt Caswell
e19d4a99b8
Further comment amendments to preserve formatting prior to source reformat
...
(cherry picked from commit 4a7fa26ffd65bf36beb8d1cb8f29fc0ae203f5c5)
Conflicts:
crypto/x509v3/pcy_tree.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:23:50 +00:00
Tim Hudson
6977c7e2ba
mark all block comments that need format preserving so that
...
indent will not alter them when reformatting comments
(cherry picked from commit 1d97c84351
2015-01-22 09:23:04 +00:00
Rich Salz
a9d928a8b6
RT2560: missing NULL check in ocsp_req_find_signer
...
If we don't find a signer in the internal list, then fall
through and look at the internal list; don't just return NULL.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit b2aa38a980
2014-09-10 12:20:15 -04:00
Tom Greenslade
c57745596c
Handle IPv6 addresses in OCSP_parse_url.
...
PR#2783
(cherry picked from commit b36f35cda9
2014-06-27 17:31:37 +01:00
Dr. Stephen Henson
cea5a1d5f2
Fix null pointer errors.
...
PR#3394
(cherry picked from commit 7a9d59c148
2014-06-10 14:48:02 +01:00
Dr. Stephen Henson
e9b4b8afbd
Don't try and verify signatures if key is NULL (CVE-2013-0166)
...
Add additional check to catch this in ASN1_item_verify too.
(cherry picked from commit 66e8211c0b
2014-04-01 16:39:35 +01:00
Ben Laurie
1ebaf97c44
Constification.
2013-10-07 12:44:40 +01:00
Dr. Stephen Henson
c644b83227
constify
2013-01-17 16:35:50 +00:00
Dr. Stephen Henson
5c8d41be85
Generalise OCSP I/O functions to support dowloading of other ASN1
...
structures using HTTP. Add wrapper function to handle CRL download.
2013-01-15 18:01:31 +00:00
Dr. Stephen Henson
2b5e5c3d08
Revert incompatible OCSP_basic_verify changes.
...
Make partial chain chekcing work with EE certificates only.
Remove unneeded -trust_other option from tocsp.
(Backport from HEAD)
2012-12-26 14:12:09 +00:00
Dr. Stephen Henson
54a0076e94
Check chain is not NULL before assuming we have a validated chain. The
...
modification to the OCSP helper purpose breaks normal OCSP verification. It is
no longer needed now we can trust partial chains.
2012-12-19 15:01:32 +00:00
Dr. Stephen Henson
2e65277695
Use new partial chain flag instead of modifying input parameters.
...
(backport from HEAD)
2012-12-14 14:31:16 +00:00
Ben Laurie
d65b8b2162
Backport OCSP fixes.
2012-12-14 12:53:53 +00:00
Dr. Stephen Henson
b5f57f455a
PR: 2803
...
Submitted by: jean-etienne.schwartz@bull.net
In OCSP_basic_varify return an error if X509_STORE_CTX_init fails.
2012-11-29 19:15:27 +00:00
Dr. Stephen Henson
24d7159abd
Backport libcrypto audit: check return values of EVP functions instead
...
of assuming they will always suceed.
2011-06-03 20:53:00 +00:00
Dr. Stephen Henson
ed67f7b7a7
Fix the ECDSA timing attack mentioned in the paper at:
...
http://eprint.iacr.org/2011/232.pdf
Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
2011-05-25 14:52:33 +00:00
Dr. Stephen Henson
b9e468c163
We can't always read 6 bytes in an OCSP response: fix so error statuses
...
are read correctly for non-blocking I/O.
2010-10-06 18:01:14 +00:00
Dr. Stephen Henson
e97359435e
Fix warnings (From HEAD, original patch by Ben).
2010-06-15 17:25:15 +00:00
Dr. Stephen Henson
f6a61b140e
missing goto meant signature was never printed out
2010-03-12 12:07:05 +00:00
Dr. Stephen Henson
a3d5cdb07c
PR: 2063
...
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BIO_write error handling in ocsp_prn.c
2009-09-30 23:59:16 +00:00
Dr. Stephen Henson
0c690586e0
PR: 2064, 728
...
Submitted by: steve@openssl.org
Add support for custom headers in OCSP requests.
2009-09-30 21:41:53 +00:00
Ben Laurie
23b973e600
Calculate offset correctly. (Coverity ID 233)
2009-01-01 18:30:51 +00:00
Ben Laurie
0eab41fb78
If we're going to return errors (no matter how stupid), then we should
...
test for them!
2008-12-29 16:11:58 +00:00
Andy Polyakov
e527201f6b
This _WIN32-specific patch makes it possible to "wrap" OpenSSL in another
...
.DLL, in particular static build. The issue has been discussed in RT#1230
and later on openssl-dev, and mutually exclusive approaches were suggested.
This completes compromise solution suggested in RT#1230.
PR: 1230
2008-12-22 13:54:12 +00:00
Dr. Stephen Henson
2e5975285e
Update obsolete email address...
2008-11-05 18:39:08 +00:00
Dr. Stephen Henson
cec2538ca9
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>, steve
...
Use default algorithms for OCSP request and response signing. New command
line option to support other digest use for OCSP certificate IDs.
2007-12-04 12:41:28 +00:00
Andy Polyakov
ebc06fba67
Bunch of constifications.
2007-10-13 15:51:32 +00:00
Dr. Stephen Henson
67c8e7f414
Support for certificate status TLS extension.
2007-09-26 21:56:59 +00:00
Dr. Stephen Henson
710069c19e
Fix warnings.
2007-08-12 17:44:32 +00:00
Dr. Stephen Henson
3c07d3a3d3
Finish gcc 4.2 changes.
2007-06-07 13:14:42 +00:00
Dr. Stephen Henson
4d7aff707e
Update dependencies.
2006-11-30 13:41:47 +00:00
Dr. Stephen Henson
47a9d527ab
Update from 0.9.8 stable. Eliminate duplicate error codes.
2006-11-21 21:29:44 +00:00
Dr. Stephen Henson
28b987aec9
Don't assume requestorName is present for signed requests. ASN1 OCSP module
...
fix: certs field is OPTIONAL.
2006-11-13 13:21:47 +00:00
Dr. Stephen Henson
fb596f3bb7
OCSP library tidy. Use extension to encode OCSP extensions instead of doing
...
it manually. Make OCSP_CERTID_dup() a real function instead of a macro.
2006-11-13 13:18:28 +00:00
Dr. Stephen Henson
b589427941
WIN32 fixes signed/unsigned issues and slightly socket semantics.
2006-07-17 18:52:51 +00:00
Dr. Stephen Henson
5c95c2ac23
Fix various error codes to match functions.
2006-07-17 16:33:31 +00:00
Dr. Stephen Henson
c1c6c0bf45
New non-blocking OCSP functionality.
2006-07-17 12:18:28 +00:00
Nils Larsch
c755c5fd8b
improved error checking and some fixes
...
PR: 1170
Submitted by: Yair Elharrar
Reviewed and edited by: Nils Larsch
2005-07-26 21:10:34 +00:00
Andy Polyakov
ce92b6eb9c
Further BUILDENV refinement, further fool-proofing of Makefiles and
...
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342 .
2005-05-16 16:55:47 +00:00
Andy Polyakov
81a86fcf17
Fool-proofing Makefiles
2005-05-15 22:23:26 +00:00
Dr. Stephen Henson
fe86616c72
Some C compilers produce warnings or compilation errors if an attempt
...
is made to directly cast a function of one type to what it considers and
incompatible type. In particular gcc 3.4.2.
Add new openssl_fcast macro to place functions into a form where the compiler
will allow them to be cast.
The current version achives this by casting to: void function(void).
2005-05-12 23:01:44 +00:00
Bodo Möller
8afca8d9c6
Fix more error codes.
...
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
2005-05-11 03:45:39 +00:00
Dr. Stephen Henson
29dc350813
Rebuild error codes.
2005-04-12 16:15:22 +00:00
Richard Levitte
4bb61becbb
Add emacs cache files to .cvsignore.
2005-04-11 14:17:07 +00:00
Ben Laurie
8bb826ee53
Consistency.
2005-03-31 13:57:54 +00:00
Ben Laurie
41a15c4f0f
Give everything prototypes (well, everything that's actually used).
2005-03-31 09:26:39 +00:00
Ben Laurie
42ba5d2329
Blow away Makefile.ssl.
2005-03-30 13:05:57 +00:00
