| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
|
|
|
|
|
|
| |
but will verify the signatures on a response
and locate the signers certifcate.
Still needs to implement a proper OCSP certificate
verify.
Fix warning in RAND_egd().
|
| |
|
|
|
|
| |
allocation callbacks so that it is no longer visible to applications
that these live at a different call level than conventional memory
allocation callbacks.
|
| |
|
|
| |
Add '-d' option for 'openssl version' (included in '-a').
|
| | |
|
| |
|
|
|
|
| |
handling routines that need file name and line number information,
I've added a call level to our memory handling routines to allow that
kind of hooking.
|
| |
|
|
|
| |
unicode strings. Certain PKCS#12 files contain these
in BMPStrings and it used to crash on them.
|
| |
|
|
|
|
|
| |
only queried when the /dev/[u]random devices did not return enough
entropy. Only the amount of entropy missing to reach the required minimum
is queried, as EGD may be drained.
Queried locations are: /etc/entropy, /var/run/egd-pool
|
| |
|
|
| |
on details. :-)
|
| |
|
|
|
|
|
| |
"doall" functions to using type-safe wrappers. As and where required, this
can be replaced by redeclaring the underlying callbacks to use the
underlying "void"-based prototypes (eg. if performance suffers from an
extra level of function invocation).
|
| |
|
|
|
|
|
|
|
| |
them for a short period of time (actually, poll them with select(),
then read() whatever is there), which is about 10ms (hard-coded value)
each.
Separate Windows and Unixly code, and start on a VMS variant that
currently just returns 0.
|
| |
|
|
|
|
|
|
| |
and subject to addition, modifcation or deletion.
Add two OCSP nonce utility functions.
Fix typo in status code name.
|
| |
|
|
|
|
| |
application needs.
Add OCSP library name to error code.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove extensions argument from various functions
because it is not needed with the new extension
code.
New function OCSP_cert_to_id() to convert a pair
of certificates into an OCSP_CERTID.
New simple OCSP HTTP function. This is rather primitive
but just about adequate to send OCSP requests and
parse the response.
Fix typo in CRL distribution points extension.
Fix ASN1 code so it adds a final null to constructed
strings.
|
| |
|
|
| |
uses the new ASN1 code.
|
| |
|
|
|
|
|
|
|
|
| |
horrible macros.
Fix two evil ASN1 bugs. Attempt to use 'ctx' when
NULL if input is indefinite length constructed
in asn1_check_tlen() and invalid pointer to ASN1_TYPE
when reusing existing structure (this took *ages* to
find because the new PKCS#12 code triggered it).
|
| | |
|
| |
|
|
|
|
| |
most of the old wrappers. A few of the old versions remain
because they are non standard and the corresponding ASN1
code has not been reimplemented yet.
|
| |
|
|
| |
zap some evil function pointers casts along the way...
|
| |
|
|
|
|
|
|
|
| |
* detect "unknown" algorithms (any C macro starting with NO_ that is
not explicitely mentioned in mkdef.pl as a known algorithm) and
report.
* add a number of algorithms that can be deselected.
* look in ssl/kssl.h as well.
* accept multiple whitespace (not just one SPC) in preprocessor lines.
|
| |
|
|
|
|
|
|
|
|
| |
currently OpenSSL itself wont compile with this set
because some old style stuff remains.
Change old functions X509_sign(), X509_verify() etc
to use new item based functions.
Replace OCSP function declarations with DECLARE macros.
|
| |
|
|
|
| |
The old function pointer versions will eventually go
away.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
encoding, replacing and deleting extensions.
Fix X509V3_get_d2i() so it uses takes note of
new critical behaviour.
|
| |
|
|
| |
corresponding new entry in the OpenSSL_0_9_6-stable branch.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't try to print request certificates if signature is not present.
Remove unnecessary test for certificates being NULL.
Fix typos in printed output.
Tidy up output.
Fix for typo in OCSP_SERVICELOC ASN1 template.
Also give a bit more info in CHANGES about the ASN1 revision.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
structures and setting rsa->_method_mod_{n,p,q}.
Submitted by: "Reddie, Steven" <Steven.Reddie@ca.com>
|
| |
|
|
| |
Initial support for variables in DEF files.
|
| | |
|
| |
|
|
| |
are all raw print only extensions at present.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
from the print routines.
Reorganisation of OCSP code: initial print routines in ocsp_prn.c. Doesn't
work fully because OCSP extensions aren't reimplemented yet.
Implement some ASN1 functions needed to compile OCSP code.
|
| | |
|
| |
|
|
| |
code from certificate, CRL and request printing routines.
|
| |
|
|
|
|
|
|
|
| |
authenticated attributes: this is used to retain the
original encoding and not break signatures.
Support for a SET OF which reorders the STACK when
encoding a structure. This will be used with the
PKCS7 code.
|
| | |
|
| |
|
|
|
|
|
|
| |
for its ASN1 operations as well as the old style function
pointers (i2d, d2i, new, free). Change standard extensions
to support this.
Fix a warning in BN_mul(), bn_mul.c about uninitialised 'j'.
|
| |
|
|
|
|
| |
to main trunk.
Lets see if the makes it to openssl-cvs :-)
|
| |
|
|
|
|
| |
One problem that looked like a problem in bn_recp.c at first turned
out to be a BN_mul bug. An example is given in bn_recp.c; finding
the bug responsible for this is left as an exercise.
|
| |
|
|
|
|
| |
BN_mod_exp_mont does not work properly yet if modulus m
is negative (we want computations to be carried out
modulo |m|).
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
The *_part_words functions are not static.
|
| | |
|
