Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fix BN_[pseudo_]rand: 'mask' must be used even if top=-1. | Bodo Möller | 2001-02-20 | 1 | -0/+3 |
| | | | | Mention BN_[pseudo_]rand with top=-1 in CHANGES. | ||||
* | note OPENSSL_issetugid(). | Ulf Möller | 2001-02-19 | 1 | -0/+4 |
| | |||||
* | I forgot to document the system identification macros | Richard Levitte | 2001-02-19 | 1 | -0/+6 |
| | |||||
* | Make all configuration macros available for application by making | Richard Levitte | 2001-02-19 | 1 | -0/+7 |
| | | | | | | | | | | | | sure they are available in opensslconf.h, by giving them names starting with "OPENSSL_" to avoid conflicts with other packages and by making sure e_os2.h will cover all platform-specific cases together with opensslconf.h. I've checked fairly well that nothing breaks with this (apart from external software that will adapt if they have used something like NO_KRB5), but I can't guarantee it completely, so a review of this change would be a good thing. | ||||
* | New -set_serial options to 'req' and 'x509'. | Dr. Stephen Henson | 2001-02-19 | 1 | -0/+7 |
| | | | | | | | | Remove the old broken bio read of serial numbers in the 'ca' index file. This would choke if a revoked certificate was specified with a negative serial number. Fix typo in uid.c | ||||
* | Memory leak detection bugfixes for multi-threading. | Bodo Möller | 2001-02-19 | 1 | -0/+13 |
| | |||||
* | New options to 'ca' utility to support CRL entry extensions. | Dr. Stephen Henson | 2001-02-16 | 1 | -0/+5 |
| | | | | | | | | Add revelant new X509V3 extensions. Add OIDs. Fix ASN1 memory leak code to pop info if external allocation used. | ||||
* | Move entry to match chronologic orderering. | Lutz Jänicke | 2001-02-15 | 1 | -3/+3 |
| | |||||
* | Don't forget to mention minor change. | Lutz Jänicke | 2001-02-15 | 1 | -0/+3 |
| | |||||
* | Option to disable standard block padding with EVP API. | Dr. Stephen Henson | 2001-02-14 | 1 | -0/+7 |
| | | | | | | Add -nopad option to enc command. Update docs. | ||||
* | Initial OCSP SSL support. | Dr. Stephen Henson | 2001-02-14 | 1 | -0/+3 |
| | |||||
* | IRIX bugfix | Ulf Möller | 2001-02-14 | 1 | -0/+4 |
| | |||||
* | New function OCSP_parse_url() and -url option for ocsp utility. | Dr. Stephen Henson | 2001-02-13 | 1 | -0/+5 |
| | | | | Doesn't handle SSL URLs yet. | ||||
* | Modify OCSP nonce behaviour. | Dr. Stephen Henson | 2001-02-12 | 1 | -0/+9 |
| | |||||
* | Work around for libsafe "error". | Dr. Stephen Henson | 2001-02-12 | 1 | -0/+5 |
| | |||||
* | disable stdin buffering in load_cert | Bodo Möller | 2001-02-10 | 1 | -0/+5 |
| | |||||
* | Fix CRL printing to correctly show when there are no revoked certificates. | Dr. Stephen Henson | 2001-02-10 | 1 | -0/+5 |
| | | | | | | | Make ca.c correctly initialize the revocation date. Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string() set the string type: so they can initialize ASN1_TIME structures properly. | ||||
* | New Option SSL_OP_CIPHER_SERVER_PREFERENCE allows TLS/SSLv3 server to override | Lutz Jänicke | 2001-02-09 | 1 | -0/+6 |
| | | | | the clients choice; in SSLv2 the client uses the server's preferences. | ||||
* | Various updates to mkdef.pl to cope with new aes | Dr. Stephen Henson | 2001-02-09 | 1 | -0/+5 |
| | | | | and ASN1 code. | ||||
* | Allow various options to be included for signing and verify of | Dr. Stephen Henson | 2001-02-08 | 1 | -0/+4 |
| | | | | | | | | | OCSP responses. Documentation to follow... Urgh.. this conflicted with the -VAfile patch I hope I haven't broken it. | ||||
* | Add the -VAfile option to 'openssl ocsp'. This option will give the | Richard Levitte | 2001-02-08 | 1 | -0/+5 |
| | | | | | | | client code certificates to use to only check response signatures. I'm not entirely sure if the way I just implemented the verification is the right way to do it, and would be happy if someone would like to review this. | ||||
* | Integrate my implementation of a countermeasure against | Bodo Möller | 2001-02-08 | 1 | -1/+1 |
| | | | | | | | | | | | | | | Bleichenbacher's DSA attack. With this implementation, the expected number of iterations never exceeds 2. New semantics for BN_rand_range(): BN_rand_range(r, min, range) now generates r such that min <= r < min+range. (Previously, BN_rand_range(r, min, max) generated r such that min <= r < max. It is more convenient to have the range; also the previous prototype was misleading because max was larger than the actual maximum.) | ||||
* | Bleichenbacher's DSA attack | Ulf Möller | 2001-02-07 | 1 | -0/+4 |
| | |||||
* | Fix AES code. | Dr. Stephen Henson | 2001-02-07 | 1 | -0/+6 |
| | | | | | | | | | | Update Rijndael source to v3.0 Add AES OIDs. Change most references of Rijndael to AES. Add new draft AES ciphersuites. | ||||
* | Avoid coredumps for CONF_get_...(NULL, ...) | Bodo Möller | 2001-02-06 | 1 | -0/+9 |
| | |||||
* | Fix potential buffer overrun for EBCDIC. | Ulf Möller | 2001-02-06 | 1 | -0/+3 |
| | |||||
* | New function to copy nonce values from OCSP | Dr. Stephen Henson | 2001-02-05 | 1 | -0/+4 |
| | | | | request to response. | ||||
* | Various OCSP responder utility functions. | Dr. Stephen Henson | 2001-02-03 | 1 | -0/+13 |
| | | | | | | Delete obsolete OCSP functions. Largely untested at present... | ||||
* | Various function for commmon operations. | Dr. Stephen Henson | 2001-02-02 | 1 | -0/+6 |
| | |||||
* | Tolerate some "variations" used in some | Dr. Stephen Henson | 2001-02-01 | 1 | -0/+4 |
| | | | | | | | | | | certificates. One is a valid CA which has no basicConstraints but does have certSign keyUsage. Other is S/MIME signer with nonRepudiation but no digitalSignature. | ||||
* | Document the change. | Richard Levitte | 2001-01-30 | 1 | -0/+7 |
| | |||||
* | Make sk_sort tolearate a NULL argument. | Dr. Stephen Henson | 2001-01-28 | 1 | -0/+3 |
| | |||||
* | New OCSP response verify option OCSP_TRUSTOTHER | Dr. Stephen Henson | 2001-01-26 | 1 | -0/+5 |
| | |||||
* | Zero the premaster secret after deriving the master secret in DH | Dr. Stephen Henson | 2001-01-25 | 1 | -0/+4 |
| | | | | ciphersuites. | ||||
* | Add debugging info to new ASN1 code to trace memory leaks. | Dr. Stephen Henson | 2001-01-24 | 1 | -1/+12 |
| | | | | | | Fix PKCS7 and PKCS12 memory leaks. Initialise encapsulated content type properly. | ||||
* | EVP_add_digest_alias additions to SS_library_init | Bodo Möller | 2001-01-23 | 1 | -1/+8 |
| | |||||
* | There is no C version of bn_div_3_words | Ulf Möller | 2001-01-23 | 1 | -0/+3 |
| | |||||
* | Mention the ./config script fixes. | Ulf Möller | 2001-01-21 | 1 | -0/+3 |
| | |||||
* | Fix to stop X509_time_adj() using GeneralizedTime. | Dr. Stephen Henson | 2001-01-20 | 1 | -0/+9 |
| | |||||
* | Fixes to various ASN1_INTEGER routines for negative case. | Dr. Stephen Henson | 2001-01-19 | 1 | -0/+8 |
| | | | | Enhance s2i_ASN1_INTEGER(). | ||||
* | Fix openssl passwd -1 | Bodo Möller | 2001-01-19 | 1 | -0/+3 |
| | |||||
* | Additional functionality in ocsp utility: print summary | Dr. Stephen Henson | 2001-01-19 | 1 | -0/+8 |
| | | | | | | | of status info. Check nonce values. Option to disable verify. Update usage message. Rename status to string functions and make them global. | ||||
* | Implement remaining OCSP verify checks in | Dr. Stephen Henson | 2001-01-18 | 1 | -0/+10 |
| | | | | accordance with RFC2560. | ||||
* | Make the change log on the RAND_poll change a bit more explicit. Suggested ↵ | Richard Levitte | 2001-01-17 | 1 | -3/+8 |
| | | | | by Bodo Moeller. | ||||
* | Initial OCSP certificate verify. Not complete, | Dr. Stephen Henson | 2001-01-17 | 1 | -0/+10 |
| | | | | it just supports a "trusted OCSP global root CA". | ||||
* | New '-extfile' option for 'openssl ca'. | Bodo Möller | 2001-01-15 | 1 | -0/+7 |
| | | | | | | This allows keeping extensions in a separate configuration file. Submitted by: Massimiliano Pala <madwolf@comune.modena.it> | ||||
* | Change PKCS#12 key derivation routines to cope with | Dr. Stephen Henson | 2001-01-14 | 1 | -0/+6 |
| | | | | non null terminated passwords. | ||||
* | New OCSP utility. This can generate, parse and print | Dr. Stephen Henson | 2001-01-13 | 1 | -0/+6 |
| | | | | | | | | OCSP requests. It can also query reponders and parse or print out responses. Still needs some more work: OCSP response checks and of course documentation. | ||||
* | New 'openssl ca -status <serial>' and 'openssl ca -updatedb' | Bodo Möller | 2001-01-12 | 1 | -0/+7 |
| | | | | | | commands. Submitted by: Massimiliano Pala <madwolf@comune.modena.it> | ||||
* | New -newreq-nodes option to CA.pl. | Bodo Möller | 2001-01-11 | 1 | -0/+5 |
| | | | | Submitted by: Damien Miller <djm@mindrot.org> |