aboutsummaryrefslogtreecommitdiffstats
path: root/apps/ca.c
Commit message (Collapse)AuthorAgeFilesLines
* Return an error if the serial number is badly formed. (Coverity ID 116).Ben Laurie2007-04-041-0/+2
|
* Add RFC 3779 support.Ben Laurie2006-11-271-0/+1
|
* Support for multiple CRLs with same issuer name in X509_STORE. ModifyDr. Stephen Henson2006-07-251-3/+16
| | | | verify logic to try to use an unexpired CRL if possible.
* Add support for default public key digest type ctrl.Dr. Stephen Henson2006-05-071-25/+11
|
* Remove link between digests and signature algorithms.Dr. Stephen Henson2006-04-191-0/+2
| | | | | Use cross reference table in ASN1_item_sign(), ASN1_item_verify() to eliminate the need for algorithm specific code.
* Eliminate dependency on read/write/stat in apps under _WIN32.Andy Polyakov2005-11-041-11/+1
|
* successfully updating the db shouldn't result in an error messageNils Larsch2005-09-301-1/+0
|
* Update from stable branch.Dr. Stephen Henson2005-07-041-16/+40
|
* const fixesNils Larsch2005-04-151-5/+5
|
* some const fixesNils Larsch2005-04-051-11/+13
|
* Use the default_md config file value when signing CRLs.Dr. Stephen Henson2004-11-111-29/+18
| | | | PR:662
* Call setup_engine after autoconfig.Dr. Stephen Henson2004-08-061-4/+4
|
* Reduce chances of issuer and serial number duplication by use of randomDr. Stephen Henson2004-04-201-1/+4
| | | | | | initial serial numbers. PR: 842
* Clear error if unique_subject lookup fails.Dr. Stephen Henson2004-04-151-1/+3
|
* Use BUF_strlcpy() instead of strcpy().Richard Levitte2003-12-271-16/+23
| | | | | | | Use BUF_strlcat() instead of strcat(). Use BIO_snprintf() instead of sprintf(). In some cases, keep better track of buffer lengths. This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
* Move another common functionality (reproduced so far with cut'n'paste)Richard Levitte2003-11-281-17/+3
| | | | to apps.c, and give it the hopefully descriptive name parse_yesno().
* Move do_subject() to apps.c and rename it to parse_name(). TheRichard Levitte2003-11-281-137/+1
| | | | | | rationale behind the move is that it's use by several applications. The rationale behind the name change is that it describes what the function does a bit better.
* Allow multi-valued rdns in subjects. This adds the -multivalue-rdn optionRichard Levitte2003-11-281-17/+35
| | | | | | | | | | to 'openssl req' and 'openssl ca'. PR: 779 Submitted by: Michael Bell <michael.bell@cms.hu-berlin.de> Reviewed by: Richard Levitte (there will be some follow-up changes)
* Netware-specific changes,Richard Levitte2003-11-281-1/+1
| | | | | | PR: 780 Submitted by: Verdon Walker <VWalker@novell.com> Reviewed by: Richard Levitte
* A general spring-cleaning (in autumn) to fix up signed/unsigned warnings.Geoff Thorpe2003-10-291-1/+2
| | | | | | | | | | I have tried to convert 'len' type variable declarations to unsigned as a means to address these warnings when appropriate, but when in doubt I have used casts in the comparisons instead. The better solution (that would get us all lynched by API users) would be to go through and convert all the function prototypes and structure definitions to use unsigned variables except when signed is necessary. The proliferation of (signed) "int" for strictly non-negative uses is unfortunate.
* Generalise the definition of strcasecmp() and strncasecmp() forRichard Levitte2003-09-091-10/+0
| | | | | | platforms that don't (necessarely) have it. In the case of VMS, this means moving a couple of functions from apps/ to crypto/ and make them general (although only used privately).
* Implement CRL numbers.Richard Levitte2003-06-191-4/+32
| | | | | Contributed in whole by Laurent Genier <Laurent.Genier@intrinsec.com> PR: 644
* Convert save_serial() to work like save_index(), and add aRichard Levitte2003-04-041-43/+2
| | | | rotate_serial() that works like rotate_index().
* Add documentation on the added functionality in 'openssl ca'.Richard Levitte2003-04-041-0/+1
|
* Correct a lot of printing calls. Remove extra arguments...Richard Levitte2003-04-031-1/+1
|
* Implement self-signing in 'openssl ca'. This makes it easier to haveRichard Levitte2003-04-031-31/+59
| | | | | | the CA certificate part of the CA database, and combined with 'unique_subject=no', it should make operations like CA certificate roll-over easier.
* Reset the version number of the issuer certificate? I believe thisRichard Levitte2003-04-031-1/+1
| | | | hasn't been tested in a long while...
* Conditionalise all debug strings.Richard Levitte2003-04-031-0/+6
|
* Make it possible to have multiple active certificates with the sameRichard Levitte2003-04-031-341/+84
| | | | subject.
* Add the possibility to build without the ENGINE framework.Richard Levitte2003-01-301-0/+8
| | | | PR: 287
* cert_sk isn't always allocated, so freeing it may cause a crash.Richard Levitte2003-01-301-1/+2
| | | | PR: 481
* Typo.Dr. Stephen Henson2003-01-091-1/+1
|
* NULL tofree when it is freed to avoid double free.Dr. Stephen Henson2003-01-091-1/+4
| | | | Make sure key is not NULL before freeing it.
* Spelling error.Richard Levitte2002-12-251-1/+1
| | | | This patch was taken from the OpenBSD copy of OpenSSL 0.9.7 beta3 with patches
* EXIT() may mean return(). That's confusing, so let's have it really meanRichard Levitte2002-12-031-1/+1
| | | | | | exit() in whatever way works for the intended platform, and define OPENSSL_EXIT() to have the old meaning (the name is of course because it's only used in the openssl program)
* Cleanse memory using the new OPENSSL_cleanse() function.Richard Levitte2002-11-281-1/+1
| | | | I've covered all the memset()s I felt safe modifying, but may have missed some.
* Remove warnings.Richard Levitte2002-11-141-1/+1
|
* Security fixes brought forward from 0.9.7.Ben Laurie2002-11-131-18/+38
|
* Windows doesn't know sys/file.hRichard Levitte2002-11-071-1/+1
|
* On certain platforms, we redefine certain symbols using macros inRichard Levitte2002-10-241-1/+2
| | | | | | | | | apps.h. For those, it's better to include apps.h after the system headers where those symbols may be defined, since there's otherwise a chance that the C compiler will barf when it sees something that looks like this after expansion: int VMS_strcasecmp((str1),(str2))(const char *, const char *);
* fix warnings, and harmonize indentationBodo Möller2002-10-231-20/+24
|
* BN_bn2hex() returns "0" instead of "00" for zero. This disrputs theRichard Levitte2002-10-111-5/+16
| | | | | requirement that the serial number always be an even amount of characters. PR: 248
* Add missing LFRichard Levitte2002-10-091-1/+1
|
* get rid of EVP_PKEY_ECDSA (now we have EVP_PKEY_EC instead)Bodo Möller2002-08-121-2/+2
| | | | Submitted by: Nils Larsch
* Make it possible to load keys from stdin, and restore thatRichard Levitte2002-08-011-1/+1
| | | | | functionality in the programs that had that before. Part fo PR 164
* If the email address is moved from the subject to the subject alternate name,Richard Levitte2002-07-311-4/+3
| | | | | | the subject in the certificate would differ from the subject in the index file, which has quite bad concequences. PR: 180
* Fix bug introduced with revision 1.95 when this filed was modified toBodo Möller2002-07-181-2/+2
| | | | | | | | | | use the new X509_CRL_set_issuer_name() function: The CRL issuer should be X509_get_subject_name(x509), not X509_get_issuer_name(x509). Submitted by: Juergen Lesny <lesnyj@informatik.tu-muenchen.de> typo
* Unixware doesn't have strings.h, so we need to declare strcasecmp()Richard Levitte2002-07-181-1/+5
| | | | | | differently. Unixware 2 needs to link with libresolv. PR: 148
* Reorganise -subj option code, fix buffer overrun.Dr. Stephen Henson2002-05-191-25/+24
|
* Fix escaping when using the -subj option of "openssl req", documentLutz Jänicke2002-04-301-35/+94
| | | | 'hidden' -nameopt support. (Robert Joop <joop@fokus.gmd.de>)
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-07 14:23:35 +0000