aboutsummaryrefslogtreecommitdiffstats
path: root/apps/ca.c
Commit message (Collapse)AuthorAgeFilesLines
* fix printout of expiry days if -enddate is used in caDr. Stephen Henson2012-11-201-1/+7
|
* New -valid option to add a certificate to the ca index.txt that is valid and ↵Dr. Stephen Henson2012-09-091-1/+18
| | | | not revoked
* Sanitize usage of <ctype.h> functions. It's important that charactersAndy Polyakov2012-01-121-1/+1
| | | | | are passed zero-extended, not sign-extended. PR: 2682
* free up sigopts STACKDr. Stephen Henson2010-03-141-0/+2
|
* clear bogus errors in ca utilityDr. Stephen Henson2010-03-141-0/+1
|
* add -sigopt option to ca utilityDr. Stephen Henson2010-03-141-20/+42
|
* Replace the broken SPKAC certification with the correct version.Dr. Stephen Henson2009-12-021-34/+2
|
* Fix warnings about ignoring fgets return valueDr. Stephen Henson2009-10-041-2/+12
|
* PR: 2013Dr. Stephen Henson2009-09-021-1/+6
| | | | | | | | | | | | Submitted by: steve@openssl.org Include a flag ASN1_STRING_FLAG_MSTRING when a multi string type is created. This makes it possible to tell if the underlying type is UTCTime, GeneralizedTime or Time when the structure is reused and X509_time_adj_ex() can handle each case in an appropriate manner. Add error checking to CRL generation in ca utility when nextUpdate is being set.
* Update from 1.0.0-stableDr. Stephen Henson2009-07-271-11/+11
|
* PR: 1854Dr. Stephen Henson2009-03-091-13/+8
| | | | | | | Submitted by: Oliver Martin <oliver@volatilevoid.net> Reviewed by: steve@openssl.org Support GeneralizedTime in ca utility.
* Incidentally http://cvs.openssl.org/chngview?cn=17710 also made it possibleAndy Polyakov2008-12-221-0/+4
| | | | | | to build the library without -D_CRT_NONSTDC_NO_DEPRECATE. This commit expands it even to apps catalog and actually omits the macro in question from Configure.
* Experimental new date handling routines. These fix issues with X509_time_adj()Dr. Stephen Henson2008-10-071-2/+2
| | | | and should avoid any OS date limitations such as the year 2038 bug.
* More type-checking.Ben Laurie2008-06-041-10/+13
|
* Avoid case in ca.c fix.Dr. Stephen Henson2008-06-021-1/+1
|
* Revert, doesn't fix warning :-(Dr. Stephen Henson2008-06-021-4/+1
|
* Avoid cast with wrapper function.Dr. Stephen Henson2008-06-021-1/+4
|
* Stop const mismatch warning.Dr. Stephen Henson2008-05-311-1/+1
|
* LHASH revamp. make depend.Ben Laurie2008-05-261-4/+8
|
* Fix some warnings.Dr. Stephen Henson2008-03-161-2/+2
|
* Return an error if the serial number is badly formed. (Coverity ID 116).Ben Laurie2007-04-041-0/+2
|
* Add RFC 3779 support.Ben Laurie2006-11-271-0/+1
|
* Support for multiple CRLs with same issuer name in X509_STORE. ModifyDr. Stephen Henson2006-07-251-3/+16
| | | | verify logic to try to use an unexpired CRL if possible.
* Add support for default public key digest type ctrl.Dr. Stephen Henson2006-05-071-25/+11
|
* Remove link between digests and signature algorithms.Dr. Stephen Henson2006-04-191-0/+2
| | | | | Use cross reference table in ASN1_item_sign(), ASN1_item_verify() to eliminate the need for algorithm specific code.
* Eliminate dependency on read/write/stat in apps under _WIN32.Andy Polyakov2005-11-041-11/+1
|
* successfully updating the db shouldn't result in an error messageNils Larsch2005-09-301-1/+0
|
* Update from stable branch.Dr. Stephen Henson2005-07-041-16/+40
|
* const fixesNils Larsch2005-04-151-5/+5
|
* some const fixesNils Larsch2005-04-051-11/+13
|
* Use the default_md config file value when signing CRLs.Dr. Stephen Henson2004-11-111-29/+18
| | | | PR:662
* Call setup_engine after autoconfig.Dr. Stephen Henson2004-08-061-4/+4
|
* Reduce chances of issuer and serial number duplication by use of randomDr. Stephen Henson2004-04-201-1/+4
| | | | | | initial serial numbers. PR: 842
* Clear error if unique_subject lookup fails.Dr. Stephen Henson2004-04-151-1/+3
|
* Use BUF_strlcpy() instead of strcpy().Richard Levitte2003-12-271-16/+23
| | | | | | | Use BUF_strlcat() instead of strcat(). Use BIO_snprintf() instead of sprintf(). In some cases, keep better track of buffer lengths. This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
* Move another common functionality (reproduced so far with cut'n'paste)Richard Levitte2003-11-281-17/+3
| | | | to apps.c, and give it the hopefully descriptive name parse_yesno().
* Move do_subject() to apps.c and rename it to parse_name(). TheRichard Levitte2003-11-281-137/+1
| | | | | | rationale behind the move is that it's use by several applications. The rationale behind the name change is that it describes what the function does a bit better.
* Allow multi-valued rdns in subjects. This adds the -multivalue-rdn optionRichard Levitte2003-11-281-17/+35
| | | | | | | | | | to 'openssl req' and 'openssl ca'. PR: 779 Submitted by: Michael Bell <michael.bell@cms.hu-berlin.de> Reviewed by: Richard Levitte (there will be some follow-up changes)
* Netware-specific changes,Richard Levitte2003-11-281-1/+1
| | | | | | PR: 780 Submitted by: Verdon Walker <VWalker@novell.com> Reviewed by: Richard Levitte
* A general spring-cleaning (in autumn) to fix up signed/unsigned warnings.Geoff Thorpe2003-10-291-1/+2
| | | | | | | | | | I have tried to convert 'len' type variable declarations to unsigned as a means to address these warnings when appropriate, but when in doubt I have used casts in the comparisons instead. The better solution (that would get us all lynched by API users) would be to go through and convert all the function prototypes and structure definitions to use unsigned variables except when signed is necessary. The proliferation of (signed) "int" for strictly non-negative uses is unfortunate.
* Generalise the definition of strcasecmp() and strncasecmp() forRichard Levitte2003-09-091-10/+0
| | | | | | platforms that don't (necessarely) have it. In the case of VMS, this means moving a couple of functions from apps/ to crypto/ and make them general (although only used privately).
* Implement CRL numbers.Richard Levitte2003-06-191-4/+32
| | | | | Contributed in whole by Laurent Genier <Laurent.Genier@intrinsec.com> PR: 644
* Convert save_serial() to work like save_index(), and add aRichard Levitte2003-04-041-43/+2
| | | | rotate_serial() that works like rotate_index().
* Add documentation on the added functionality in 'openssl ca'.Richard Levitte2003-04-041-0/+1
|
* Correct a lot of printing calls. Remove extra arguments...Richard Levitte2003-04-031-1/+1
|
* Implement self-signing in 'openssl ca'. This makes it easier to haveRichard Levitte2003-04-031-31/+59
| | | | | | the CA certificate part of the CA database, and combined with 'unique_subject=no', it should make operations like CA certificate roll-over easier.
* Reset the version number of the issuer certificate? I believe thisRichard Levitte2003-04-031-1/+1
| | | | hasn't been tested in a long while...
* Conditionalise all debug strings.Richard Levitte2003-04-031-0/+6
|
* Make it possible to have multiple active certificates with the sameRichard Levitte2003-04-031-341/+84
| | | | subject.
* Add the possibility to build without the ENGINE framework.Richard Levitte2003-01-301-0/+8
| | | | PR: 287
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-12 22:11:14 +0000