aboutsummaryrefslogtreecommitdiffstats
path: root/apps/ocsp.c
Commit message (Collapse)AuthorAgeFilesLines
* Don't free a NULL. Coverity ID 112.Ben Laurie2007-04-041-2/+2
|
* Die if serial number is invalid.Ben Laurie2007-04-041-0/+1
|
* Apply a more modern way to get the definition of select(), except for VMS.Richard Levitte2007-03-291-1/+6
| | | | Submitted by Corinna Vinschen <vinschen@redhat.com>
* Needed definition of _XOPEN_SOURCE_EXTENDED so DEC C on VMS will seeRichard Levitte2006-12-251-0/+4
| | | | the declarations of fd_set, select() and so on.
* properly initialize SSL context, check return valueNils Larsch2006-12-131-0/+6
|
* According to documentation, including time.h declares select() onRichard Levitte2006-08-201-0/+1
| | | | | | OpenVMS, and possibly more. Ref: http://h71000.www7.hp.com/doc/82final/6529/6529pro_019.html#r_select
* WIN32 fixes signed/unsigned issues and slightly socket semantics.Dr. Stephen Henson2006-07-171-4/+17
|
* Add -timeout option to ocsp utility.Dr. Stephen Henson2006-07-171-6/+94
|
* Remove some unnecessary recursive includes from the internal apps.h header,Geoff Thorpe2004-05-171-0/+1
| | | | and include bn.h in those C files that need bignum functionality.
* New -ignore_err option in ocsp application to stop the serverDr. Stephen Henson2003-09-031-0/+5
| | | | exiting on the first error in a request.
* Correct a lot of printing calls. Remove extra arguments...Richard Levitte2003-04-031-2/+2
|
* Make it possible to have multiple active certificates with the sameRichard Levitte2003-04-031-36/+10
| | | | subject.
* Update ocsp usage message and docs.Dr. Stephen Henson2003-03-261-3/+3
|
* Pay attention to disabled SSL versions.Richard Levitte2003-02-141-0/+9
| | | | PR: 500
* Make it possible to disable OCSP, the speed application, and the use of sockets.Richard Levitte2003-02-141-0/+11
| | | | PR: 358
* EXIT() may mean return(). That's confusing, so let's have it really meanRichard Levitte2002-12-031-1/+1
| | | | | | exit() in whatever way works for the intended platform, and define OPENSSL_EXIT() to have the old meaning (the name is of course because it's only used in the openssl program)
* Security fixes brought forward from 0.9.7.Ben Laurie2002-11-131-1/+1
|
* BN_bn2hex() returns "0" instead of "00" for zero. This disrputs theRichard Levitte2002-10-111-1/+4
| | | | | requirement that the serial number always be an even amount of characters. PR: 248
* Make it possible to load keys from stdin, and restore thatRichard Levitte2002-08-011-2/+2
| | | | | functionality in the programs that had that before. Part fo PR 164
* Cut'n'paste error with other reposnder certificates cleared.Richard Levitte2002-08-011-2/+2
| | | | PR: 190
* Reorder inclusion of header files:Lutz Jänicke2002-07-101-1/+1
| | | | | | | | | | | | | | | | | des_old.h redefines crypt: #define crypt(b,s)\ DES_crypt((b),(s)) This scheme leads to failure, if header files with the OS's true definition of crypt() are processed _after_ des_old.h was processed. This is e.g. the case on HP-UX with unistd.h. As evp.h now again includes des.h (which includes des_old.h), this problem only came up after this modification. Solution: move header files (indirectly) including e_os.h before the header files (indirectly) including evp.h. Submitted by: Reviewed by: PR:
* Fix ext_dat.h extension ordering.Dr. Stephen Henson2002-06-131-2/+16
| | | | | | | | | Reinstate -reqout code. Avoid coredump in ocsp if setup_verify fails. Fix typo in ocsp usage message.
* Config code updates.Dr. Stephen Henson2002-02-221-0/+3
| | | | | | | | | | | | | | | | | | | CONF_modules_unload() now calls CONF_modules_finish() automatically. Default use of section openssl_conf moved to CONF_modules_load() Load config file in several openssl utilities. Most utilities now load modules from the config file, though in a few (such as version) this isn't done because it couldn't be used for anything. In the case of ca and req the config file used is the same as the utility itself: that is the -config command line option can be used to specify an alternative file.
* Load OCSP responder key before waiting for an incomingDr. Stephen Henson2001-08-231-25/+27
| | | | | | | connection so it can prompt for pass phrase on startup instead of after the first connection. Add -port switch to usage message.
* Allow OCSP server to handle multiple requests.Dr. Stephen Henson2001-07-131-36/+93
| | | | Document new OCSP options.
* Initial OCSP server support, using index.txt format.Dr. Stephen Henson2001-07-121-20/+404
| | | | | | | This can process internal requests or behave like a mini responder. Todo: documentation, update usage info.
* Extend all the loading functions to take an engine pointer, a passRichard Levitte2001-05-301-6/+15
| | | | | | | | | | | | | | string (some engines may have certificates protected by a PIN!) and a description to put into error messages. Also, have our own password callback that we can send both a password and some prompt info to. The default password callback in EVP assumes that the passed parameter is a password, which isn't always the right thing, and the ENGINE code (at least the nCipher one) makes other assumptions... Also, in spite of having the functions to load keys, some utilities did the loading all by themselves... That's changed too.
* New function and options to check OCSP response validity.Dr. Stephen Henson2001-02-241-3/+52
|
* Fix typo.Dr. Stephen Henson2001-02-201-1/+1
|
* Initial OCSP SSL support.Dr. Stephen Henson2001-02-141-3/+14
|
* New function OCSP_parse_url() and -url option for ocsp utility.Dr. Stephen Henson2001-02-131-2/+24
| | | | Doesn't handle SSL URLs yet.
* Modify OCSP nonce behaviour.Dr. Stephen Henson2001-02-121-3/+8
|
* Add missing \n's to ocsp usage message.Dr. Stephen Henson2001-02-091-9/+9
|
* Allow various options to be included for signing and verify ofDr. Stephen Henson2001-02-081-29/+83
| | | | | | | | | OCSP responses. Documentation to follow... Urgh.. this conflicted with the -VAfile patch I hope I haven't broken it.
* Add the -VAfile option to 'openssl ocsp'. This option will give theRichard Levitte2001-02-081-1/+17
| | | | | | | client code certificates to use to only check response signatures. I'm not entirely sure if the way I just implemented the verification is the right way to do it, and would be happy if someone would like to review this.
* Various function for commmon operations.Dr. Stephen Henson2001-02-021-1/+1
|
* Fixes to various ASN1_INTEGER routines for negative case.Dr. Stephen Henson2001-01-191-1/+1
| | | | Enhance s2i_ASN1_INTEGER().
* Additional functionality in ocsp utility: print summaryDr. Stephen Henson2001-01-191-16/+121
| | | | | | | of status info. Check nonce values. Option to disable verify. Update usage message. Rename status to string functions and make them global.
* Implement remaining OCSP verify checks inDr. Stephen Henson2001-01-181-0/+2
| | | | accordance with RFC2560.
* Initial OCSP certificate verify. Not complete,Dr. Stephen Henson2001-01-171-0/+37
| | | | it just supports a "trusted OCSP global root CA".
* Preliminary ocsp utility documentation.Dr. Stephen Henson2001-01-141-0/+3
| | | | Fix ocsp usage message.
* New OCSP utility. This can generate, parse and printDr. Stephen Henson2001-01-131-0/+452
OCSP requests. It can also query reponders and parse or print out responses. Still needs some more work: OCSP response checks and of course documentation.
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-06 21:48:26 +0000