Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Use better defaults for TSA. | Dr. Stephen Henson | 2015-11-20 | 1 | -2/+2 |
| | | | | | | | | Use SHA256 for TSA and setted permitted digests to a sensible value. Based on PR#4141 Reviewed-by: Matt Caswell <matt@openssl.org> | ||||
* | Add support for signer_digest option in TS. | Dr. Stephen Henson | 2015-11-20 | 1 | -1/+1 |
| | | | | | | Based on PR#2145 Reviewed-by: Matt Caswell <matt@openssl.org> | ||||
* | RT2626: Change default_bits from 1K to 2K | Kurt Roeckx | 2014-09-08 | 1 | -1/+1 |
| | | | | | | | | | | This is a more comprehensive fix. It changes all keygen apps to use 2K keys. It also changes the default to use SHA256 not SHA1. This is from Kurt's upstream Debian changes. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> | ||||
* | RT3408; fix some (not all suggested) typo's in openssl.cnf | Rich Salz | 2014-07-02 | 1 | -1/+1 |
| | |||||
* | misspellings fixes by https://github.com/vlajos/misspell_fixer | Veres Lajos | 2013-09-05 | 1 | -2/+2 |
| | |||||
* | The default CN prompt message can be confusing when often the CN needs to | Dr. Stephen Henson | 2011-12-06 | 1 | -1/+1 |
| | | | | | be the server FQDN: change it. [Reported by PSW Group] | ||||
* | Updates from 1.0.0-stable | Dr. Stephen Henson | 2009-04-04 | 1 | -3/+3 |
| | |||||
* | Don't add the TS EKU by default in openssl.cnf because it then | Dr. Stephen Henson | 2006-11-07 | 1 | -1/+1 |
| | | | | makes certificates genereated by ca, CA.pl etc useless for anything else. | ||||
* | Add support for default public key digest type ctrl. | Dr. Stephen Henson | 2006-05-07 | 1 | -1/+1 |
| | |||||
* | RFC 3161 compliant time stamp request creation, response generation | Ulf Möller | 2006-02-12 | 1 | -1/+39 |
| | | | | | | | and response verification. Submitted by: Zoltan Glozik <zglozik@opentsa.org> Reviewed by: Ulf Moeller | ||||
* | Change openssl.cnf to use UTF8Strings by default and not always include issuer | Dr. Stephen Henson | 2005-09-16 | 1 | -6/+5 |
| | | | | and serial versions of AKID. | ||||
* | use SHA-1 as the default digest for the apps/openssl commands | Nils Larsch | 2005-04-02 | 1 | -1/+1 |
| | |||||
* | Add functionality needed to process proxy certificates. | Richard Levitte | 2004-12-28 | 1 | -0/+53 |
| | |||||
* | Implement CRL numbers. | Richard Levitte | 2003-06-19 | 1 | -0/+3 |
| | | | | | Contributed in whole by Laurent Genier <Laurent.Genier@intrinsec.com> PR: 644 | ||||
* | Make it possible to have multiple active certificates with the same | Richard Levitte | 2003-04-03 | 1 | -0/+2 |
| | | | | subject. | ||||
* | Show an example of moving the emailAddress object from the subkect DN | Richard Levitte | 2001-04-11 | 1 | -0/+3 |
| | | | | to subjectAltName when signing a certificate. | ||||
* | Add copy_extensions option to 'ca' utility. | Dr. Stephen Henson | 2001-03-16 | 1 | -0/+3 |
| | |||||
* | Add 'align' option to nameopt. | Dr. Stephen Henson | 2001-03-15 | 1 | -0/+5 |
| | | | | | | | Add default values for display by the 'ca' utility to openssl.cnf Update docs. | ||||
* | increase emailAddress_max | Bodo Möller | 2001-03-04 | 1 | -1/+1 |
| | |||||
* | Initial automation changes to 'req' and X509_ATTRIBUTE functions. | Dr. Stephen Henson | 2000-01-06 | 1 | -4/+3 |
| | |||||
* | Fix some of the command line password stuff. New function | Dr. Stephen Henson | 2000-01-01 | 1 | -1/+3 |
| | | | | | | | that can automatically determine the type of a DER encoded "traditional" format private key and change some of the d2i functions to use it instead of requiring the application to work out the key type. | ||||
* | Allow passwords to be included on command line for a few | Dr. Stephen Henson | 1999-12-24 | 1 | -0/+7 |
| | | | | more utilities. | ||||
* | Continued multibyte character support. | Dr. Stephen Henson | 1999-10-27 | 1 | -0/+11 |
| | | | | | | | Add a bunch of functions to simplify the creation of X509_NAME structures. Change the X509_NAME_entry_add stuff in req/ca so it no longer uses X509_NAME_entry_count(): passing -1 has the same effect. | ||||
* | Allow extensions to be added to certificate requests, update the sample | Dr. Stephen Henson | 1999-08-25 | 1 | -3/+14 |
| | | | | config file (change RAW to DER). | ||||
* | consistent style | Ralf S. Engelschall | 1999-08-08 | 1 | -1/+1 |
| | |||||
* | Include some notes on basic extension usage and change openssl.cnf to usually | Dr. Stephen Henson | 1999-05-19 | 1 | -19/+27 |
| | | | | do sensible things with extensions. | ||||
* | Rename "openssl x509" option "-config" to "-extfile", because it | Bodo Möller | 1999-05-17 | 1 | -1/+1 |
| | | | | | doesn't have a default value like the "-config" options of other openssl subprograms. | ||||
* | Added a comment pointing out the behaviour of "openssl x509 -conf ...", | Bodo Möller | 1999-05-16 | 1 | -0/+7 |
| | | | | which cost me some time to find out about. | ||||
* | Added support for adding extensions to CRLs, also fix a memory leak and | Dr. Stephen Henson | 1999-03-06 | 1 | -0/+9 |
| | | | | | make 'req' check the config file syntax before it adds extensions. Added info in the documentation as well. | ||||
* | Redo the way 'req' and 'ca' add objects: add support for oid_section. | Dr. Stephen Henson | 1999-02-23 | 1 | -1/+10 |
| | |||||
* | Add more functionality to issuer alt name and subject alt name. New options | Dr. Stephen Henson | 1999-02-21 | 1 | -0/+12 |
| | | | | | to include email addresses from DN and copy details from issuer certificate. Include examples in openssl.cnf, update Win32 ordinals. | ||||
* | Oops! Remeber to include the other patches this time... | Dr. Stephen Henson | 1999-02-17 | 1 | -0/+6 |
| | |||||
* | Add support for raw extensions. This means that you can include the DER encoding | Dr. Stephen Henson | 1999-02-14 | 1 | -0/+5 |
| | | | | | | | | of an arbitrary extension: e.g. 1.3.4.5=critical,RAW:12:34:56 Using this technique currently unsupported extensions can be generated if you know their DER encoding. Even if the extension is supported in future the raw extension will still work: that is the raw version can always be used even if it is a supported extension. | ||||
* | More extension code. Incomplete support for subject and issuer alt | Dr. Stephen Henson | 1999-02-10 | 1 | -0/+5 |
| | | | | | | | name, issuer and authority key id. Change the i2v function parameters and add an extra 'crl' parameter in the X509V3_CTX structure: guess what that's for :-) Fix to ASN1 macro which messed up IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED. | ||||
* | Still more X509 V3 stuff. Modify ca.c to work with the new code and modify | Dr. Stephen Henson | 1999-01-26 | 1 | -11/+36 |
| | | | | openssl.cnf for the new syntax. | ||||
* | More X509 V3 stuff. Add support for extensions in the 'req' application | Dr. Stephen Henson | 1999-01-25 | 1 | -0/+9 |
| | | | | | | | so that: openssl req -x509 -new -out cert.pem will take extensions from openssl.cnf a sample for a CA is included. Also change the directory order so pem is nearer the end. Otherwise 'make links' wont work because pem.h can't be built. | ||||
* | First cut of a cleanup for apps/. First the `ssleay' program is now named | Ralf S. Engelschall | 1999-01-02 | 1 | -3/+3 |
| | | | | | | | | | `openssl' and second, the shortcut symlinks for the `openssl <command>' are no longer created. This way we have a single and consistent command line interface `openssl <command>', similar to `cvs <command>'. Notice, the openssl.cnf, openssl.c and progs.pl files were changed after a repository copy, i.e. they still contain the complete file history. | ||||
* | Import of old SSLeay release: SSLeay 0.9.1b (unreleased) | Ralf S. Engelschall | 1998-12-21 | 1 | -0/+3 |
| | |||||
* | Import of old SSLeay release: SSLeay 0.8.1b | Ralf S. Engelschall | 1998-12-21 | 1 | -0/+116 |