aboutsummaryrefslogtreecommitdiffstats
path: root/apps/req.c
Commit message (Collapse)AuthorAgeFilesLines
* Clean up a bundle of codingstyle stuff in apps directoryPaul Yang2017-06-121-61/+73
| | | | | | | | | Mostly braces and NULL pointer check and also copyright year bump Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3657)
* Fix regression in openssl req -x509 behaviour.Tomas Mraz2017-05-111-2/+4
| | | | | | | | Allow conversion of existing requests to certificates again. Fixes the issue #3396 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3437)
* Switch command-line utils to new nameopt API.Dmitry Belyavskiy2017-04-251-13/+8
| | | | | | | | | | | | | | | | | The CA names should be printed according to user's decision print_name instead of set of BIO_printf dump_cert_text instead of set of BIO_printf Testing cyrillic output of X509_CRL_print_ex Write and use X509_CRL_print_ex Reduce usage of X509_NAME_online Using X509_REQ_print_ex instead of X509_REQ_print Fix nameopt processing. Make dump_cert_text nameopt-friendly Move nameopt getter/setter to apps/apps.c Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3262)
* apps/req.c: flag "-new" is implied by "-precert"Rob Percival2017-02-221-4/+3
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/843)
* Adds a "-precert" flag to "openssl req" for creating pre-certificatesRob Percival2017-02-221-1/+15
| | | | | | | This makes it a little easier to create a pre-certificate. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/843)
* Change req_check_len error message, it also accepts 20 bytes, but states ↵lrns2017-02-161-1/+1
| | | | | | | 'less than' in the error message Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2648)
* Fix parsing of serial# in reqRich Salz2017-02-061-1/+1
| | | | | | Reported by Jakub Wilk. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2556)
* If an engine comes up explicitely, it must also come down explicitelyRichard Levitte2016-10-191-0/+1
| | | | | | | | | | | | | In apps/apps.c, one can set up an engine with setup_engine(). However, we freed the structural reference immediately, which means that for engines that don't already have a structural reference somewhere else (because it's a built in engine), we end up returning an invalid reference. Instead, the function release_engine() is added, and called at the end of the routines that call setup_engine(). Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1643)
* Constify command optionsFdaSilvaYY2016-10-141-1/+1
| | | | | | Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1694)
* Clarify the error messages in 08f6ae5b28Matt Caswell2016-08-241-1/+1
| | | | | | Ensure it is clear to the user why there has been an error. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix some resource leaks in the appsMatt Caswell2016-08-241-0/+4
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Make 'openssl req -x509' more equivalent to 'openssl req -new'Richard Levitte2016-08-221-1/+2
| | | | | | | | | | | | | | | The following would fail, or rather, freeze: openssl genrsa -out rsa2048.pem 2048 openssl req -x509 -key rsa2048.pem -keyform PEM -out cert.pem In that case, the second command wants to read a certificate request from stdin, because -x509 wasn't fully flagged as being for creating something new. This changes makes it fully flagged. RT#4655 Reviewed-by: Andy Polyakov <appro@openssl.org>
* Set certificate times in one function.Dr. Stephen Henson2016-08-191-3/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Constify char* input parameters in apps codeFdaSilvaYY2016-08-171-6/+6
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Use more X509_REQ_get0_pubkey & X509_get0_pubkeyFdaSilvaYY2016-07-201-6/+4
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1284)
* Whitespace cleanup in appsFdaSilvaYY2016-06-291-1/+1
| | | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1264)
* apps/req.c: Increment the right variable when parsing '+'Richard Levitte2016-06-201-3/+3
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Deal with the consequences of constifying gettersRichard Levitte2016-06-151-1/+1
| | | | | Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
* req command incorrectly displays the bits for an EC keyMatt Caswell2016-06-011-2/+6
| | | | | | | | | | | | | | When the "req" command is used to generate a new EC key using the -newkey option it will incorrectly display: Generating a 2048 bit EC private key This commit fixes the message to not display the bit length for EC keys because we don't currently support getting that during generation. GitHub Issue #1068 Reviewed-by: Richard Levitte <levitte@openssl.org>
* Copyright consolidation 01/10Rich Salz2016-05-171-54/+6
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
* Don't load same config file twice.Dr. Stephen Henson2016-05-161-1/+1
| | | | | | RT#4215 Reviewed-by: Richard Levitte <levitte@openssl.org>
* Deprecate OBJ_cleanup() and make it a no-opMatt Caswell2016-04-131-1/+0
| | | | | | | | OBJ_cleanup() should not be called expicitly - we should leave auto-deinit to clean this up instead. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Make the RSA structure opaqueRichard Levitte2016-04-061-3/+5
| | | | | | | | Move rsa_st away from public headers. Add accessor/writer functions for the public RSA data. Adapt all other source to use the accessors and writers. Reviewed-by: Matt Caswell <matt@openssl.org>
* Fix a shadow symbol warningFdaSilvaYY2016-04-041-5/+5
| | | | | | | | ... comes from c5137473bdc7. Fix Travis builds. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* Use X509_REQ_get0_pubkeyFdaSilvaYY2016-04-041-12/+7
| | | | | Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* Don't free up EVP_MD_CTX.Schüller Felix2016-03-191-15/+3
| | | | | | | | | | | Don't free up passed EVP_MD_CTX in ASN1_item_sign_ctx(). This simplifies handling and retains compatiblity with previous behaviour. PR#4446 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* Don't free NCONF obtained valuesViktor Dukhovni2016-03-071-9/+15
| | | | | | Bug reported by Michel Sales. Reviewed-by: Rich Salz <rsalz@openssl.org>
* GH715: ENGINE_finish can take NULLRich Salz2016-02-251-4/+2
| | | | | | | Simplifies calling code. Also fixed up any !ptr tests that were nearby, turning them into NULL tests. Reviewed-by: Richard Levitte <levitte@openssl.org>
* GH480: Don't break statements with CPP stuff.Flavio Medeiros2016-02-241-8/+10
| | | | | | | This is also RT 4137 Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Andy Polyakov <appro@openssl.org>
* argv was set but unusedKurt Roeckx2016-02-201-1/+2
| | | | | | | | Also gives an error message when you gave it a parameter it didn't expect. Reviewed-by: Rich Salz <rsalz@openssl.org> MR: #2009
* GH681: More command help cleanupRich Salz2016-02-181-5/+6
| | | | | | | | | | | enc: - typo in -base64 option - missing help opt text ocsp, req, rsautl, s_client: - missing help opt text Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
* RT 3854: Update apps/reqEmilia Kasper2016-02-121-2/+2
| | | | | | Change the default keysize to 2048 bits, and the minimum to 512 bits. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix engine key support in cms and req utilities.Dr. Stephen Henson2016-02-111-4/+4
| | | | | | PR#4246 and PR#4266 Reviewed-by: Rich Salz <rsalz@openssl.org>
* GH634: fix potential memory leakInsu Yun2016-02-061-0/+1
| | | | | Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
* make EVP_PKEY opaqueDr. Stephen Henson2016-01-201-1/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Rename some BUF_xxx to OPENSSL_xxxRich Salz2015-12-161-9/+9
| | | | | | | | | Rename BUF_{strdup,strlcat,strlcpy,memdup,strndup,strnlen} to OPENSSL_{strdup,strlcat,strlcpy,memdup,strndup,strnlen} Add #define's for the old names. Add CRYPTO_{memdup,strndup}, called by OPENSSL_{memdup,strndup} macros. Reviewed-by: Tim Hudson <tjh@openssl.org>
* Cleanup: fix all sources that used EVP_MD_CTX_(create|init|destroy)Richard Levitte2015-12-071-6/+6
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Adjust all accesses to EVP_MD_CTX to use accessor functions.Richard Levitte2015-12-071-18/+26
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Continue standardisation of malloc handling in appsMatt Caswell2015-11-091-1/+1
| | | | | | continue on from previous commits but in the apps directory Reviewed-by: Kurt Roeckx <kurt@openssl.org>
* Rename -set-serial command to reqMatt Caswell2015-10-121-1/+1
| | | | | | | | | Previous OpenSSL versions used -set_serial, but master was using -set-serial - so rename it back to the old version. RT#4059 Reviewed-by: Richard Levitte <levitte@openssl.org>
* Change the way apps open their input and output filesRichard Levitte2015-09-061-4/+4
| | | | | | | | | | | | The different apps had the liberty to decide whether they would open their input and output files in binary mode or not, which could be confusing if two different apps were handling the same type of file in different ways. The solution is to centralise the decision of low level file organisation, and that the apps would use a selection of formats to state the intent of the file. Reviewed-by: Tim Hudson <tjh@openssl.org>
* Make the handling of output and input formats consistentRichard Levitte2015-09-061-1/+2
| | | | | | | | Most of all, we needed to sort out which ones are binary and which ones are text, and make sure they are treated accordingly and consistently so Reviewed-by: Tim Hudson <tjh@openssl.org>
* make X509_REQ opaqueDr. Stephen Henson2015-08-311-2/+0
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Remove asn1-kludge option.Dr. Stephen Henson2015-08-311-22/+3
| | | | | | | | | Remove asn1-kludge option from the req utility. It was a decade old workaround for CAs and software which required an invalid encoding of PKCS#10 certificate requests: omitting the attributes field even though it is not OPTIONAL. Reviewed-by: Rich Salz <rsalz@openssl.org>
* RT3961: Fix switch/case errors in flag parsingAdam Eijdenberg2015-07-311-1/+0
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* Make "oneline" the default for nameoptRichard Levitte2015-07-071-1/+7
| | | | | | | | | There's no reason why we should default to a output format that is old, and confusing in some cases. This affects the commands "ca", "crl", "req" and "x509". Reviewed-by: Rich Salz <rsalz@openssl.org>
* RT2547: Tighten perms on generated privkey filesRich Salz2015-06-151-3/+5
| | | | | | | | | | | | When generating a private key, try to make the output file be readable only by the owner. Put it in CHANGES file since it might be noticeable. Add "int private" flag to apps that write private keys, and check that it's set whenever we do write a private key. Checked via assert so that this bug (security-related) gets fixed. Thanks to Viktor for help in tracing the code-paths where private keys are written. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Fix argument processing error from the option parsing change over.Tim Hudson2015-06-151-2/+6
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Standardize handling of #ifdef'd options.Rich Salz2015-06-021-1/+1
| | | | | | | | | | | | | | | | | | Here are the "rules" for handling flags that depend on #ifdef: - Do not ifdef the enum. Only ifdef the OPTIONS table. All ifdef'd entries appear at the end; by convention "engine" is last. This ensures that at run-time, the flag will never be recognized/allowed. The next two bullets entries are for silencing compiler warnings: - In the while/switch parsing statement, use #ifdef for the body to disable it; leave the "case OPT_xxx:" and "break" statements outside the ifdef/ifndef. See ciphers.c for example. - If there are multiple options controlled by a single guard, OPT_FOO, OPT_BAR, etc., put a an #ifdef around the set, and then do "#else" and a series of case labels and a break. See OPENSSL_NO_AES in cms.c for example. Reviewed-by: Matt Caswell <matt@openssl.org>
* Restore module loadingRichard Levitte2015-05-291-0/+3
| | | | | | | The module loading feature got broken a while ago, so restore it, but have it a bit more explicit this time around. Reviewed-by: Stephen Henson <steve@openssl.org>
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-08 07:39:19 +0000