| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
| |
Use cross reference table in ASN1_item_sign(), ASN1_item_verify() to eliminate
the need for algorithm specific code.
|
| | |
|
| |
|
|
|
|
|
|
| |
./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
make depend all test
work again
PR: 1159
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
serial number is supplied on command line.
|
| | |
|
| |
|
|
|
|
| |
serial number plus 1 to the output file. Its purpose is to allow
serial number files to be initialized when random serial numbers
are used.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
|
| |
|
|
|
| |
calling X509_verify_cert() in x509.c the cert should
not be added to the trusted store.
|
| |
|
|
|
|
| |
subject hash, with -hash a synonym kept around for backward
compatibility reasons.
PR: 650
|
| |
|
|
| |
rotate_serial() that works like rotate_index().
|
| | |
|
| |
|
|
| |
subject.
|
| |
|
|
| |
PR: 556
|
| |
|
|
| |
PR: 287
|
| |
|
|
|
|
| |
exit() in whatever way works for the intended platform, and define
OPENSSL_EXIT() to have the old meaning (the name is of course because
it's only used in the openssl program)
|
| | |
|
| |
|
|
| |
initial value. For errline/errorline, we did depend on that, erroneously
|
| |
|
|
| |
PR: 332
|
| |
|
|
| |
Submitted by: Nils Larsch
|
| |
|
|
|
| |
functionality in the programs that had that before.
Part fo PR 164
|
| |
|
|
|
|
| |
Submitted by: "Hellan,Kim KHE" <KHE@kmd.dk>
Reviewed by:
PR: 167
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CONF_modules_unload() now calls CONF_modules_finish()
automatically.
Default use of section openssl_conf moved to
CONF_modules_load()
Load config file in several openssl utilities.
Most utilities now load modules from the config file,
though in a few (such as version) this isn't done
because it couldn't be used for anything.
In the case of ca and req the config file used is
the same as the utility itself: that is the -config
command line option can be used to specify an
alternative file.
|
| |
|
|
| |
Submitted by: Nils Larsch <nla@trustcenter.de>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
See the commit log message for that for more information.
NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.
|
| |
|
|
|
|
|
|
|
|
| |
Add new extension functions which work with NCONF.
Tidy up extension config routines and remove redundant code.
Fix NCONF_get_number().
Todo: more testing of apps to see they still work...
|
| |
|
|
|
|
|
| |
to go the monolith way (does anyone do that these days?).
NOTE: a few applications are missing in this commit. I've a few more
changes in them that I haven't tested yet.
|
| |
|
|
| |
everywhere.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
string (some engines may have certificates protected by a PIN!) and
a description to put into error messages.
Also, have our own password callback that we can send both a password
and some prompt info to. The default password callback in EVP assumes
that the passed parameter is a password, which isn't always the right
thing, and the ENGINE code (at least the nCipher one) makes other
assumptions...
Also, in spite of having the functions to load keys, some utilities
did the loading all by themselves... That's changed too.
|
| |
|
|
| |
because an incompletely initialized ASN1_INTEGER was used.
|
| |
|
|
|
|
|
| |
missed any.
This compiles and runs on Linux, and external applications have no
problems with it. The definite test will be to build this on VMS.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.
I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
|
| |
|
|
|
|
|
|
| |
Remove the old broken bio read of serial numbers in the 'ca' index
file. This would choke if a revoked certificate was specified with
a negative serial number.
Fix typo in uid.c
|
| | |
|
| |
|
|
| |
(e.g., use a default), we have to call ERR_clear_error().
|
| |
|
|
| |
applications.
|
| | |
|
| |
|
|
| |
At the same time, add VMS support for Rijndael.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
record-oriented fashion. That means that every write() will write a
separate record, which will be read separately by the programs trying
to read from it. This can be very confusing.
The solution is to put a BIO filter in the way that will buffer text
until a linefeed is reached, and then write everything a line at a
time, so every record written will be an actual line, not chunks of
lines and not (usually doesn't happen, but I've seen it once) several
lines in one record. Voila, BIO_f_linebuffer() is born.
Since we're so close to release time, I'm making this VMS-only for
now, just to make sure no code is needlessly broken by this. After
the release, this BIO method will be enabled on all other platforms as
well.
|
| |
|
|
|
|
|
| |
return type (on platforms where time_t is a 32 bit value).
New function ASN1_UTCTIME_cmp_time_t as a replacement
for use in apps/x509.c.
|
