Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add new test option set the version in generated certificates: this | Dr. Stephen Henson | 2012-11-30 | 1 | -0/+18 |
| | | | | | is needed to test some profiles/protocols which reject certificates with unsupported versions. | ||||
* | option to output corrupted signature in certificates for testing purposes | Dr. Stephen Henson | 2012-11-25 | 1 | -1/+6 |
| | |||||
* | update usage messages | Dr. Stephen Henson | 2012-11-19 | 1 | -0/+3 |
| | |||||
* | New functions to check a hostname email or IP address against a | Dr. Stephen Henson | 2012-10-08 | 1 | -0/+19 |
| | | | | | certificate. Add options to s_client, s_server and x509 utilities to print results of checks. | ||||
* | New -force_pubkey option to x509 utility to supply a different public | Dr. Stephen Henson | 2011-10-07 | 1 | -5/+23 |
| | | | | | key to the one in a request. This is useful for cases where the public key cannot be used for signing e.g. DH. | ||||
* | use keyformat for -x509toreq, don't hard code PEM | Dr. Stephen Henson | 2011-09-23 | 1 | -1/+1 |
| | |||||
* | apps/x590.c: harmonize usage of STDout and out_err. | Andy Polyakov | 2010-12-12 | 1 | -2/+2 |
| | | | | PR: 2323 | ||||
* | Fix warnings. | Ben Laurie | 2010-06-12 | 1 | -2/+0 |
| | |||||
* | new sigopt and PSS support for req and x509 utilities | Dr. Stephen Henson | 2010-03-12 | 1 | -7/+25 |
| | |||||
* | oops | Dr. Stephen Henson | 2010-03-07 | 1 | -1/+0 |
| | |||||
* | The OID sanity check was incorrect. It should only disallow *leading* 0x80 | Dr. Stephen Henson | 2010-03-07 | 1 | -0/+1 |
| | | | | values. | ||||
* | PR: 2136 | Dr. Stephen Henson | 2010-01-12 | 1 | -0/+29 |
| | | | | | | | Submitted by: Willy Weisz <weisz@vcpc.univie.ac.at> Add options to output hash using older algorithm compatible with OpenSSL versions before 1.0.0 | ||||
* | Use new X509_STORE_set_verify_cb function instead of old macro. | Dr. Stephen Henson | 2009-10-18 | 1 | -1/+1 |
| | |||||
* | Update from 1.0.0-stable | Dr. Stephen Henson | 2009-07-27 | 1 | -3/+3 |
| | |||||
* | Updates from 1.0.0-stable. | Dr. Stephen Henson | 2009-07-14 | 1 | -2/+2 |
| | |||||
* | Use new time routines to avoid possible overflow. | Dr. Stephen Henson | 2009-07-13 | 1 | -1/+1 |
| | |||||
* | Update from 1.0.0-stable. | Dr. Stephen Henson | 2009-06-26 | 1 | -0/+1 |
| | |||||
* | Typo in usage message. | Dr. Stephen Henson | 2009-03-23 | 1 | -1/+1 |
| | |||||
* | Updatde from stable branch. | Dr. Stephen Henson | 2009-01-07 | 1 | -1/+1 |
| | |||||
* | More type-checking. | Ben Laurie | 2008-06-04 | 1 | -3/+4 |
| | |||||
* | Support for certificate status TLS extension. | Dr. Stephen Henson | 2007-09-26 | 1 | -2/+9 |
| | |||||
* | Add support for default public key digest type ctrl. | Dr. Stephen Henson | 2006-05-07 | 1 | -30/+7 |
| | |||||
* | Remove link between digests and signature algorithms. | Dr. Stephen Henson | 2006-04-19 | 1 | -0/+2 |
| | | | | | Use cross reference table in ASN1_item_sign(), ASN1_item_verify() to eliminate the need for algorithm specific code. | ||||
* | Remove ASN1_METHOD code replace with new ASN1 alternative. | Dr. Stephen Henson | 2005-08-20 | 1 | -8/+7 |
| | |||||
* | make | Nils Larsch | 2005-07-16 | 1 | -0/+4 |
| | | | | | | | | ./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa] make depend all test work again PR: 1159 | ||||
* | some const fixes | Nils Larsch | 2005-04-05 | 1 | -2/+2 |
| | |||||
* | use SHA-1 as the default digest for the apps/openssl commands | Nils Larsch | 2005-04-02 | 1 | -1/+1 |
| | |||||
* | Give everything prototypes (well, everything that's actually used). | Ben Laurie | 2005-03-31 | 1 | -2/+1 |
| | |||||
* | Use X509_cmp_time() in -checkend option, to support GeneralizedTime. | Dr. Stephen Henson | 2004-12-05 | 1 | -2/+2 |
| | |||||
* | Fix x509.c so it creates serial number file again if no | Dr. Stephen Henson | 2004-11-13 | 1 | -2/+5 |
| | | | | serial number is supplied on command line. | ||||
* | Make self signing option of 'x509' use random serial numbers too. | Dr. Stephen Henson | 2004-05-12 | 1 | -3/+7 |
| | |||||
* | New option to 'x509' -next_serial. This outputs the certificate | Dr. Stephen Henson | 2004-04-21 | 1 | -1/+22 |
| | | | | | | serial number plus 1 to the output file. Its purpose is to allow serial number files to be initialized when random serial numbers are used. | ||||
* | Use X509_get_serialNumber() instead of accessing internals in x509.c | Dr. Stephen Henson | 2004-04-21 | 1 | -1/+2 |
| | |||||
* | header cleanup in apps/ | Geoff Thorpe | 2004-04-19 | 1 | -0/+2 |
| | |||||
* | Use BUF_strlcpy() instead of strcpy(). | Richard Levitte | 2003-12-27 | 1 | -6/+8 |
| | | | | | | | Use BUF_strlcat() instead of strcat(). Use BIO_snprintf() instead of sprintf(). In some cases, keep better track of buffer lengths. This is part of a large change submitted by Markus Friedl <markus@openbsd.org> | ||||
* | In order to get the expected self signed error when | Dr. Stephen Henson | 2003-09-21 | 1 | -1/+1 |
| | | | | | calling X509_verify_cert() in x509.c the cert should not be added to the trusted store. | ||||
* | Add -issuer_hash and make -subject_hash the default way to get the | Richard Levitte | 2003-07-03 | 1 | -6/+15 |
| | | | | | | subject hash, with -hash a synonym kept around for backward compatibility reasons. PR: 650 | ||||
* | Convert save_serial() to work like save_index(), and add a | Richard Levitte | 2003-04-04 | 1 | -1/+1 |
| | | | | rotate_serial() that works like rotate_index(). | ||||
* | Remove unused variable. | Richard Levitte | 2003-04-03 | 1 | -1/+0 |
| | |||||
* | Make it possible to have multiple active certificates with the same | Richard Levitte | 2003-04-03 | 1 | -70/+8 |
| | | | | subject. | ||||
* | No need to test -setalias twice. | Richard Levitte | 2003-03-31 | 1 | -6/+0 |
| | | | | PR: 556 | ||||
* | Add the possibility to build without the ENGINE framework. | Richard Levitte | 2003-01-30 | 1 | -0/+8 |
| | | | | PR: 287 | ||||
* | EXIT() may mean return(). That's confusing, so let's have it really mean | Richard Levitte | 2002-12-03 | 1 | -1/+1 |
| | | | | | | exit() in whatever way works for the intended platform, and define OPENSSL_EXIT() to have the old meaning (the name is of course because it's only used in the openssl program) | ||||
* | Security fixes brought forward from 0.9.7. | Ben Laurie | 2002-11-13 | 1 | -3/+4 |
| | |||||
* | Variables on the stack must be initialized or we can't depend on any | Richard Levitte | 2002-11-11 | 1 | -1/+1 |
| | | | | initial value. For errline/errorline, we did depend on that, erroneously | ||||
* | -CAserial does take a filename argument. | Richard Levitte | 2002-11-08 | 1 | -1/+1 |
| | | | | PR: 332 | ||||
* | get rid of EVP_PKEY_ECDSA (now we have EVP_PKEY_EC instead) | Bodo Möller | 2002-08-12 | 1 | -3/+3 |
| | | | | Submitted by: Nils Larsch | ||||
* | Make it possible to load keys from stdin, and restore that | Richard Levitte | 2002-08-01 | 1 | -6/+7 |
| | | | | | functionality in the programs that had that before. Part fo PR 164 | ||||
* | Only use DSA-functions if available. | Lutz Jänicke | 2002-07-29 | 1 | -1/+5 |
| | | | | | | Submitted by: "Hellan,Kim KHE" <KHE@kmd.dk> Reviewed by: PR: 167 | ||||
* | CAformat should not be used for CA key format. | Richard Levitte | 2002-05-30 | 1 | -1/+1 |
| |