aboutsummaryrefslogtreecommitdiffstats
path: root/apps
Commit message (Collapse)AuthorAgeFilesLines
* Check that the obtained public key is validMatt Caswell2016-05-191-0/+4
| | | | | | | | | In the X509 app check that the obtained public key is valid before we attempt to use it. Issue reported by Yuan Jochen Kang. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Make it possible to have RFC2254 escapes with ASN1_STRING_print_ex()Richard Levitte2016-05-181-0/+1
| | | | | | | | Also adds 'esc_2254' to the possible command line name options RT#1466 Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix ts app help messageFdaSilvaYY2016-05-181-2/+2
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Locally declare some variablesFdaSilvaYY2016-05-182-6/+5
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Few cleanups in s_client, s_server apps.FdaSilvaYY2016-05-183-36/+26
| | | | | | | | | Discard useless static engine_id Add a const qualifier Fix some spelling Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* X509_STORE_CTX accessors.Rich Salz2016-05-172-4/+4
| | | | | | | Add some functions that were missing when a number of X509 objects became opaque (thanks, Roumen!) Reviewed-by: Richard Levitte <levitte@openssl.org>
* Copyright consolidation 01/10Rich Salz2016-05-1758-3766/+342
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
* Fix typos in apps/enc.cKurt Cancemi2016-05-171-2/+2
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Use OPENSSL_hexchar2intRich Salz2016-05-161-7/+4
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Use app_malloc; two missing cases.Rich Salz2016-05-162-2/+2
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* Don't load same config file twice.Dr. Stephen Henson2016-05-164-4/+4
| | | | | | RT#4215 Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix signer option and support format SMIME.Dr. Stephen Henson2016-05-134-10/+13
| | | | | | | | | | | | Fix -signer option in smime utility to output signer certificates when verifying. Add support for format SMIME for -inform and -outform with cms and smime utilities. PR#4215 Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Fix uninitialized variableRich Salz2016-05-121-1/+1
| | | | Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* Correctly check for trailing digest options.Dr. Stephen Henson2016-05-121-1/+11
| | | | | | | | | | Multiple digest options to the ocsp utility are allowed: e.g. to use different digests for different certificate IDs. A digest option without a following certificate is however illegal. RT#4215 Reviewed-by: Rich Salz <rsalz@openssl.org>
* Restore support for ENGINE format keys in apps.Dr. Stephen Henson2016-05-123-9/+22
| | | | | | RT#4207 Reviewed-by: Tim Hudson <tjh@openssl.org>
* Don't leak memory if realloc fails.Dr. Stephen Henson2016-05-122-9/+12
| | | | | | RT#4403 Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Update pkcs8 defaults.Dr. Stephen Henson2016-05-111-2/+4
| | | | | | | | Update pkcs8 utility to use 256 bit AES using SHA256 by default. Update documentation. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Add -signcert to CA.pl usage message.Dr. Stephen Henson2016-05-111-1/+1
| | | | | | RT#4256 Reviewed-by: Matt Caswell <matt@openssl.org>
* Add a couple of checks to prime app.Dr. Stephen Henson2016-05-101-0/+8
| | | | | | RT#4402 Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add -srp option to ciphers command.Dr. Stephen Henson2016-05-101-0/+21
| | | | | | RT#4224 Reviewed-by: Richard Levitte <levitte@openssl.org>
* IRIX fixes.Andy Polyakov2016-05-101-0/+3
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix: failed to open config file if not specified when using CA commandsHansruedi Patzen2016-05-091-12/+5
| | | | | | | | | | | | | Issue was introduced in https://github.com/openssl/openssl/commit/a0a82324f965bbcc4faed4e1ee3fcaf81ea52166 This patch fixes an issue which causes the 'openssl ca' commands to fail if '-config' is not specified even if it says so otherwise. Problem is that the default config is not loaded and the conf variable is NULL which causes an exception. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix error in the loop of ECDHAndrea Grandi2016-05-091-14/+14
| | | | | | | | The tests was incorrectly repeated multiple times when using the async_jobs options Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* fix tab-space mixed indentationFdaSilvaYY2016-05-092-4/+4
| | | | | | | No code change Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Handle no async jobs in libsslMatt Caswell2016-05-052-0/+13
| | | | | | | | | | If the application has limited the size of the async pool using ASYNC_init_thread() then we could run out of jobs while trying to start a libssl io operation. However libssl was failing to handle this and treating it like a fatal error. It should not be fatal...we just need to retry when there are jobs available again. Reviewed-by: Richard Levitte <levitte@openssl.org>
* remove unused macros in list -disabledJ Mohan Rao Arisankala2016-05-051-6/+0
| | | | | | | | | | list -disabled was checking OPENSSL_NO_SSL/OPENSSL_NO_TLS, which are not used to disable SSL/TLS respectively. Building with these macros wrongly show as SSL/TLS disabled, hence removing this code. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Check return of PEM_write_* functions and report possible errorsRichard Levitte2016-05-041-4/+5
| | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1025)
* GH932: Add more help messages to some apps options.FdaSilvaYY2016-05-0413-32/+33
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* Remove stale errors from early connection attempts in a clientMatt Caswell2016-05-041-0/+2
| | | | | | | | | | | The init_client() function in the apps sets up the client connection. It may try multiple addresses until it finds one that works. We should clear the error queue if we eventually get a successful connection because otherwise we get stale errors hanging around. This can cause problems in subsequent calls to SSL_get_error(), i.e. non-fatal NBIO events appear as fatal. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Update Diffie-Hellman parameters to IANA standardsChristian Bundy2016-05-033-31/+34
| | | | | | | | | This replaces the old SKIP primes with the most current Diffie-Hellman MODP groups defined by RFC 7296 and RFC 3526. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from GitHub https://github.com/openssl/openssl/pull/775)
* Don't use an uninitialised variable in srp applicationMatt Caswell2016-04-291-2/+1
| | | | | | | | | | | The srp application created an uninitialised DB_ATTR object and then passed it to the load_index function which attempted to read it. A DB_ATTR object only contains a single field called "unique_subject". AFAICT this attribute is unused in the SRP case, and therefore it would be better to pass a NULL DB_ATTR to load_index (which handles that case gracefully). Reviewed-by: Rich Salz <rsalz@openssl.org>
* Check for a NULL return value from a call to X509_STORE_CTX_new()Matt Caswell2016-04-291-1/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix building with -DCHARSET_EBCDICMatt Caswell2016-04-291-39/+54
| | | | | | | Building with -DCHARSET_EBCDIC and using --strict-warnings resulted in lots of miscellaneous errors. This fixes it. Reviewed-by: Andy Polyakov <appro@openssl.org>
* make updateRichard Levitte2016-04-291-2/+0
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* apps/progs.pl: don't make digests disablable by defaultRichard Levitte2016-04-291-1/+1
| | | | | | Some digest algorithms can't be disabled, don't pretend they can. Reviewed-by: Matt Caswell <matt@openssl.org>
* various spelling fixesFdaSilvaYY2016-04-281-2/+2
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/952)
* Fix no-engine no-ui.Ben Laurie2016-04-271-0/+2
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix passwd seg faultMatt Caswell2016-04-271-0/+1
| | | | | | | Passing the -stdin arg to the passwd command line app *and* supply a password on the command line causes a seg fault. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Remove the never-functional no-sctBenjamin Kaduk2016-04-261-3/+0
| | | | | | | | | | | | It was added as part of 2df84dd3299ff25fa078ca7ffbdeaac65b361feb but has never actually been used for anything; presumably it was a typo for one of SCTP or CT. This removes the last '??' entry from INSTALL. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* Remove some OPENSSL_NO_SHA that snuck inBenjamin Kaduk2016-04-262-15/+0
| | | | | | | | | | | | | | Commit d064e6ab52ac8e7b80b2a5d11b31bca583b769c7 removed all the OPENSSL_NO_SHA guards, but commit a50ad1daaa68c109ea1a14225a7aba8660526101 regenerated some due to the sha entries in the %md_disabler table in apps/progs.pl. Update %md_disabler to reflect that sha is not disableable, and remove OPENSSL_NO_SHA for good. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix NULL deref in apps/pkcs7Rich Salz2016-04-251-4/+8
| | | | | | Thanks to Brian Carpenter for finding and reporting this. Reviewed-by: Emilia Käsper <emilia@openssl.org>
* Fix no-ocsp on Windows (and probably VMS)Matt Caswell2016-04-211-0/+1
| | | | | | | | | The ocsp.h file did not have appropriate guards causing link failures on Windows. GH Issue 900 Reviewed-by: Richard Levitte <levitte@openssl.org>
* Remove some unneccessary assignments to argcMatt Caswell2016-04-212-4/+2
| | | | | | | openssl.c and ts.c assign the value of opt_num_rest() to argc, but then only use the value once. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Remove some unused argc assignmentsMatt Caswell2016-04-212-2/+0
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add missing return value check in pkcs8 appMatt Caswell2016-04-211-1/+4
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add missing return value checksMatt Caswell2016-04-211-3/+14
| | | | | | Also correct the return value from the the "prime" application Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix missing break in option parsingMatt Caswell2016-04-211-0/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Remove some dead codeMatt Caswell2016-04-211-4/+0
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix some code maintenance issuesMatt Caswell2016-04-215-5/+1
| | | | | | Various instances of variables being written to, but then never read. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Update copyright; generated files.Rich Salz2016-04-201-6/+7
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-04 20:53:56 +0000