aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/asn1/x_crl.c
Commit message (Collapse)AuthorAgeFilesLines
* Move certificate request and CRL routines to x509 dir.Dr. Stephen Henson2015-09-221-506/+0
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Embed various signature algorithms.Dr. Stephen Henson2015-09-171-3/+3
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* X509_CRL_INFO embedDr. Stephen Henson2015-09-161-9/+9
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* make X509_CRL opaqueDr. Stephen Henson2015-09-021-0/+1
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Identify and move common internal libcrypto header filesRichard Levitte2015-05-141-1/+1
| | | | | | | | | | | | | There are header files in crypto/ that are used by a number of crypto/ submodules. Move those to crypto/include/internal and adapt the affected source code and Makefiles. The header files that got moved are: crypto/cryptolib.h crypto/md32_common.h Reviewed-by: Rich Salz <rsalz@openssl.org>
* Use safer sizeof variant in mallocRich Salz2015-05-041-1/+1
| | | | | | | | | | | | | For a local variable: TYPE *p; Allocations like this are "risky": p = OPENSSL_malloc(sizeof(TYPE)); if the type of p changes, and the malloc call isn't updated, you could get memory corruption. Instead do this: p = OPENSSL_malloc(sizeof(*p)); Also fixed a few memset() calls that I noticed while doing this. Reviewed-by: Richard Levitte <levitte@openssl.org>
* free NULL cleanup -- codaRich Salz2015-05-011-4/+2
| | | | | | | | After the finale, the "real" final part. :) Do a recursive grep with "-B1 -w [a-zA-Z0-9_]*_free" to see if any of the preceeding lines are an "if NULL" check that can be removed. Reviewed-by: Tim Hudson <tjh@openssl.org>
* make X509_EXTENSION opaqueDr. Stephen Henson2015-03-231-4/+4
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Remove obsolete IMPLEMENT_ASN1_SET_OFDr. Stephen Henson2015-02-091-4/+0
| | | | Reviewed-by: Andy Polyakov <appro@openssl.org>
* util/mkstack.pl now generates entire safestack.hRich Salz2015-02-061-4/+0
| | | | | | | | | The mkstack.pl script now generates the entire safestack.h file. It generates output that follows the coding style. Also, removed all instances of the obsolete IMPLEMENT_STACK_OF macro. Reviewed-by: Andy Polyakov <appro@openssl.org>
* OPENSSL_NO_xxx cleanup: SHARich Salz2015-01-271-2/+0
| | | | | | | | | | | | | | | Remove support for SHA0 and DSS0 (they were broken), and remove the ability to attempt to build without SHA (it didn't work). For simplicity, remove the option of not building various SHA algorithms; you could argue that SHA_224/256/384/512 should be kept, since they're like crypto algorithms, but I decided to go the other way. So these options are gone: GENUINE_DSA OPENSSL_NO_SHA0 OPENSSL_NO_SHA OPENSSL_NO_SHA1 OPENSSL_NO_SHA224 OPENSSL_NO_SHA256 OPENSSL_NO_SHA384 OPENSSL_NO_SHA512 Reviewed-by: Richard Levitte <levitte@openssl.org>
* Rerun util/openssl-format-source -v -c .master-post-auto-reformatMatt Caswell2015-01-221-0/+3
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Run util/openssl-format-source -v -c .Matt Caswell2015-01-221-399/+384
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Tolerate critical AKID in CRLs.Dr. Stephen Henson2014-06-271-0/+1
| | | | PR#3014
* initial support for delta CRL generations by diffing two full CRLsDr. Stephen Henson2012-12-041-0/+1
|
* Support routines for ASN1 scanning function, doesn't do much yet.Dr. Stephen Henson2010-12-131-1/+1
|
* Initial support for delta CRLs. If "use deltas" flag is set attempt to findDr. Stephen Henson2008-09-011-4/+40
| | | | | a delta CRL in addition to a full CRL. Check and search delta in addition to the base.
* Add support for CRLs partitioned by reason code.Dr. Stephen Henson2008-08-291-0/+2
| | | | | | Tidy CRL scoring system. Add new CRL path validation error.
* Initial indirect CRL support.Dr. Stephen Henson2008-08-201-12/+130
|
* Add support for nameRelativeToCRLIssuer field in distribution point nameDr. Stephen Henson2008-08-041-0/+2
| | | | fields.
* Change safestack reimplementation to match 0.9.8.Dr. Stephen Henson2007-09-071-1/+1
| | | | Fix additional gcc 4.2 value not used warnings.
* Place standard CRL behaviour in default X509_CRL_METHOD new functions toDr. Stephen Henson2006-10-031-9/+84
| | | | create, free and set default CRL method.
* Do CRL method init after other operations.Dr. Stephen Henson2006-09-211-2/+2
|
* Tidy up CRL handling by checking for critical extensions when it isDr. Stephen Henson2006-09-211-0/+71
| | | | | | | | loaded. Add new function X509_CRL_get0_by_serial() to lookup a revoked entry to avoid the need to access the structure directly. Add new X509_CRL_METHOD to allow common CRL operations (verify, lookup) to be redirected.
* Add verify callback functions to lookup a STACK of matching certs or CRLsDr. Stephen Henson2006-09-101-0/+46
| | | | | | | | based on subject name. New thread safe functions to retrieve matching STACK from X509_STORE. Cache some IDP components.
* Cache some CRL related extensions.Dr. Stephen Henson2006-07-241-1/+37
|
* Oops :-)Dr. Stephen Henson2005-10-021-17/+0
|
* Make OPENSSL_NO_COMP compile again.Dr. Stephen Henson2005-09-301-0/+17
|
* Extend callback function to support print customization.Dr. Stephen Henson2005-09-011-1/+2
|
* Automatically mark the CRL cached encoding as invalid when some operationsDr. Stephen Henson2004-12-091-0/+1
| | | | are performed.
* Fix race condition when CRL checking is enabled.Dr. Stephen Henson2004-10-041-31/+8
|
* More linker bloat reorganisation:Dr. Stephen Henson2001-07-271-0/+1
| | | | | | | | | | | | | | | | | | | | | Split private key PEM and normal PEM handling. Private key handling needs to link in stuff like PKCS#8. Relocate the ASN1 *_dup() functions, to the relevant ASN1 modules using new macro IMPLEMENT_ASN1_DUP_FUNCTION. Previously these were all in crypto/x509/x_all.c along with every ASN1 BIO/fp function which linked in *every* ASN1 function if a single dup was used. Move the authority key id ASN1 structure to a separate file. This is used in the X509 routines and its previous location linked in all the v3 extension code. Also move ASN1_tag2bit to avoid linking in a_bytes.c which is now largely obsolete. So far under Linux stripped binary with single PEM_read_X509 is now 238K compared to 380K before these changes.
* Get rid of ASN1_ITEM_FUNCTIONS dummy functionDr. Stephen Henson2001-02-231-3/+3
| | | | | | prototype hack. This unfortunately means that every ASN1_*_END construct cannot have a trailing ;
* Merge from the ASN1 branch of new ASN1 codeDr. Stephen Henson2000-12-081-258/+71
| | | | | | to main trunk. Lets see if the makes it to openssl-cvs :-)
* There have been a number of complaints from a number of sources that namesRichard Levitte2000-06-011-3/+3
| | | | | | | | | like Malloc, Realloc and especially Free conflict with already existing names on some operating systems or other packages. That is reason enough to change the names of the OpenSSL memory allocation macros to something that has a better chance of being unique, like prepending them with OPENSSL_. This change includes all the name changes needed throughout all C files.
* The previous commit to crypto/stack/*.[ch] pulled the type-safety stringsGeoff Thorpe2000-06-011-5/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | yet tighter, and also put some heat on the rest of the library by insisting (correctly) that compare callbacks used in stacks are prototyped with "const" parameters. This has led to a depth-first explosion of compiler warnings in the code where 1 constification has led to 3 or 4 more. Fortunately these have all been resolved to completion and the code seems cleaner as a result - in particular many of the _cmp() functions should have been prototyped with "const"s, and now are. There was one little problem however; X509_cmp() should by rights compare "const X509 *" pointers, and it is now declared as such. However, it's internal workings can involve recalculating hash values and extensions if they have not already been setup. Someone with a more intricate understanding of the flow control of X509 might be able to tighten this up, but for now - this seemed the obvious place to stop the "depth-first" constification of the code by using an evil cast (they have migrated all the way here from safestack.h). Fortunately, this is the only place in the code where this was required to complete these type-safety changes, and it's reasonably clear and commented, and seemed the least unacceptable of the options. Trying to take the constification further ends up exploding out considerably, and indeed leads directly into generalised ASN functions which are not likely to cooperate well with this.
* Fix CRL encoding bug.Dr. Stephen Henson2000-01-291-9/+5
|
* Replace the macros in asn1.h with function equivalents. Also make UTF8StringsDr. Stephen Henson1999-10-201-11/+11
| | | | tolerated in certificates.
* Various CRL enhancements tidies and workaround for broken CRLs.Dr. Stephen Henson1999-09-181-12/+9
|
* Move stack implementations to more natural places.Ben Laurie1999-06-021-0/+2
|
* Another safe stack.Ben Laurie1999-05-301-13/+21
|
* Yet another stack.Ben Laurie1999-05-021-19/+25
|
* Remove NOPROTO-related macros.Ulf Möller1999-04-261-1/+1
|
* Remove NOPROTO definitions and error code comments.Ulf Möller1999-04-261-15/+0
|
* Change #include filenames from <foo.h> to <openssl.h>.Bodo Möller1999-04-231-2/+2
| | | | | | Submitted by: Reviewed by: PR:
* Change functions to ANSI C.Ulf Möller1999-04-191-34/+16
|
* Correct bracketing error.Ben Laurie1999-01-211-5/+5
|
* Continued patches so certificates and CRLs now can support and useDr. Stephen Henson1999-01-201-7/+17
| | | | GeneralizedTime.
* Fix incorrect DER encoding of SETs and all knock-ons from that.Ben Laurie1998-12-291-6/+6
|
* Import of old SSLeay release: SSLeay 0.9.1b (unreleased)Ralf S. Engelschall1998-12-211-9/+13
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-11 13:19:57 +0000