| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
(Latin for "comments", anyone?)
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Split private key PEM and normal PEM handling. Private key
handling needs to link in stuff like PKCS#8.
Relocate the ASN1 *_dup() functions, to the relevant ASN1
modules using new macro IMPLEMENT_ASN1_DUP_FUNCTION. Previously
these were all in crypto/x509/x_all.c along with every ASN1
BIO/fp function which linked in *every* ASN1 function if
a single dup was used.
Move the authority key id ASN1 structure to a separate file.
This is used in the X509 routines and its previous location
linked in all the v3 extension code.
Also move ASN1_tag2bit to avoid linking in a_bytes.c which
is now largely obsolete.
So far under Linux stripped binary with single PEM_read_X509
is now 238K compared to 380K before these changes.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SSL according to RFC 2712. His comment is:
This is a patch to openssl-SNAP-20010702 to support Kerberized SSL
authentication. I'm expecting to have the full kssl-0.5 kit up on
sourceforge by the end of the week. The full kit includes patches
for mod-ssl, apache, and a few text clients. The sourceforge URL
is http://sourceforge.net/projects/kssl/ .
Thanks to a note from Simon Wilkinson I've replaced my KRB5 AP_REQ
message with a real KerberosWrapper struct. I think this is fully
RFC 2712 compliant now, including support for the optional
authenticator field. I also added openssl-style ASN.1 macros for
a few Kerberos structs; see crypto/krb5/ if you're interested.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
applications to use EVP. Add missing calls to HMAC_cleanup() and
don't assume HMAC_CTX can be copied using memcpy().
Note: this is almost identical to the patch submitted to openssl-dev
by Verdon Walker <VWalker@novell.com> except some redundant
EVP_add_digest_()/EVP_cleanup() calls were removed and some changes
made to avoid compiler warnings.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
as gmtime_r() on the systems where that is defined.
|
| |
|
|
| |
Various S/MIME DSA related fixes.
|
| | |
|
| |
|
|
|
| |
(we don't have an ASN1_TEMPLATE to complain about at this stage,
so errtt == NULL should be OK)
|
| |
|
|
|
|
| |
combine in CHOICE options.
This was causing d2i_DSAPublicKey() to misbehave.
|
| |
|
|
|
|
|
|
|
|
|
| |
the 'ca' utility. This can now be extensively
customised in the configuration file and handles
multibyte strings and extensions properly.
This is required when extensions copying from
certificate requests is supported: the user
must be able to view the extensions before
allowing a certificate to be issued.
|
| |
|
|
|
|
|
| |
Add no_issuer option.
Fix X509_print_ex() so it prints out newlines when
certain fields are omitted.
|
| |
|
|
|
|
| |
errors can be tolerated, hide the error from 'make'.
This gives shorter output both if ranlib fails and if
it works.
|
| | |
|
| |
|
|
|
|
| |
(It cannot possibly help to avoid duplicate 'name of file' strings
in object files because the preprocessor does not work at object file
level.)
|
| |
|
|
|
|
|
|
|
|
| |
sets the subject name for a new request or supersedes the
subject name in a given request.
Add options '-batch' and '-verbose' to 'openssl req'.
Submitted by: Massimiliano Pala <madwolf@hackmasters.net>
Reviewed by: Bodo Moeller
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
functions on platform were that's the best way to handle exporting
global variables in shared libraries. To enable this functionality,
one must configure with "EXPORT_VAR_AS_FN" or defined the C macro
"OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter
is normally done by Configure or something similar).
To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL
in the source file (foo.c) like this:
OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1;
OPENSSL_IMPLEMENT_GLOBAL(double,bar);
To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL
and OPENSSL_GLOBAL_REF in the header file (foo.h) like this:
OPENSSL_DECLARE_GLOBAL(int,foo);
#define foo OPENSSL_GLOBAL_REF(foo)
OPENSSL_DECLARE_GLOBAL(double,bar);
#define bar OPENSSL_GLOBAL_REF(bar)
The #defines are very important, and therefore so is including the
header file everywere where the defined globals are used.
The macro OPENSSL_EXPORT_VAR_AS_FUNCTION also affects the definition
of ASN.1 items, but that structure is a bt different.
The largest change is in util/mkdef.pl which has been enhanced with
better and easier to understand logic to choose which symbols should
go into the Windows .def files as well as a number of fixes and code
cleanup (among others, algorithm keywords are now sorted
lexicographically to avoid constant rewrites).
|
| |
|
|
|
| |
Note that all *_it variables are suddenly non-existant according to
libeay.num. This is a bug that will be corrected. Please be patient.
|
| |
|
|
| |
the errant field for more ASN1 error conditions.
|
| |
|
|
| |
algorithms.
|
| |
|
|
|
|
| |
prototype hack. This unfortunately means that
every ASN1_*_END construct cannot have a
trailing ;
|
| |
|
|
|
|
|
|
| |
change the way ASN1 modules are exported.
Still needs a bit of work for example the hack which a
dummy function prototype to avoid compilers warning about
multiple ;s.
|
| |
|
|
|
|
|
|
| |
and make all files the depend on it include it without prefixing it
with openssl/.
This means that all Makefiles will have $(TOP) as one of the include
directories.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
get a chance to be defined.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
missed any.
This compiles and runs on Linux, and external applications have no
problems with it. The definite test will be to build this on VMS.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.
I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
|
| |
|
|
|
|
|
|
| |
Add revelant new X509V3 extensions.
Add OIDs.
Fix ASN1 memory leak code to pop info if external allocation used.
|
| |
|
|
|
|
|
| |
Make ca.c correctly initialize the revocation date.
Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string() set the
string type: so they can initialize ASN1_TIME structures properly.
|
| |
|
|
|
|
|
|
| |
Fix warning in apps/engine.c
Remove definitions of deleted functions.
Add missing definition of X509_VAL.
|
| |
|
|
| |
memory.h (which is not).
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Add protoype for OCSP_response_create().
Add OCSP_request_sign() and OCSP_basic_sign()
private key and certificate checks and make
OCSP_NOCERTS consistent with PKCS7_NOCERTS
|
| |
|
|
|
|
| |
Delete obsolete OCSP functions.
Largely untested at present...
|
| | |
|
| |
|
|
|
|
| |
Fix PKCS7 and PKCS12 memory leaks.
Initialise encapsulated content type properly.
|
| |
|
|
| |
Enhance s2i_ASN1_INTEGER().
|
| |
|
|
|
|
|
|
|
|
|
| |
invalid format in OCSP request signatures.
Add spaces to OCSP HTTP header.
Change X509_NAME_set() there's no reason
why it should return an error if the
destination points to NULL... though it
should if the destination is NULL.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Set correct type in ASN1_STRING for
INTEGER and ENUMERATED types.
Make ASN1_INTEGER_get() and ASN1_ENUMERATED_get()
return -1 for invalid type rather than 0 (which is
often valid). -1 may also be valid but this is less
likely.
Load OCSP error strings in ERR_load_crypto_strings().
|
