aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/x509v3
Commit message (Collapse)AuthorAgeFilesLines
* PR: 2909Dr. Stephen Henson2012-11-184-15/+539
| | | | | | | Contributed by: Florian Weimer <fweimer@redhat.com> Fixes to X509 hostname and email address checking. Wildcard matching support. New test program and manual page.
* New functions to check a hostname email or IP address against aDr. Stephen Henson2012-10-082-0/+140
| | | | | certificate. Add options to s_client, s_server and x509 utilities to print results of checks.
* PR: 2696Dr. Stephen Henson2012-02-231-8/+55
| | | | | | | | Submitted by: Rob Austein <sra@hactrn.net> Fix inverted range problem in RFC3779 code. Thanks to Andrew Chi for generating test cases for this bug.
* allow key agreement for SSL/TLS certificatesDr. Stephen Henson2012-01-261-4/+9
|
* Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577)Dr. Stephen Henson2012-01-041-29/+45
|
* fix warningsDr. Stephen Henson2012-01-041-8/+8
|
* PR: 2482Dr. Stephen Henson2011-10-091-3/+32
| | | | | | | Submitted by: Rob Austein <sra@hactrn.net> Reviewed by: steve Don't allow inverted ranges in RFC3779 code, discovered by Frank Ellermann.
* Change AR to ARX to allow exclusion of fips object modulesDr. Stephen Henson2011-01-261-1/+1
|
* oops missed an assertDr. Stephen Henson2011-01-031-1/+1
|
* PR: 2411Dr. Stephen Henson2011-01-032-1/+7
| | | | | | | Submitted by: Rob Austein <sra@hactrn.net> Reviewed by: steve Fix corner cases in RFC3779 code.
* PR: 2410Dr. Stephen Henson2011-01-031-14/+13
| | | | | | | Submitted by: Rob Austein <sra@hactrn.net> Reviewed by: steve Use OPENSSL_assert() instead of assert().
* PR: 2295Dr. Stephen Henson2010-10-111-1/+0
| | | | | | | | Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com> Reviewed by: steve OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code elimination.
* Fix warnings.Ben Laurie2010-06-121-2/+1
|
* PR: 2251Dr. Stephen Henson2010-05-221-1/+27
| | | | | | | Submitted by: Ger Hobbelt <ger@hobbelt.com> Approved by: steve@openssl.org Memleak, BIO chain leak and realloc checks in v3_pci.c
* option to replace extensions with new ones: mainly for creating ↵Dr. Stephen Henson2010-03-032-4/+5
| | | | cross-certificates
* PR: 2183Dr. Stephen Henson2010-03-031-0/+15
| | | | | | PR#1999 broke fork detection by assuming HAVE_FORK was set for all platforms. Include original HAVE_FORK detection logic while allowing it to be overridden on specific platforms with -DHAVE_FORK=1 or -DHAVE_FORK=0
* Include self-signed flag in certificates by checking SKID/AKID as wellDr. Stephen Henson2010-02-252-4/+10
| | | | | | as issuer and subject names. Although this is an incompatible change it should have little impact in pratice because self-issued certificates that are not self-signed are rarely encountered.
* add anyExtendedKeyUsage OIDDr. Stephen Henson2010-02-242-0/+5
|
* PR: 2057Dr. Stephen Henson2009-09-301-10/+10
| | | | | | | | Submitted by: Julia Lawall <julia@diku.dk> Approved by: steve@openssl.org Correct BIO_write, BIO_printf, i2a_ASN1_INTEGER and i2a_ASN1_OBJECT error handling in OCSP print routines.
* Audit libcrypto for unchecked return values: fix all cases enounteredDr. Stephen Henson2009-09-231-1/+2
|
* Missing break.Dr. Stephen Henson2009-08-311-0/+1
|
* Update from 1.0.0-stableDr. Stephen Henson2009-07-272-22/+22
|
* Update from 1.0.0-stable.Dr. Stephen Henson2009-05-301-0/+5
|
* v3_alt.c: otherName parsing fix.Andy Polyakov2009-04-271-0/+1
| | | | Submitted by: Love Hörnquist Åstrand
* Updates from 1.0.0-stable branch.Dr. Stephen Henson2009-04-204-9/+9
|
* Updates from 1.0.0-stable.Dr. Stephen Henson2009-04-151-0/+1
|
* Update from 1.0.0-stableDr. Stephen Henson2009-04-081-0/+1
|
* Updates from 1.0.0-stableDr. Stephen Henson2009-04-041-0/+1
|
* Merge from 1.0.0-stable branch.Dr. Stephen Henson2009-04-031-1/+1
|
* Use OPENSSL_assert() instead of assert.Dr. Stephen Henson2009-03-151-1/+1
|
* PR: 1864Dr. Stephen Henson2009-03-141-1/+8
| | | | | | | Submitted by: Ger Hobbelt <ger@hobbelt.com> Reviewed by: steve@openssl.org Check return value.
* Update from stable branch.Dr. Stephen Henson2009-03-141-14/+17
|
* Print IPv6 all 0s correctly (Rob Austein).Ben Laurie2009-03-081-0/+2
|
* PR: 1835Dr. Stephen Henson2009-02-141-1/+1
| | | | | | | Submitted by: Damien Miller <djm@mindrot.org> Approved by: steve@openssl.org Fix various typos.
* Constify where neededRichard Levitte2008-12-162-4/+4
|
* Oops should check zero_pos >= 0.Dr. Stephen Henson2008-12-081-1/+1
|
* Handle case where v6stat.zero_pos == 0 correctly.Dr. Stephen Henson2008-12-071-8/+11
| | | | Reported by: Kurt Roeckx <kurt@roeckx.be>, Tobias Ginzler <ginzler@fgan.de> (Debian bug #506111)
* Update from stable branch.Dr. Stephen Henson2008-11-301-1/+2
|
* Update obsolete email address...Dr. Stephen Henson2008-11-0537-37/+37
|
* Create function of the form OBJ_bsearch_xxx() in bsearch typesafe macrosDr. Stephen Henson2008-10-222-10/+8
| | | | | | | | with the appropriate parameters which calls OBJ_bsearch(). A compiler will typically inline this. This avoids the need for cmp_xxx variables and fixes unchecked const issues with CHECKED_PTR_OF()
* Set comparison function in v3_add_canonize().Ben Laurie2008-10-141-0/+1
|
* Type-checked (and modern C compliant) OBJ_bsearch.Ben Laurie2008-10-1213-113/+152
|
* Fix build warnings.Geoff Thorpe2008-09-151-2/+2
|
* Initial support for delta CRLs. If "use deltas" flag is set attempt to findDr. Stephen Henson2008-09-013-11/+29
| | | | | a delta CRL in addition to a full CRL. Check and search delta in addition to the base.
* Add support for CRLs partitioned by reason code.Dr. Stephen Henson2008-08-293-0/+14
| | | | | | Tidy CRL scoring system. Add new CRL path validation error.
* Add support for freshest CRL extension.Dr. Stephen Henson2008-08-272-1/+13
|
* Support for certificateIssuer CRL entry extension.Dr. Stephen Henson2008-08-182-1/+8
|
* Support for policy mappings extension.Dr. Stephen Henson2008-08-128-106/+263
| | | | | | | | Delete X509_POLICY_REF code. Fix handling of invalid policy extensions to return the correct error. Add command line option to inhibit policy mappings.
* Initial support for name constraints certificate extension.Dr. Stephen Henson2008-08-083-2/+290
| | | | TODO: robustness checking on name forms.
* Add support for nameRelativeToCRLIssuer field in distribution point nameDr. Stephen Henson2008-08-043-5/+91
| | | | fields.
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-22 01:39:55 +0000