Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | PR: 2909 | Dr. Stephen Henson | 2012-11-18 | 4 | -15/+539 |
| | | | | | | | Contributed by: Florian Weimer <fweimer@redhat.com> Fixes to X509 hostname and email address checking. Wildcard matching support. New test program and manual page. | ||||
* | New functions to check a hostname email or IP address against a | Dr. Stephen Henson | 2012-10-08 | 2 | -0/+140 |
| | | | | | certificate. Add options to s_client, s_server and x509 utilities to print results of checks. | ||||
* | PR: 2696 | Dr. Stephen Henson | 2012-02-23 | 1 | -8/+55 |
| | | | | | | | | Submitted by: Rob Austein <sra@hactrn.net> Fix inverted range problem in RFC3779 code. Thanks to Andrew Chi for generating test cases for this bug. | ||||
* | allow key agreement for SSL/TLS certificates | Dr. Stephen Henson | 2012-01-26 | 1 | -4/+9 |
| | |||||
* | Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577) | Dr. Stephen Henson | 2012-01-04 | 1 | -29/+45 |
| | |||||
* | fix warnings | Dr. Stephen Henson | 2012-01-04 | 1 | -8/+8 |
| | |||||
* | PR: 2482 | Dr. Stephen Henson | 2011-10-09 | 1 | -3/+32 |
| | | | | | | | Submitted by: Rob Austein <sra@hactrn.net> Reviewed by: steve Don't allow inverted ranges in RFC3779 code, discovered by Frank Ellermann. | ||||
* | Change AR to ARX to allow exclusion of fips object modules | Dr. Stephen Henson | 2011-01-26 | 1 | -1/+1 |
| | |||||
* | oops missed an assert | Dr. Stephen Henson | 2011-01-03 | 1 | -1/+1 |
| | |||||
* | PR: 2411 | Dr. Stephen Henson | 2011-01-03 | 2 | -1/+7 |
| | | | | | | | Submitted by: Rob Austein <sra@hactrn.net> Reviewed by: steve Fix corner cases in RFC3779 code. | ||||
* | PR: 2410 | Dr. Stephen Henson | 2011-01-03 | 1 | -14/+13 |
| | | | | | | | Submitted by: Rob Austein <sra@hactrn.net> Reviewed by: steve Use OPENSSL_assert() instead of assert(). | ||||
* | PR: 2295 | Dr. Stephen Henson | 2010-10-11 | 1 | -1/+0 |
| | | | | | | | | Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com> Reviewed by: steve OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code elimination. | ||||
* | Fix warnings. | Ben Laurie | 2010-06-12 | 1 | -2/+1 |
| | |||||
* | PR: 2251 | Dr. Stephen Henson | 2010-05-22 | 1 | -1/+27 |
| | | | | | | | Submitted by: Ger Hobbelt <ger@hobbelt.com> Approved by: steve@openssl.org Memleak, BIO chain leak and realloc checks in v3_pci.c | ||||
* | option to replace extensions with new ones: mainly for creating ↵ | Dr. Stephen Henson | 2010-03-03 | 2 | -4/+5 |
| | | | | cross-certificates | ||||
* | PR: 2183 | Dr. Stephen Henson | 2010-03-03 | 1 | -0/+15 |
| | | | | | | PR#1999 broke fork detection by assuming HAVE_FORK was set for all platforms. Include original HAVE_FORK detection logic while allowing it to be overridden on specific platforms with -DHAVE_FORK=1 or -DHAVE_FORK=0 | ||||
* | Include self-signed flag in certificates by checking SKID/AKID as well | Dr. Stephen Henson | 2010-02-25 | 2 | -4/+10 |
| | | | | | | as issuer and subject names. Although this is an incompatible change it should have little impact in pratice because self-issued certificates that are not self-signed are rarely encountered. | ||||
* | add anyExtendedKeyUsage OID | Dr. Stephen Henson | 2010-02-24 | 2 | -0/+5 |
| | |||||
* | PR: 2057 | Dr. Stephen Henson | 2009-09-30 | 1 | -10/+10 |
| | | | | | | | | Submitted by: Julia Lawall <julia@diku.dk> Approved by: steve@openssl.org Correct BIO_write, BIO_printf, i2a_ASN1_INTEGER and i2a_ASN1_OBJECT error handling in OCSP print routines. | ||||
* | Audit libcrypto for unchecked return values: fix all cases enountered | Dr. Stephen Henson | 2009-09-23 | 1 | -1/+2 |
| | |||||
* | Missing break. | Dr. Stephen Henson | 2009-08-31 | 1 | -0/+1 |
| | |||||
* | Update from 1.0.0-stable | Dr. Stephen Henson | 2009-07-27 | 2 | -22/+22 |
| | |||||
* | Update from 1.0.0-stable. | Dr. Stephen Henson | 2009-05-30 | 1 | -0/+5 |
| | |||||
* | v3_alt.c: otherName parsing fix. | Andy Polyakov | 2009-04-27 | 1 | -0/+1 |
| | | | | Submitted by: Love Hörnquist Åstrand | ||||
* | Updates from 1.0.0-stable branch. | Dr. Stephen Henson | 2009-04-20 | 4 | -9/+9 |
| | |||||
* | Updates from 1.0.0-stable. | Dr. Stephen Henson | 2009-04-15 | 1 | -0/+1 |
| | |||||
* | Update from 1.0.0-stable | Dr. Stephen Henson | 2009-04-08 | 1 | -0/+1 |
| | |||||
* | Updates from 1.0.0-stable | Dr. Stephen Henson | 2009-04-04 | 1 | -0/+1 |
| | |||||
* | Merge from 1.0.0-stable branch. | Dr. Stephen Henson | 2009-04-03 | 1 | -1/+1 |
| | |||||
* | Use OPENSSL_assert() instead of assert. | Dr. Stephen Henson | 2009-03-15 | 1 | -1/+1 |
| | |||||
* | PR: 1864 | Dr. Stephen Henson | 2009-03-14 | 1 | -1/+8 |
| | | | | | | | Submitted by: Ger Hobbelt <ger@hobbelt.com> Reviewed by: steve@openssl.org Check return value. | ||||
* | Update from stable branch. | Dr. Stephen Henson | 2009-03-14 | 1 | -14/+17 |
| | |||||
* | Print IPv6 all 0s correctly (Rob Austein). | Ben Laurie | 2009-03-08 | 1 | -0/+2 |
| | |||||
* | PR: 1835 | Dr. Stephen Henson | 2009-02-14 | 1 | -1/+1 |
| | | | | | | | Submitted by: Damien Miller <djm@mindrot.org> Approved by: steve@openssl.org Fix various typos. | ||||
* | Constify where needed | Richard Levitte | 2008-12-16 | 2 | -4/+4 |
| | |||||
* | Oops should check zero_pos >= 0. | Dr. Stephen Henson | 2008-12-08 | 1 | -1/+1 |
| | |||||
* | Handle case where v6stat.zero_pos == 0 correctly. | Dr. Stephen Henson | 2008-12-07 | 1 | -8/+11 |
| | | | | Reported by: Kurt Roeckx <kurt@roeckx.be>, Tobias Ginzler <ginzler@fgan.de> (Debian bug #506111) | ||||
* | Update from stable branch. | Dr. Stephen Henson | 2008-11-30 | 1 | -1/+2 |
| | |||||
* | Update obsolete email address... | Dr. Stephen Henson | 2008-11-05 | 37 | -37/+37 |
| | |||||
* | Create function of the form OBJ_bsearch_xxx() in bsearch typesafe macros | Dr. Stephen Henson | 2008-10-22 | 2 | -10/+8 |
| | | | | | | | | with the appropriate parameters which calls OBJ_bsearch(). A compiler will typically inline this. This avoids the need for cmp_xxx variables and fixes unchecked const issues with CHECKED_PTR_OF() | ||||
* | Set comparison function in v3_add_canonize(). | Ben Laurie | 2008-10-14 | 1 | -0/+1 |
| | |||||
* | Type-checked (and modern C compliant) OBJ_bsearch. | Ben Laurie | 2008-10-12 | 13 | -113/+152 |
| | |||||
* | Fix build warnings. | Geoff Thorpe | 2008-09-15 | 1 | -2/+2 |
| | |||||
* | Initial support for delta CRLs. If "use deltas" flag is set attempt to find | Dr. Stephen Henson | 2008-09-01 | 3 | -11/+29 |
| | | | | | a delta CRL in addition to a full CRL. Check and search delta in addition to the base. | ||||
* | Add support for CRLs partitioned by reason code. | Dr. Stephen Henson | 2008-08-29 | 3 | -0/+14 |
| | | | | | | Tidy CRL scoring system. Add new CRL path validation error. | ||||
* | Add support for freshest CRL extension. | Dr. Stephen Henson | 2008-08-27 | 2 | -1/+13 |
| | |||||
* | Support for certificateIssuer CRL entry extension. | Dr. Stephen Henson | 2008-08-18 | 2 | -1/+8 |
| | |||||
* | Support for policy mappings extension. | Dr. Stephen Henson | 2008-08-12 | 8 | -106/+263 |
| | | | | | | | | Delete X509_POLICY_REF code. Fix handling of invalid policy extensions to return the correct error. Add command line option to inhibit policy mappings. | ||||
* | Initial support for name constraints certificate extension. | Dr. Stephen Henson | 2008-08-08 | 3 | -2/+290 |
| | | | | TODO: robustness checking on name forms. | ||||
* | Add support for nameRelativeToCRLIssuer field in distribution point name | Dr. Stephen Henson | 2008-08-04 | 3 | -5/+91 |
| | | | | fields. |