mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-03 05:41:46 +08:00
Code Issues Packages Projects Releases Wiki Activity
11,191 Commits 33 Branches 385 Tags 507 MiB
11e2957d5f
Commit Graph

1532 Commits

Author SHA1 Message Date
Dr. Stephen Henson
91f0828c95 fix no SIGALRM case in speed.c 2010-11-18 13:22:53 +00:00
Dr. Stephen Henson
f7d2f17a07 add TLS v1.1 options to s_server 2010-11-16 14:16:00 +00:00
Dr. Stephen Henson
838ea7f824 PR: 2366 
Submitted by: Damien Miller <djm@mindrot.org>
Reviewed by: steve

Stop pkeyutl crashing if some arguments are missing. Also make str2fmt
tolerate NULL parameter.
 2010-11-11 14:42:50 +00:00
Ben Laurie
bf48836c7c Fixes to NPN from Adam Langley. 2010-09-05 17:14:01 +00:00
Bodo Möller
7c2d4fee25 For better forward-security support, add functions 
SSL_[CTX_]set_not_resumable_session_callback.

Submitted by: Emilia Kasper (Google)

[A part of this change affecting ssl/s3_lib.c was accidentally commited
separately, together with a compilation fix for that file;
see s3_lib.c CVS revision 1.133 (http://cvs.openssl.org/chngview?cn=19855).]
 2010-08-26 15:15:47 +00:00
Ben Laurie
ee2ffc2794 Add Next Protocol Negotiation. 2010-07-28 10:06:55 +00:00
Ben Laurie
3c530fef67 Sign mismatch. 2010-07-27 16:57:05 +00:00
Andy Polyakov
6acb4ff389 gcm128.c: API modification and readability improvements, 
add ghash benchmark to apps/speed.c.
 2010-07-09 14:10:51 +00:00
Dr. Stephen Henson
dc53a037b0 i variable is used on some platforms 2010-07-05 11:05:24 +00:00
Ben Laurie
c8bbd98a2b Fix warnings. 2010-06-12 14:13:23 +00:00
Dr. Stephen Henson
4e96633ac7 PR: 2262 
Submitted By: Victor Wagner <vitus@cryptocom.ru>

Fix error reporting in load_key function.
 2010-05-27 14:09:03 +00:00
Dr. Stephen Henson
acf635b9b2 oops, revert test patch 2010-05-15 00:35:39 +00:00
Dr. Stephen Henson
19674b5a1d PR: 2253 
Submitted By: Ger Hobbelt <ger@hobbelt.com>

Check callback return value when outputting errors.
 2010-05-15 00:34:06 +00:00
Dr. Stephen Henson
00a37b5a9b PR: 2220 
Fixes to make OpenSSL compile with no-rc4
 2010-04-06 11:18:59 +00:00
Dr. Stephen Henson
624fbfcadb free up sigopts STACK 2010-03-14 13:09:00 +00:00
Dr. Stephen Henson
510777f2fc clear bogus errors in ca utility 2010-03-14 13:07:48 +00:00
Dr. Stephen Henson
4c623cddbe add -sigopt option to ca utility 2010-03-14 12:54:45 +00:00
Dr. Stephen Henson
cdb182b55a new sigopt and PSS support for req and x509 utilities 2010-03-12 14:41:00 +00:00
Dr. Stephen Henson
77163b6234 don't leave bogus errors in the queue 2010-03-10 13:48:09 +00:00
Dr. Stephen Henson
bea29921a8 oops 2010-03-07 16:41:54 +00:00
Dr. Stephen Henson
7ed485bc9f The OID sanity check was incorrect. It should only disallow *leading* 0x80 
values.
 2010-03-07 16:40:05 +00:00
Dr. Stephen Henson
bb845ee044 Add -engine_impl option to dgst which will use an implementation of 
an algorithm from the supplied engine instead of just the default one.
 2010-03-05 13:28:21 +00:00
Dr. Stephen Henson
ebaa2cf5b2 PR: 2183 
PR#1999 broke fork detection by assuming HAVE_FORK was set for all platforms.
Include original HAVE_FORK detection logic while allowing it to be
overridden on specific platforms with -DHAVE_FORK=1 or -DHAVE_FORK=0
 2010-03-03 19:56:34 +00:00
Dr. Stephen Henson
a05b8d0ede use supplied ENGINE in genrsa 2010-03-01 14:22:21 +00:00
Dr. Stephen Henson
40c5eaeeec oops, revert verify.c change 2010-02-27 23:03:26 +00:00
Dr. Stephen Henson
c1ca9d3238 Add Kerberos fix which was in 0.9.8-stable but never committed to HEAD and 
1.0.0. Original fix was on 2007-Mar-09 and had the log message: "Fix kerberos
ciphersuite bugs introduced with PR:1336."
 2010-02-27 23:02:41 +00:00
Dr. Stephen Henson
48435b2098 include TVS 1.1 version string 2010-02-26 19:38:33 +00:00
Dr. Stephen Henson
db28aa86e0 add -trusted_first option and verify flag 2010-02-25 12:21:48 +00:00
Dr. Stephen Henson
04e4b82726 allow setting of verify names in command line utilities and print out verify names in verify utility 2010-02-25 00:11:32 +00:00
Dr. Stephen Henson
5a9e3f05ff PR: 2170 
Submitted by: Magnus Lilja <lilja.magnus@gmail.com>

Make -c option in dgst work again.
 2010-02-12 17:07:16 +00:00
Dr. Stephen Henson
17ebc10ffa PR: 2161 
Submitted by: Doug Goldstein <cardoe@gentoo.org>, Steve.

Make no-dsa, no-ecdsa and no-rsa compile again.
 2010-02-02 13:35:27 +00:00
Dr. Stephen Henson
08c239701b Experimental renegotiation support in s_server test -www server. 2010-01-28 19:48:36 +00:00
Dr. Stephen Henson
c2963f5b87 revert wrongly committed test code 2010-01-27 17:49:33 +00:00
Dr. Stephen Henson
4ba1aa393b typo 2010-01-27 14:05:39 +00:00
Richard Levitte
407a410136 Have the VMS build system catch up with the 1.0.0-stable branch. 2010-01-27 09:18:42 +00:00
Dr. Stephen Henson
ba64ae6cd1 Tolerate PKCS#8 DSA format with negative private key. 2010-01-22 20:17:12 +00:00
Andy Polyakov
d582c98d8f apps/speed.c: limit loop counters to 2^31 in order to avoid overflows 
in performance calculations. For the moment there is only one code
fast enough to suffer from this: Intel AES-NI engine.
PR: 2096
 2010-01-17 17:31:38 +00:00
Dr. Stephen Henson
0e0c6821fa PR: 2136 
Submitted by: Willy Weisz <weisz@vcpc.univie.ac.at>

Add options to output hash using older algorithm compatible with OpenSSL
versions before 1.0.0
 2010-01-12 17:29:34 +00:00
Andy Polyakov
cba9ffc32a Fix compilation on older Linux. Linux didn't always have sockaddr_storage, 
not to mention that first sockaddr_storage had __ss_family, not ss_family.
In other words it makes more sense to avoid sockaddr_storage...
 2010-01-06 21:22:56 +00:00
Dr. Stephen Henson
35b0ea4efe Add simple external session cache to s_server. This serialises sessions 
just like a "real" server making it easier to trace any problems.
 2009-12-27 23:24:45 +00:00
Dr. Stephen Henson
ef51b4b9b4 New option to enable/disable connection to unpatched servers 2009-12-16 20:25:59 +00:00
Dr. Stephen Henson
5430200b8b Add ctrl and macro so we can determine if peer support secure renegotiation. 2009-12-08 13:42:08 +00:00
Dr. Stephen Henson
637f374ad4 Initial experimental TLSv1.1 support 2009-12-07 13:31:02 +00:00
Dr. Stephen Henson
3533ab1fee Replace the broken SPKAC certification with the correct version. 2009-12-02 14:41:51 +00:00
Dr. Stephen Henson
d2a53c2238 Experimental CMS password based recipient Info support. 2009-11-26 18:57:39 +00:00
Richard Levitte
0a02d1db34 Update from 1.0.0-stable 2009-11-12 17:03:10 +00:00
Dr. Stephen Henson
860c3dd1b6 add missing parts of reneg port, fix apps patch 2009-11-11 14:51:19 +00:00
Dr. Stephen Henson
2942dde56c commit missing apps code for reneg fix 2009-11-11 14:10:24 +00:00
Dr. Stephen Henson
2008e714f3 Add missing functions to allow access to newer X509_STORE_CTX status 
information. Add more informative message to verify callback to indicate
when CRL path validation is taking place.
 2009-10-31 19:22:18 +00:00
Dr. Stephen Henson
245d2ee3d0 Add option to allow in-band CRL loading in verify utility. Add function 
load_crls and tidy up load_certs. Remove useless purpose variable from
verify utility: now done with args_verify.
 2009-10-31 13:33:57 +00:00
Dr. Stephen Henson
d4be92896c Add -no_cache option to s_server 2009-10-28 17:49:30 +00:00
Dr. Stephen Henson
6aa1770c6d Use new X509_STORE_set_verify_cb function instead of old macro. 2009-10-18 14:40:33 +00:00
Dr. Stephen Henson
be45636661 Fix for WIN32 and possibly other platforms which don't define in_port_t. 2009-10-15 18:49:30 +00:00
Dr. Stephen Henson
636b6b450d PR: 2069 
Submitted by: Michael Tuexen <tuexen@fh-muenster.de>
Approved by: steve@openssl.org

IPv6 support for DTLS.
 2009-10-15 17:41:31 +00:00
Dr. Stephen Henson
2c55c0d367 PR: 1847 
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org

Integrated patches to CA.sh to bring it into line with CA.pl functionality.
 2009-10-15 17:27:34 +00:00
Dr. Stephen Henson
0431941ec5 Revert extra changes from previous commit. 2009-10-15 17:17:45 +00:00
Dr. Stephen Henson
42733b3bea PR: 2066 
Submitted by: Guenter <lists@gknw.net>
Approved by: steve@openssl.org

Add -r option to dgst to produce format compatible with core utilities.
 2009-10-15 17:13:54 +00:00
Dr. Stephen Henson
0e039aa797 Fix warnings about ignoring fgets return value 2009-10-04 16:42:56 +00:00
Dr. Stephen Henson
b48315d9b6 PR: 2061 
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct i2b_PVK_bio error handling in rsa.c, dsa.c
 2009-10-01 00:25:24 +00:00
Dr. Stephen Henson
18e503f30f PR: 2064, 728 
Submitted by: steve@openssl.org

Add support for custom headers in OCSP requests.
 2009-09-30 21:40:55 +00:00
Dr. Stephen Henson
37fc562bd8 Free SSL_CTX after BIO 2009-09-30 21:36:17 +00:00
Dr. Stephen Henson
a25f33d28a Submitted by: Julia Lawall <julia@diku.dk> 
The functions ENGINE_ctrl(), OPENSSL_isservice(), EVP_PKEY_sign(),
CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix
so the return code is checked correctly.
 2009-09-13 11:29:29 +00:00
Dr. Stephen Henson
08882ac5be PR: 2038 
Submitted by: Artem Chuprina <ran@cryptocom.ru>
Approved by: steve@openssl.org

Avoid double call to BIO_free().
 2009-09-11 11:02:52 +00:00
Dr. Stephen Henson
b5ca7df5aa PR: 2031 
Submitted by: steve@openssl.org

Tolerate application/timestamp-response which some servers send out.
 2009-09-07 17:57:18 +00:00
Dr. Stephen Henson
e0d4e97c1a Make update, deleting bogus DTLS error code 2009-09-06 15:58:19 +00:00
Dr. Stephen Henson
f4274da164 PR: 1644 
Submitted by: steve@openssl.org

Fix to make DHparams_dup() et al work in C++.

For 1.0 fix the final argument to ASN1_dup() so it is void *. Replace some
*_dup macros with functions.
 2009-09-06 15:49:46 +00:00
Dr. Stephen Henson
07a9d1a2c2 PR: 2028 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix DTLS cookie management bugs.
 2009-09-04 17:42:53 +00:00
Dr. Stephen Henson
2d1cbca960 PR: 2020 
Submitted by: Keith Beckman <kbeckman@mcg.edu>,  Tomas Mraz <tmraz@redhat.com>
Checked by: steve@openssl.org

Fix improperly capitalized references to WWW::Curl::Easy.
 2009-09-02 15:57:24 +00:00
Dr. Stephen Henson
17b5326ba9 PR: 2013 
Submitted by: steve@openssl.org

Include a flag ASN1_STRING_FLAG_MSTRING when a multi string type is created.
This makes it possible to tell if the underlying type is UTCTime,
GeneralizedTime or Time when the structure is reused and X509_time_adj_ex()
can handle each case in an appropriate manner.

Add error checking to CRL generation in ca utility when nextUpdate is being
set.
 2009-09-02 13:54:50 +00:00
Dr. Stephen Henson
1771668096 Tidy up and fix verify callbacks to avoid structure dereference, use of 
obsolete functions and enhance to handle new conditions such as policy printing.
 2009-09-02 12:47:28 +00:00
Dr. Stephen Henson
ba4526e071 Stop unused variable warning on WIN32 et al. 2009-08-18 11:15:33 +00:00
Dr. Stephen Henson
3ed3603b60 Update default dependency flags. 
Make error name discrepancies a fatal error.
Fix error codes.
make update
 2009-08-12 17:30:37 +00:00
Dr. Stephen Henson
b972fbaa8f PR: 1997 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS timeout handling fix.
 2009-08-12 13:19:54 +00:00
Dr. Stephen Henson
77c7f17a5e Typo 2009-08-10 15:52:49 +00:00
Dr. Stephen Henson
b318cfb169 PR: 1999 
Submitted by: "Bayram Kurumahmut" <kbayram@ubicom.com>
Approved by: steve@openssl.org

Don't use HAVE_FORK in apps/speed.c it can conflict with configured version.
 2009-08-10 15:30:40 +00:00
Dr. Stephen Henson
f10f4447da Update from 1.0.0-stable. 2009-08-05 15:29:58 +00:00
Dr. Stephen Henson
c869da8839 Update from 1.0.0-stable 2009-07-27 21:10:00 +00:00
Dr. Stephen Henson
bdfa4ff947 Update from 0.9.8-stable 2009-07-24 11:17:10 +00:00
Dr. Stephen Henson
3f7c592082 Updates from 1.0.0-stable. 2009-07-14 15:30:05 +00:00
Dr. Stephen Henson
6053ef80e5 Use new time routines to avoid possible overflow. 2009-07-13 11:40:14 +00:00
Dr. Stephen Henson
c55d27ac33 Make update. 2009-07-08 09:19:53 +00:00
Dr. Stephen Henson
db99779bee Use common verify parameters instead of the small ad-hoc subset in 
s_client, s_server.
 2009-06-30 15:56:35 +00:00
Dr. Stephen Henson
e5b2b0f91f Updates from 1.0.0-stable 2009-06-30 15:28:16 +00:00
Dr. Stephen Henson
9a5faeaa42 Allow setting of verify depth in verify parameters (as opposed to the depth 
implemented using the verify callback).
 2009-06-29 16:09:37 +00:00
Dr. Stephen Henson
f3be6c7b7d Update from 1.0.0-stable. 2009-06-26 11:29:26 +00:00
Dr. Stephen Henson
c05353c50a Rename asc2uni and uni2asc functions to avoid clashes. 2009-06-17 12:04:56 +00:00
Dr. Stephen Henson
eddee61671 PR: 1956 
Submitted by: Guenter <lists@gknw.net>
Approved by: steve@openssl.org

Netware doesn't have strings.h
 2009-06-17 11:32:59 +00:00
Dr. Stephen Henson
58f41a926a Updates from 1.0.0-stable 2009-06-05 14:59:26 +00:00
Dr. Stephen Henson
046f210112 Update from 1.0.0-stable. 2009-05-17 16:04:58 +00:00
Richard Levitte
cc8cc9a3a1 Functional VMS changes submitted by sms@antinode.info (Steven M. Schweda). 
Thank you\!
(note: not tested for now, a few nightly builds should give indications though)
 2009-05-15 16:36:56 +00:00
Dr. Stephen Henson
83d8fa7dd1 Update from stable branch. 2009-05-13 11:32:46 +00:00
Dr. Stephen Henson
d4f0339c66 Update from 1.0.0-stable. 2009-04-26 22:18:22 +00:00
Richard Levitte
7184ef1210 Cast to avoid signedness confusion 2009-04-26 12:16:08 +00:00
Dr. Stephen Henson
ef236ec3b2 Merge from 1.0.0-stable branch. 2009-04-23 16:32:42 +00:00
Dr. Stephen Henson
8711efb498 Updates from 1.0.0-stable branch. 2009-04-20 11:33:12 +00:00
Dr. Stephen Henson
e5fa864f62 Updates from 1.0.0-stable. 2009-04-15 15:27:03 +00:00
Dr. Stephen Henson
645532b999 Update from 1.0.0-stable 2009-04-06 21:42:37 +00:00
Dr. Stephen Henson
06ddf8eb08 Updates from 1.0.0-stable 2009-04-04 19:54:06 +00:00
Dr. Stephen Henson
14023fe352 Merge from 1.0.0-stable branch. 2009-04-03 11:45:19 +00:00
Dr. Stephen Henson
b6b0b0d7a5 Update from 1.0.0-stable. 2009-04-01 14:59:49 +00:00
Dr. Stephen Henson
70b2186e24 Stop warnings. 2009-03-31 19:54:51 +00:00
Dr. Stephen Henson
aaf35f11d7 Allow use of algorithm and cipher names for dgsts and enc utilities instead 
of having to manually include each one.
 2009-03-30 11:31:50 +00:00
Dr. Stephen Henson
38b6e6c07b Typo in usage message. 2009-03-23 21:04:23 +00:00
Dr. Stephen Henson
e4e949192b Submitted by: Victor B. Wagner <vitus@cryptocom.ru> 
Reviewed by: steve@openssl.org

Check return codes properly in md BIO and dgst command.
 2009-03-18 18:53:08 +00:00
Dr. Stephen Henson
617298dca3 Update from stable branch. 2009-03-12 17:10:26 +00:00
Dr. Stephen Henson
33ab2e31f3 PR: 1854 
Submitted by: Oliver Martin <oliver@volatilevoid.net>
Reviewed by: steve@openssl.org

Support GeneralizedTime in ca utility.
 2009-03-09 13:59:07 +00:00
Ben Laurie
73bfcf2226 Don't ask for -iv for ciphers that need no IV. 2009-03-03 15:14:33 +00:00
Dr. Stephen Henson
0ed6b52687 Stop warning about use of *printf() without a format. 2009-02-15 15:29:59 +00:00
Dr. Stephen Henson
30b1b28aff Return correct exit code. 2009-02-12 18:06:11 +00:00
Dr. Stephen Henson
46400c97a9 Avoid leaks in pkcs8 app, tidy code up. 2009-02-12 18:02:47 +00:00
Dr. Stephen Henson
3859d7ee78 Just to be awkward Ubuntu 8.10 doesn't like _XOPEN_SOURCE_EXTENDED... 2009-02-06 16:43:52 +00:00
Bodo Möller
d615bceb2d For -hex, print just one \n 2009-02-02 00:40:29 +00:00
Bodo Möller
7ca1cfbac3 -hex option for openssl rand 
PR: 1831
Submitted by: Damien Miller
 2009-02-02 00:01:28 +00:00
Richard Levitte
5871ddb016 Because DEC C - sorry, HP C - is picky about features, we need to 
define _XOPEN_SOURCE_EXTENDED to reach fd_set and timeval types and
functionality.
 2009-01-28 07:38:14 +00:00
Dr. Stephen Henson
bab534057b Updatde from stable branch. 2009-01-07 23:44:27 +00:00
Ben Laurie
0eab41fb78 If we're going to return errors (no matter how stupid), then we should 
test for them!
 2008-12-29 16:11:58 +00:00
Andy Polyakov
2140659b00 Incidentally http://cvs.openssl.org/chngview?cn=17710 also made it possible 
to build the library without -D_CRT_NONSTDC_NO_DEPRECATE. This commit
expands it even to apps catalog and actually omits the macro in question
from Configure.
 2008-12-22 14:05:42 +00:00
Dr. Stephen Henson
70531c147c Make no-engine work again. 2008-12-20 17:04:40 +00:00
Lutz Jänicke
d88d941c87 apps/speed.c: children should not inherit buffered I/O 
PR: 1787
Submitted by: Artur Klauser <aklauser@google.com>
 2008-12-10 08:03:47 +00:00
Bodo Möller
7a76219774 Implement Configure option pattern "experimental-foo" 
(specifically, "experimental-jpake").
 2008-12-02 01:21:39 +00:00
Dr. Stephen Henson
2900fc8ae1 Don't stop -cipher from working. 2008-11-30 22:01:31 +00:00
Dr. Stephen Henson
79bd20fd17 Update from stable-branch. 2008-11-24 17:27:08 +00:00
Ben Laurie
f3b7bdadbc Integrate J-PAKE and TLS-PSK. Increase PSK buffer size. Fix memory leaks. 2008-11-16 12:47:12 +00:00
Ben Laurie
774b2fe700 Aftermath of a clashing size_t fix (now only format changes). 2008-11-13 09:48:47 +00:00
Dr. Stephen Henson
ed551cddf7 Update from stable branch. 2008-11-12 17:28:18 +00:00
Geoff Thorpe
6343829a39 Revert the size_t modifications from HEAD that had led to more 
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
 2008-11-12 03:58:08 +00:00
Dr. Stephen Henson
2e5975285e Update obsolete email address... 2008-11-05 18:39:08 +00:00
Dr. Stephen Henson
70d71f6185 Fix warnings: printf format mismatches on 64 bit platforms. 
Change assert to OPENSSL_assert().
Fix e_padlock prototype.
 2008-11-02 15:41:30 +00:00
Dr. Stephen Henson
c76fd290be Fix warnings about mismatched prototypes, undefined size_t and value computed 
not used.
 2008-11-02 12:50:48 +00:00
Ben Laurie
4d6e1e4f29 size_tification. 2008-11-01 14:37:00 +00:00
Dr. Stephen Henson
e9eda23ae6 Fix warnings and various issues. 
C++ style comments.
Signed/unsigned warning in apps.c
Missing targets in jpake/Makefile
 2008-10-27 12:02:52 +00:00
Ben Laurie
6caa4edd3e Add JPAKE. 2008-10-26 18:40:52 +00:00
Dr. Stephen Henson
ac786241a2 Add support for -crlnumber option in crl utility. 2008-10-22 19:54:55 +00:00
Lutz Jänicke
020d67fb89 Allow detection of input EOF in quiet mode by adding -no_ign_eof option 
to s_client application.
PR: #1761
Submitted by: David Woodhouse <dwmw2@infradead.org>
 2008-10-22 06:46:14 +00:00
Lutz Jänicke
1581f82243 Add missing "-d" to option list of openssl version. 
Submitted by: Alex Chen <alex_chen@filemaker.com>
 2008-10-20 12:53:36 +00:00
Dr. Stephen Henson
640b86cb24 Fix Warning... 2008-10-19 17:22:34 +00:00
Ben Laurie
d5bbead449 Add XMPP STARTTLS support. 2008-10-14 19:11:26 +00:00
Ben Laurie
babb379849 Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
Dr. Stephen Henson
87d3a0cd90 Experimental new date handling routines. These fix issues with X509_time_adj() 
and should avoid any OS date limitations such as the year 2038 bug.
 2008-10-07 22:55:27 +00:00
Bodo Möller
1a489c9af1 From branch OpenSSL_0_9_8-stable: Allow soft-loading engines. 
Also, fix CHANGES (consistency with stable branch).
 2008-09-15 20:41:24 +00:00
Dr. Stephen Henson
0702150f53 Make no-tlsext compile. 2008-09-03 12:29:57 +00:00
Dr. Stephen Henson
d43c4497ce Initial support for delta CRLs. If "use deltas" flag is set attempt to find 
a delta CRL in addition to a full CRL. Check and search delta in addition to
the base.
 2008-09-01 15:15:16 +00:00
Dr. Stephen Henson
9d84d4ed5e Initial support for CRL path validation. This supports distinct certificate 
and CRL signing keys.
 2008-08-13 16:00:11 +00:00
Dr. Stephen Henson
002e66c0e8 Support for policy mappings extension. 
Delete X509_POLICY_REF code.

Fix handling of invalid policy extensions to return the correct error.

Add command line option to inhibit policy mappings.
 2008-08-12 10:32:56 +00:00
Geoff Thorpe
4c3296960d Remove the dual-callback scheme for numeric and pointer thread IDs, 
deprecate the original (numeric-only) scheme, and replace with the
CRYPTO_THREADID object. This hides the platform-specifics and should reduce
the possibility for programming errors (where failing to explicitly check
both thread ID forms could create subtle, platform-specific bugs).

Thanks to Bodo, for invaluable review and feedback.
 2008-08-06 15:54:15 +00:00
Dr. Stephen Henson
5cbd203302 Initial support for alternative CRL issuing certificates. 
Allow inibit any policy flag to be set in apps.
 2008-07-30 15:49:12 +00:00
Ralf S. Engelschall
6bcbac0abb remove a doubled entry for '-binary' in the usage message 2008-07-27 15:51:35 +00:00
Dr. Stephen Henson
db50661fce X509 verification fixes. 
Ignore self issued certificates when checking path length constraints.

Duplicate OIDs in policy tree in case they are allocated.

Use anyPolicy from certificate cache and not current tree level.
 2008-07-13 14:25:36 +00:00
Dr. Stephen Henson
d4cdbab99b Avoid warnings with -pedantic, specifically: 
Conversion between void * and function pointer.
Value computed not used.
Signed/unsigned argument.
 2008-07-04 23:12:52 +00:00
Geoff Thorpe
5f834ab123 Revert my earlier CRYPTO_THREADID commit, I will commit a reworked 
version some time soon.
 2008-07-03 19:59:25 +00:00
Dr. Stephen Henson
8528128b2a Update from stable branch. 2008-06-26 23:27:31 +00:00
Ben Laurie
5ce278a77b More type-checking. 2008-06-04 11:01:43 +00:00
Dr. Stephen Henson
59d2d48f64 Add support for client cert engine setting in s_client app. 
Add appropriate #ifdefs round client cert functions in headers.
 2008-06-03 11:26:27 +00:00
Dr. Stephen Henson
c451bd828f Avoid case in ca.c fix. 2008-06-02 12:10:06 +00:00
Dr. Stephen Henson
8ecfbedd85 Revert, doesn't fix warning :-( 2008-06-02 10:42:57 +00:00
Dr. Stephen Henson
c173fce4e2 Avoid cast with wrapper function. 2008-06-02 10:37:53 +00:00
Dr. Stephen Henson
c6ddacf7f8 Stop const mismatch warning. 2008-05-31 19:28:57 +00:00
Dr. Stephen Henson
ab3eafd5b5 Stop warning about extra ';' outside of function. 2008-05-31 19:17:25 +00:00
Dr. Stephen Henson
dd043cd501 Stop const mismatch warning in VC++. 2008-05-31 18:55:23 +00:00
Ben Laurie
3c1d6bbc92 LHASH revamp. make depend. 2008-05-26 11:24:29 +00:00
Lutz Jänicke
51e00db226 Document "openssl s_server" -crl_check* options 
Submitted by: Daniel Black <daniel.subs@internode.on.net>
 2008-05-19 07:52:15 +00:00
Lutz Jänicke
a92ebf2290 Provide information about "openssl dgst" -hmac option. 2008-05-19 07:43:34 +00:00
Lutz Jänicke
f49c687507 Typo. (From 0.9.8-stable/S. Henson) 
PR: 1672
 2008-05-19 06:21:05 +00:00
Dr. Stephen Henson
718f8f7a9e Fix from stable branch. 2008-05-12 16:24:31 +00:00
Dr. Stephen Henson
4a954b56c9 Use "cont" consistently in cms-examples.pl 
Add a -certsout option to output any certificates in a message.

Add test for example 4.11
 2008-05-01 23:30:06 +00:00
Lutz Jänicke
44a877aa88 Fix incorrect return value in apps/apps.c:parse_yesno() 
PR: 1607
Submitted by: "Christophe Macé" <mace.christophe@gmail.com>
 2008-04-17 14:15:27 +00:00
Lutz Jänicke
6b6fe3d8e4 Correctly handle case of bad arguments supplied to rsautl 
PR: 1659
 2008-04-17 13:36:13 +00:00
Lutz Jänicke
4c1a6e004a Apply mingw patches as supplied by Roumen Petrov an Alon Bar-Lev 
PR: 1552
Submitted by: Roumen Petrov <openssl@roumenpetrov.info>, "Alon Bar-Lev" <alon.barlev@gmail.com>
 2008-04-17 10:19:16 +00:00
Dr. Stephen Henson
a5db50d005 Revert argument swap change... oops CMS_uncompress() was consistent... 2008-04-11 23:23:18 +00:00
Dr. Stephen Henson
529d329ce1 Make CMS_uncompress() argument order consistent with other functions. 2008-04-11 17:34:13 +00:00
Richard Levitte
fc003bcecb Synchronise with Unix build 2008-04-11 01:53:16 +00:00
Dr. Stephen Henson
e0fbd07309 Add additional parameter to CMS_final() to handle detached content. 2008-04-10 11:22:14 +00:00
Dr. Stephen Henson
7f50d9a4b0 Correct references to smime in cms app. 2008-04-09 22:09:45 +00:00
Dr. Stephen Henson
36309aa2be Signed receipt generation code. 2008-03-28 19:43:16 +00:00
Dr. Stephen Henson
eb9d8d8cd4 Support for verification of signed receipts. 2008-03-28 13:15:39 +00:00
Geoff Thorpe
f7ccba3edf There was a need to support thread ID types that couldn't be reliably cast 
to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed
version was added but it required portable code to check *both* modes to
determine equality. This commit maintains the availability of both thread
ID types, but deprecates the type-specific accessor APIs that invoke the
callbacks - instead a single type-independent API is used.  This simplifies
software that calls into this interface, and should also make it less
error-prone - as forgetting to call and compare *both* thread ID accessors
could have led to hard-to-debug/infrequent bugs (that might only affect
certain platforms or thread implementations). As the CHANGES note says,
there were corresponding deprecations and replacements in the
thread-related functions for BN_BLINDING and ERR too.
 2008-03-28 02:49:43 +00:00
Dr. Stephen Henson
f5e2354c9d Add support for signed receipt request printout and generation. 2008-03-26 17:40:22 +00:00
Dr. Stephen Henson
f4cc56f494 Signed Receipt Request utility functions and option on CMS utility to 
print out receipt requests.
 2008-03-26 13:10:21 +00:00
Dr. Stephen Henson
6205171362 Add support for CMS structure printing in cms utility. 2008-03-24 21:53:07 +00:00
Dr. Stephen Henson
fe591284be Update dependencies. 2008-03-22 18:52:03 +00:00
Dr. Stephen Henson
054307e7ed Allow alternate eContentType oids to be set in cms utility. 
Add id-ct-asciiTextWithCRLF OID.

Give more meaninful error message is attempt to use key ID from a certificate
without a key ID.
 2008-03-19 19:34:30 +00:00
Dr. Stephen Henson
eeb9cdfc94 Add support for KEK decrypt in cms utility. 2008-03-19 18:39:51 +00:00
Dr. Stephen Henson
ab12438030 Add support for KEKRecipientInfo in cms application. 2008-03-19 13:53:52 +00:00
Dr. Stephen Henson
c220e58f9e Make 3DES default cipher in cms utility. 2008-03-18 19:03:03 +00:00
Dr. Stephen Henson
e4f0e40eac Various tidies/fixes: 
Make streaming support in cms cleaner.

Note errors in various S/MIME functions if CMS_final() fails.

Add streaming support for enveloped data.
 2008-03-18 13:45:43 +00:00
Geoff Thorpe
1e26a8baed Fix a variety of warnings generated by some elevated compiler-fascism, 
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
 2008-03-16 21:05:46 +00:00
Dr. Stephen Henson
7c337e00d2 Fix some warnings. 2008-03-16 20:59:10 +00:00
Geoff Thorpe
7e8481afd1 Fix a nasty cast issue that my compiler was choking on. 2008-03-16 20:57:12 +00:00
Dr. Stephen Henson
4f1aa191b3 Initial support for enveloped data decrypt. Extent runex.pl to cover these 
examples. All RFC4134 examples can not be processed.
 2008-03-15 23:21:33 +00:00
Dr. Stephen Henson
d9f5f07e28 Initial support for Encrypted Data type generation. 2008-03-14 23:30:56 +00:00
Dr. Stephen Henson
1021f9aa5e Typos. 2008-03-14 19:38:44 +00:00
Dr. Stephen Henson
b820455c6e Encrypted Data type processing. Add options to cms utility and run section 7 
tests in RFC4134.
 2008-03-14 13:21:48 +00:00
Dr. Stephen Henson
8931b30d84 And so it begins... 
Initial support for CMS.

Add zlib compression BIO.

Add AES key wrap implementation.

Generalize S/MIME MIME code to support CMS and/or PKCS7.
 2008-03-12 21:14:28 +00:00
Dr. Stephen Henson
52108cecc0 <strings.h> does not exist under WIN32. 2008-01-14 18:10:55 +00:00
Ben Laurie
f12797a447 Missing headers. 2008-01-12 11:22:31 +00:00
Andy Polyakov
637f90621d Cygwin compatibility fix to apps/ocsp.c. 2008-01-05 21:32:29 +00:00
Dr. Stephen Henson
eef0c1f34c Netware support. 
Submitted by: Guenter Knauf <eflash@gmx.net>
 2008-01-03 22:43:04 +00:00
Dr. Stephen Henson
341e18b497 Handle non-SHA1 digests for certids in OCSP test responder. 2007-12-14 12:43:50 +00:00
Dr. Stephen Henson
cec2538ca9 Submitted by: Victor B. Wagner <vitus@cryptocom.ru>, steve 
Use default algorithms for OCSP request and response signing. New command
line option to support other digest use for OCSP certificate IDs.
 2007-12-04 12:41:28 +00:00
Bodo Möller
15bd07e923 fix typos 
Submitted by: Ernst G. Giessmann
 2007-11-19 07:24:08 +00:00