Rich Salz
ca3a82c3b3
free NULL cleanup
...
This commit handles BIO_ACCEPT_free BIO_CB_FREE BIO_CONNECT_free
BIO_free BIO_free_all BIO_vfree
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-25 11:31:18 -04:00
Dr. Stephen Henson
6ef869d7d0
Make OCSP structures opaque.
...
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-05 14:47:48 +00:00
Matt Caswell
25690b7f5f
Add -no_alt_chains option to apps to implement the new
...
X509_V_FLAG_NO_ALT_CHAINS flag. Using this option means that when building
certificate chains, the first chain found will be the one used. Without this
flag, if the first chain found is not trusted then we will keep looking to
see if we can build an alternative chain instead.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-02-25 09:15:02 +00:00
Matt Caswell
0f113f3ee4
Run util/openssl-format-source -v -c .
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Kurt Roeckx
961d2ddb4b
Use the SSLv23 method by default
...
If SSLv2 and SSLv3 are both disabled we still support SSL/TLS.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-02 11:26:49 +01:00
Matt Caswell
5e31a40f47
Tidy up ocsp help output
...
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-11-27 14:08:07 +00:00
André Guerreiro
de87dd46c1
Add documentation on -timeout option in the ocsp utility
...
PR#3612
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-11-27 14:07:50 +00:00
Rich Salz
327f3c040e
Fix typo in message (RT 3107)
2014-06-29 11:40:05 -04:00
Hubert Kario
6d3d579367
Document -trusted_first option in man pages and help.
...
Add -trusted_first description to help messages and man pages
of tools that deal with certificate verification.
2014-06-19 23:09:21 +01:00
Dr. Stephen Henson
5219d3dd35
Fix free errors in ocsp utility.
...
Keep copy of any host, path and port values allocated by
OCSP_parse_url and free as necessary.
2014-04-09 15:42:40 +01:00
Dr. Stephen Henson
ded18639d7
Move CT viewer extension code to crypto/x509v3
2014-02-20 18:48:56 +00:00
Rob Stradling
b263f21246
Move the SCT List extension parser into libssl.
...
Add the extension parser in the s_client, ocsp and x509 apps.
2014-02-19 13:12:46 +00:00
Ben Laurie
c45a48c186
Constification.
2013-10-07 12:45:26 +01:00
Dr. Stephen Henson
09d0d67c13
add missing newline
2012-12-21 16:24:48 +00:00
Dr. Stephen Henson
bbdfbacdef
add -rmd option to set OCSP response signing digest
2012-12-16 00:10:03 +00:00
Dr. Stephen Henson
99fc818e93
Return success when the responder is active.
...
Don't verify our own responses.
2012-12-15 02:56:02 +00:00
Dr. Stephen Henson
265f835e3e
typo
2012-12-15 00:29:12 +00:00
Dr. Stephen Henson
33826fd028
Add support for '-' as input and output filenames in ocsp utility.
...
Recognise verification arguments.
2012-12-14 23:30:56 +00:00
Dr. Stephen Henson
92821996de
oops, revert, committed in error
2012-12-14 23:29:58 +00:00
Dr. Stephen Henson
11e2957d5f
apps/ocsp.c
2012-12-14 23:28:19 +00:00
Dr. Stephen Henson
1e8b9e7e69
add -badsig option to ocsp utility too.
2012-12-09 16:21:46 +00:00
Ben Laurie
30c278aa6b
Fix OCSP checking.
2012-12-07 18:47:47 +00:00
Dr. Stephen Henson
18e503f30f
PR: 2064, 728
...
Submitted by: steve@openssl.org
Add support for custom headers in OCSP requests.
2009-09-30 21:40:55 +00:00
Dr. Stephen Henson
37fc562bd8
Free SSL_CTX after BIO
2009-09-30 21:36:17 +00:00
Dr. Stephen Henson
c869da8839
Update from 1.0.0-stable
2009-07-27 21:10:00 +00:00
Dr. Stephen Henson
14023fe352
Merge from 1.0.0-stable branch.
2009-04-03 11:45:19 +00:00
Dr. Stephen Henson
3859d7ee78
Just to be awkward Ubuntu 8.10 doesn't like _XOPEN_SOURCE_EXTENDED...
2009-02-06 16:43:52 +00:00
Richard Levitte
5871ddb016
Because DEC C - sorry, HP C - is picky about features, we need to
...
define _XOPEN_SOURCE_EXTENDED to reach fd_set and timeval types and
functionality.
2009-01-28 07:38:14 +00:00
Dr. Stephen Henson
2e5975285e
Update obsolete email address...
2008-11-05 18:39:08 +00:00
Ben Laurie
5ce278a77b
More type-checking.
2008-06-04 11:01:43 +00:00
Geoff Thorpe
1e26a8baed
Fix a variety of warnings generated by some elevated compiler-fascism,
...
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
2008-03-16 21:05:46 +00:00
Andy Polyakov
637f90621d
Cygwin compatibility fix to apps/ocsp.c.
2008-01-05 21:32:29 +00:00
Dr. Stephen Henson
eef0c1f34c
Netware support.
...
Submitted by: Guenter Knauf <eflash@gmx.net>
2008-01-03 22:43:04 +00:00
Dr. Stephen Henson
341e18b497
Handle non-SHA1 digests for certids in OCSP test responder.
2007-12-14 12:43:50 +00:00
Dr. Stephen Henson
cec2538ca9
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>, steve
...
Use default algorithms for OCSP request and response signing. New command
line option to support other digest use for OCSP certificate IDs.
2007-12-04 12:41:28 +00:00
Dr. Stephen Henson
67c8e7f414
Support for certificate status TLS extension.
2007-09-26 21:56:59 +00:00
Dr. Stephen Henson
710069c19e
Fix warnings.
2007-08-12 17:44:32 +00:00
Dr. Stephen Henson
ad35cdac74
PR: 1516
...
Revert change in 1516 because it breaks Windows build. Use a modified version
of the headers from s_client.c which has used similar functionality without
any problems.
2007-05-16 12:16:49 +00:00
Ben Laurie
313fce7b61
Don't free a NULL. Coverity ID 112.
2007-04-04 14:59:20 +00:00
Ben Laurie
4b8747e440
Die if serial number is invalid.
2007-04-04 13:41:33 +00:00
Richard Levitte
a1d915990b
Apply a more modern way to get the definition of select(), except for VMS.
...
Submitted by Corinna Vinschen <vinschen@redhat.com>
2007-03-29 18:34:57 +00:00
Richard Levitte
8bbf6bcf17
Needed definition of _XOPEN_SOURCE_EXTENDED so DEC C on VMS will see
...
the declarations of fd_set, select() and so on.
2006-12-25 10:54:14 +00:00
Nils Larsch
5dfe910023
properly initialize SSL context, check return value
2006-12-13 22:06:37 +00:00
Richard Levitte
5776c3c4c6
According to documentation, including time.h declares select() on
...
OpenVMS, and possibly more.
Ref: http://h71000.www7.hp.com/doc/82final/6529/6529pro_019.html#r_select
2006-08-20 05:54:35 +00:00
Dr. Stephen Henson
b589427941
WIN32 fixes signed/unsigned issues and slightly socket semantics.
2006-07-17 18:52:51 +00:00
Dr. Stephen Henson
454dbbc593
Add -timeout option to ocsp utility.
2006-07-17 13:26:54 +00:00
Geoff Thorpe
f0eae953e2
Remove some unnecessary recursive includes from the internal apps.h header,
...
and include bn.h in those C files that need bignum functionality.
2004-05-17 19:05:32 +00:00
Dr. Stephen Henson
560dfd2a02
New -ignore_err option in ocsp application to stop the server
...
exiting on the first error in a request.
2003-09-03 23:56:01 +00:00
Richard Levitte
3ae70939ba
Correct a lot of printing calls. Remove extra arguments...
2003-04-03 23:39:48 +00:00
Richard Levitte
f85b68cd49
Make it possible to have multiple active certificates with the same
...
subject.
2003-04-03 16:33:03 +00:00
Dr. Stephen Henson
e5b0508a14
Update ocsp usage message and docs.
2003-03-26 00:46:47 +00:00
Richard Levitte
e270cf9c5e
Pay attention to disabled SSL versions.
...
PR: 500
2003-02-14 05:24:22 +00:00
Richard Levitte
85d686e723
Make it possible to disable OCSP, the speed application, and the use of sockets.
...
PR: 358
2003-02-14 01:02:58 +00:00
Richard Levitte
1c3e4a3660
EXIT() may mean return(). That's confusing, so let's have it really mean
...
exit() in whatever way works for the intended platform, and define
OPENSSL_EXIT() to have the old meaning (the name is of course because
it's only used in the openssl program)
2002-12-03 16:33:03 +00:00
Ben Laurie
54a656ef08
Security fixes brought forward from 0.9.7.
2002-11-13 15:43:43 +00:00
Richard Levitte
2245cd87d4
BN_bn2hex() returns "0" instead of "00" for zero. This disrputs the
...
requirement that the serial number always be an even amount of characters.
PR: 248
2002-10-11 09:38:56 +00:00
Richard Levitte
da9b972466
Make it possible to load keys from stdin, and restore that
...
functionality in the programs that had that before.
Part fo PR 164
2002-08-01 16:28:40 +00:00
Richard Levitte
5575f781ad
Cut'n'paste error with other reposnder certificates cleared.
...
PR: 190
2002-08-01 13:39:39 +00:00
Lutz Jänicke
7b63c0fa8c
Reorder inclusion of header files:
...
des_old.h redefines crypt:
#define crypt(b,s)\
DES_crypt((b),(s))
This scheme leads to failure, if header files with the OS's true definition
of crypt() are processed _after_ des_old.h was processed. This is e.g. the
case on HP-UX with unistd.h.
As evp.h now again includes des.h (which includes des_old.h), this problem
only came up after this modification.
Solution: move header files (indirectly) including e_os.h before the header
files (indirectly) including evp.h.
Submitted by:
Reviewed by:
PR:
2002-07-10 07:01:54 +00:00
Dr. Stephen Henson
99889b46c9
Fix ext_dat.h extension ordering.
...
Reinstate -reqout code.
Avoid coredump in ocsp if setup_verify
fails.
Fix typo in ocsp usage message.
2002-06-13 12:56:27 +00:00
Dr. Stephen Henson
3647bee263
Config code updates.
...
CONF_modules_unload() now calls CONF_modules_finish()
automatically.
Default use of section openssl_conf moved to
CONF_modules_load()
Load config file in several openssl utilities.
Most utilities now load modules from the config file,
though in a few (such as version) this isn't done
because it couldn't be used for anything.
In the case of ca and req the config file used is
the same as the utility itself: that is the -config
command line option can be used to specify an
alternative file.
2002-02-22 14:01:21 +00:00
Dr. Stephen Henson
b439a74620
Load OCSP responder key before waiting for an incoming
...
connection so it can prompt for pass phrase on startup
instead of after the first connection.
Add -port switch to usage message.
2001-08-23 23:54:11 +00:00
Dr. Stephen Henson
534a1ed0cb
Allow OCSP server to handle multiple requests.
...
Document new OCSP options.
2001-07-13 13:13:44 +00:00
Dr. Stephen Henson
ee306a1332
Initial OCSP server support, using index.txt format.
...
This can process internal requests or behave like a
mini responder.
Todo: documentation, update usage info.
2001-07-12 20:41:51 +00:00
Richard Levitte
30b4c2724e
Extend all the loading functions to take an engine pointer, a pass
...
string (some engines may have certificates protected by a PIN!) and
a description to put into error messages.
Also, have our own password callback that we can send both a password
and some prompt info to. The default password callback in EVP assumes
that the passed parameter is a password, which isn't always the right
thing, and the ENGINE code (at least the nCipher one) makes other
assumptions...
Also, in spite of having the functions to load keys, some utilities
did the loading all by themselves... That's changed too.
2001-05-30 15:29:28 +00:00
Dr. Stephen Henson
f196522159
New function and options to check OCSP response validity.
2001-02-24 13:50:06 +00:00
Dr. Stephen Henson
569afce4b0
Fix typo.
2001-02-20 13:30:28 +00:00
Dr. Stephen Henson
cdc7b8cc60
Initial OCSP SSL support.
2001-02-14 01:12:41 +00:00
Dr. Stephen Henson
67c1801924
New function OCSP_parse_url() and -url option for ocsp utility.
...
Doesn't handle SSL URLs yet.
2001-02-13 00:37:44 +00:00
Dr. Stephen Henson
46a58ab946
Modify OCSP nonce behaviour.
2001-02-12 23:28:45 +00:00
Dr. Stephen Henson
b3f2e399d2
Add missing \n's to ocsp usage message.
2001-02-09 03:09:05 +00:00
Dr. Stephen Henson
8c950429a9
Allow various options to be included for signing and verify of
...
OCSP responses.
Documentation to follow...
Urgh.. this conflicted with the -VAfile patch I hope I haven't
broken it.
2001-02-08 19:36:10 +00:00
Richard Levitte
9235adbf47
Add the -VAfile option to 'openssl ocsp'. This option will give the
...
client code certificates to use to only check response signatures.
I'm not entirely sure if the way I just implemented the verification
is the right way to do it, and would be happy if someone would like to
review this.
2001-02-08 17:59:29 +00:00
Dr. Stephen Henson
88ce56f8c1
Various function for commmon operations.
2001-02-02 00:45:54 +00:00
Dr. Stephen Henson
8e8972bb68
Fixes to various ASN1_INTEGER routines for negative case.
...
Enhance s2i_ASN1_INTEGER().
2001-01-19 14:21:48 +00:00
Dr. Stephen Henson
73758d435b
Additional functionality in ocsp utility: print summary
...
of status info. Check nonce values. Option to disable
verify. Update usage message.
Rename status to string functions and make them global.
2001-01-19 01:32:23 +00:00
Dr. Stephen Henson
e8af92fcb1
Implement remaining OCSP verify checks in
...
accordance with RFC2560.
2001-01-18 01:35:39 +00:00
Dr. Stephen Henson
81f169e95c
Initial OCSP certificate verify. Not complete,
...
it just supports a "trusted OCSP global root CA".
2001-01-17 01:31:34 +00:00
Dr. Stephen Henson
b4b1bdd5d3
Preliminary ocsp utility documentation.
...
Fix ocsp usage message.
2001-01-14 00:52:19 +00:00
Dr. Stephen Henson
5782ceb298
New OCSP utility. This can generate, parse and print
...
OCSP requests. It can also query reponders and parse or
print out responses.
Still needs some more work: OCSP response checks and
of course documentation.
2001-01-13 01:48:38 +00:00