Commit Graph

360 Commits

Author SHA1 Message Date
Veres Lajos
478b50cf67 misspellings fixes by https://github.com/vlajos/misspell_fixer 2013-09-05 21:39:42 +01:00
Dr. Stephen Henson
bdcf772aa5 Portability fix: use BIO_snprintf and pick up strcasecmp alternative
definitions from e_os.h
2012-12-26 23:51:56 +00:00
Dr. Stephen Henson
e9754726d2 Check chain is not NULL before assuming we have a validated chain.
The modification to the OCSP helper purpose breaks normal OCSP verification.
It is no longer needed now we can trust partial chains.
2012-12-15 02:58:00 +00:00
Ben Laurie
30c278aa6b Fix OCSP checking. 2012-12-07 18:47:47 +00:00
Dr. Stephen Henson
abd2ed012b Fix two bugs which affect delta CRL handling:
Use -1 to check all extensions in CRLs.
Always set flag for freshest CRL.
2012-12-06 18:24:28 +00:00
Dr. Stephen Henson
472af806ce Submitted by: Florian Weimer <fweimer@redhat.com>
PR: 2909

Update test cases to cover internal error return values.

Remove IDNA wildcard filter.
2012-11-21 14:10:48 +00:00
Dr. Stephen Henson
d88926f181 PR: 2909
Contributed by: Florian Weimer <fweimer@redhat.com>

Fixes to X509 hostname and email address checking. Wildcard matching support.
New test program and manual page.
2012-11-18 15:13:55 +00:00
Dr. Stephen Henson
a70da5b3ec New functions to check a hostname email or IP address against a
certificate. Add options to s_client, s_server and x509 utilities
to print results of checks.
2012-10-08 15:10:07 +00:00
Dr. Stephen Henson
ef570cc869 PR: 2696
Submitted by: Rob Austein <sra@hactrn.net>

Fix inverted range problem in RFC3779 code.

Thanks to Andrew Chi for generating test cases for this bug.
2012-02-23 21:31:37 +00:00
Dr. Stephen Henson
7568d15acd allow key agreement for SSL/TLS certificates 2012-01-26 14:57:45 +00:00
Dr. Stephen Henson
be71c37296 Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577) 2012-01-04 23:01:54 +00:00
Dr. Stephen Henson
6074fb0979 fix warnings 2012-01-04 14:45:47 +00:00
Dr. Stephen Henson
58b75e9c26 PR: 2482
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Don't allow inverted ranges in RFC3779 code, discovered by Frank Ellermann.
2011-10-09 00:56:52 +00:00
Dr. Stephen Henson
df6de39fe7 Change AR to ARX to allow exclusion of fips object modules 2011-01-26 16:08:08 +00:00
Dr. Stephen Henson
09d84e03e8 oops missed an assert 2011-01-03 12:54:08 +00:00
Dr. Stephen Henson
85881c1d92 PR: 2411
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Fix corner cases in RFC3779 code.
2011-01-03 01:40:53 +00:00
Dr. Stephen Henson
e82f75577b PR: 2410
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Use OPENSSL_assert() instead of assert().
2011-01-03 01:22:41 +00:00
Dr. Stephen Henson
776654adff PR: 2295
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve

OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.
2010-10-11 23:49:22 +00:00
Ben Laurie
c8bbd98a2b Fix warnings. 2010-06-12 14:13:23 +00:00
Dr. Stephen Henson
ca96d38981 PR: 2251
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org

Memleak, BIO chain leak and realloc checks in v3_pci.c
2010-05-22 00:30:41 +00:00
Dr. Stephen Henson
b5cfc2f590 option to replace extensions with new ones: mainly for creating cross-certificates 2010-03-03 20:13:30 +00:00
Dr. Stephen Henson
ebaa2cf5b2 PR: 2183
PR#1999 broke fork detection by assuming HAVE_FORK was set for all platforms.
Include original HAVE_FORK detection logic while allowing it to be
overridden on specific platforms with -DHAVE_FORK=1 or -DHAVE_FORK=0
2010-03-03 19:56:34 +00:00
Dr. Stephen Henson
b1efb7161f Include self-signed flag in certificates by checking SKID/AKID as well
as issuer and subject names. Although this is an incompatible change
it should have little impact in pratice because self-issued certificates
that are not self-signed are rarely encountered.
2010-02-25 00:01:38 +00:00
Dr. Stephen Henson
df4c395c6d add anyExtendedKeyUsage OID 2010-02-24 15:53:58 +00:00
Dr. Stephen Henson
64f0f80eb6 PR: 2057
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct BIO_write, BIO_printf, i2a_ASN1_INTEGER and i2a_ASN1_OBJECT
error handling in OCSP print routines.
2009-09-30 23:55:53 +00:00
Dr. Stephen Henson
b6dcdbfc94 Audit libcrypto for unchecked return values: fix all cases enountered 2009-09-23 23:43:49 +00:00
Dr. Stephen Henson
38663fcc82 Missing break. 2009-08-31 22:19:26 +00:00
Dr. Stephen Henson
c869da8839 Update from 1.0.0-stable 2009-07-27 21:10:00 +00:00
Dr. Stephen Henson
8132d3ac40 Update from 1.0.0-stable. 2009-05-30 18:11:26 +00:00
Andy Polyakov
051742fb6c v3_alt.c: otherName parsing fix.
Submitted by: Love Hörnquist Åstrand
2009-04-27 19:35:16 +00:00
Dr. Stephen Henson
8711efb498 Updates from 1.0.0-stable branch. 2009-04-20 11:33:12 +00:00
Dr. Stephen Henson
e5fa864f62 Updates from 1.0.0-stable. 2009-04-15 15:27:03 +00:00
Dr. Stephen Henson
22c98d4aad Update from 1.0.0-stable 2009-04-08 16:16:35 +00:00
Dr. Stephen Henson
06ddf8eb08 Updates from 1.0.0-stable 2009-04-04 19:54:06 +00:00
Dr. Stephen Henson
14023fe352 Merge from 1.0.0-stable branch. 2009-04-03 11:45:19 +00:00
Dr. Stephen Henson
ef8e772805 Use OPENSSL_assert() instead of assert. 2009-03-15 14:04:42 +00:00
Dr. Stephen Henson
e39acc1c90 PR: 1864
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Reviewed by: steve@openssl.org

Check return value.
2009-03-14 12:39:05 +00:00
Dr. Stephen Henson
a0b76569b2 Update from stable branch. 2009-03-14 12:26:48 +00:00
Ben Laurie
c2a548a884 Print IPv6 all 0s correctly (Rob Austein). 2009-03-08 10:54:45 +00:00
Dr. Stephen Henson
477fd4596f PR: 1835
Submitted by: Damien Miller <djm@mindrot.org>
Approved by: steve@openssl.org

Fix various typos.
2009-02-14 21:49:38 +00:00
Richard Levitte
2e6a7b3efc Constify where needed 2008-12-16 13:41:49 +00:00
Dr. Stephen Henson
9d44cd1642 Oops should check zero_pos >= 0. 2008-12-08 19:13:06 +00:00
Dr. Stephen Henson
1d4e879106 Handle case where v6stat.zero_pos == 0 correctly.
Reported by: Kurt Roeckx <kurt@roeckx.be>, Tobias Ginzler <ginzler@fgan.de> (Debian bug #506111)
2008-12-07 23:58:44 +00:00
Dr. Stephen Henson
e9afa08cd1 Update from stable branch. 2008-11-30 16:09:04 +00:00
Dr. Stephen Henson
2e5975285e Update obsolete email address... 2008-11-05 18:39:08 +00:00
Dr. Stephen Henson
e19106f5fb Create function of the form OBJ_bsearch_xxx() in bsearch typesafe macros
with the appropriate parameters which calls OBJ_bsearch(). A compiler will
typically inline this.

This avoids the need for cmp_xxx variables and fixes unchecked const issues
with CHECKED_PTR_OF()
2008-10-22 15:43:01 +00:00
Ben Laurie
28b6d5020e Set comparison function in v3_add_canonize(). 2008-10-14 19:27:07 +00:00
Ben Laurie
babb379849 Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
Geoff Thorpe
fa0f834c20 Fix build warnings. 2008-09-15 04:02:37 +00:00
Dr. Stephen Henson
d43c4497ce Initial support for delta CRLs. If "use deltas" flag is set attempt to find
a delta CRL in addition to a full CRL. Check and search delta in addition to
the base.
2008-09-01 15:15:16 +00:00