Veres Lajos
478b50cf67
misspellings fixes by https://github.com/vlajos/misspell_fixer
2013-09-05 21:39:42 +01:00
Dr. Stephen Henson
bdcf772aa5
Portability fix: use BIO_snprintf and pick up strcasecmp alternative
...
definitions from e_os.h
2012-12-26 23:51:56 +00:00
Dr. Stephen Henson
e9754726d2
Check chain is not NULL before assuming we have a validated chain.
...
The modification to the OCSP helper purpose breaks normal OCSP verification.
It is no longer needed now we can trust partial chains.
2012-12-15 02:58:00 +00:00
Ben Laurie
30c278aa6b
Fix OCSP checking.
2012-12-07 18:47:47 +00:00
Dr. Stephen Henson
abd2ed012b
Fix two bugs which affect delta CRL handling:
...
Use -1 to check all extensions in CRLs.
Always set flag for freshest CRL.
2012-12-06 18:24:28 +00:00
Dr. Stephen Henson
472af806ce
Submitted by: Florian Weimer <fweimer@redhat.com>
...
PR: 2909
Update test cases to cover internal error return values.
Remove IDNA wildcard filter.
2012-11-21 14:10:48 +00:00
Dr. Stephen Henson
d88926f181
PR: 2909
...
Contributed by: Florian Weimer <fweimer@redhat.com>
Fixes to X509 hostname and email address checking. Wildcard matching support.
New test program and manual page.
2012-11-18 15:13:55 +00:00
Dr. Stephen Henson
a70da5b3ec
New functions to check a hostname email or IP address against a
...
certificate. Add options to s_client, s_server and x509 utilities
to print results of checks.
2012-10-08 15:10:07 +00:00
Dr. Stephen Henson
ef570cc869
PR: 2696
...
Submitted by: Rob Austein <sra@hactrn.net>
Fix inverted range problem in RFC3779 code.
Thanks to Andrew Chi for generating test cases for this bug.
2012-02-23 21:31:37 +00:00
Dr. Stephen Henson
7568d15acd
allow key agreement for SSL/TLS certificates
2012-01-26 14:57:45 +00:00
Dr. Stephen Henson
be71c37296
Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577)
2012-01-04 23:01:54 +00:00
Dr. Stephen Henson
6074fb0979
fix warnings
2012-01-04 14:45:47 +00:00
Dr. Stephen Henson
58b75e9c26
PR: 2482
...
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve
Don't allow inverted ranges in RFC3779 code, discovered by Frank Ellermann.
2011-10-09 00:56:52 +00:00
Dr. Stephen Henson
df6de39fe7
Change AR to ARX to allow exclusion of fips object modules
2011-01-26 16:08:08 +00:00
Dr. Stephen Henson
09d84e03e8
oops missed an assert
2011-01-03 12:54:08 +00:00
Dr. Stephen Henson
85881c1d92
PR: 2411
...
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve
Fix corner cases in RFC3779 code.
2011-01-03 01:40:53 +00:00
Dr. Stephen Henson
e82f75577b
PR: 2410
...
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve
Use OPENSSL_assert() instead of assert().
2011-01-03 01:22:41 +00:00
Dr. Stephen Henson
776654adff
PR: 2295
...
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve
OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.
2010-10-11 23:49:22 +00:00
Ben Laurie
c8bbd98a2b
Fix warnings.
2010-06-12 14:13:23 +00:00
Dr. Stephen Henson
ca96d38981
PR: 2251
...
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org
Memleak, BIO chain leak and realloc checks in v3_pci.c
2010-05-22 00:30:41 +00:00
Dr. Stephen Henson
b5cfc2f590
option to replace extensions with new ones: mainly for creating cross-certificates
2010-03-03 20:13:30 +00:00
Dr. Stephen Henson
ebaa2cf5b2
PR: 2183
...
PR#1999 broke fork detection by assuming HAVE_FORK was set for all platforms.
Include original HAVE_FORK detection logic while allowing it to be
overridden on specific platforms with -DHAVE_FORK=1 or -DHAVE_FORK=0
2010-03-03 19:56:34 +00:00
Dr. Stephen Henson
b1efb7161f
Include self-signed flag in certificates by checking SKID/AKID as well
...
as issuer and subject names. Although this is an incompatible change
it should have little impact in pratice because self-issued certificates
that are not self-signed are rarely encountered.
2010-02-25 00:01:38 +00:00
Dr. Stephen Henson
df4c395c6d
add anyExtendedKeyUsage OID
2010-02-24 15:53:58 +00:00
Dr. Stephen Henson
64f0f80eb6
PR: 2057
...
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BIO_write, BIO_printf, i2a_ASN1_INTEGER and i2a_ASN1_OBJECT
error handling in OCSP print routines.
2009-09-30 23:55:53 +00:00
Dr. Stephen Henson
b6dcdbfc94
Audit libcrypto for unchecked return values: fix all cases enountered
2009-09-23 23:43:49 +00:00
Dr. Stephen Henson
38663fcc82
Missing break.
2009-08-31 22:19:26 +00:00
Dr. Stephen Henson
c869da8839
Update from 1.0.0-stable
2009-07-27 21:10:00 +00:00
Dr. Stephen Henson
8132d3ac40
Update from 1.0.0-stable.
2009-05-30 18:11:26 +00:00
Andy Polyakov
051742fb6c
v3_alt.c: otherName parsing fix.
...
Submitted by: Love Hörnquist Åstrand
2009-04-27 19:35:16 +00:00
Dr. Stephen Henson
8711efb498
Updates from 1.0.0-stable branch.
2009-04-20 11:33:12 +00:00
Dr. Stephen Henson
e5fa864f62
Updates from 1.0.0-stable.
2009-04-15 15:27:03 +00:00
Dr. Stephen Henson
22c98d4aad
Update from 1.0.0-stable
2009-04-08 16:16:35 +00:00
Dr. Stephen Henson
06ddf8eb08
Updates from 1.0.0-stable
2009-04-04 19:54:06 +00:00
Dr. Stephen Henson
14023fe352
Merge from 1.0.0-stable branch.
2009-04-03 11:45:19 +00:00
Dr. Stephen Henson
ef8e772805
Use OPENSSL_assert() instead of assert.
2009-03-15 14:04:42 +00:00
Dr. Stephen Henson
e39acc1c90
PR: 1864
...
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Reviewed by: steve@openssl.org
Check return value.
2009-03-14 12:39:05 +00:00
Dr. Stephen Henson
a0b76569b2
Update from stable branch.
2009-03-14 12:26:48 +00:00
Ben Laurie
c2a548a884
Print IPv6 all 0s correctly (Rob Austein).
2009-03-08 10:54:45 +00:00
Dr. Stephen Henson
477fd4596f
PR: 1835
...
Submitted by: Damien Miller <djm@mindrot.org>
Approved by: steve@openssl.org
Fix various typos.
2009-02-14 21:49:38 +00:00
Richard Levitte
2e6a7b3efc
Constify where needed
2008-12-16 13:41:49 +00:00
Dr. Stephen Henson
9d44cd1642
Oops should check zero_pos >= 0.
2008-12-08 19:13:06 +00:00
Dr. Stephen Henson
1d4e879106
Handle case where v6stat.zero_pos == 0 correctly.
...
Reported by: Kurt Roeckx <kurt@roeckx.be>, Tobias Ginzler <ginzler@fgan.de> (Debian bug #506111 )
2008-12-07 23:58:44 +00:00
Dr. Stephen Henson
e9afa08cd1
Update from stable branch.
2008-11-30 16:09:04 +00:00
Dr. Stephen Henson
2e5975285e
Update obsolete email address...
2008-11-05 18:39:08 +00:00
Dr. Stephen Henson
e19106f5fb
Create function of the form OBJ_bsearch_xxx() in bsearch typesafe macros
...
with the appropriate parameters which calls OBJ_bsearch(). A compiler will
typically inline this.
This avoids the need for cmp_xxx variables and fixes unchecked const issues
with CHECKED_PTR_OF()
2008-10-22 15:43:01 +00:00
Ben Laurie
28b6d5020e
Set comparison function in v3_add_canonize().
2008-10-14 19:27:07 +00:00
Ben Laurie
babb379849
Type-checked (and modern C compliant) OBJ_bsearch.
2008-10-12 14:32:47 +00:00
Geoff Thorpe
fa0f834c20
Fix build warnings.
2008-09-15 04:02:37 +00:00
Dr. Stephen Henson
d43c4497ce
Initial support for delta CRLs. If "use deltas" flag is set attempt to find
...
a delta CRL in addition to a full CRL. Check and search delta in addition to
the base.
2008-09-01 15:15:16 +00:00