mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-05 14:10:53 +08:00
Code Issues Packages Projects Releases Wiki Activity
34,894 Commits 34 Branches 385 Tags 456 MiB
904ee65290
Commit Graph

86 Commits

Author SHA1 Message Date
Dr. David von Oheimb
904ee65290 apps/cmp: extend documentation and diagnostics for using -reqin in special situations 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21660)
 2024-03-06 08:49:28 +01:00
Dr. David von Oheimb
2fbe23bbbe apps/cmp: add -reqout_only option for dumping/saving just the initial CMP request message 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21660)
 2024-03-06 08:49:28 +01:00
Dr. David von Oheimb
1caaf073b0 CMP app and doc: add -no_cache_extracerts option / OSSL_CMP_OPT_NO_CACHE_EXTRACERTS 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19948)
 2024-01-17 15:03:41 +01:00
Dr. David von Oheimb
fd514375e2 CMP app: make -ignore_keyusage apply also for mock server 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19948)
 2024-01-17 15:03:40 +01:00
Dr. David von Oheimb
cb03eef1a6 openssl-cmp.pod.in: fix grammar glitch 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/21281)
 2023-12-19 13:07:19 +01:00
Dr. David von Oheimb
0739dd0022 CMP app: make -geninfo option accept multiple ITAVs and support string values besides integers 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21281)
 2023-12-19 13:07:19 +01:00
Dr. David von Oheimb
7c6577ba9f CMP lib and app: add optional certProfile request message header and respective -profile option 
Also add missing getter functionss OSSL_CMP_{CTX,HDR}_get0_geninfo_ITAVs() to CMP API.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21281)
 2023-12-19 13:07:19 +01:00
Dr. David von Oheimb
4a9299ac50 apps/cmp.c: -tls_used may be implied by -server https:...; improve related checks and doc 
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21176)
 2023-10-10 20:36:05 +02:00
Matt Caswell
da1c088f59 Copyright year updates 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
 2023-09-07 09:59:15 +01:00
Tomas Mraz
7a12e7af0f The canonical localhost IPv6 address is [::1] not [::] 
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21825)
 2023-08-25 12:05:34 +01:00
Dr. David von Oheimb
830b6a13f9 http_server.c: allow clients to connect with IPv6 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21033)
 2023-08-15 20:41:26 +02:00
Dr. David von Oheimb
01b0485131 CMP: add support for genm with rootCaCert and genp with rootCaKeyUpdate 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21129)
 2023-07-17 08:48:36 +10:00
Dr. David von Oheimb
1a9e28607e CMP app and API doc: add note on critical server auth on receiving trust anchor certs 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21129)
 2023-07-17 08:48:26 +10:00
Dr. David von Oheimb
89ed128d7a CMP doc: various small corrections, mostly on PBM vs. MAC-based protection 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21129)
 2023-07-17 08:48:26 +10:00
Rajeev Ranjan
1d32ec20fe CMP: support specifying certificate to be revoked via issuer and serial number 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21116)
 2023-07-10 08:03:38 +02:00
Dr. David von Oheimb
168d93a21d openssl-cmp.pod.in: tweak doc of -subject, -issuer, -keep_alive, and -untrusted 
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21086)
 2023-06-01 10:03:06 +02:00
Dr. David von Oheimb
d477484d33 CMP: add support for genm/genp messages with id-it-caCerts 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19231)
 2023-06-01 09:39:12 +02:00
Dr. David von Oheimb
2d6585986f CMP client: fix error response on -csr without private key, also in docs 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20832)
 2023-05-12 10:46:27 +02:00
Dr. David von Oheimb
1f757df1f3 APPS/cmp: prevent HTTP client failure on -rspin option with too few filenames 
The logic for handling inconsistent use of -rspin etc., -port, -server,
and -use_mock_srv options proved faulty.  This is fixed here, updating and
correcting also the documentation and diagnostics of the involved options.

In particular, the case that -rspin (or -rspout. reqin, -reqout) does not
provide enough message file names was not properly described and handled.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20295)
 2023-04-28 08:42:20 +02:00
Dr. David von Oheimb
4b0c27d445 CMP add: fix -reqin option, which requires adding OSSL_CMP_MSG_update_recipNonce() 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20204)
 2023-03-25 09:55:26 +01:00
Dr. David von Oheimb
77aa006976 CMP app: improve doc and help output on -{req,rsp}{in,out} options 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20204)
 2023-03-25 09:55:04 +01:00
Dr. David von Oheimb
6b58f498b3 OSSL_CMP_certConf_cb(): fix regression on checking newly enrolled cert 
Also add corresponding tests and to this end update credentials

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20160)
 2023-02-13 11:56:10 +01:00
Dr. David von Oheimb
260878f7aa CMP app and doc: improve texts on (un-)trusted certs, srvCert, etc. 
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19946)
 2023-02-08 16:29:00 +01:00
Dr. David von Oheimb
35b76bc818 OSSL_HTTP_REQ_CTX_nbio(): use OSSL_TRACE_STRING() for msg body where it makes sense 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18704)
 2023-01-26 09:16:52 +01:00
Dr. David von Oheimb
5acd4007a0 CMP docs: clarify behavior on message/total timeout values given 
Clarify behavior of OSSL_CMP_CTX_set_option() when given (negative)
values for OSSL_CMP_OPT_MSG_TIMEOUT or OSSL_CMP_OPT_TOTAL_TIMEOUT.
Fix doc of -msg_timeout and -total_timeout in openssl-cmp.pod.in

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19391)
 2023-01-23 10:54:29 +01:00
Dr. David von Oheimb
60c3d732b7 CMP app: fix file output of certs and cert lists on non-existing cert(s) 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20035)
 2023-01-16 08:32:52 +01:00
Dr. David von Oheimb
7af110f9f5 CMP: correct handling of fallback subject in OSSL_CMP_CTX_setup_CRM() and its doc 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18929)
 2022-08-24 11:29:40 +02:00
Dr. David von Oheimb
b6fbef1159 Add OSSL_CMP_CTX_get0_validatedSrvCert(), correcting OSSL_CMP_validate_msg() 
Also change ossl_cmp_ctx_set0_validatedSrvCert() to ossl_cmp_ctx_set1_validatedSrvCert(),
and add respective tests as well as the -srvcertout CLI option using the new function.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18656)
 2022-07-20 11:40:37 +02:00
Dr. David von Oheimb
e8fdb06035 http_client.c: Dump response on error when tracing is enabled 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18386)
 2022-05-30 22:43:44 +02:00
Dr. David von Oheimb
c8c923454b OSSL_CMP_CTX_setup_CRM(): Fix handling of defaults from CSR and refcert 
Also update and complete related documentation.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/17726)
 2022-03-12 09:05:02 +01:00
Dr. David von Oheimb
cd7ec0bca0 CMP: add subject of any provided CSR as default message sender 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17723)
 2022-02-22 12:01:57 +01:00
Tomas Mraz
7585073892 Apply the correct Apache v2 license 
There were still a few files mentioning the old OpenSSL license.

Fixes #17684

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17686)
 2022-02-14 10:08:21 +01:00
Dr. David von Oheimb
b971d4198d CMP mock server: add -ref_cert option and corresponding ossl_cmp_mock_srv_set1_refCert() 
Fixes #16041

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16050)
 2022-01-04 17:04:56 +01:00
Dr. David von Oheimb
ad1a1d715d APPS/cmp: improve diagnostics for presence of TLS options 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16747)
 2021-12-30 15:04:07 +01:00
Dr. David von Oheimb
a56bb5d64e APPS/cmp: Fix logic and doc of mutually exclusive -server/-use_mock_srv/-port/-rspin options 
Ignore -server with -rspin and exclude all of -use_mock_srv/-port/-rspin.
On the other hand, -server is required if no -use_mock_srv/-port/-rspin is given.
Ignore -tls_used with -use_mock_srv and -rspin; it is not supported with -port.
If -server is not given, ignore -proxy, -no_proxy, and -tls_used.
Also slightly improve the documentation of the two mock server variants.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17254)
 2021-12-15 11:47:10 +01:00
Dr. David von Oheimb
83b424c3f6 APPS/cmp: Fix use of OPENSSL_NO_SOCK: options like -server do not make sense with no-sock 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17226)
 2021-12-09 20:17:44 +01:00
Dr. David von Oheimb
03ee2e5b1e APPS/cmp: make the -sans option support email addresses (type rfc822Name) 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16960)
 2021-11-08 07:47:55 +01:00
Pauli
57cd10dd1e doc: remove end of line whitespace 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16641)
 2021-09-22 16:22:50 +10:00
Rich Salz
e53ad1d8f2 Remove '=for openssl ifdef' 
No longer needed after rewrite of cmd-nits

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15311)
 2021-05-19 10:34:43 +10:00
Dr. David von Oheimb
8f965908a5 HTTP client: Minimal changes that include the improved API 
This is a minimal version of pull request #15053 including all the
proposed improvements to the HTTP client API and its documentation
but only those code adaptations strictly needed for it.

The proposed new features include
* support for persistent connections (keep-alive),
* generalization to arbitrary request and response types, and
* support for streaming BIOs for request and response data.

The related API changes include:
* Split the monolithic OSSL_HTTP_transfer() into OSSL_HTTP_open(),
  OSSL_HTTP_set_request(), a lean OSSL_HTTP_transfer(), and OSSL_HTTP_close().
* Split the timeout functionality accordingly and improve default behavior.
* Extract part of OSSL_HTTP_REQ_CTX_new() to OSSL_HTTP_REQ_CTX_set_expected().

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15147)
 2021-05-12 15:11:51 +02:00
Tomas Mraz
bee3f38905 Document the behavior of the -inform and related options 
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15100)
 2021-05-06 11:43:32 +01:00
Dr. David von Oheimb
79a2bccdb0 HTTP client: Correct the use of optional proxy URL and its documentation 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15104)
 2021-05-04 18:27:57 +02:00
Dr. David von Oheimb
d830526c71 APPS: Improve diagnostics for string options and options expecting int >= 0 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14970)
 2021-04-24 18:54:32 +02:00
Dr. David von Oheimb
aed03a1209 apps/cmp: Add generic random state options, e.g., for nonce generation 
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14842)
 2021-04-14 17:03:11 +02:00
Dr. David von Oheimb
3206e41c0e openssl-cmp.pod.in: Fix missing provider options description 
Also correct layout of engines description

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14842)
 2021-04-14 17:03:11 +02:00
Dr. David von Oheimb
6bbff162f1 openssl-cmp.pod.in and apps/cmp.c: Various minor do improvements 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14493)
 2021-03-11 15:28:05 +01:00
Dr. David von Oheimb
025c0f5289 openssl-cmp.pod.in: replace the term 'verify' by the more correct 'validate' 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14018)
 2021-03-02 11:05:34 +01:00
Dr. David von Oheimb
7932982b88 OSSL_HTTP_parse_url(): Handle any userinfo, query, and fragment components 
Now handle [http[s]://][userinfo@]host[:port][/path][?query][#frag]
by optionally providing any userinfo, query, and frag components.

All usages of this function, which are client-only,
silently ignore userinfo and frag components,
while the query component is taken as part of the path.
Update and extend the unit tests and all affected documentation.
Document and deprecat OCSP_parse_url().

Fixes an issue that came up when discussing FR #14001.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14009)
 2021-03-01 10:30:43 +01:00
Dr. David von Oheimb
5e128ed120 CMP: Fix total_timeout behavior; small doc and diagnostic improvements 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14019)
 2021-02-19 16:58:22 +01:00
Dr. David von Oheimb
b51bed05c2 apps/cmp.c: Improve initialization of ext_ctx structure w.r.t. CSR 
Also improve doc how the -reqexts option affects the CSR given with the -csr option.

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14181)
 2021-02-17 17:13:32 +01:00