Commit Graph

275 Commits

Author SHA1 Message Date
Nils Larsch
95a0e8ab31 fix warning 2006-02-13 08:45:53 +00:00
Ulf Möller
c7235be6e3 RFC 3161 compliant time stamp request creation, response generation
and response verification.

Submitted by: Zoltan Glozik <zglozik@opentsa.org>
Reviewed by: Ulf Moeller
2006-02-12 23:11:56 +00:00
Dr. Stephen Henson
15ac971681 Update filenames in makefiles. 2006-02-04 01:45:59 +00:00
Nils Larsch
8c5a2bd6bb add additional checks + cleanup
Submitted by: David Hartman <david_hartman@symantec.com>
2006-01-29 23:12:22 +00:00
Bodo Möller
51eb1b81f6 Avoid contradictive error code assignments.
"make errors".
2006-01-08 21:54:24 +00:00
Nils Larsch
53b38d37a9 fix potential memory leak + improved error checking
PR: 1182
2005-08-05 09:42:45 +00:00
Nils Larsch
c755c5fd8b improved error checking and some fixes
PR: 1170
Submitted by: Yair Elharrar
Reviewed and edited by: Nils Larsch
2005-07-26 21:10:34 +00:00
Dr. Stephen Henson
8eb7217580 Add declaration for IDP ASN1 functions. 2005-07-26 11:43:11 +00:00
Dr. Stephen Henson
0537f9689c Add support for setting IDP too. 2005-07-25 22:35:36 +00:00
Dr. Stephen Henson
0c010a1517 Don't use @syntax for extended CRLDP format. 2005-07-25 18:55:40 +00:00
Dr. Stephen Henson
0745d0892d Allow setting of all fields in CRLDP. Few cosmetic changes to output. 2005-07-25 18:42:29 +00:00
Dr. Stephen Henson
5e64f8c44c Typo which prevents mult valued RDNs being created. 2005-07-25 18:39:44 +00:00
Dr. Stephen Henson
9aa9d70ddb Print out previously unsupported fields in CRLDP by i2r instead of i2v.
Cosmetic changes to IDP printout.
2005-07-24 00:23:57 +00:00
Dr. Stephen Henson
231493c93c Initial print only support for IDP CRL extension. 2005-07-23 23:33:06 +00:00
Dr. Stephen Henson
f5d51a9362 Fix extension ordering. 2005-06-22 13:26:23 +00:00
Andy Polyakov
ce92b6eb9c Further BUILDENV refinement, further fool-proofing of Makefiles and
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342.
2005-05-16 16:55:47 +00:00
Andy Polyakov
81a86fcf17 Fool-proofing Makefiles 2005-05-15 22:23:26 +00:00
Bodo Möller
8afca8d9c6 Fix more error codes.
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
2005-05-11 03:45:39 +00:00
Dr. Stephen Henson
29dc350813 Rebuild error codes. 2005-04-12 16:15:22 +00:00
Richard Levitte
4bb61becbb Add emacs cache files to .cvsignore. 2005-04-11 14:17:07 +00:00
Richard Levitte
d9bfe4f97c Added restrictions on the use of proxy certificates, as they may pose
a security threat on unexpecting applications.  Document and test.
2005-04-09 16:07:12 +00:00
Ben Laurie
42ba5d2329 Blow away Makefile.ssl. 2005-03-30 13:05:57 +00:00
Richard Levitte
a7201e9a1b Changes concering RFC 3820 (proxy certificates) integration:
- Enforce that there should be no policy settings when the language
   is one of id-ppl-independent or id-ppl-inheritAll.
 - Add functionality to ssltest.c so that it can process proxy rights
   and check that they are set correctly.  Rights consist of ASCII
   letters, and the condition is a boolean expression that includes
   letters, parenthesis, &, | and ^.
 - Change the proxy certificate configurations so they get proxy
   rights that are understood by ssltest.c.
 - Add a script that tests proxy certificates with SSL operations.

Other changes:

 - Change the copyright end year in mkerr.pl.
 - make update.
2005-01-17 17:06:58 +00:00
Richard Levitte
6951c23afd Add functionality needed to process proxy certificates. 2004-12-28 00:21:35 +00:00
Dr. Stephen Henson
a0e7c8eede Add lots of checks for memory allocation failure, error codes to indicate
failure and freeing up memory if a failure occurs.

PR:620
2004-12-05 01:03:15 +00:00
Dr. Stephen Henson
8f284faaec V1 certificates that aren't self signed can't be accepted as CAs. 2004-12-03 00:10:34 +00:00
Richard Levitte
5073ff0346 Split X509_check_ca() into a small self and an internal function
check_ca(), to resolve constness issue.  check_ca() is called from the
purpose checkers instead of X509_check_ca(), since the stuff done by
the latter (except for calling check_ca()) is also done by
X509_check_purpose().
2004-11-30 12:18:55 +00:00
Richard Levitte
30b415b076 Make an explicit check during certificate validation to see that the
CA setting in each certificate on the chain is correct.  As a side-
effect always do the following basic checks on extensions, not just
when there's an associated purpose to the check:
- if there is an unhandled critical extension (unless the user has
  chosen to ignore this fault)
- if the path length has been exceeded (if one is set at all)
- that certain extensions fit the associated purpose (if one has been
  given)
2004-11-29 11:28:08 +00:00
Richard Levitte
a2ac429da2 Don't use $(EXHEADER) directly in for loops, as most shells will break
if $(EXHEADER) is empty.

Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
2004-11-02 23:55:01 +00:00
Dr. Stephen Henson
637ff35ef6 Delta CRL support in extension code. 2004-07-06 17:16:40 +00:00
Dr. Stephen Henson
eea674567c Delete non-POSIX header file. 2004-07-04 16:48:27 +00:00
Geoff Thorpe
9c52d2cc75 After the latest round of header-hacking, regenerate the dependencies in
the Makefiles. NB: this commit is probably going to generate a huge posting
and it is highly uninteresting to read.
2004-05-17 19:26:06 +00:00
Geoff Thorpe
0f814687b9 Deprecate the recursive includes of bn.h from various API headers (asn1.h,
dh.h, dsa.h, ec.h, ecdh.h, ecdsa.h, rsa.h), as the opaque bignum types are
already declared in ossl_typ.h. Add explicit includes for bn.h in those C
files that need access to structure internals or API functions+macros.
2004-05-17 19:14:22 +00:00
Geoff Thorpe
c57bc2dc51 make update 2004-04-19 18:33:41 +00:00
Dr. Stephen Henson
b6a5fdb8a7 Don't use C++ reserved word. 2004-04-01 22:23:46 +00:00
Dr. Stephen Henson
ecf139917d New function X509_POLICY_NODE_print() 2004-03-31 12:17:24 +00:00
Dr. Stephen Henson
5d6383c83f Make {i2v,v2i}_ASN1_BIT_STRING global.
make update
2004-03-28 12:40:11 +00:00
Dr. Stephen Henson
b79c82eaab Fix loads of warnings in policy code.
I'll remember to try to compile this with warnings enabled next time :-)
2004-03-25 13:45:58 +00:00
Geoff Thorpe
2d2a5ba32a Damn, I was a bit hasty with my fix and hadn't spotted the linker
dependency from asn1.
2004-03-25 02:41:35 +00:00
Geoff Thorpe
2bd4e3379f Remove some warnings. 2004-03-25 02:24:38 +00:00
Richard Levitte
e725a9660b make update 2004-03-23 15:06:33 +00:00
Dr. Stephen Henson
4acc3e907d Initial support for certificate policy checking and evaluation.
This is currently *very* experimental and needs to be more fully integrated
with the main verification code.
2004-03-23 14:14:35 +00:00
Richard Levitte
875a644a90 Constify d2i, s2i, c2i and r2i functions and other associated
functions and macros.

This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const.  Those will be removed when this change has been
properly reviewed.
2004-03-15 23:15:26 +00:00
Geoff Thorpe
93825dddad static 2004-03-10 01:20:26 +00:00
Dr. Stephen Henson
a4e3150f00 Fix policy constraints syntax. 2004-03-08 18:15:32 +00:00
Dr. Stephen Henson
edec614efd Support for inhibitAnyPolicy extension. 2004-03-08 13:56:31 +00:00
Dr. Stephen Henson
bc50157010 Various X509 fixes. Disable broken certificate workarounds
when X509_V_FLAG_X509_STRICT is set. Check for CRLSign in
CRL issuer certificates. Reject CRLs with unhandled (any)
critical extensions.
2004-03-05 17:16:35 +00:00
Richard Levitte
79b42e7654 Use sh explicitely to run point.sh
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:59:07 +00:00
Richard Levitte
d420ac2c7d Use BUF_strlcpy() instead of strcpy().
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:40:17 +00:00
Dr. Stephen Henson
a8287a90ea Give CRLDP its standard name.
Max req -x509 use V1 if extensions section absent.
2003-11-20 22:45:06 +00:00