Dr. Stephen Henson
568ce3a583
Constify certificate and CRL time routines.
...
Update certificate and CRL time routines to match new standard.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-19 18:40:55 +01:00
Viktor Dukhovni
c4fbed6c31
Add -dane_ee_no_namechecks s_client(1) option
...
The DANE API supports a DANE_FLAG_NO_DANE_EE_NAMECHECKS option, but
there was no way to exercise/enable it via s_client. This commit
addresses that gap.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-19 12:18:49 -04:00
Rich Salz
2a9afa4046
RT3940: For now, just document the issue.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-19 11:45:07 -04:00
Dr. Stephen Henson
68c12bfc66
Add X509_get0_serialNumber() and constify OCSP_cert_to_id()
...
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-19 12:47:31 +01:00
Dr. Stephen Henson
11222483d7
constify X509_REQ_get0_signature()
...
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-19 12:47:31 +01:00
Matt Caswell
604f6eff31
Convert X509_REVOKED* functions to use const getters
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-18 11:59:39 +01:00
Rich Salz
9d8c2dfe14
Fix some doc nits.
...
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-17 19:41:47 -04:00
Dr. Stephen Henson
59b4da05b4
Constify X509_SIG.
...
Constify X509_SIG_get0() and order arguments to mactch new standard.
Add X509_SIG_get0_mutable() to support modification or initialisation
of an X509_SIG structure.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-17 17:48:43 +01:00
Dr. Stephen Henson
8adc1cb851
Constify X509_get0_signature()
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17 14:12:55 +01:00
Dr. Stephen Henson
8900f3e398
Convert X509* functions to use const getters
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17 13:59:04 +01:00
Matt Caswell
5e6089f0eb
Convert X509_CRL* functions to use const getters
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-17 13:38:03 +01:00
Matt Caswell
6eabcc839f
Make X509_NAME_get0_der() conform to OpenSSL style
...
Put the main object first in the params list.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-17 13:03:04 +01:00
Matt Caswell
79613ea844
Convert OCSP* functions to use const getters
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-17 12:29:03 +01:00
Dr. Stephen Henson
ac4e257747
constify X509_ALGOR_get0()
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17 12:01:29 +01:00
Remi Gacogne
fddfc0afc8
Add missing session id and tlsext_status accessors
...
* SSL_SESSION_set1_id()
* SSL_SESSION_get0_id_context()
* SSL_CTX_get_tlsext_status_cb()
* SSL_CTX_get_tlsext_status_arg()
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-17 10:38:20 +01:00
Matt Caswell
48593cb12a
Convert SSL_SESSION* functions to use const getters
...
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-16 23:36:28 +01:00
Dr. Stephen Henson
17ebf85abd
Add ASN1_STRING_get0_data(), deprecate ASN1_STRING_data().
...
Deprecate the function ASN1_STRING_data() and replace with a new function
ASN1_STRING_get0_data() which returns a constant pointer. Update library
to use new function.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-16 16:05:35 +01:00
Dr. Stephen Henson
c082201a36
add documentation
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:05 +01:00
Rich Salz
e928132343
GH1446: Add SSL_SESSION_get0_cipher
...
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1451 )
2016-08-12 15:23:48 -04:00
Dr. Stephen Henson
721f398023
Update documentation for DSA_SIG and ECDSA_SIG.
...
RT#4590
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-12 14:21:21 +01:00
FdaSilvaYY
b4b42ce621
Fix doc and help about ca -valid option
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-11 10:59:21 +01:00
jamercee
e86e76a6c4
Fixed typo
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1386 )
2016-08-10 11:07:42 -04:00
JimC
3b7a575897
Documented BIO_set_accept_port()/BIO_get_accept_port()
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1386 )
2016-08-10 11:07:42 -04:00
jamercee
b4c1d72e9f
Adapt BIO_new_accept() to call BIO_set_accept_name()
...
Commit 417be66
broken BIO_new_accept() by changing the definition of the
macro BIO_set_accept_port() which stopped acpt_ctrl() from calling
BIO_parse_hostserv(). This commit completes the series of changes
initiated in 417be66
.
Updated pods to reflect new definition introduced by 417be66
.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1386 )
2016-08-10 11:07:42 -04:00
Rich Salz
f67cbb7443
Add #defines for magic numbers in API.
...
Binary- and backward-compatible. Just better.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1429 )
2016-08-10 10:07:37 -04:00
Rich Salz
3663990760
Add some const casts
...
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1397 )
2016-08-10 09:53:58 -04:00
Emilia Kasper
b03fe23146
CT: fix documentation
...
Make method names match reality
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-10 14:41:21 +02:00
klemens
6025001707
spelling fixes, just comments and readme.
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1413 )
2016-08-05 19:07:30 -04:00
FdaSilvaYY
c47ba4e96c
Constify some ASN1_OBJECT *obj input parameters
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-04 17:02:48 +02:00
FdaSilvaYY
924212a670
Constify input buffer
...
of X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID, X509_NAME_ENTRY_create_by_NID
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-04 17:02:48 +02:00
FdaSilvaYY
f48ebf9f4c
Constify ASN1_INTEGER_get, ASN1_ENUMERATED_get
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-04 17:02:48 +02:00
FdaSilvaYY
700b814549
Fix some style issues...
...
extra spacing and 80 cols
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1366 )
2016-08-02 09:59:23 +02:00
Dr. Stephen Henson
c2e888b54c
Document certificate and CRL time functions.
...
RT#4639
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-01 19:54:11 +01:00
Dr. Stephen Henson
b26ab17f3d
Constify some X509_CRL, X509_REQ functions.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-01 19:53:43 +01:00
Dr. Stephen Henson
5d8d9a8efa
Add DSA_bits() function.
...
RT#4637
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-01 19:37:42 +01:00
Kurt Roeckx
6c1f368d88
Fix typo of BN_zero()
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-01 16:17:44 +02:00
Richard J. Moore
3c8537765c
Const the ex data stuff too to fix warnings
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-01 16:13:27 +02:00
Richard J. Moore
e1f02308ae
Fix the docs too
...
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1367 )
2016-07-30 15:19:24 -04:00
Matt Caswell
e040a42e44
Update the SSL_set_bio()/SSL_set0_rbio()/SSL_set0_wbio() docs
...
Update the documentation for the newly renamed and modified SSL_set0_rbio()
and SSL_set0_wbio() functions. State that they should be preferred over
SSL_set_bio(). Attempt to document the ownership rules for SSL_set_bio().
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-29 14:09:57 +01:00
Rich Salz
1a62777163
Various doc fixes.
...
Cannot nest B<> tags
Document "openssl speed" command.
Fix doc nits: missing NAME/SYNOPSIS stuff
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-07-28 17:00:05 -04:00
Richard Levitte
61d81f0ac9
Update the example in proxy_certificates.txt
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-26 09:43:21 +02:00
FdaSilvaYY
9d7bfb14dd
Discard BIO_set(BIO* bio) method
...
Simplify BIO init using OPENSSL_zalloc().
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1261 )
2016-07-25 13:48:32 -04:00
Richard Levitte
fe0169b097
Make it possible for external code to set the certiciate proxy path length
...
This adds the functions X509_set_proxy_pathlen(), which sets the
internal pc path length cache for a given X509 structure, along with
X509_get_proxy_pathlen(), which retrieves it.
Along with the previously added X509_set_proxy_flag(), this provides
the tools needed to manipulate all the information cached on proxy
certificates, allowing external code to do what's necessary to have
them verified correctly by the libcrypto code.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-25 17:36:39 +02:00
Richard Levitte
3067095e8a
Add X509_STORE lock and unlock functions
...
Since there are a number of function pointers in X509_STORE that might
lead to user code, it makes sense for them to be able to lock the
store while they do their work.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-25 17:33:41 +02:00
Richard Levitte
0e82e0e1d0
Document the X509_STORE and X509_STORE_CTX setters and getters
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-25 17:20:58 +02:00
Steffen Nurpmeso
d49cfa3bd5
RT4627: Doc patch: fix constant names
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Signed-off-by: Rich Salz <rsalz@openssl.org>
2016-07-25 09:50:27 -04:00
FdaSilvaYY
c7d13c138c
Constify X509|X509_CRL|X509_REVOKED_get_ext
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300 )
2016-07-25 08:20:00 -04:00
FdaSilvaYY
7569362ebb
Constify ... X509|X509_CRL|X509_REVOKED|_get_ext*()
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300 )
2016-07-25 08:20:00 -04:00
FdaSilvaYY
fdaf7beec5
Constify ...
...
X509_REVOKED_get0_extensions
X509_check_private_key
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300 )
2016-07-25 08:20:00 -04:00
FdaSilvaYY
84de54b91e
Constify (X509|X509V3|X509_CRL|X509_REVOKED)_get_ext_d2i ...
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300 )
2016-07-25 08:20:00 -04:00