Richard Levitte
c2bf70a27c
The check for request including a nonce and response not having it was
...
inversed. Corrected. Hopefully, this will make it work without
dumping core.
2001-02-08 19:28:10 +00:00
Richard Levitte
9235adbf47
Add the -VAfile option to 'openssl ocsp'. This option will give the
...
client code certificates to use to only check response signatures.
I'm not entirely sure if the way I just implemented the verification
is the right way to do it, and would be happy if someone would like to
review this.
2001-02-08 17:59:29 +00:00
Ulf Möller
a71b5abfa4
use <= instead of ==
2001-02-08 17:45:32 +00:00
Ulf Möller
928cc3a6de
point out that RAND_load_file() etc are only for seed files, not for
...
entropy devices or sockets.
2001-02-08 17:22:56 +00:00
Ulf Möller
466e4249ab
Note that EGD is used automatically.
2001-02-08 17:16:44 +00:00
Ulf Möller
9fbc45b159
cleanup
2001-02-08 17:14:07 +00:00
Bodo Möller
792e2ce7f4
Another comment change. (Previous comment does not apply
...
for range = 11000000... or range = 100000...)
2001-02-08 12:34:08 +00:00
Bodo Möller
3952584571
Change comments. (The expected number of iterations in BN_rand_range
...
never exceeds 1.333...).
2001-02-08 12:27:22 +00:00
Bodo Möller
a5d2acfc79
oops -- remove observation code
2001-02-08 12:24:41 +00:00
Bodo Möller
35ed8cb8b6
Integrate my implementation of a countermeasure against
...
Bleichenbacher's DSA attack. With this implementation, the expected
number of iterations never exceeds 2.
New semantics for BN_rand_range():
BN_rand_range(r, min, range) now generates r such that
min <= r < min+range.
(Previously, BN_rand_range(r, min, max) generated r such that
min <= r < max.
It is more convenient to have the range; also the previous
prototype was misleading because max was larger than
the actual maximum.)
2001-02-08 12:14:51 +00:00
Bodo Möller
7edc5ed90a
platform specific CFLAGS don't belong into this Makefile
2001-02-08 11:15:50 +00:00
Lutz Jänicke
420125f996
Update documentation to match the state at 0.9.6 _and_ the recent changes.
2001-02-08 10:42:01 +00:00
Ulf Möller
57e7d3ce15
Bleichenbacher's DSA attack
2001-02-07 22:24:35 +00:00
Lutz Jänicke
a8ebe4697e
Modify access to EGD socket to deal with EINTR etc that can appear
...
during connect() and other calls. First seen on Unixware-7.
Unify access to EGD-socket for all RAND_egd_*() methods.
2001-02-07 22:13:38 +00:00
Dr. Stephen Henson
deb2c1a1c5
Fix AES code.
...
Update Rijndael source to v3.0
Add AES OIDs.
Change most references of Rijndael to AES.
Add new draft AES ciphersuites.
2001-02-07 18:15:18 +00:00
Lutz Jänicke
d4219c485b
Change preferences for sockets of EGD-style entropy daemons to a more
...
reasonable selection.
2001-02-07 14:26:43 +00:00
Lutz Jänicke
73fc98a7bf
Fix typo preventing correct usage of -out option.
2001-02-07 14:15:41 +00:00
Ben Laurie
259810e05b
Rijdael CBC mode and partial undebugged SSL support.
2001-02-06 14:09:13 +00:00
Ben Laurie
171cc53a96
Improve the state machine.
2001-02-06 13:13:31 +00:00
Bodo Möller
9eea2be6f1
Avoid coredumps for CONF_get_...(NULL, ...)
2001-02-06 10:26:34 +00:00
Bodo Möller
69a03c1799
don't dump core
2001-02-06 09:47:47 +00:00
Ulf Möller
4327aae816
format strings
2001-02-06 02:57:35 +00:00
Ulf Möller
741a9690df
Fix potential buffer overrun for EBCDIC.
2001-02-06 02:54:02 +00:00
Richard Levitte
e24e40657f
Fix a memory leak in BIO_get_accept_socket(). This leak was small and
...
only happened when the port number wasn't parsable ot the host wasn't
possible to convert to an IP address.
Contributed by Niko Baric <Niko.Baric@epost.de>
2001-02-05 09:15:09 +00:00
Bodo Möller
448361a86c
Include string.h (whis is in all relevant standards) instead of
...
memory.h (which is not).
2001-02-05 09:07:50 +00:00
Dr. Stephen Henson
26e083ccb7
New function to copy nonce values from OCSP
...
request to response.
2001-02-05 00:35:06 +00:00
Ben Laurie
4978361212
Make depend.
2001-02-04 21:06:55 +00:00
Ben Laurie
247c1361f3
BN assembler is no longer option on x86.
2001-02-04 21:03:22 +00:00
Ben Laurie
1618bc7921
Can't remember why this was needed?
2001-02-04 21:02:22 +00:00
Ben Laurie
1b843d3c69
Fix a warning.
2001-02-04 21:01:32 +00:00
Lutz Jänicke
0bc6597d4d
Documenting session caching, 2nd step.
2001-02-04 18:05:27 +00:00
Dr. Stephen Henson
2b916952a8
Fix ASN1_TIME_to_generlizedtime().
...
Add protoype for OCSP_response_create().
Add OCSP_request_sign() and OCSP_basic_sign()
private key and certificate checks and make
OCSP_NOCERTS consistent with PKCS7_NOCERTS
2001-02-04 03:04:43 +00:00
Dr. Stephen Henson
02e4fbed3d
Various OCSP responder utility functions.
...
Delete obsolete OCSP functions.
Largely untested at present...
2001-02-03 19:20:45 +00:00
Lutz Jänicke
7403c34b0b
Clarify why SSL_CTX_use_certificate_chain_file() should be preferred.
2001-02-03 15:15:00 +00:00
Lutz Jänicke
9022f2403b
Typo: on my screen it nicely wrapped around at 80 :-)
2001-02-03 11:02:02 +00:00
Lutz Jänicke
08f3f07212
If the source has already been succesfully queried, do not try to open it
...
again as file.
2001-02-03 10:59:13 +00:00
Lutz Jänicke
8cbceba610
Document session caching, first step.
2001-02-02 14:40:52 +00:00
Dr. Stephen Henson
88ce56f8c1
Various function for commmon operations.
2001-02-02 00:45:54 +00:00
Dr. Stephen Henson
664d83bb23
Tidy up the mess in bss_sock.c and bss_fd.c
...
by placing them socket/fd code in separate
files rather than trying to have them both
share the same one.
2001-02-02 00:31:45 +00:00
Dr. Stephen Henson
8cff6331c9
Tolerate some "variations" used in some
...
certificates.
One is a valid CA which has no basicConstraints
but does have certSign keyUsage.
Other is S/MIME signer with nonRepudiation but
no digitalSignature.
2001-02-01 01:57:32 +00:00
Lutz Jänicke
cd6aa710b5
New manual page for a hardly known but important item :-)
2001-01-31 14:14:20 +00:00
Richard Levitte
903872d65e
Document the change.
2001-01-30 13:47:59 +00:00
Richard Levitte
16a44ae7e9
Increase consistency of header data (some mail readers really do not
...
like spaces before the semicolon, and besides, other parts of this
file makes the values without those spaces), and move spacing of
continuation lines to support BIO's that break lines after each
write.
2001-01-30 13:38:59 +00:00
Bodo Möller
739423fceb
Remove serial number file during 'make clean'.
2001-01-29 11:41:12 +00:00
Bodo Möller
78f3a2aad7
Comment and indentation
2001-01-28 14:38:11 +00:00
Dr. Stephen Henson
b847024026
Make sk_sort tolearate a NULL argument.
2001-01-28 14:20:13 +00:00
Dr. Stephen Henson
50d5199120
New OCSP response verify option OCSP_TRUSTOTHER
2001-01-26 01:55:52 +00:00
Richard Levitte
9020b86250
Documentation language corrections, contributed by Chris Pepper <pepper@mail.reppep.com>
2001-01-25 14:46:00 +00:00
Dr. Stephen Henson
a342cc5a70
Zero the premaster secret after deriving the master secret in DH
...
ciphersuites.
2001-01-25 13:15:01 +00:00
Geoff Thorpe
67c3cf0675
Insert a missing space to stop pod2man giving stroppy "malformed" warnings.
2001-01-25 02:26:58 +00:00