Rich Salz
8cfe08b4ec
Remove all .cvsignore files
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-11-28 18:32:43 -05:00
Rich Salz
b2aa38a980
RT2560: missing NULL check in ocsp_req_find_signer
...
If we don't find a signer in the internal list, then fall
through and look at the internal list; don't just return NULL.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-10 12:18:50 -04:00
Laszlo Papp
ddc29125a1
RT2489: Remove extra "sig" local variable.
...
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-08-18 17:36:49 -04:00
Tom Greenslade
b36f35cda9
Handle IPv6 addresses in OCSP_parse_url.
...
PR#2783
2014-06-27 17:30:59 +01:00
Dr. Stephen Henson
7a9d59c148
Fix null pointer errors.
...
PR#3394
2014-06-10 14:47:29 +01:00
Dr. Stephen Henson
b48310627d
Don't try and verify signatures if key is NULL (CVE-2013-0166)
...
Add additional check to catch this in ASN1_item_verify too.
(cherry picked from commit 66e8211c0b
)
2014-04-01 16:37:51 +01:00
Ben Laurie
c45a48c186
Constification.
2013-10-07 12:45:26 +01:00
Dr. Stephen Henson
0028a23b9f
revert OCSP_basic_verify changes: they aren't needed now we support partial chain verification and can pass verify options to ocsp utility
2012-12-20 18:51:00 +00:00
Dr. Stephen Henson
e9754726d2
Check chain is not NULL before assuming we have a validated chain.
...
The modification to the OCSP helper purpose breaks normal OCSP verification.
It is no longer needed now we can trust partial chains.
2012-12-15 02:58:00 +00:00
Dr. Stephen Henson
2a21cdbe6b
Use new partial chain flag instead of modifying input parameters.
2012-12-13 18:20:47 +00:00
Ben Laurie
ec40e5ff42
Tabification. Remove accidental duplication.
2012-12-10 16:52:17 +00:00
Ben Laurie
30c278aa6b
Fix OCSP checking.
2012-12-07 18:47:47 +00:00
Dr. Stephen Henson
2fceff5ba3
PR: 2803
...
Submitted by: jean-etienne.schwartz@bull.net
In OCSP_basic_varify return an error if X509_STORE_CTX_init fails.
2012-11-29 19:15:14 +00:00
Dr. Stephen Henson
68f5500d31
constify
2012-11-29 01:13:38 +00:00
Dr. Stephen Henson
6f9076ff37
Generalise OCSP I/O functions to support dowloading of other ASN1
...
structures using HTTP. Add wrapper function to handle CRL download.
2012-11-28 16:22:53 +00:00
Dr. Stephen Henson
a26e245ecd
Fix the ECDSA timing attack mentioned in the paper at:
...
http://eprint.iacr.org/2011/232.pdf
Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
2011-05-25 14:52:21 +00:00
Dr. Stephen Henson
df6de39fe7
Change AR to ARX to allow exclusion of fips object modules
2011-01-26 16:08:08 +00:00
Dr. Stephen Henson
983768997e
We can't always read 6 bytes in an OCSP response: fix so error statuses
...
are read correctly for non-blocking I/O.
2010-10-06 18:00:59 +00:00
Ben Laurie
c8bbd98a2b
Fix warnings.
2010-06-12 14:13:23 +00:00
Dr. Stephen Henson
e45c32fabf
missing goto meant signature was never printed out
2010-03-12 12:06:48 +00:00
Dr. Stephen Henson
aec13c1a9f
PR: 2063
...
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BIO_write error handling in ocsp_prn.c
2009-09-30 23:58:37 +00:00
Dr. Stephen Henson
18e503f30f
PR: 2064, 728
...
Submitted by: steve@openssl.org
Add support for custom headers in OCSP requests.
2009-09-30 21:40:55 +00:00
Dr. Stephen Henson
b6dcdbfc94
Audit libcrypto for unchecked return values: fix all cases enountered
2009-09-23 23:43:49 +00:00
Ben Laurie
23b973e600
Calculate offset correctly. (Coverity ID 233)
2009-01-01 18:30:51 +00:00
Ben Laurie
0eab41fb78
If we're going to return errors (no matter how stupid), then we should
...
test for them!
2008-12-29 16:11:58 +00:00
Andy Polyakov
e527201f6b
This _WIN32-specific patch makes it possible to "wrap" OpenSSL in another
...
.DLL, in particular static build. The issue has been discussed in RT#1230
and later on openssl-dev, and mutually exclusive approaches were suggested.
This completes compromise solution suggested in RT#1230.
PR: 1230
2008-12-22 13:54:12 +00:00
Dr. Stephen Henson
2e5975285e
Update obsolete email address...
2008-11-05 18:39:08 +00:00
Dr. Stephen Henson
cec2538ca9
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>, steve
...
Use default algorithms for OCSP request and response signing. New command
line option to support other digest use for OCSP certificate IDs.
2007-12-04 12:41:28 +00:00
Andy Polyakov
ebc06fba67
Bunch of constifications.
2007-10-13 15:51:32 +00:00
Dr. Stephen Henson
67c8e7f414
Support for certificate status TLS extension.
2007-09-26 21:56:59 +00:00
Dr. Stephen Henson
710069c19e
Fix warnings.
2007-08-12 17:44:32 +00:00
Dr. Stephen Henson
3c07d3a3d3
Finish gcc 4.2 changes.
2007-06-07 13:14:42 +00:00
Dr. Stephen Henson
4d7aff707e
Update dependencies.
2006-11-30 13:41:47 +00:00
Dr. Stephen Henson
47a9d527ab
Update from 0.9.8 stable. Eliminate duplicate error codes.
2006-11-21 21:29:44 +00:00
Dr. Stephen Henson
28b987aec9
Don't assume requestorName is present for signed requests. ASN1 OCSP module
...
fix: certs field is OPTIONAL.
2006-11-13 13:21:47 +00:00
Dr. Stephen Henson
fb596f3bb7
OCSP library tidy. Use extension to encode OCSP extensions instead of doing
...
it manually. Make OCSP_CERTID_dup() a real function instead of a macro.
2006-11-13 13:18:28 +00:00
Dr. Stephen Henson
b589427941
WIN32 fixes signed/unsigned issues and slightly socket semantics.
2006-07-17 18:52:51 +00:00
Dr. Stephen Henson
5c95c2ac23
Fix various error codes to match functions.
2006-07-17 16:33:31 +00:00
Dr. Stephen Henson
c1c6c0bf45
New non-blocking OCSP functionality.
2006-07-17 12:18:28 +00:00
Nils Larsch
c755c5fd8b
improved error checking and some fixes
...
PR: 1170
Submitted by: Yair Elharrar
Reviewed and edited by: Nils Larsch
2005-07-26 21:10:34 +00:00
Andy Polyakov
ce92b6eb9c
Further BUILDENV refinement, further fool-proofing of Makefiles and
...
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342 .
2005-05-16 16:55:47 +00:00
Andy Polyakov
81a86fcf17
Fool-proofing Makefiles
2005-05-15 22:23:26 +00:00
Dr. Stephen Henson
fe86616c72
Some C compilers produce warnings or compilation errors if an attempt
...
is made to directly cast a function of one type to what it considers and
incompatible type. In particular gcc 3.4.2.
Add new openssl_fcast macro to place functions into a form where the compiler
will allow them to be cast.
The current version achives this by casting to: void function(void).
2005-05-12 23:01:44 +00:00
Bodo Möller
8afca8d9c6
Fix more error codes.
...
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
2005-05-11 03:45:39 +00:00
Dr. Stephen Henson
29dc350813
Rebuild error codes.
2005-04-12 16:15:22 +00:00
Richard Levitte
4bb61becbb
Add emacs cache files to .cvsignore.
2005-04-11 14:17:07 +00:00
Ben Laurie
8bb826ee53
Consistency.
2005-03-31 13:57:54 +00:00
Ben Laurie
41a15c4f0f
Give everything prototypes (well, everything that's actually used).
2005-03-31 09:26:39 +00:00
Ben Laurie
42ba5d2329
Blow away Makefile.ssl.
2005-03-30 13:05:57 +00:00
Richard Levitte
a2ac429da2
Don't use $(EXHEADER) directly in for loops, as most shells will break
...
if $(EXHEADER) is empty.
Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
2004-11-02 23:55:01 +00:00