mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity
17,813 Commits 33 Branches 385 Tags 484 MiB
fca8f5ded8
Commit Graph

1653 Commits

Author SHA1 Message Date
Viktor Dukhovni
4a7b3a7b4d Un-delete still documented X509_STORE_CTX_set_verify 
It should not have been removed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-24 20:30:45 +01:00
Rob Percival
cfd20f64cc Typo fixes 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
ea4b7ded52 Updates the CT_POLICY_EVAL_CTX POD 
Ownership semantics and function names have changed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
513a3cb16b Correct documentation about SCT setters resetting validation status 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
e12981019a Removes the SCT_verify* POD 
SCT_verify_v1 has been removed and SCT_verify is no longer part of the
public API.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
a0a9f36ebf Documents the SCT validation functions 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
76bfd2ccc3 Removes {o2i,i2o}_SCT_signature from PODs 
These functions have been removed from the public API.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
5edcadb127 Documents the CTLOG functions 
CTLOG_new_null() has been removed from the code, so it has also been
removed from this POD.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
0e74d7ca44 Document the i2o and o2i SCT functions 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
a8d5d13a5f Removes d2i_SCT_LIST.pod 
This is covered by d2i_X509.pod.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
4cfdabbb09 Document that SCT_set_source returns 0 on failure. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
882babda46 Clarifies the format of a log's public key in the CONF file 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
4a388d1e05 Refer to OPENSSLDIR rather than "the OpenSSL install directory" 
The prior wording was less accurate.
See https://github.com/openssl/openssl/pull/1372#discussion_r73127000.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
32fa3da8b1 Adds history section to CT PODs 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
e469945f2c Fixes final issue in CT PODs highlighted by util/find-doc-nits.pl 
Fixes complaint "ct missing from SYNOPSIS".

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
4eabbe9d59 Renames CT_POLICY_EVAL_CTX.pod to CT_POLICY_EVAL_CTX_new.pod 
util/fix-doc-nits.pl complains that
"CT_POLICY_EVAL_CTX (filename) missing from NAME section".

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
7a2c739c00 Adds copyright section to ct.pod 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
6c3e9a71ab Adds newline after =cut in PODs 
util/find-doc-nits.pl complains that the file "doesn't end with =cut".

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
cb8145ff4a Adds missing function names to NAME section of PODs 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
ae97a654ca Add enum definitions to CT pods 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
8b12a3e75b Remove unnecessary bold tags in CT pods 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
0620ecdcd2 Add SSL_get0_peer_scts to ssl.pod 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
56f3f714ef First draft of CT documentation 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
FdaSilvaYY
0fe9123687 Constify a bit X509_NAME_get_entry 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-08-23 11:47:22 +02:00
FdaSilvaYY
9f5466b9b8 Constify some X509_NAME, ASN1 printing code 
ASN1_buf_print, asn1_print_*, X509_NAME_oneline, X509_NAME_print

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-08-23 11:47:22 +02:00
Kazuki Yamaguchi
9ba6f347fe Expose alloc functions for EC{PK,}PARAMETERS 
Declare EC{PK,}PARAMETERS_{new,free} functions in public headers. The
free functions are necessary because EC_GROUP_get_ec{pk,}parameters()
was made public by commit 60b350a3ef ("RT3676: Expose ECgroup i2d
functions").

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-22 15:10:02 +01:00
Andy Polyakov
1194ea8dc3 crypto/pkcs12: facilitate accessing data with non-interoperable password. 
Originally PKCS#12 subroutines treated password strings as ASCII.
It worked as long as they were pure ASCII, but if there were some
none-ASCII characters result was non-interoperable. But fixing it
poses problem accessing data protected with broken password. In
order to make asscess to old data possible add retry with old-style
password.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-08-22 13:52:59 +02:00
Dr. Stephen Henson
0b7347effe Add X509_getm_notBefore, X509_getm_notAfter 
Add mutable versions of X509_get0_notBefore and X509_get0_notAfter.

Rename X509_SIG_get0_mutable to X509_SIG_getm.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
 2016-08-21 18:25:23 +01:00
Rich Salz
8b8d963db5 Add BIO_get_new_index() 
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
 2016-08-19 21:04:41 -04:00
Dr. Stephen Henson
568ce3a583 Constify certificate and CRL time routines. 
Update certificate and CRL time routines to match new standard.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-19 18:40:55 +01:00
Viktor Dukhovni
c4fbed6c31 Add -dane_ee_no_namechecks s_client(1) option 
The DANE API supports a DANE_FLAG_NO_DANE_EE_NAMECHECKS option, but
there was no way to exercise/enable it via s_client.  This commit
addresses that gap.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-19 12:18:49 -04:00
Rich Salz
2a9afa4046 RT3940: For now, just document the issue. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-08-19 11:45:07 -04:00
Dr. Stephen Henson
68c12bfc66 Add X509_get0_serialNumber() and constify OCSP_cert_to_id() 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-19 12:47:31 +01:00
Dr. Stephen Henson
11222483d7 constify X509_REQ_get0_signature() 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-19 12:47:31 +01:00
Matt Caswell
604f6eff31 Convert X509_REVOKED* functions to use const getters 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
 2016-08-18 11:59:39 +01:00
Rich Salz
9d8c2dfe14 Fix some doc nits. 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-17 19:41:47 -04:00
Dr. Stephen Henson
59b4da05b4 Constify X509_SIG. 
Constify X509_SIG_get0() and order arguments to mactch new standard.

Add X509_SIG_get0_mutable() to support modification or initialisation
of an X509_SIG structure.

Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-17 17:48:43 +01:00
Dr. Stephen Henson
8adc1cb851 Constify X509_get0_signature() 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-08-17 14:12:55 +01:00
Dr. Stephen Henson
8900f3e398 Convert X509* functions to use const getters 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-08-17 13:59:04 +01:00
Matt Caswell
5e6089f0eb Convert X509_CRL* functions to use const getters 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
 2016-08-17 13:38:03 +01:00
Matt Caswell
6eabcc839f Make X509_NAME_get0_der() conform to OpenSSL style 
Put the main object first in the params list.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
 2016-08-17 13:03:04 +01:00
Matt Caswell
79613ea844 Convert OCSP* functions to use const getters 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
 2016-08-17 12:29:03 +01:00
Dr. Stephen Henson
ac4e257747 constify X509_ALGOR_get0() 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-08-17 12:01:29 +01:00
Remi Gacogne
fddfc0afc8 Add missing session id and tlsext_status accessors 
* SSL_SESSION_set1_id()
 * SSL_SESSION_get0_id_context()
 * SSL_CTX_get_tlsext_status_cb()
 * SSL_CTX_get_tlsext_status_arg()

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-17 10:38:20 +01:00
Matt Caswell
48593cb12a Convert SSL_SESSION* functions to use const getters 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
 2016-08-16 23:36:28 +01:00
Dr. Stephen Henson
17ebf85abd Add ASN1_STRING_get0_data(), deprecate ASN1_STRING_data(). 
Deprecate the function ASN1_STRING_data() and replace with a new function
ASN1_STRING_get0_data() which returns a constant pointer. Update library
to use new function.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-16 16:05:35 +01:00
Dr. Stephen Henson
c082201a36 add documentation 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-13 14:11:05 +01:00
Rich Salz
e928132343 GH1446: Add SSL_SESSION_get0_cipher 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1451)
 2016-08-12 15:23:48 -04:00
Dr. Stephen Henson
721f398023 Update documentation for DSA_SIG and ECDSA_SIG. 
RT#4590

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-12 14:21:21 +01:00
FdaSilvaYY
b4b42ce621 Fix doc and help about ca -valid option 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-11 10:59:21 +01:00