- 02 8月, 2015 1 次提交
-
-
由 Ben Laurie 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 14 7月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 08 7月, 2015 2 次提交
-
-
由 Matt Caswell 提交于
The -show_chain flag to the verify command line app shows information about the chain that has been built. This commit adds the text "untrusted" against those certificates that have been used from the untrusted list. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Fills in the help text for a number of options to verify that were blank. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 03 6月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Here are the "rules" for handling flags that depend on #ifdef: - Do not ifdef the enum. Only ifdef the OPTIONS table. All ifdef'd entries appear at the end; by convention "engine" is last. This ensures that at run-time, the flag will never be recognized/allowed. The next two bullets entries are for silencing compiler warnings: - In the while/switch parsing statement, use #ifdef for the body to disable it; leave the "case OPT_xxx:" and "break" statements outside the ifdef/ifndef. See ciphers.c for example. - If there are multiple options controlled by a single guard, OPT_FOO, OPT_BAR, etc., put a an #ifdef around the set, and then do "#else" and a series of case labels and a break. See OPENSSL_NO_AES in cms.c for example. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 29 5月, 2015 1 次提交
-
-
由 Richard Levitte 提交于
The module loading feature got broken a while ago, so restore it, but have it a bit more explicit this time around. Reviewed-by: NStephen Henson <steve@openssl.org>
-
- 11 5月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 01 5月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Don't check for NULL before calling a free routine. This gets X509_.*free: x509_name_ex_free X509_policy_tree_free X509_VERIFY_PARAM_free X509_STORE_free X509_STORE_CTX_free X509_PKEY_free X509_OBJECT_free_contents X509_LOOKUP_free X509_INFO_free Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 29 4月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Many functions had a BIO* parameter, and it was always called with bio_err. Remove the param and just use bio_err. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 26 4月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Make setup_engine be a dummy if NO_ENGINE is enabled. The option is not enabled if NO_ENGINE is enabled, so the one "wasted" variable just sits there. Removes some variables and code. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 25 4月, 2015 1 次提交
-
-
由 Rich Salz 提交于
This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb246 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 25 2月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
X509_V_FLAG_NO_ALT_CHAINS flag. Using this option means that when building certificate chains, the first chain found will be the one used. Without this flag, if the first chain found is not trusted then we will keep looking to see if we can build an alternative chain instead. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
- 22 1月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 13 1月, 2015 1 次提交
-
-
由 Rich Salz 提交于
This last one for this ticket. Removes WIN16. So long, MS_CALLBACK and MS_FAR. We won't miss you. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 20 6月, 2014 1 次提交
-
-
由 Hubert Kario 提交于
Add -trusted_first description to help messages and man pages of tools that deal with certificate verification.
-
- 25 2月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 12 12月, 2012 1 次提交
-
-
由 Ben Laurie 提交于
-
- 07 12月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Just a sample, real world applications would have to be cleverer.
-
- 04 6月, 2012 1 次提交
-
-
由 Ben Laurie 提交于
-
- 13 12月, 2011 2 次提交
-
-
由 Ben Laurie 提交于
-
由 Ben Laurie 提交于
-
- 28 2月, 2010 2 次提交
-
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
1.0.0. Original fix was on 2007-Mar-09 and had the log message: "Fix kerberos ciphersuite bugs introduced with PR:1336."
-
- 25 2月, 2010 1 次提交
-
-
由 Dr. Stephen Henson 提交于
allow setting of verify names in command line utilities and print out verify names in verify utility
-
- 01 11月, 2009 1 次提交
-
-
由 Dr. Stephen Henson 提交于
information. Add more informative message to verify callback to indicate when CRL path validation is taking place.
-
- 31 10月, 2009 1 次提交
-
-
由 Dr. Stephen Henson 提交于
load_crls and tidy up load_certs. Remove useless purpose variable from verify utility: now done with args_verify.
-
- 18 10月, 2009 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 02 9月, 2009 1 次提交
-
-
由 Dr. Stephen Henson 提交于
obsolete functions and enhance to handle new conditions such as policy printing.
-
- 08 1月, 2009 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 29 11月, 2004 1 次提交
-
-
由 Richard Levitte 提交于
CA setting in each certificate on the chain is correct. As a side- effect always do the following basic checks on extensions, not just when there's an associated purpose to the check: - if there is an unhandled critical extension (unless the user has chosen to ignore this fault) - if the path length has been exceeded (if one is set at all) - that certain extensions fit the associated purpose (if one has been given)
-
- 08 9月, 2004 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Add support for policy checking in verify utility.
-
- 31 1月, 2003 1 次提交
-
-
由 Richard Levitte 提交于
PR: 287
-
- 04 12月, 2002 1 次提交
-
-
由 Richard Levitte 提交于
exit() in whatever way works for the intended platform, and define OPENSSL_EXIT() to have the old meaning (the name is of course because it's only used in the openssl program)
-
- 13 11月, 2002 1 次提交
-
-
由 Ben Laurie 提交于
-
- 22 2月, 2002 1 次提交
-
-
由 Dr. Stephen Henson 提交于
CONF_modules_unload() now calls CONF_modules_finish() automatically. Default use of section openssl_conf moved to CONF_modules_load() Load config file in several openssl utilities. Most utilities now load modules from the config file, though in a few (such as version) this isn't done because it couldn't be used for anything. In the case of ca and req the config file used is the same as the utility itself: that is the -config command line option can be used to specify an alternative file.
-
- 21 10月, 2001 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reject certificates with unhandled critical extensions.
-
- 12 9月, 2001 1 次提交
-
-
由 Geoff Thorpe 提交于
-
- 02 9月, 2001 1 次提交
-
-
由 Geoff Thorpe 提交于
See the commit log message for that for more information. NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented (initialisation by "memset" won't/can't/doesn't work). This fixes that but requires that X509_STORE_CTX_init() be able to handle errors - so its prototype has been changed to return 'int' rather than 'void'. All uses of that function throughout the source code have been tracked down and adjusted.
-
- 25 6月, 2001 1 次提交
-
-
由 Richard Levitte 提交于
-
- 18 6月, 2001 1 次提交
-
-
由 Richard Levitte 提交于
everywhere.
-