| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Make ca.c correctly initialize the revocation date.
Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string() set the
string type: so they can initialize ASN1_TIME structures properly.
|
|
Fix warning in apps/engine.c
Remove definitions of deleted functions.
Add missing definition of X509_VAL.
|
|
memory.h (which is not).
|
|
|
|
|
|
Add protoype for OCSP_response_create().
Add OCSP_request_sign() and OCSP_basic_sign()
private key and certificate checks and make
OCSP_NOCERTS consistent with PKCS7_NOCERTS
|
|
Delete obsolete OCSP functions.
Largely untested at present...
|
|
|
|
Fix PKCS7 and PKCS12 memory leaks.
Initialise encapsulated content type properly.
|
|
Enhance s2i_ASN1_INTEGER().
|
|
invalid format in OCSP request signatures.
Add spaces to OCSP HTTP header.
Change X509_NAME_set() there's no reason
why it should return an error if the
destination points to NULL... though it
should if the destination is NULL.
|
|
Set correct type in ASN1_STRING for
INTEGER and ENUMERATED types.
Make ASN1_INTEGER_get() and ASN1_ENUMERATED_get()
return -1 for invalid type rather than 0 (which is
often valid). -1 may also be valid but this is less
likely.
Load OCSP error strings in ERR_load_crypto_strings().
|
|
Remove extensions argument from various functions
because it is not needed with the new extension
code.
New function OCSP_cert_to_id() to convert a pair
of certificates into an OCSP_CERTID.
New simple OCSP HTTP function. This is rather primitive
but just about adequate to send OCSP requests and
parse the response.
Fix typo in CRL distribution points extension.
Fix ASN1 code so it adds a final null to constructed
strings.
|
|
is to have asn1.h include e_os.h and e_os2.h. Of course, this makes
the unofficial "non-export" status of e_os.h a bit delicate...
|
|
horrible macros.
Fix two evil ASN1 bugs. Attempt to use 'ctx' when
NULL if input is indefinite length constructed
in asn1_check_tlen() and invalid pointer to ASN1_TYPE
when reusing existing structure (this took *ages* to
find because the new PKCS#12 code triggered it).
|
|
objects) or OPENSSL_BUILD_SHLIBSSL (for files that end up as libssl
objects) is defined, redefine OPENSSL_EXTERN to be OPENSSL_EXPORT.
This is actually only important on Win32, and can safely be ignored in
all other cases, at least for now.
|
|
most of the old wrappers. A few of the old versions remain
because they are non standard and the corresponding ASN1
code has not been reimplemented yet.
|
|
something more efficient later...
|
|
currently OpenSSL itself wont compile with this set
because some old style stuff remains.
Change old functions X509_sign(), X509_verify() etc
to use new item based functions.
Replace OCSP function declarations with DECLARE macros.
|
|
The old function pointer versions will eventually go
away.
|
|
Win32 but it is getting there...
Update mkdef.pl to handle ASN1_ANY and fix headers.
Stop various VC++ warnings.
Include some fixes from "Peter 'Luna' Runestig"
<peter@runestig.com>
Remove external declaration for des_set_weak_key_flag:
it doesn't exist.
|
|
from the print routines.
Reorganisation of OCSP code: initial print routines in ocsp_prn.c. Doesn't
work fully because OCSP extensions aren't reimplemented yet.
Implement some ASN1 functions needed to compile OCSP code.
|
|
code from certificate, CRL and request printing routines.
|
|
authenticated attributes: this is used to retain the
original encoding and not break signatures.
Support for a SET OF which reorders the STACK when
encoding a structure. This will be used with the
PKCS7 code.
|
|
functions need to be constified, and therefore meant a number of easy
changes a little everywhere.
Now, if someone could explain to me why OBJ_dup() cheats...
|
|
to main trunk.
Lets see if the makes it to openssl-cvs :-)
|
|
(incorrect) attempt to free it once more...
|
|
|
|
|
|
|
|
that are needed in the ASN.1 macros. Hopefully, we can get rid of
those in an elegant way in the future.
|
|
|
|
make update done.
|
|
|
|
Add support for X509_NAME_print_ex() in req.
Initial code for cutomizable X509 print routines.
|
|
acceptable, since all that happens if it fails is a library with
an index, which makes linking slower, but still working correctly.
|
|
|
|
|
|
of complaints from the compiler about data pointers and function
pointers not being compatible with each other.
|
|
the OpenSSL commands x50 and req work better on a EBCDIC system.
|
|
|
|
|
|
|
|
Update PKCS12_parse().
Make the keyid in certificate aux info more usable.
|
|
|
|
return type (on platforms where time_t is a 32 bit value).
New function ASN1_UTCTIME_cmp_time_t as a replacement
for use in apps/x509.c.
|
|
|
|
The old code was painfully primitive and couldn't handle
distinct certificates using the same subject name.
The new code performs several tests on a candidate issuer
certificate based on certificate extensions.
It also adds several callbacks to X509_VERIFY_CTX so its
behaviour can be customised.
Unfortunately some hackery was needed to persuade X509_STORE
to tolerate this. This should go away when X509_STORE is
replaced, sometime...
This must have broken something though :-(
|
|
Add new option to PKCS7_sign to exclude S/MIME capabilities.
|
|
Fix bug in read only memory BIOs so BIO_reset() works.
Add sign and verify options to dgst utility, need
to update docs.
|
