Dr. Stephen Henson
9868232ae1
Initial trust code: allow setting of trust checking functions
...
in a table. Doesn't do too much yet.
Make the -<digestname> options in 'x509' affect all relevant
options.
Change the name of the 'notrust' options to 'reject' as this
causes less confusion and is a better description of the
effect.
A few constification changes.
1999-11-27 01:14:04 +00:00
Dr. Stephen Henson
d4cec6a13d
New options to the -verify program which can be used for chain verification.
...
Extend the X509_PURPOSE structure to include shortnames for purposed and default
trust ids.
Still need some extendable trust checking code and integration with the SSL and
S/MIME code.
1999-11-26 00:27:07 +00:00
Dr. Stephen Henson
1126239111
Initial chain verify code: not tested probably not working
...
at present. However nothing enables it yet so this doesn't
matter :-)
1999-11-24 01:31:49 +00:00
Dr. Stephen Henson
6d3724d3b0
Support for authority information access extension.
...
Fix so EVP_PKEY_rset_*() check return codes.
1999-11-23 18:50:28 +00:00
Dr. Stephen Henson
52664f5081
Transparent support for PKCS#8 private keys in RSA/DSA.
...
New universal public key format.
Fix CRL+cert load problem in by_file.c
Make verify report errors when loading files or dirs
1999-11-21 22:28:31 +00:00
Dr. Stephen Henson
a716d72734
Support for otherName in GeneralName.
1999-11-19 02:19:58 +00:00
Ben Laurie
44eca70641
Update dependencies.
1999-11-18 14:32:54 +00:00
Ben Laurie
5ef738240a
Fix warning.
1999-11-18 14:10:53 +00:00
Bodo Möller
1088e27ca8
Restore traditional SSL_get_session behaviour so that s_client and s_server
...
don't leak tons of memory.
1999-11-17 21:36:13 +00:00
Ulf Möller
4f23052492
Missing #ifdef NO_DES
1999-11-17 13:03:29 +00:00
Dr. Stephen Henson
f76d8c4747
Modify verify code to handle self signed certificates.
1999-11-17 01:20:29 +00:00
Bodo Möller
b1fe6ca175
Store verify_result with sessions to avoid potential security hole.
1999-11-16 23:15:41 +00:00
Dr. Stephen Henson
91895a5938
Fix for a bug in PKCS#7 code and non-detached data.
...
Remove rc4-64 from ciphers since it doesn't exist...
1999-11-16 14:54:50 +00:00
Dr. Stephen Henson
6d1b637ba1
Clarify docs.
1999-11-16 02:51:41 +00:00
Dr. Stephen Henson
fd699ac55f
Add a salt to the key derivation using the 'enc' program.
1999-11-16 02:49:25 +00:00
Dr. Stephen Henson
e947f39689
New function X509_cmp().
1999-11-16 00:56:03 +00:00
Mark J. Cox
b7cfcfb7f8
This corrects the reference count handling in SSL_get_session.
...
Previously, the returned SSL_SESSION didn't have its reference count
incremented so the SSL_SESSION could be freed at any time causing
seg-faults if the pointer was subsequently used. Code that uses
SSL_get_session must now make a corresponding SSL_SESSION_free() call when
it is done to avoid memory leaks (or blocked up session caches).
Submitted By: Geoff Thorpe <geoff@eu.c2.net>
1999-11-15 16:31:31 +00:00
Dr. Stephen Henson
06556a1744
'req' fixes. Reinstate length check one request fields.
...
Fix to stop null being added to attributes.
Modify X509_LOOKUP, X509_INFO to handle auxiliary info.
1999-11-14 23:10:50 +00:00
Dr. Stephen Henson
4abc5c624a
Add some examples to the enc man page.
1999-11-14 13:34:34 +00:00
Dr. Stephen Henson
a0e9f529a4
Add support for the 40 and 64 bit RC2 and RC4 ciphers in 'enc'
...
add documentation for 'enc'.
1999-11-14 03:23:17 +00:00
Dr. Stephen Henson
0286d94454
Add info about the header and footer lines used in PEM formats
...
and add an nseq manpage.
1999-11-13 21:58:39 +00:00
Dr. Stephen Henson
938ead8f88
Correct x509 manpaghe and add a crl manpage
1999-11-13 21:28:01 +00:00
Richard Levitte
6828f02c9a
The info removal code was overcomplicated, and error-prone (references being wrongly decreased). Fixed.
1999-11-12 21:51:24 +00:00
Bodo Möller
47d216940c
Avoid deadlock.
1999-11-12 16:20:30 +00:00
Dr. Stephen Henson
01aad2c80a
Add an spkac manual page and fix the pkcs7 manpage.
1999-11-12 14:04:41 +00:00
Richard Levitte
71d7526b72
Avoid some silly compiler warnings, and add the change log I forgot :-)
1999-11-12 03:12:46 +00:00
Richard Levitte
1f575f1b1d
Two changes have been made:
...
1. Added code to the memory leak detecting code to give the user the
possibility to add information, thereby forming a traceback.
2. Make the memory leak detecting code multithread-safe.
The idea is that we're actually dealing with two separate critical
sections, one containing the hash tables with the information, the
other containing the current memory checking mode. Those should not
be handled with the same lock, especially since their handling overlap.
Hence, the added second lock.
1999-11-12 02:51:24 +00:00
Richard Levitte
f18a93ab04
Some crypto applications are now being built on Unix, so they should on VMS as well. Not by default, however.
1999-11-12 02:21:49 +00:00
Richard Levitte
03da458a06
It's possible that considering the configuration file as a binary file
...
works on Unix and MS-DOS/Windows. It does not under VMS, so open it
as text.
1999-11-12 02:19:05 +00:00
Richard Levitte
f48158b854
Avoid silly compiler warnings about functions not being declared and an int missing.
1999-11-12 02:10:23 +00:00
Richard Levitte
b3e1a4c68c
Some new names in asn1.h are longer than 31 chars, which disturbs the VMS C compilers...
1999-11-12 02:04:30 +00:00
Richard Levitte
849c0fe240
Adjust to changes in apps/openssl.cnf
1999-11-12 01:59:47 +00:00
Richard Levitte
ca0e2bc973
Adjust to changes in apps/Makefile.ssl
1999-11-12 01:52:59 +00:00
Richard Levitte
13427e4561
DIFFERENCE doesn't handle long (>255 chars) lines well. Use BACKUP instead. No, I'm not joking.
1999-11-12 01:46:50 +00:00
Richard Levitte
02ab618c97
adjust to changes in test/Makefile.ssl
1999-11-12 01:45:04 +00:00
Richard Levitte
82a2d07262
adjust to changes in test/testssl
1999-11-12 01:43:55 +00:00
Richard Levitte
c96ab5101a
Make sure installed files are world readable
1999-11-12 01:42:59 +00:00
Dr. Stephen Henson
954ef7ef69
Merge some common functionality in the apps, delete
...
the encryption option in the pkcs7 utility (they never
did anything) and add a couple more options to pkcs7.
1999-11-12 01:42:25 +00:00
Dr. Stephen Henson
c4471290c0
Oops forgot the S/MIME v3 RFC.
1999-11-12 01:07:33 +00:00
Dr. Stephen Henson
5e76807bbd
More docs and corrections/updates
1999-11-12 01:04:39 +00:00
Dr. Stephen Henson
af29811edd
Add password command line options to some utils. Fix and update man
...
pages.
1999-11-11 18:41:31 +00:00
Dr. Stephen Henson
53b1899e3c
Fix a couple of outstanding issues: update STATUS file, fix NO_FP_API problems.
...
Update docs, change 'ca' to use the new callback parameter. Now moved key_callback
into app.c because some other utilities will use it soon.
1999-11-11 13:58:41 +00:00
Dr. Stephen Henson
174a4a8c89
Oops. The pkcs8 man page wasn't finished: this is an updated version
1999-11-11 00:48:39 +00:00
Dr. Stephen Henson
aba3e65f2c
Very preliminary POD format documentation for some
...
of the openssl utility commands...
1999-11-10 02:52:17 +00:00
Bodo Möller
0d9cfe1ae7
Undo silly change.
1999-11-09 16:41:52 +00:00
Ben Laurie
95fdc5eef9
Fix (spurious) warnings.
1999-11-09 12:09:24 +00:00
Bodo Möller
5fe2085bba
Avoid some warnings.
1999-11-09 10:00:15 +00:00
Dr. Stephen Henson
a0ad17bb6c
Fix to the -revoke option in ca. It was leaking memory, crashing and just
...
plain not working :-(
Also fix some memory leaks in the new X509_NAME code.
Fix so new app_rand code doesn't crash 'x509' and move #include so it compiles
under Win32.
1999-11-08 13:58:08 +00:00
Dr. Stephen Henson
ce1b4fe146
Allow additional information to be attached to a
...
certificate: currently this includes trust settings
and a "friendly name".
1999-11-04 00:45:35 +00:00
Mark J. Cox
ce2c95b2a2
Fix assembler for Alpha (tested only on DEC OSF not Linux or *BSD). The
...
problem was that one of the replacement routines had not been working since
SSLeay releases. For now the offending routine has been replaced with
non-optimised assembler. Even so, this now gives around 95% performance
improvement for 1024 bit RSA signs.
1999-11-03 14:10:10 +00:00