Lutz Jänicke
41ecaba97e
More about session caching.
2001-02-11 17:01:36 +00:00
Lutz Jänicke
96dfab9e0e
Include information that automatic query is a new feature.
2001-02-10 19:10:36 +00:00
Lutz Jänicke
1b65ce7db3
Update for 0.9.7 with SSL_OP_CIPHER_SERVER_PREFERENCE.
2001-02-10 16:21:38 +00:00
Lutz Jänicke
7b9cb4a224
Manual page for SSL_CTX_set_options(). Unfortunately for some of the
...
options someone much longer working with OpenSSL/SSLeay is needed.
2001-02-10 16:18:35 +00:00
Bodo Möller
bc2dfde4b3
Oops: It's RegTP, not RegPT ...
2001-02-10 13:35:34 +00:00
Bodo Möller
ec9dc137e7
Add German SiG root certificates (extracted from the official cert registry
...
file http://www.nrca-ds.de/ftp/pkd.ttp , which contains a total of 288
certificates issued by the RegPT so far)
2001-02-10 13:16:16 +00:00
Bodo Möller
620cea37e0
disable stdin buffering in load_cert
2001-02-10 13:12:35 +00:00
Bodo Möller
c15e036398
use case-insensitive comparison in set_table_opts
...
(similar to how arguments such as -inform/-outform specifications
are treated)
2001-02-10 11:21:29 +00:00
Dr. Stephen Henson
ccb08f98ae
Fix CRL printing to correctly show when there are no revoked certificates.
...
Make ca.c correctly initialize the revocation date.
Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string() set the
string type: so they can initialize ASN1_TIME structures properly.
2001-02-10 00:56:45 +00:00
Bodo Möller
e306892994
Simplify BN_rand_range
2001-02-10 00:34:02 +00:00
Lutz Jänicke
836f996010
New Option SSL_OP_CIPHER_SERVER_PREFERENCE allows TLS/SSLv3 server to override
...
the clients choice; in SSLv2 the client uses the server's preferences.
2001-02-09 19:56:31 +00:00
Lutz Jänicke
1613c4d3bf
Typo
2001-02-09 19:05:49 +00:00
Lutz Jänicke
b5f6d9dc6e
Fix "wierd" typo as submitted by Jeroen Ruigrok/Asmodai <asmodai@wxs.nl>.
2001-02-09 19:03:53 +00:00
Dr. Stephen Henson
c063f2c5ec
Various Win32 related fixed. Make no-krb5 work in mkdef.pl .
...
Fix warning in apps/engine.c
Remove definitions of deleted functions.
Add missing definition of X509_VAL.
2001-02-09 18:16:12 +00:00
Dr. Stephen Henson
c47c619680
Various updates to mkdef.pl to cope with new aes
...
and ASN1 code.
2001-02-09 13:16:21 +00:00
Bodo Möller
93cd57a578
fix editing error
2001-02-09 09:40:18 +00:00
Bodo Möller
49ce63cd7c
add linux-s390 configuration (based on information submitted by
...
Denis Beauchemin <Denis.Beauchemin@Courrier.USherb.ca>)
2001-02-09 08:34:29 +00:00
Dr. Stephen Henson
b3f2e399d2
Add missing \n's to ocsp usage message.
2001-02-09 03:09:05 +00:00
Dr. Stephen Henson
8c950429a9
Allow various options to be included for signing and verify of
...
OCSP responses.
Documentation to follow...
Urgh.. this conflicted with the -VAfile patch I hope I haven't
broken it.
2001-02-08 19:36:10 +00:00
Richard Levitte
c2bf70a27c
The check for request including a nonce and response not having it was
...
inversed. Corrected. Hopefully, this will make it work without
dumping core.
2001-02-08 19:28:10 +00:00
Richard Levitte
9235adbf47
Add the -VAfile option to 'openssl ocsp'. This option will give the
...
client code certificates to use to only check response signatures.
I'm not entirely sure if the way I just implemented the verification
is the right way to do it, and would be happy if someone would like to
review this.
2001-02-08 17:59:29 +00:00
Ulf Möller
a71b5abfa4
use <= instead of ==
2001-02-08 17:45:32 +00:00
Ulf Möller
928cc3a6de
point out that RAND_load_file() etc are only for seed files, not for
...
entropy devices or sockets.
2001-02-08 17:22:56 +00:00
Ulf Möller
466e4249ab
Note that EGD is used automatically.
2001-02-08 17:16:44 +00:00
Ulf Möller
9fbc45b159
cleanup
2001-02-08 17:14:07 +00:00
Bodo Möller
792e2ce7f4
Another comment change. (Previous comment does not apply
...
for range = 11000000... or range = 100000...)
2001-02-08 12:34:08 +00:00
Bodo Möller
3952584571
Change comments. (The expected number of iterations in BN_rand_range
...
never exceeds 1.333...).
2001-02-08 12:27:22 +00:00
Bodo Möller
a5d2acfc79
oops -- remove observation code
2001-02-08 12:24:41 +00:00
Bodo Möller
35ed8cb8b6
Integrate my implementation of a countermeasure against
...
Bleichenbacher's DSA attack. With this implementation, the expected
number of iterations never exceeds 2.
New semantics for BN_rand_range():
BN_rand_range(r, min, range) now generates r such that
min <= r < min+range.
(Previously, BN_rand_range(r, min, max) generated r such that
min <= r < max.
It is more convenient to have the range; also the previous
prototype was misleading because max was larger than
the actual maximum.)
2001-02-08 12:14:51 +00:00
Bodo Möller
7edc5ed90a
platform specific CFLAGS don't belong into this Makefile
2001-02-08 11:15:50 +00:00
Lutz Jänicke
420125f996
Update documentation to match the state at 0.9.6 _and_ the recent changes.
2001-02-08 10:42:01 +00:00
Ulf Möller
57e7d3ce15
Bleichenbacher's DSA attack
2001-02-07 22:24:35 +00:00
Lutz Jänicke
a8ebe4697e
Modify access to EGD socket to deal with EINTR etc that can appear
...
during connect() and other calls. First seen on Unixware-7.
Unify access to EGD-socket for all RAND_egd_*() methods.
2001-02-07 22:13:38 +00:00
Dr. Stephen Henson
deb2c1a1c5
Fix AES code.
...
Update Rijndael source to v3.0
Add AES OIDs.
Change most references of Rijndael to AES.
Add new draft AES ciphersuites.
2001-02-07 18:15:18 +00:00
Lutz Jänicke
d4219c485b
Change preferences for sockets of EGD-style entropy daemons to a more
...
reasonable selection.
2001-02-07 14:26:43 +00:00
Lutz Jänicke
73fc98a7bf
Fix typo preventing correct usage of -out option.
2001-02-07 14:15:41 +00:00
Ben Laurie
259810e05b
Rijdael CBC mode and partial undebugged SSL support.
2001-02-06 14:09:13 +00:00
Ben Laurie
171cc53a96
Improve the state machine.
2001-02-06 13:13:31 +00:00
Bodo Möller
9eea2be6f1
Avoid coredumps for CONF_get_...(NULL, ...)
2001-02-06 10:26:34 +00:00
Bodo Möller
69a03c1799
don't dump core
2001-02-06 09:47:47 +00:00
Ulf Möller
4327aae816
format strings
2001-02-06 02:57:35 +00:00
Ulf Möller
741a9690df
Fix potential buffer overrun for EBCDIC.
2001-02-06 02:54:02 +00:00
Richard Levitte
e24e40657f
Fix a memory leak in BIO_get_accept_socket(). This leak was small and
...
only happened when the port number wasn't parsable ot the host wasn't
possible to convert to an IP address.
Contributed by Niko Baric <Niko.Baric@epost.de>
2001-02-05 09:15:09 +00:00
Bodo Möller
448361a86c
Include string.h (whis is in all relevant standards) instead of
...
memory.h (which is not).
2001-02-05 09:07:50 +00:00
Dr. Stephen Henson
26e083ccb7
New function to copy nonce values from OCSP
...
request to response.
2001-02-05 00:35:06 +00:00
Ben Laurie
4978361212
Make depend.
2001-02-04 21:06:55 +00:00
Ben Laurie
247c1361f3
BN assembler is no longer option on x86.
2001-02-04 21:03:22 +00:00
Ben Laurie
1618bc7921
Can't remember why this was needed?
2001-02-04 21:02:22 +00:00
Ben Laurie
1b843d3c69
Fix a warning.
2001-02-04 21:01:32 +00:00
Lutz Jänicke
0bc6597d4d
Documenting session caching, 2nd step.
2001-02-04 18:05:27 +00:00