Rich Salz
ca3a82c3b3
free NULL cleanup
...
This commit handles BIO_ACCEPT_free BIO_CB_FREE BIO_CONNECT_free
BIO_free BIO_free_all BIO_vfree
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-25 11:31:18 -04:00
Dr. Stephen Henson
6ef869d7d0
Make OCSP structures opaque.
...
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-05 14:47:48 +00:00
Matt Caswell
25690b7f5f
Add -no_alt_chains option to apps to implement the new
...
X509_V_FLAG_NO_ALT_CHAINS flag. Using this option means that when building
certificate chains, the first chain found will be the one used. Without this
flag, if the first chain found is not trusted then we will keep looking to
see if we can build an alternative chain instead.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-02-25 09:15:02 +00:00
Matt Caswell
0f113f3ee4
Run util/openssl-format-source -v -c .
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Kurt Roeckx
961d2ddb4b
Use the SSLv23 method by default
...
If SSLv2 and SSLv3 are both disabled we still support SSL/TLS.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-02 11:26:49 +01:00
Matt Caswell
5e31a40f47
Tidy up ocsp help output
...
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-11-27 14:08:07 +00:00
André Guerreiro
de87dd46c1
Add documentation on -timeout option in the ocsp utility
...
PR#3612
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-11-27 14:07:50 +00:00
Rich Salz
327f3c040e
Fix typo in message (RT 3107)
2014-06-29 11:40:05 -04:00
Hubert Kario
6d3d579367
Document -trusted_first option in man pages and help.
...
Add -trusted_first description to help messages and man pages
of tools that deal with certificate verification.
2014-06-19 23:09:21 +01:00
Dr. Stephen Henson
5219d3dd35
Fix free errors in ocsp utility.
...
Keep copy of any host, path and port values allocated by
OCSP_parse_url and free as necessary.
2014-04-09 15:42:40 +01:00
Dr. Stephen Henson
ded18639d7
Move CT viewer extension code to crypto/x509v3
2014-02-20 18:48:56 +00:00
Rob Stradling
b263f21246
Move the SCT List extension parser into libssl.
...
Add the extension parser in the s_client, ocsp and x509 apps.
2014-02-19 13:12:46 +00:00
Ben Laurie
c45a48c186
Constification.
2013-10-07 12:45:26 +01:00
Dr. Stephen Henson
09d0d67c13
add missing newline
2012-12-21 16:24:48 +00:00
Dr. Stephen Henson
bbdfbacdef
add -rmd option to set OCSP response signing digest
2012-12-16 00:10:03 +00:00
Dr. Stephen Henson
99fc818e93
Return success when the responder is active.
...
Don't verify our own responses.
2012-12-15 02:56:02 +00:00
Dr. Stephen Henson
265f835e3e
typo
2012-12-15 00:29:12 +00:00
Dr. Stephen Henson
33826fd028
Add support for '-' as input and output filenames in ocsp utility.
...
Recognise verification arguments.
2012-12-14 23:30:56 +00:00
Dr. Stephen Henson
92821996de
oops, revert, committed in error
2012-12-14 23:29:58 +00:00
Dr. Stephen Henson
11e2957d5f
apps/ocsp.c
2012-12-14 23:28:19 +00:00
Dr. Stephen Henson
1e8b9e7e69
add -badsig option to ocsp utility too.
2012-12-09 16:21:46 +00:00
Ben Laurie
30c278aa6b
Fix OCSP checking.
2012-12-07 18:47:47 +00:00
Dr. Stephen Henson
18e503f30f
PR: 2064, 728
...
Submitted by: steve@openssl.org
Add support for custom headers in OCSP requests.
2009-09-30 21:40:55 +00:00
Dr. Stephen Henson
37fc562bd8
Free SSL_CTX after BIO
2009-09-30 21:36:17 +00:00
Dr. Stephen Henson
c869da8839
Update from 1.0.0-stable
2009-07-27 21:10:00 +00:00
Dr. Stephen Henson
14023fe352
Merge from 1.0.0-stable branch.
2009-04-03 11:45:19 +00:00
Dr. Stephen Henson
3859d7ee78
Just to be awkward Ubuntu 8.10 doesn't like _XOPEN_SOURCE_EXTENDED...
2009-02-06 16:43:52 +00:00
Richard Levitte
5871ddb016
Because DEC C - sorry, HP C - is picky about features, we need to
...
define _XOPEN_SOURCE_EXTENDED to reach fd_set and timeval types and
functionality.
2009-01-28 07:38:14 +00:00
Dr. Stephen Henson
2e5975285e
Update obsolete email address...
2008-11-05 18:39:08 +00:00
Ben Laurie
5ce278a77b
More type-checking.
2008-06-04 11:01:43 +00:00
Geoff Thorpe
1e26a8baed
Fix a variety of warnings generated by some elevated compiler-fascism,
...
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
2008-03-16 21:05:46 +00:00
Andy Polyakov
637f90621d
Cygwin compatibility fix to apps/ocsp.c.
2008-01-05 21:32:29 +00:00
Dr. Stephen Henson
eef0c1f34c
Netware support.
...
Submitted by: Guenter Knauf <eflash@gmx.net>
2008-01-03 22:43:04 +00:00
Dr. Stephen Henson
341e18b497
Handle non-SHA1 digests for certids in OCSP test responder.
2007-12-14 12:43:50 +00:00
Dr. Stephen Henson
cec2538ca9
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>, steve
...
Use default algorithms for OCSP request and response signing. New command
line option to support other digest use for OCSP certificate IDs.
2007-12-04 12:41:28 +00:00
Dr. Stephen Henson
67c8e7f414
Support for certificate status TLS extension.
2007-09-26 21:56:59 +00:00
Dr. Stephen Henson
710069c19e
Fix warnings.
2007-08-12 17:44:32 +00:00
Dr. Stephen Henson
ad35cdac74
PR: 1516
...
Revert change in 1516 because it breaks Windows build. Use a modified version
of the headers from s_client.c which has used similar functionality without
any problems.
2007-05-16 12:16:49 +00:00
Ben Laurie
313fce7b61
Don't free a NULL. Coverity ID 112.
2007-04-04 14:59:20 +00:00
Ben Laurie
4b8747e440
Die if serial number is invalid.
2007-04-04 13:41:33 +00:00
Richard Levitte
a1d915990b
Apply a more modern way to get the definition of select(), except for VMS.
...
Submitted by Corinna Vinschen <vinschen@redhat.com>
2007-03-29 18:34:57 +00:00
Richard Levitte
8bbf6bcf17
Needed definition of _XOPEN_SOURCE_EXTENDED so DEC C on VMS will see
...
the declarations of fd_set, select() and so on.
2006-12-25 10:54:14 +00:00
Nils Larsch
5dfe910023
properly initialize SSL context, check return value
2006-12-13 22:06:37 +00:00
Richard Levitte
5776c3c4c6
According to documentation, including time.h declares select() on
...
OpenVMS, and possibly more.
Ref: http://h71000.www7.hp.com/doc/82final/6529/6529pro_019.html#r_select
2006-08-20 05:54:35 +00:00
Dr. Stephen Henson
b589427941
WIN32 fixes signed/unsigned issues and slightly socket semantics.
2006-07-17 18:52:51 +00:00
Dr. Stephen Henson
454dbbc593
Add -timeout option to ocsp utility.
2006-07-17 13:26:54 +00:00
Geoff Thorpe
f0eae953e2
Remove some unnecessary recursive includes from the internal apps.h header,
...
and include bn.h in those C files that need bignum functionality.
2004-05-17 19:05:32 +00:00
Dr. Stephen Henson
560dfd2a02
New -ignore_err option in ocsp application to stop the server
...
exiting on the first error in a request.
2003-09-03 23:56:01 +00:00
Richard Levitte
3ae70939ba
Correct a lot of printing calls. Remove extra arguments...
2003-04-03 23:39:48 +00:00
Richard Levitte
f85b68cd49
Make it possible to have multiple active certificates with the same
...
subject.
2003-04-03 16:33:03 +00:00