Age | Commit message (Collapse) | Author | |
---|---|---|---|
2001-02-19 | New -set_serial options to 'req' and 'x509'. | Dr. Stephen Henson | |
Remove the old broken bio read of serial numbers in the 'ca' index file. This would choke if a revoked certificate was specified with a negative serial number. Fix typo in uid.c | |||
2001-02-19 | Memory leak detection bugfixes for multi-threading. | Bodo Möller | |
2001-02-16 | New options to 'ca' utility to support CRL entry extensions. | Dr. Stephen Henson | |
Add revelant new X509V3 extensions. Add OIDs. Fix ASN1 memory leak code to pop info if external allocation used. | |||
2001-02-15 | Move entry to match chronologic orderering. | Lutz Jänicke | |
2001-02-15 | Don't forget to mention minor change. | Lutz Jänicke | |
2001-02-14 | Option to disable standard block padding with EVP API. | Dr. Stephen Henson | |
Add -nopad option to enc command. Update docs. | |||
2001-02-14 | Initial OCSP SSL support. | Dr. Stephen Henson | |
2001-02-14 | IRIX bugfix | Ulf Möller | |
2001-02-13 | New function OCSP_parse_url() and -url option for ocsp utility. | Dr. Stephen Henson | |
Doesn't handle SSL URLs yet. | |||
2001-02-12 | Modify OCSP nonce behaviour. | Dr. Stephen Henson | |
2001-02-12 | Work around for libsafe "error". | Dr. Stephen Henson | |
2001-02-10 | disable stdin buffering in load_cert | Bodo Möller | |
2001-02-10 | Fix CRL printing to correctly show when there are no revoked certificates. | Dr. Stephen Henson | |
Make ca.c correctly initialize the revocation date. Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string() set the string type: so they can initialize ASN1_TIME structures properly. | |||
2001-02-09 | New Option SSL_OP_CIPHER_SERVER_PREFERENCE allows TLS/SSLv3 server to override | Lutz Jänicke | |
the clients choice; in SSLv2 the client uses the server's preferences. | |||
2001-02-09 | Various updates to mkdef.pl to cope with new aes | Dr. Stephen Henson | |
and ASN1 code. | |||
2001-02-08 | Allow various options to be included for signing and verify of | Dr. Stephen Henson | |
OCSP responses. Documentation to follow... Urgh.. this conflicted with the -VAfile patch I hope I haven't broken it. | |||
2001-02-08 | Add the -VAfile option to 'openssl ocsp'. This option will give the | Richard Levitte | |
client code certificates to use to only check response signatures. I'm not entirely sure if the way I just implemented the verification is the right way to do it, and would be happy if someone would like to review this. | |||
2001-02-08 | Integrate my implementation of a countermeasure against | Bodo Möller | |
Bleichenbacher's DSA attack. With this implementation, the expected number of iterations never exceeds 2. New semantics for BN_rand_range(): BN_rand_range(r, min, range) now generates r such that min <= r < min+range. (Previously, BN_rand_range(r, min, max) generated r such that min <= r < max. It is more convenient to have the range; also the previous prototype was misleading because max was larger than the actual maximum.) | |||
2001-02-07 | Bleichenbacher's DSA attack | Ulf Möller | |
2001-02-07 | Fix AES code. | Dr. Stephen Henson | |
Update Rijndael source to v3.0 Add AES OIDs. Change most references of Rijndael to AES. Add new draft AES ciphersuites. | |||
2001-02-06 | Avoid coredumps for CONF_get_...(NULL, ...) | Bodo Möller | |
2001-02-06 | Fix potential buffer overrun for EBCDIC. | Ulf Möller | |
2001-02-05 | New function to copy nonce values from OCSP | Dr. Stephen Henson | |
request to response. | |||
2001-02-03 | Various OCSP responder utility functions. | Dr. Stephen Henson | |
Delete obsolete OCSP functions. Largely untested at present... | |||
2001-02-02 | Various function for commmon operations. | Dr. Stephen Henson | |
2001-02-01 | Tolerate some "variations" used in some | Dr. Stephen Henson | |
certificates. One is a valid CA which has no basicConstraints but does have certSign keyUsage. Other is S/MIME signer with nonRepudiation but no digitalSignature. | |||
2001-01-30 | Document the change. | Richard Levitte | |
2001-01-28 | Make sk_sort tolearate a NULL argument. | Dr. Stephen Henson | |
2001-01-26 | New OCSP response verify option OCSP_TRUSTOTHER | Dr. Stephen Henson | |
2001-01-25 | Zero the premaster secret after deriving the master secret in DH | Dr. Stephen Henson | |
ciphersuites. | |||
2001-01-24 | Add debugging info to new ASN1 code to trace memory leaks. | Dr. Stephen Henson | |
Fix PKCS7 and PKCS12 memory leaks. Initialise encapsulated content type properly. | |||
2001-01-23 | EVP_add_digest_alias additions to SS_library_init | Bodo Möller | |
2001-01-23 | There is no C version of bn_div_3_words | Ulf Möller | |
2001-01-21 | Mention the ./config script fixes. | Ulf Möller | |
2001-01-20 | Fix to stop X509_time_adj() using GeneralizedTime. | Dr. Stephen Henson | |
2001-01-19 | Fixes to various ASN1_INTEGER routines for negative case. | Dr. Stephen Henson | |
Enhance s2i_ASN1_INTEGER(). | |||
2001-01-19 | Fix openssl passwd -1 | Bodo Möller | |
2001-01-19 | Additional functionality in ocsp utility: print summary | Dr. Stephen Henson | |
of status info. Check nonce values. Option to disable verify. Update usage message. Rename status to string functions and make them global. | |||
2001-01-18 | Implement remaining OCSP verify checks in | Dr. Stephen Henson | |
accordance with RFC2560. | |||
2001-01-17 | Make the change log on the RAND_poll change a bit more explicit. Suggested ↵ | Richard Levitte | |
by Bodo Moeller. | |||
2001-01-17 | Initial OCSP certificate verify. Not complete, | Dr. Stephen Henson | |
it just supports a "trusted OCSP global root CA". | |||
2001-01-15 | New '-extfile' option for 'openssl ca'. | Bodo Möller | |
This allows keeping extensions in a separate configuration file. Submitted by: Massimiliano Pala <madwolf@comune.modena.it> | |||
2001-01-14 | Change PKCS#12 key derivation routines to cope with | Dr. Stephen Henson | |
non null terminated passwords. | |||
2001-01-13 | New OCSP utility. This can generate, parse and print | Dr. Stephen Henson | |
OCSP requests. It can also query reponders and parse or print out responses. Still needs some more work: OCSP response checks and of course documentation. | |||
2001-01-12 | New 'openssl ca -status <serial>' and 'openssl ca -updatedb' | Bodo Möller | |
commands. Submitted by: Massimiliano Pala <madwolf@comune.modena.it> | |||
2001-01-11 | New -newreq-nodes option to CA.pl. | Bodo Möller | |
Submitted by: Damien Miller <djm@mindrot.org> | |||
2001-01-11 | Add configuration for GNU Hurd. | Richard Levitte | |
2001-01-11 | OCSP basic response verify. Very incomplete | Dr. Stephen Henson | |
but will verify the signatures on a response and locate the signers certifcate. Still needs to implement a proper OCSP certificate verify. Fix warning in RAND_egd(). | |||
2001-01-10 | After discussion with Richard, change the new API for extended memory | Bodo Möller | |
allocation callbacks so that it is no longer visible to applications that these live at a different call level than conventional memory allocation callbacks. | |||
2001-01-10 | Add SSLEAY_DIR argument code for SSLeay_version. | Bodo Möller | |
Add '-d' option for 'openssl version' (included in '-a'). |