Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
|
|
specifically ask for them.
Fix typo in docs.
|
|
|
|
record-oriented fashion. That means that every write() will write a
separate record, which will be read separately by the programs trying
to read from it. This can be very confusing.
The solution is to put a BIO filter in the way that will buffer text
until a linefeed is reached, and then write everything a line at a
time, so every record written will be an actual line, not chunks of
lines and not (usually doesn't happen, but I've seen it once) several
lines in one record. Voila, BIO_f_linebuffer() is born.
Since we're so close to release time, I'm making this VMS-only for
now, just to make sure no code is needlessly broken by this. After
the release, this BIO method will be enabled on all other platforms as
well.
|
|
BN_mod_mul_montgomery, which calls bn_sqr_recursive
without much preparation.
bn_sqr_recursive requires the length of its argument to be
a power of 2, which is not always the case here.
There's no reason for not using BN_sqr -- if a simpler
approach to squaring made sense, then why not change
BN_sqr? (Using BN_sqr should also speed up DH where g is chosen
such that it becomes small [e.g., 2] when converted
to Montgomery representation.)
Case closed :-)
|
|
|
|
make disabled code slightly more correct (this does not solve
the problem though).
|
|
|
|
(it's similar to the shutdown(..., SHUT_WR) system call
for sockets).
|
|
|
|
sign.
|
|
|
|
for a few BIO routines.
Submitted by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
|
|
Submitted by NAKAJI Hiroyuki <nakaji@tutrp.tut.ac.jp>
|
|
|
|
|
|
behaviour that SSL_read may result in SSL_ERROR_WANT_READ.
|
|
|
|
the OpenSSL commands x50 and req work better on a EBCDIC system.
|
|
Update PKCS12_parse().
Make the keyid in certificate aux info more usable.
|
|
Fix doc example, and fix BIO_find_type().
Fix PKCS7_verify(). It was using 'i' for both the
loop variable and the verify return value.
|
|
process when some symbols are missing. Instead, all needed info is
saved in the .num files, including what conditions are needed for a
specific symbol to exist.
This was needed for the work I'm doing with shared libraries under
VMS.
|
|
Add support for settable verify time in X509_verify_cert().
Document rsautl utility.
|
|
The old code was painfully primitive and couldn't handle
distinct certificates using the same subject name.
The new code performs several tests on a candidate issuer
certificate based on certificate extensions.
It also adds several callbacks to X509_VERIFY_CTX so its
behaviour can be customised.
Unfortunately some hackery was needed to persuade X509_STORE
to tolerate this. This should go away when X509_STORE is
replaced, sometime...
This must have broken something though :-(
|
|
Add new option to PKCS7_sign to exclude S/MIME capabilities.
|
|
|
|
|
|
symbols for debugging are defined.
|
|
Add DER public key routines.
Add -passin argument to 'ca' utility.
Document sign and verify options to dgst.
|
|
|
|
|
|
Fix bug in read only memory BIOs so BIO_reset() works.
Add sign and verify options to dgst utility, need
to update docs.
|
|
|
|
|
|
initialize ex_pathlen to -1 so it isn't checked if pathlen
is not present.
set ucert to NULL in apps/pkcs12.c otherwise it gets freed
twice.
remove extraneous '\r' in MIME encoder.
Allow a NULL to be passed to X509_gmtime_adj()
Make PKCS#7 code use definite length encoding rather then
the indefinite stuff it used previously.
|
|
|
|
found myself needing it a number of times, the latter for completeness.
|
|
|
|
|
|
test utility, I added the bits to get a EVP interface, the command line utility and the speed test
|
|
building a complete chain. Now added through the -CAfile and -CApath
arguments.
|
|
Add warning print out if duplicate names found:
should end up as a fatal error but a warning for
now until they problems are fixed...
|
|
Fix warnings with BIO_dump_indent().
|
|
|
|
test was never triggered due to an off-by-one error.
In s23_clnt.c, don't use special rollback-attack detection padding
(RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the
client; similarly, in s23_srvr.c, don't do the rollback check if
SSL 2.0 is the only protocol enabled in the server.
|
|
functions. These are intended to be replacements
for the ancient ASN1_STRING_print() and X509_NAME_print()
functions.
The new functions support RFC2253 and various pretty
printing options. It is also possible to display
international characters if the terminal properly handles
UTF8 encoding (Linux seems to tolerate this if the
"unicode_start" script is run).
Still needs to be documented, integrated into other
utilities and extensively tested.
|