summaryrefslogtreecommitdiffstats
path: root/apps/ca.c
AgeCommit message (Collapse)Author
2015-04-16Code style: space after 'if'Viktor Dukhovni
Reviewed-by: Matt Caswell <gitlab@openssl.org>
2015-03-17Add malloc failure checksMatt Caswell
Add some missing checks for memory allocation failures in ca app. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit a561bfe944c0beba73551731cb98af70dfee3549)
2015-03-05Unchecked malloc fixesMatt Caswell
Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error paths as I spotted them along the way. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 918bb8652969fd53f0c390c1cd909265ed502c7e) Conflicts: crypto/bio/bss_dgram.c
2015-01-22Re-align some comments after running the reformat script.OpenSSL_1_0_2-post-reformatMatt Caswell
This should be a one off operation (subsequent invokation of the script should not move them) This commit is for the 1.0.2 changes Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22Run util/openssl-format-source -v -c .Matt Caswell
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22Move more comments that confuse indentMatt Caswell
Conflicts: crypto/dsa/dsa.h demos/engines/ibmca/hw_ibmca.c ssl/ssl_locl.h Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22Further comment amendments to preserve formatting prior to source reformatMatt Caswell
(cherry picked from commit 4a7fa26ffd65bf36beb8d1cb8f29fc0ae203f5c5) Conflicts: crypto/x509v3/pcy_tree.c Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22mark all block comments that need format preserving so thatTim Hudson
indent will not alter them when reformatting comments (cherry picked from commit 1d97c8435171a7af575f73c526d79e1ef0ee5960) Conflicts: crypto/bn/bn_lcl.h crypto/bn/bn_prime.c crypto/engine/eng_all.c crypto/rc4/rc4_utl.c crypto/sha/sha.h ssl/kssl.c ssl/t1_lib.c Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-17Clear warnings/errors within RL_DEBUG code sections (RL_DEBUG should be renamed)Richard Levitte
Reviewed-by: Andy Polyakov <appro@openssl.org>
2014-06-29Show errors on CSR verification failure.Dr. Stephen Henson
If CSR verify fails in ca utility print out error messages. Otherwise some errors give misleading output: for example if the key size exceeds the library limit. PR#2875 (cherry picked from commit a30bdb55d1361b9926eef8127debfc2e1bb8c484)
2014-06-27Memory leak and NULL dereference fixes.Dr. Stephen Henson
PR#3403 (cherry picked from commit d2aea038297e0c64ca66e6844cbb37377365885e)
2013-08-19fix printout of expiry days if -enddate is used in caDr. Stephen Henson
(cherry picked from commit f7ac0ec89d0daefdea2956c55c17f1246e81c0a6)
2012-12-26New -valid option to add a certificate to the ca index.txt that is valid and ↵Dr. Stephen Henson
not revoked (backport from HEAD)
2012-06-03Reduce version skew: trivia (I hope).Ben Laurie
2012-01-12Sanitize usage of <ctype.h> functions. It's important that charactersAndy Polyakov
are passed zero-extended, not sign-extended [from HEAD]. PR: 2682
2011-10-09Backport PSS signature support from HEAD.Dr. Stephen Henson
2009-12-02Replace the broken SPKAC certification with the correct version.Dr. Stephen Henson
2009-10-04Fix warnings about ignoring fgets return valueDr. Stephen Henson
2009-09-02PR: 2013Dr. Stephen Henson
Submitted by: steve@openssl.org Include a flag ASN1_STRING_FLAG_MSTRING when a multi string type is created. This makes it possible to tell if the underlying type is UTCTime, GeneralizedTime or Time when the structure is reused and X509_time_adj_ex() can handle each case in an appropriate manner. Add error checking to CRL generation in ca utility when nextUpdate is being set.
2009-07-27Change STRING to OPENSSL_STRING etc as common words suchDr. Stephen Henson
as "STRING" cause conflicts with other headers/libraries.
2009-03-09PR: 1854Dr. Stephen Henson
Submitted by: Oliver Martin <oliver@volatilevoid.net> Reviewed by: steve@openssl.org Support GeneralizedTime in ca utility.
2008-12-22Incidentally http://cvs.openssl.org/chngview?cn=17710 also made it possibleAndy Polyakov
to build the library without -D_CRT_NONSTDC_NO_DEPRECATE. This commit expands it even to apps catalog and actually omits the macro in question from Configure.
2008-10-07Experimental new date handling routines. These fix issues with X509_time_adj()Dr. Stephen Henson
and should avoid any OS date limitations such as the year 2038 bug.
2008-06-04More type-checking.Ben Laurie
2008-06-02Avoid case in ca.c fix.Dr. Stephen Henson
2008-06-02Revert, doesn't fix warning :-(Dr. Stephen Henson
2008-06-02Avoid cast with wrapper function.Dr. Stephen Henson
2008-05-31Stop const mismatch warning.Dr. Stephen Henson
2008-05-26LHASH revamp. make depend.Ben Laurie
2008-03-16Fix some warnings.Dr. Stephen Henson
2007-04-04Return an error if the serial number is badly formed. (Coverity ID 116).Ben Laurie
2006-11-27Add RFC 3779 support.Ben Laurie
2006-07-25Support for multiple CRLs with same issuer name in X509_STORE. ModifyDr. Stephen Henson
verify logic to try to use an unexpired CRL if possible.
2006-05-07Add support for default public key digest type ctrl.Dr. Stephen Henson
2006-04-19Remove link between digests and signature algorithms.Dr. Stephen Henson
Use cross reference table in ASN1_item_sign(), ASN1_item_verify() to eliminate the need for algorithm specific code.
2005-11-04Eliminate dependency on read/write/stat in apps under _WIN32.Andy Polyakov
2005-09-30successfully updating the db shouldn't result in an error messageNils Larsch
2005-07-04Update from stable branch.Dr. Stephen Henson
2005-04-15const fixesNils Larsch
2005-04-05some const fixesNils Larsch
2004-11-11Use the default_md config file value when signing CRLs.Dr. Stephen Henson
PR:662
2004-08-06Call setup_engine after autoconfig.Dr. Stephen Henson
2004-04-20Reduce chances of issuer and serial number duplication by use of randomDr. Stephen Henson
initial serial numbers. PR: 842
2004-04-15Clear error if unique_subject lookup fails.Dr. Stephen Henson
2003-12-27Use BUF_strlcpy() instead of strcpy().Richard Levitte
Use BUF_strlcat() instead of strcat(). Use BIO_snprintf() instead of sprintf(). In some cases, keep better track of buffer lengths. This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-11-28Move another common functionality (reproduced so far with cut'n'paste)Richard Levitte
to apps.c, and give it the hopefully descriptive name parse_yesno().
2003-11-28Move do_subject() to apps.c and rename it to parse_name(). TheRichard Levitte
rationale behind the move is that it's use by several applications. The rationale behind the name change is that it describes what the function does a bit better.
2003-11-28Allow multi-valued rdns in subjects. This adds the -multivalue-rdn optionRichard Levitte
to 'openssl req' and 'openssl ca'. PR: 779 Submitted by: Michael Bell <michael.bell@cms.hu-berlin.de> Reviewed by: Richard Levitte (there will be some follow-up changes)
2003-11-28Netware-specific changes,Richard Levitte
PR: 780 Submitted by: Verdon Walker <VWalker@novell.com> Reviewed by: Richard Levitte
2003-10-29A general spring-cleaning (in autumn) to fix up signed/unsigned warnings.Geoff Thorpe
I have tried to convert 'len' type variable declarations to unsigned as a means to address these warnings when appropriate, but when in doubt I have used casts in the comparisons instead. The better solution (that would get us all lynched by API users) would be to go through and convert all the function prototypes and structure definitions to use unsigned variables except when signed is necessary. The proliferation of (signed) "int" for strictly non-negative uses is unfortunate.
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-09 13:47:10 +0000