Age | Commit message (Collapse) | Author |
|
Reviewed-by: Matt Caswell <gitlab@openssl.org>
|
|
Add some missing checks for memory allocation failures in ca app.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit a561bfe944c0beba73551731cb98af70dfee3549)
|
|
Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error
paths as I spotted them along the way.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 918bb8652969fd53f0c390c1cd909265ed502c7e)
Conflicts:
crypto/bio/bss_dgram.c
|
|
This should be a one off operation (subsequent invokation of the
script should not move them)
This commit is for the 1.0.2 changes
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Conflicts:
crypto/dsa/dsa.h
demos/engines/ibmca/hw_ibmca.c
ssl/ssl_locl.h
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
(cherry picked from commit 4a7fa26ffd65bf36beb8d1cb8f29fc0ae203f5c5)
Conflicts:
crypto/x509v3/pcy_tree.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
indent will not alter them when reformatting comments
(cherry picked from commit 1d97c8435171a7af575f73c526d79e1ef0ee5960)
Conflicts:
crypto/bn/bn_lcl.h
crypto/bn/bn_prime.c
crypto/engine/eng_all.c
crypto/rc4/rc4_utl.c
crypto/sha/sha.h
ssl/kssl.c
ssl/t1_lib.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
If CSR verify fails in ca utility print out error messages.
Otherwise some errors give misleading output: for example
if the key size exceeds the library limit.
PR#2875
(cherry picked from commit a30bdb55d1361b9926eef8127debfc2e1bb8c484)
|
|
PR#3403
(cherry picked from commit d2aea038297e0c64ca66e6844cbb37377365885e)
|
|
(cherry picked from commit f7ac0ec89d0daefdea2956c55c17f1246e81c0a6)
|
|
not revoked
(backport from HEAD)
|
|
|
|
are passed zero-extended, not sign-extended [from HEAD].
PR: 2682
|
|
|
|
|
|
|
|
Submitted by: steve@openssl.org
Include a flag ASN1_STRING_FLAG_MSTRING when a multi string type is created.
This makes it possible to tell if the underlying type is UTCTime,
GeneralizedTime or Time when the structure is reused and X509_time_adj_ex()
can handle each case in an appropriate manner.
Add error checking to CRL generation in ca utility when nextUpdate is being
set.
|
|
as "STRING" cause conflicts with other headers/libraries.
|
|
Submitted by: Oliver Martin <oliver@volatilevoid.net>
Reviewed by: steve@openssl.org
Support GeneralizedTime in ca utility.
|
|
to build the library without -D_CRT_NONSTDC_NO_DEPRECATE. This commit
expands it even to apps catalog and actually omits the macro in question
from Configure.
|
|
and should avoid any OS date limitations such as the year 2038 bug.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
verify logic to try to use an unexpired CRL if possible.
|
|
|
|
Use cross reference table in ASN1_item_sign(), ASN1_item_verify() to eliminate
the need for algorithm specific code.
|
|
|
|
|
|
|
|
|
|
|
|
PR:662
|
|
|
|
initial serial numbers.
PR: 842
|
|
|
|
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
|
|
to apps.c, and give it the hopefully descriptive name parse_yesno().
|
|
rationale behind the move is that it's use by several applications.
The rationale behind the name change is that it describes what the
function does a bit better.
|
|
to 'openssl req' and 'openssl ca'.
PR: 779
Submitted by: Michael Bell <michael.bell@cms.hu-berlin.de>
Reviewed by: Richard Levitte
(there will be some follow-up changes)
|
|
PR: 780
Submitted by: Verdon Walker <VWalker@novell.com>
Reviewed by: Richard Levitte
|
|
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
|