summaryrefslogtreecommitdiffstats
path: root/apps/cmp.c
AgeCommit message (Collapse)Author
2023-09-07Copyright year updatesMatt Caswell
Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
2023-09-05apps/cmp.c: fix bug not allowing to reset -csr and -serial option valuesDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21659)
2023-07-17CMP: add support for genm with rootCaCert and genp with rootCaKeyUpdateDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21129)
2023-07-17rename OSSL_CMP_get{,1}_caCerts and improve OSSL_CMP_exec_certreq.podDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21129)
2023-07-10CMP: support specifying certificate to be revoked via issuer and serial numberRajeev Ranjan
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21116)
2023-06-18Fix new typos found by codespellDimitri Papadopoulos
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21210)
2023-06-09Cast the argument to unsigned char when calling isspace()Michael Baentsch
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21151)
2023-06-06allow to disable httpVladimír Kotal
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21108)
2023-06-01apps/cmp.c: make management of http_cb_arg pointer more robustDr. David von Oheimb
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21086)
2023-06-01apps/cmp.c: improve warnings on option useDr. David von Oheimb
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21086)
2023-06-01CMP: add support for genm/genp messages with id-it-caCertsDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19231)
2023-05-25APPS: replace awkward and error-prone pattern by calls to new ↵Dr. David von Oheimb
app_conf_try_string() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20971)
2023-05-12CMP client: fix error response on -csr without private key, also in docsDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20832)
2023-05-10CMP app: fix deallocated host/port fields in APP_HTTP_TLS_INFODr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20034)
2023-05-10CMP app and app_http_tls_cb(): pick the right TLS hostname (also without port)Dr. David von Oheimb
Fixes #20031 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20034)
2023-05-03apps: silent warning when loading CSR files with vfyopt optionTianjia Zhang
When verifying or signing a CSR file with the -vfyopt option, a warning message similar to the following will appear: Warning: CSR self-signature does not match the contents This happens especially when the SM2 algorithm is used and the distid parameter is added. Pass the vfyopts parameter to the do_X509_REQ_verify() function to eliminate the warning message. Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20799)
2023-04-28APPS/cmp: prevent HTTP client failure on -rspin option with too few filenamesDr. David von Oheimb
The logic for handling inconsistent use of -rspin etc., -port, -server, and -use_mock_srv options proved faulty. This is fixed here, updating and correcting also the documentation and diagnostics of the involved options. In particular, the case that -rspin (or -rspout. reqin, -reqout) does not provide enough message file names was not properly described and handled. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20295)
2023-03-25CMP add: fix -reqin option, which requires adding ↵Dr. David von Oheimb
OSSL_CMP_MSG_update_recipNonce() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20204)
2023-03-25apps/cmp.c: make sure that last -reqin argument is actually usedDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20204)
2023-03-25CMP app: improve doc and help output on -{req,rsp}{in,out} optionsDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20204)
2023-02-13OSSL_CMP_certConf_cb(): fix regression on checking newly enrolled certDr. David von Oheimb
Also add corresponding tests and to this end update credentials Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20160)
2023-02-08cmp_client_test.c: add tests for errors reported by server on subsequent ↵Dr. David von Oheimb
requests in a transaction Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20190)
2023-02-08CMP app and doc: improve texts on (un-)trusted certs, srvCert, etc.Dr. David von Oheimb
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19946)
2023-01-24Fix windows buildsFdaSilvaYY
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20109)
2023-01-16CMP app: fix file output of certs and cert lists on non-existing cert(s)Dr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20035)
2022-11-24CMP: fix status held in OSSL_CMP_CTX, in particular for genp messagesDr. David von Oheimb
On this occasion, replace magic constants by mnemonic ones; update doc Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19205)
2022-10-06Rename ossl_sleep calls to OSSL_sleep everywhereRichard Levitte
Also, remove inclusions of internal/e_os.h where it seems no longer necessary. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/19330)
2022-09-20APPS: Move load_csr_autofmt() from apps/cmp.c to apps.c and use it also for ↵Dr. David von Oheimb
apps, too Also add related references to FR #15725. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18900)
2022-09-07APPS HTTP server: trace requests and responses when enabledDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18434)
2022-07-20Add OSSL_CMP_CTX_get0_validatedSrvCert(), correcting OSSL_CMP_validate_msg()Dr. David von Oheimb
Also change ossl_cmp_ctx_set0_validatedSrvCert() to ossl_cmp_ctx_set1_validatedSrvCert(), and add respective tests as well as the -srvcertout CLI option using the new function. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18656)
2022-07-11apps/cmp.c: fix cleanup of CMP_CTX vs. APP_HTTP_TLS_INFO in its http_cb_arg ↵Dr. David von Oheimb
field Prevent crashes on error by making sure the info is freed after OSSL_CMP_CTX_free(), which may call OSSL_HTTP_close() and thus indirectly reference the info. Moreover, should not attempt to reference the cmp_ctx variable when NULL. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18702)
2022-07-01apps/cmp.c: improve print_itavs()Dr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18657)
2022-07-01apps/cmp.c: Fix glitch in -newkeypass warning and extend warnings for genmDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18657)
2022-05-03Update copyright yearMatt Caswell
Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
2022-01-07apps/cmp.c: fix coding style nits reported by check-format.plDr. David von Oheimb
Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17363)
2022-01-05Fix typosDimitris Apostolou
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17392)
2022-01-04CMP mock server: add -ref_cert option and corresponding ↵Dr. David von Oheimb
ossl_cmp_mock_srv_set1_refCert() Fixes #16041 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16050)
2022-01-04HTTP client: Work around HTTPS proxy use bug due to callback design flawDr. David von Oheimb
See discussion in #17088, where the real solution was postponed to 4.0. This preliminarily fixes the issue that the HTTP(S) proxy environment vars were neglected when determining whether a proxy should be used for HTTPS. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17310)
2021-12-30APPS/cmp: improve diagnostics for presence of TLS optionsDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16747)
2021-12-30OSSL_CMP_CTX: rename get/set function for trustedStoreDr. David von Oheimb
This makes the naming more consistent, in a backward-compatible way Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17277)
2021-12-21add OSSL_STACK_OF_X509_free() for commonly used patternDr. David von Oheimb
Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17307)
2021-12-15APPS/cmp: Fix logic and doc of mutually exclusive ↵Dr. David von Oheimb
-server/-use_mock_srv/-port/-rspin options Ignore -server with -rspin and exclude all of -use_mock_srv/-port/-rspin. On the other hand, -server is required if no -use_mock_srv/-port/-rspin is given. Ignore -tls_used with -use_mock_srv and -rspin; it is not supported with -port. If -server is not given, ignore -proxy, -no_proxy, and -tls_used. Also slightly improve the documentation of the two mock server variants. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17254)
2021-12-13APPS/cmp: Simplify read_write_req_resp() - 'req' arg must not be NULL anywayDr. David von Oheimb
Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17251)
2021-12-09APPS/cmp: Fix use of OPENSSL_NO_SOCK: options like -server do not make sense ↵Dr. David von Oheimb
with no-sock Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17226)
2021-12-09APPS/cmp: fix -rspin option such that it works again without -reqinDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17222)
2021-12-07APPS: Improve diagnostics on missing/extra args and unknown cipher/digestDr. David von Oheimb
Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16450)
2021-11-22Fix HTTP server port output and allow dynamic verbosity settingDr. David von Oheimb
Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16061)
2021-11-17Add and use HAS_CASE_PREFIX(), CHECK_AND_SKIP_CASE_PREFIX(), and ↵Dr. David von Oheimb
HAS_CASE_SUFFIX() Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15847)
2021-11-17Fix verbosity of CMP client diagnosticsDr. David von Oheimb
Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16051)
2021-11-08APPS/cmp: make the -sans option support email addresses (type rfc822Name)Dr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16960)
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-17 23:29:47 +0000