Age | Commit message (Collapse) | Author |
|
Trim trailing whitespace. It doesn't match OpenSSL coding standards,
AFAICT, and it can cause problems with git tooling.
Trailing whitespace remains in test data and external source.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8092)
|
|
It's a bit annoying, since some commands try to read a .rnd file,
and print an error message if the file does not exist.
But previously a .rnd file was created on exit, and that does no longer
happen.
Fixed by continuing in app_RAND_load_conf regardless of the error in
RAND_load_file.
If the random number generator is still not initalized on exit, the
function RAND_write_file will fail and no .rnd file would be created.
Remove RANDFILE from openssl.cnf
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7217)
|
|
Either files or directories of *.cnf or *.conf files
can be included.
Recursive inclusion of directories is not supported.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5351)
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/771)
|
|
This is really a security bugfix, not enhancement any more.
Everyone knows critical extensions.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
Use SHA256 for TSA and setted permitted digests to a sensible value.
Based on PR#4141
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Based on PR#2145
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
This is a more comprehensive fix. It changes all
keygen apps to use 2K keys. It also changes the
default to use SHA256 not SHA1. This is from
Kurt's upstream Debian changes.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
|
|
|
|
|
|
be the server FQDN: change it.
[Reported by PSW Group]
|
|
|
|
makes certificates genereated by ca, CA.pl etc useless for anything else.
|
|
|
|
and response verification.
Submitted by: Zoltan Glozik <zglozik@opentsa.org>
Reviewed by: Ulf Moeller
|
|
and serial versions of AKID.
|
|
|
|
|
|
Contributed in whole by Laurent Genier <Laurent.Genier@intrinsec.com>
PR: 644
|
|
subject.
|
|
to subjectAltName when signing a certificate.
|
|
|
|
Add default values for display by the 'ca' utility
to openssl.cnf
Update docs.
|
|
|
|
|
|
that can automatically determine the type of a DER encoded
"traditional" format private key and change some of the
d2i functions to use it instead of requiring the application
to work out the key type.
|
|
more utilities.
|
|
Add a bunch of functions to simplify the creation of X509_NAME structures.
Change the X509_NAME_entry_add stuff in req/ca so it no longer uses
X509_NAME_entry_count(): passing -1 has the same effect.
|
|
config file (change RAW to DER).
|
|
|
|
do sensible things with extensions.
|
|
doesn't have a default value like the "-config" options of other
openssl subprograms.
|
|
which cost me some time to find out about.
|
|
make 'req' check the config file syntax before it adds extensions. Added
info in the documentation as well.
|
|
|
|
to include email addresses from DN and copy details from issuer certificate.
Include examples in openssl.cnf, update Win32 ordinals.
|
|
|
|
of an arbitrary extension: e.g. 1.3.4.5=critical,RAW:12:34:56 Using this
technique currently unsupported extensions can be generated if you know their
DER encoding. Even if the extension is supported in future the raw extension
will still work: that is the raw version can always be used even if it is a
supported extension.
|
|
name, issuer and authority key id. Change the i2v function parameters
and add an extra 'crl' parameter in the X509V3_CTX structure: guess
what that's for :-) Fix to ASN1 macro which messed up
IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED.
|
|
openssl.cnf for the new syntax.
|
|
so that: openssl req -x509 -new -out cert.pem
will take extensions from openssl.cnf a sample for a CA is included.
Also change the directory order so pem is nearer the end. Otherwise 'make links'
wont work because pem.h can't be built.
|
|
`openssl' and second, the shortcut symlinks for the `openssl <command>' are no
longer created. This way we have a single and consistent command line
interface `openssl <command>', similar to `cvs <command>'.
Notice, the openssl.cnf, openssl.c and progs.pl files were changed after a
repository copy, i.e. they still contain the complete file history.
|
|
|
|
|