Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-05-11 | Fix infinite loop. PR#3347 | Viktor Dukhovni | |
2014-02-14 | Use defaults bits in req when not given | Kurt Roeckx | |
If you use "-newkey rsa" it's supposed to read the default number of bits from the config file. However the value isn't used to generate the key, but it does print it's generating such a key. The set_keygen_ctx() doesn't call EVP_PKEY_CTX_set_rsa_keygen_bits() and you end up with the default set in pkey_rsa_init() (1024). Afterwards the number of bits gets read from the config file, but nothing is done with that anymore. We now read the config first and use the value from the config file when no size is given. PR: 2592 | |||
2013-09-13 | typo | Mat | |
2012-12-04 | make -subj always override config file | Dr. Stephen Henson | |
2010-03-14 | add -sigopt option to ca utility | Dr. Stephen Henson | |
2010-03-12 | new sigopt and PSS support for req and x509 utilities | Dr. Stephen Henson | |
2010-03-10 | don't leave bogus errors in the queue | Dr. Stephen Henson | |
2009-10-04 | Fix warnings about ignoring fgets return value | Dr. Stephen Henson | |
2009-07-27 | Update from 1.0.0-stable | Dr. Stephen Henson | |
2009-04-26 | Update from 1.0.0-stable. | Dr. Stephen Henson | |
2009-04-15 | Updates from 1.0.0-stable. | Dr. Stephen Henson | |
2008-10-07 | Experimental new date handling routines. These fix issues with X509_time_adj() | Dr. Stephen Henson | |
and should avoid any OS date limitations such as the year 2038 bug. | |||
2008-06-04 | More type-checking. | Ben Laurie | |
2008-05-12 | Fix from stable branch. | Dr. Stephen Henson | |
2007-08-12 | Fix warnings. | Dr. Stephen Henson | |
2006-06-14 | Fix a bug recently introduced when updating this file to use the new | Bodo Möller | |
keygen API: make sure that 'pkey_type' is actually visible to MAIN(). | |||
2006-06-05 | Complete EVP_PKEY_ASN1_METHOD ENGINE support. | Dr. Stephen Henson | |
2006-05-16 | Gather keygen options in req and only use them after all other options have | Dr. Stephen Henson | |
been processed. This allows any ENGINE changing operations to be processed first (for example a config file). | |||
2006-05-12 | Typo. | Dr. Stephen Henson | |
2006-05-11 | Update 'req' command to use new keygen API. | Dr. Stephen Henson | |
2006-05-07 | Add support for default public key digest type ctrl. | Dr. Stephen Henson | |
2006-04-19 | Remove link between digests and signature algorithms. | Dr. Stephen Henson | |
Use cross reference table in ASN1_item_sign(), ASN1_item_verify() to eliminate the need for algorithm specific code. | |||
2006-03-15 | fix problems found by coverity: remove useless code | Nils Larsch | |
2005-07-16 | make | Nils Larsch | |
./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa] make depend all test work again PR: 1159 | |||
2005-05-17 | OPENSSL_Applink update. | Andy Polyakov | |
2005-05-16 | ecc api cleanup; summary: | Nils Larsch | |
- hide the EC_KEY structure definition in ec_lcl.c + add some functions to use/access the EC_KEY fields - change the way how method specific data (ecdsa/ecdh) is attached to a EC_KEY - add ECDSA_sign_ex and ECDSA_do_sign_ex functions with additional parameters for pre-computed values - rebuild libeay.num from 0.9.7 | |||
2005-04-05 | some const fixes | Nils Larsch | |
2005-04-02 | use SHA-1 as the default digest for the apps/openssl commands | Nils Larsch | |
2004-11-17 | In "req" exit immediately if configuration file is needed and it can't | Dr. Stephen Henson | |
be loaded instead of giving the misleading: "unable to find 'distinguised_name' in config" error message. | |||
2004-04-26 | Allow RSA key-generation to specify an arbitrary public exponent. Jelte | Geoff Thorpe | |
proposed the change and submitted the patch, I jiggled it slightly and adjusted the other parts of openssl that were affected. PR: 867 Submitted by: Jelte Jansen Reviewed by: Geoff Thorpe | |||
2004-04-20 | Reduce chances of issuer and serial number duplication by use of random | Dr. Stephen Henson | |
initial serial numbers. PR: 842 | |||
2004-02-10 | minor signed/unsigned warning fixes | Geoff Thorpe | |
2003-12-27 | Use BUF_strlcpy() instead of strcpy(). | Richard Levitte | |
Use BUF_strlcat() instead of strcat(). Use BIO_snprintf() instead of sprintf(). In some cases, keep better track of buffer lengths. This is part of a large change submitted by Markus Friedl <markus@openbsd.org> | |||
2003-11-28 | Move do_subject() to apps.c and rename it to parse_name(). The | Richard Levitte | |
rationale behind the move is that it's use by several applications. The rationale behind the name change is that it describes what the function does a bit better. | |||
2003-11-28 | Allow multi-valued rdns in subjects. This adds the -multivalue-rdn option | Richard Levitte | |
to 'openssl req' and 'openssl ca'. PR: 779 Submitted by: Michael Bell <michael.bell@cms.hu-berlin.de> Reviewed by: Richard Levitte (there will be some follow-up changes) | |||
2003-11-20 | Give CRLDP its standard name. | Dr. Stephen Henson | |
Max req -x509 use V1 if extensions section absent. | |||
2003-10-29 | Copy-n-paste bug (don't mix variable declarations and code). This sets the | Geoff Thorpe | |
callback structure just before it is needed. | |||
2003-10-29 | Update any code that was using deprecated functions so that everything builds | Geoff Thorpe | |
and links with OPENSSL_NO_DEPRECATED defined. | |||
2003-04-03 | Correct a lot of printing calls. Remove extra arguments... | Richard Levitte | |
2003-03-30 | Multi valued AVA support. | Dr. Stephen Henson | |
2003-01-30 | Add the possibility to build without the ENGINE framework. | Richard Levitte | |
PR: 287 | |||
2003-01-24 | Check return value of gmtime() and add error codes | Dr. Stephen Henson | |
where it fails in ASN1_TIME_set(). Edit asn1.h so the new error code is the same in 0.9.7 and 0.9.8, rebuild new error codes. Clear error queue in req.c if *_min or *_max is absent. | |||
2002-12-24 | Avoid double definition of config. | Richard Levitte | |
PR: 420 | |||
2002-12-08 | Undefine OPENSSL_NO_DEPRECATED inside openssl application code if we are | Geoff Thorpe | |
being built with it defined - it is not a symbol to affect how openssl itself builds, but to alter the way openssl headers can be used from an API point of view. The "deprecated" function wrappers will always remain inside OpenSSL at least as long as they're still being used internally. :-) The exception is dsaparam which has been updated to the BN_GENCB-based functions to test the new functionality. If GENCB_TEST is defined, dsaparam will support a "-timebomb <n>" switch to cancel parameter-generation if it gets as far as 'n' seconds without completion. | |||
2002-12-03 | EXIT() may mean return(). That's confusing, so let's have it really mean | Richard Levitte | |
exit() in whatever way works for the intended platform, and define OPENSSL_EXIT() to have the old meaning (the name is of course because it's only used in the openssl program) | |||
2002-11-13 | Security fixes brought forward from 0.9.7. | Ben Laurie | |
2002-11-11 | Variables on the stack must be initialized or we can't depend on any | Richard Levitte | |
initial value. For errline/errorline, we did depend on that, erroneously | |||
2002-09-10 | Let 'openssl req' fail if an argument to '-newkey' is not | Bodo Möller | |
recognized instead of using RSA as a default. | |||
2002-08-26 | fix offsets | Bodo Möller | |
Submitted by: Nils Larsch | |||
2002-08-22 | Make -nameopt work in req and add support for -reqopt | Dr. Stephen Henson | |