| Age | Commit message (Collapse) | Author |
|---|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
PR#3357
(cherry picked from commit ca3ffd9670f2b589bf8cc04923f953e06d6fbc58)
Conflicts:
doc/apps/smime.pod
|
|
|
|
PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller
|
|
|
|
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
|
|
|
|
|
|
Add support for policy checking in verify utility.
|
|
|
|
|
|
This tidies up verify parameters and adds support for integrated policy
checking.
Add support for policy related command line options. Currently only in smime
application.
WARNING: experimental code subject to change.
|
|
|
|
the buffer pointer.
Rename PKCS7_PARTSIGN to PKCS7_STREAM.
Guess what that's for :-)
|
|
|
|
PR: 287
|
|
functionality in the programs that had that before.
Part fo PR 164
|
|
Make S/MIME output conform with the mail and MIME standards.
PR: 151
|
|
PR: 151
|
|
Notified by Ken Hirsch <kenhirsch@myself.com>.
PR: 23
|
|
|
|
|
|
|
|
CONF_modules_unload() now calls CONF_modules_finish()
automatically.
Default use of section openssl_conf moved to
CONF_modules_load()
Load config file in several openssl utilities.
Most utilities now load modules from the config file,
though in a few (such as version) this isn't done
because it couldn't be used for anything.
In the case of ca and req the config file used is
the same as the utility itself: that is the -config
command line option can be used to specify an
alternative file.
|
|
|
|
|
|
everywhere.
|
|
string (some engines may have certificates protected by a PIN!) and
a description to put into error messages.
Also, have our own password callback that we can send both a password
and some prompt info to. The default password callback in EVP assumes
that the passed parameter is a password, which isn't always the right
thing, and the ENGINE code (at least the nCipher one) makes other
assumptions...
Also, in spite of having the functions to load keys, some utilities
did the loading all by themselves... That's changed too.
|
|
inherited from X509_STORE.
Add CRL checking options to other applications.
|
|
|
|
|
|
|
|
functions to return constant EVP_MD and EVP_CIPHER
pointers.
Update docs.
|
|
missed any.
This compiles and runs on Linux, and external applications have no
problems with it. The definite test will be to build this on VMS.
|
|
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.
I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
|
|
it just supports a "trusted OCSP global root CA".
|
|
applications.
|
|
At the same time, add VMS support for Rijndael.
|
|
record-oriented fashion. That means that every write() will write a
separate record, which will be read separately by the programs trying
to read from it. This can be very confusing.
The solution is to put a BIO filter in the way that will buffer text
until a linefeed is reached, and then write everything a line at a
time, so every record written will be an actual line, not chunks of
lines and not (usually doesn't happen, but I've seen it once) several
lines in one record. Voila, BIO_f_linebuffer() is born.
Since we're so close to release time, I'm making this VMS-only for
now, just to make sure no code is needlessly broken by this. After
the release, this BIO method will be enabled on all other platforms as
well.
|
|
Add new option to PKCS7_sign to exclude S/MIME capabilities.
|
|
an already existing DSA key.
Document the new smime options.
|
|
call the i2c/c2i (they were not using the
content length for the headers).
Fix ASN1 long form tag encoding. This never
worked but it was never tested since it is
only used for tags > 30.
New options to smime program to allow the
PKCS#7 format to be specified and the content
supplied externally.
|
|
The message to everyone is "Do not hack OpenSSL when stressed"...
|
|
EGD should be used as seeding input, and where the named socket is.
|
|
applications. Also, have it and the certificate and key loading
functions take a BIO argument for error output.
|
|
be shared by several applications.
|
|
like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages. That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.
This change includes all the name changes needed throughout all C files.
|
|
I hope all memory leaks that may occur here have already been tracked down.
|
|
|
|
|
