| Age | Commit message (Collapse) | Author |
|---|
|
|
|
1.0.0. Original fix was on 2007-Mar-09 and had the log message: "Fix kerberos
ciphersuite bugs introduced with PR:1336."
|
|
names in verify utility
|
|
information. Add more informative message to verify callback to indicate
when CRL path validation is taking place.
|
|
load_crls and tidy up load_certs. Remove useless purpose variable from
verify utility: now done with args_verify.
|
|
|
|
obsolete functions and enhance to handle new conditions such as policy printing.
|
|
|
|
CA setting in each certificate on the chain is correct. As a side-
effect always do the following basic checks on extensions, not just
when there's an associated purpose to the check:
- if there is an unhandled critical extension (unless the user has
chosen to ignore this fault)
- if the path length has been exceeded (if one is set at all)
- that certain extensions fit the associated purpose (if one has been
given)
|
|
Add support for policy checking in verify utility.
|
|
PR: 287
|
|
exit() in whatever way works for the intended platform, and define
OPENSSL_EXIT() to have the old meaning (the name is of course because
it's only used in the openssl program)
|
|
|
|
CONF_modules_unload() now calls CONF_modules_finish()
automatically.
Default use of section openssl_conf moved to
CONF_modules_load()
Load config file in several openssl utilities.
Most utilities now load modules from the config file,
though in a few (such as version) this isn't done
because it couldn't be used for anything.
In the case of ca and req the config file used is
the same as the utility itself: that is the -config
command line option can be used to specify an
alternative file.
|
|
|
|
|
|
See the commit log message for that for more information.
NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.
|
|
|
|
everywhere.
|
|
inherited from X509_STORE.
Add CRL checking options to other applications.
|
|
|
|
At the same time, add VMS support for Rijndael.
|
|
New option to verify program to print out diagnostics.
|
|
The old code was painfully primitive and couldn't handle
distinct certificates using the same subject name.
The new code performs several tests on a candidate issuer
certificate based on certificate extensions.
It also adds several callbacks to X509_VERIFY_CTX so its
behaviour can be customised.
Unfortunately some hackery was needed to persuade X509_STORE
to tolerate this. This should go away when X509_STORE is
replaced, sometime...
This must have broken something though :-(
|
|
|
|
where the new functions are mentioned.
|
|
|
|
-Wcast-align
-Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Winline''.
|
|
|
|
either and has a static and dynamic mix.
|
|
yet.
Add a function X509_STORE_CTX_purpose_inherit() which implements the logic
of "inheriting" purpose and trust from a parent structure and using a default:
this will be used in the SSL code and possibly future S/MIME.
Partial documentation of the 'verify' utility. Still need to document how all
the extension checking works and the various error messages.
|
|
trust settings of the root CA.
After a few fixes it seems to work OK.
Still need to add support to SSL and S/MIME code though.
|
|
Extend the X509_PURPOSE structure to include shortnames for purposed and default
trust ids.
Still need some extendable trust checking code and integration with the SSL and
S/MIME code.
|
|
New universal public key format.
Fix CRL+cert load problem in by_file.c
Make verify report errors when loading files or dirs
|
|
|
|
and to lots of PEM_... functions.
Submitted by: Damien Miller <dmiller@ilogic.com.au>
|
|
|
|
Submitted by:
Reviewed by:
PR:
|
|
|
|
|
|
|
|
|
