summaryrefslogtreecommitdiffstats
path: root/apps/x509.c
AgeCommit message (Collapse)Author
2017-12-08Standardize syntax around sizeof(foo)Rich Salz
Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4875)
2016-10-20apps: make setup_engine() and release_engine() available alwaysRichard Levitte
This removes some #ifndef clutter. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1644)
2016-10-20If an engine comes up explicitely, it must also come down explicitelyRichard Levitte
In apps/apps.c, one can set up an engine with setup_engine(). However, we freed the structural reference immediately, which means that for engines that don't already have a structural reference somewhere else (because it has registered at least one cipher or digest algorithm method, and therefore gets a functional reference through the ENGINE_set_default() call), we end up returning an invalid reference. Instead, the function release_engine() is added, and called at the end of the routines that call setup_engine(). Originally, the ENGINE API wasn't designed for this to happen, an engine had to register at least one algorithm method, and was especially expected to register the algorithms corresponding to the key types that could be stored and hidden in hardware. However, it turns out that some engines will not register those algorithms with the ENGINE_set_{algo}, ENGINE_set_cipher or ENGINE_set_digest functions, as they only want the methods to be used for keys, not as general crypto accelerator methods. That may cause ENGINE_set_default() to do nothing, and no functional reference is therefore made, leading to a premature deallocation of the engine and it thereby becoming unavailable when trying to fetch a key. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1644)
2016-05-19Check that the obtained public key is validMatt Caswell
In the X509 app check that the obtained public key is valid before we attempt to use it. Issue reported by Yuan Jochen Kang. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-14To avoid possible time_t overflow use X509_time_adj_ex()Dr. Stephen Henson
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (cherry picked from commit 9aa00b187a65b1f30789d6274ec31ea86efe7973) Conflicts: apps/x509.c
2015-03-05Unchecked malloc fixesMatt Caswell
Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error paths as I spotted them along the way. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 918bb8652969fd53f0c390c1cd909265ed502c7e) Conflicts: crypto/bio/bss_dgram.c
2015-01-22Run util/openssl-format-source -v -c .Matt Caswell
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-07-07Update API to use (char *) for email addresses and hostnamesViktor Dukhovni
Reduces number of silly casts in OpenSSL code and likely most applications. Consistent with (char *) for "peername" value from X509_check_host() and X509_VERIFY_PARAM_get0_peername(). (cherry picked from commit 297c67fcd817ea643de2fdeff4e434b050d571e2)
2013-08-19Add new test option set the version in generated certificates: thisDr. Stephen Henson
is needed to test some profiles/protocols which reject certificates with unsupported versions. (cherry picked from commit df316fd43c5b1e063b84279f245087a578b67e9b)
2013-08-19option to output corrupted signature in certificates for testing purposesDr. Stephen Henson
(cherry picked from commit 96cfba0fb46a392697295eb6c1350e3110411a75)
2013-08-19update usage messagesDr. Stephen Henson
(cherry picked from commit 7c8ac5050473ec938f2c2e3e5c9063d680be36a1)
2013-02-25New -force_pubkey option to x509 utility to supply a different publicDr. Stephen Henson
key to the one in a request. This is useful for cases where the public key cannot be used for signing e.g. DH. (cherry picked from commit 43206a2d7cc87c959535c0f69e2aa3b364eafd6e)
2012-12-19Backport X509 hostname, IP address and email checking code from HEAD.Dr. Stephen Henson
2012-06-03Reduce version skew: trivia (I hope).Ben Laurie
2011-10-09Backport PSS signature support from HEAD.Dr. Stephen Henson
2011-09-23use keyformat for -x509toreq, don't hard code PEMDr. Stephen Henson
2010-06-15Fix warnings (From HEAD, original patch by Ben).Dr. Stephen Henson
2010-01-12PR: 2136Dr. Stephen Henson
Submitted by: Willy Weisz <weisz@vcpc.univie.ac.at> Add options to output hash using older algorithm compatible with OpenSSL versions before 1.0.0
2009-10-18Add new function X509_STORE_set_verify_cb and use it in appsDr. Stephen Henson
2009-07-27Change STRING to OPENSSL_STRING etc as common words suchDr. Stephen Henson
as "STRING" cause conflicts with other headers/libraries.
2009-07-14Oops, use right function name...Dr. Stephen Henson
2009-07-13Update from HEAD.Dr. Stephen Henson
2009-06-26Allow checking of self-signed certifictes if a flag is set.Dr. Stephen Henson
2009-03-23Typo in usage message.Dr. Stephen Henson
2009-01-07Updatde from stable branch.Dr. Stephen Henson
2008-06-04More type-checking.Ben Laurie
2007-09-26Support for certificate status TLS extension.Dr. Stephen Henson
2006-05-07Add support for default public key digest type ctrl.Dr. Stephen Henson
2006-04-19Remove link between digests and signature algorithms.Dr. Stephen Henson
Use cross reference table in ASN1_item_sign(), ASN1_item_verify() to eliminate the need for algorithm specific code.
2005-08-20Remove ASN1_METHOD code replace with new ASN1 alternative.Dr. Stephen Henson
2005-07-16makeNils Larsch
./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa] make depend all test work again PR: 1159
2005-04-05some const fixesNils Larsch
2005-04-02use SHA-1 as the default digest for the apps/openssl commandsNils Larsch
2005-03-31Give everything prototypes (well, everything that's actually used).Ben Laurie
2004-12-05Use X509_cmp_time() in -checkend option, to support GeneralizedTime.Dr. Stephen Henson
2004-11-13Fix x509.c so it creates serial number file again if noDr. Stephen Henson
serial number is supplied on command line.
2004-05-12Make self signing option of 'x509' use random serial numbers too.Dr. Stephen Henson
2004-04-21New option to 'x509' -next_serial. This outputs the certificateDr. Stephen Henson
serial number plus 1 to the output file. Its purpose is to allow serial number files to be initialized when random serial numbers are used.
2004-04-21Use X509_get_serialNumber() instead of accessing internals in x509.cDr. Stephen Henson
2004-04-19header cleanup in apps/Geoff Thorpe
2003-12-27Use BUF_strlcpy() instead of strcpy().Richard Levitte
Use BUF_strlcat() instead of strcat(). Use BIO_snprintf() instead of sprintf(). In some cases, keep better track of buffer lengths. This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-09-21In order to get the expected self signed error whenDr. Stephen Henson
calling X509_verify_cert() in x509.c the cert should not be added to the trusted store.
2003-07-03Add -issuer_hash and make -subject_hash the default way to get theRichard Levitte
subject hash, with -hash a synonym kept around for backward compatibility reasons. PR: 650
2003-04-04Convert save_serial() to work like save_index(), and add aRichard Levitte
rotate_serial() that works like rotate_index().
2003-04-03Remove unused variable.Richard Levitte
2003-04-03Make it possible to have multiple active certificates with the sameRichard Levitte
subject.
2003-03-31No need to test -setalias twice.Richard Levitte
PR: 556
2003-01-30Add the possibility to build without the ENGINE framework.Richard Levitte
PR: 287
2002-12-03EXIT() may mean return(). That's confusing, so let's have it really meanRichard Levitte
exit() in whatever way works for the intended platform, and define OPENSSL_EXIT() to have the old meaning (the name is of course because it's only used in the openssl program)
2002-11-13Security fixes brought forward from 0.9.7.Ben Laurie
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-30 12:33:54 +0000