summaryrefslogtreecommitdiffstats
path: root/apps
AgeCommit message (Collapse)Author
2014-05-15Enc doesn't support AEAD ciphers.Dr. Stephen Henson
(cherry picked from commit 09184dddead165901700b31eb39d540ba30f93c5)
2014-05-11Fix infinite loop. PR#3347Viktor Dukhovni
2014-05-08coverity 966576 - close socket in error pathTim Hudson
2014-05-08PR#3342 fix resource leak coverity issue 966577Tim Hudson
2014-04-09Fix free errors in ocsp utility.Dr. Stephen Henson
Keep copy of any host, path and port values allocated by OCSP_parse_url and free as necessary. (cherry picked from commit 5219d3dd350cc74498dd49daef5e6ee8c34d9857)
2014-04-04Use correct length when prompting for password.Dr. Stephen Henson
Use bufsiz - 1 not BUFSIZ - 1 when prompting for a password in the openssl utility. Thanks to Rob Mackinnon, Leviathan Security for reporting this issue. (cherry picked from commit 7ba08a4d73c1bdfd3aced09a628b1d7d7747cdca)
2014-04-03Add option to generate old hash format.Tim Hudson
New -hash_old to generate CRL hashes using old (before OpenSSL 1.0.0) algorithm. (cherry picked from commit de2d97cd799f38024d70847bab37d91aa5a2536e)
2014-03-27Add -no_resumption_on_reneg to SSL_CONF.Dr. Stephen Henson
2014-03-01PKCS#8 support for alternative PRFs.Dr. Stephen Henson
Add option to set an alternative to the default hmacWithSHA1 PRF for PKCS#8 private key encryptions. This is used automatically by PKCS8_encrypt if the nid specified is a PRF. Add option to pkcs8 utility. Update docs.
2014-02-25OpenVMS fixes.Zoltan Arpadffy
2014-02-25Avoid Windows 8 Getversion deprecated errors.Dr. Stephen Henson
Windows 8 SDKs complain that GetVersion() is deprecated. We only use GetVersion like this: (GetVersion() < 0x80000000) which checks if the Windows version is NT based. Use a macro check_winnt() which uses GetVersion() on older SDK versions and true otherwise. (cherry picked from commit a4cc3c8041104896d51ae12ef7b678c31808ce52)
2014-02-23New chain building flags.Dr. Stephen Henson
New flags to build certificate chains. The can be used to rearrange the chain so all an application needs to do is add all certificates in arbitrary order and then build the chain to check and correct them. Add verify error code when building chain. Update docs. (cherry picked from commit 13dc3ce9ab483cade378bcf3844c92bacd817316)
2014-02-14Use defaults bits in req when not givenKurt Roeckx
If you use "-newkey rsa" it's supposed to read the default number of bits from the config file. However the value isn't used to generate the key, but it does print it's generating such a key. The set_keygen_ctx() doesn't call EVP_PKEY_CTX_set_rsa_keygen_bits() and you end up with the default set in pkey_rsa_init() (1024). Afterwards the number of bits gets read from the config file, but nothing is done with that anymore. We now read the config first and use the value from the config file when no size is given. PR: 2592 (cherry picked from commit 3343220327664680420d4068e1fbe46d2236f1b0)
2014-02-14Fix various spelling errorsScott Schaefer
(cherry picked from commit 2b4ffc659eabec29f76821f0ac624a2b8c19e4c7)
2014-02-09Whitespace fixes.Ben Laurie
2014-02-09Const fix.Ben Laurie
2014-02-09More cleanup.Ben Laurie
(cherry picked from commit 5eda213ebe382009c2f37a8eade5cbcdae6017ed) Conflicts: apps/s_client.c apps/s_server.c
2014-02-09Make it build.Ben Laurie
(cherry picked from commit a6a48e87bc469f37ed1c53d0e4d22faaa0a5adf3) Conflicts: ssl/s3_clnt.c ssl/t1_lib.c
2014-02-08Fix whitespace, new-style comments.Ben Laurie
2014-02-08Re-add alert variables removed during rebaseScott Deboy
Whitespace fixes (cherry picked from commit e9add063b50e8a460d5636055156d2760c2fe29f) Conflicts: ssl/s3_clnt.c
2014-02-08Update custom TLS extension and supplemental data 'generate' callbacks to ↵Scott Deboy
support sending an alert. If multiple TLS extensions are expected but not received, the TLS extension and supplemental data 'generate' callbacks are the only chance for the receive-side to trigger a specific TLS alert during the handshake. Removed logic which no-op'd TLS extension generate callbacks (as the generate callbacks need to always be called in order to trigger alerts), and updated the serverinfo-specific custom TLS extension callbacks to track which custom TLS extensions were received by the client, where no-ops for 'generate' callbacks are appropriate. (cherry picked from commit ac20719d994729970eb3b775c7bffa81f0e9f960) Conflicts: ssl/t1_lib.c
2014-02-08Free generated supp data after handshake completion, add comment regarding ↵Scott Deboy
use of num_renegotiations in TLS and supp data generation callbacks (cherry picked from commit 67c408cee9b01a7c8c7ca002d36b4f8c0612b08c) Conflicts: apps/s_client.c apps/s_server.c
2014-02-08Add callbacks supporting generation and retrieval of supplemental data ↵Scott Deboy
entries, facilitating RFC 5878 (TLS auth extensions) Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API Tests exercising the new supplemental data registration and callback api can be found in ssltest.c. Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation. (cherry picked from commit 36086186a9b90cdad0d2cd0a598a10f03f8f4bcc) Conflicts: Configure apps/s_client.c apps/s_server.c ssl/ssl.h ssl/ssl3.h ssl/ssltest.c
2014-02-01Improve WINCE support.Andy Polyakov
Submitted by: Pierre Delaage (cherry picked from commit a006fef78e56b078549a80f4bb4518b6a02eba84) Resolved conflicts: crypto/bio/bss_dgram.c ssl/d1_lib.c util/pl/VC-32.pl
2014-01-27Add cert callback retry test.Dr. Stephen Henson
(cherry picked from commit 3323314fc1c6d18e650a2de97f7cf9892ac92a60)
2014-01-23Add -engine_impl option to dgst which will use an implementation ofDr. Stephen Henson
an algorithm from the supplied engine instead of just the default one. (cherry picked from commit bb845ee044587a91589357a772a02cffb0ba4454)
2013-12-01make updateDr. Stephen Henson
2013-11-14Fix compilation with no-nextprotoneg.Piotr Sikora
PR#3106
2013-11-02Extend SSL_CONFDr. Stephen Henson
Extend SSL_CONF to return command value types. Add certificate and key options. Update documentation. (cherry picked from commit ec2f7e568ea18a22ab57326fffe78ef2aa6884f5)
2013-10-07Constification.Ben Laurie
2013-10-01Custom key wrap option for cms utility.Dr. Stephen Henson
(cherry picked from commit 5711885a2b31bfb623fb3738ce92a4cce4316bc7)
2013-10-01Add -keyopt option to cms utility.Dr. Stephen Henson
Add support for custom public key parameters in the cms utility using the -keyopt switch. Works for -sign and also -encrypt if -recip is used. (cherry picked from commit 02498cc885b801f38f33c0a0d08d4603fd6350c7)
2013-10-01Merge remote-tracking branch 'agl/1.0.2alpn' into agl-alpnBen Laurie
Conflicts: ssl/ssl3.h ssl/t1_lib.c
2013-09-25Produce PEM we would consume.Ben Laurie
2013-09-24Show useful errors.Ben Laurie
2013-09-18Dual DTLS version methods.Dr. Stephen Henson
Add new methods DTLS_*_method() which support both DTLS 1.0 and DTLS 1.2 and pick the highest version the peer supports during negotiation. As with SSL/TLS options can change this behaviour specifically SSL_OP_NO_DTLSv1 and SSL_OP_NO_DTLSv1_2. (cherry picked from commit c6913eeb762edffddecaaba5c84909d7a7962927) Conflicts: CHANGES
2013-09-18Provisional DTLS 1.2 support.Dr. Stephen Henson
Add correct flags for DTLS 1.2, update s_server and s_client to handle DTLS 1.2 methods. Currently no support for version negotiation: i.e. if client/server selects DTLS 1.2 it is that or nothing. (cherry picked from commit c3b344e36a088283731b4f65a70e85b100f55686) Conflicts: apps/s_server.c
2013-09-14add -badsig option to corrupt CRL signatures for testing tooDr. Stephen Henson
(cherry picked from commit 139cd16cc58330840890f914c318f00de6bfd831)
2013-09-13Initialize next_proto in s_server - resolves incorrect attempts to freeScott Deboy
Cherry pick of b0d27cb9028cbf552612baa42255737cca0e32d2.
2013-09-13Support ALPN.Adam Langley
This change adds support for ALPN[1] in OpenSSL. ALPN is the IETF blessed version of NPN and we'll be supporting both ALPN and NPN for some time yet. Cherry-picked from 6f017a8f9db3a79f3a3406cf8d493ccd346db691. [1] https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-00
2013-08-19fix printout of expiry days if -enddate is used in caDr. Stephen Henson
(cherry picked from commit f7ac0ec89d0daefdea2956c55c17f1246e81c0a6)
2013-08-19new command line option -stdname to ciphers utilityDr. Stephen Henson
(cherry picked from commit 51b9115b6dcaf94718de3c8b4d97b00f8cd63cd5)
2013-08-19Add new test option set the version in generated certificates: thisDr. Stephen Henson
is needed to test some profiles/protocols which reject certificates with unsupported versions. (cherry picked from commit df316fd43c5b1e063b84279f245087a578b67e9b)
2013-08-19option to output corrupted signature in certificates for testing purposesDr. Stephen Henson
(cherry picked from commit 96cfba0fb46a392697295eb6c1350e3110411a75)
2013-08-19update usage messagesDr. Stephen Henson
(cherry picked from commit 7c8ac5050473ec938f2c2e3e5c9063d680be36a1)
2013-08-19add -naccept <n> option to s_server to automatically exit after <n> connectionsDr. Stephen Henson
(cherry picked from commit b5cadfb564a604c0ba1c49984ac796cfd8310731)
2013-08-19with -rev close connection if client sends "CLOSE"Dr. Stephen Henson
(cherry picked from commit 685755937a4f9f8b16f8953f631e14808f785c39)
2013-08-19Add simple external session cache to s_server. This serialises sessionsDr. Stephen Henson
just like a "real" server making it easier to trace any problems. (manually applied from commit 35b0ea4efe24dee3194964588655d1a3187c6e63)
2013-08-19Remove commented out debug line.Dr. Stephen Henson
2013-08-19Make no-ec compilation work.Dr. Stephen Henson
(cherry picked from commit 14536c8c9c0abb894afcadb9a58b4b29fc8f7a4d)
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-03 07:55:39 +0000