| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
now print out signatures instead of the standard hex dump.
More complex signatures (e.g. PSS) can print out more meaningful information.
Sample DSA version included that prints out the signature parameters r, s.
[Note EVP_PKEY_ASN1_METHOD is an application opaque structure so adding
new fields in the middle has no compatibility issues]
|
|
|
|
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Approved by: steve@openssl.org
Handle fractional seconds properly in ASN1_GENERALIZEDTIME_print
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
and response verification.
Submitted by: Zoltan Glozik <zglozik@opentsa.org>
Reviewed by: Ulf Moeller
|
|
- hide the EC_KEY structure definition in ec_lcl.c + add
some functions to use/access the EC_KEY fields
- change the way how method specific data (ecdsa/ecdh) is
attached to a EC_KEY
- add ECDSA_sign_ex and ECDSA_do_sign_ex functions with
additional parameters for pre-computed values
- rebuild libeay.num from 0.9.7
|
|
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
|
|
|
|
|
|
Submitted by: Nils Larsch
|
|
Submitted by: Nils Larsch <nla@trustcenter.de>
|
|
with existing code.
Modify library to use digest *_ex() functions.
|
|
|
|
|
|
applications to use EVP. Add missing calls to HMAC_cleanup() and
don't assume HMAC_CTX can be copied using memcpy().
Note: this is almost identical to the patch submitted to openssl-dev
by Verdon Walker <VWalker@novell.com> except some redundant
EVP_add_digest_()/EVP_cleanup() calls were removed and some changes
made to avoid compiler warnings.
|
|
the 'ca' utility. This can now be extensively
customised in the configuration file and handles
multibyte strings and extensions properly.
This is required when extensions copying from
certificate requests is supported: the user
must be able to view the extensions before
allowing a certificate to be issued.
|
|
Add no_issuer option.
Fix X509_print_ex() so it prints out newlines when
certain fields are omitted.
|
|
algorithms.
|
|
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.
I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
|
|
from the print routines.
Reorganisation of OCSP code: initial print routines in ocsp_prn.c. Doesn't
work fully because OCSP extensions aren't reimplemented yet.
Implement some ASN1 functions needed to compile OCSP code.
|
|
code from certificate, CRL and request printing routines.
|
|
|
|
|
|
Add support for X509_NAME_print_ex() in req.
Initial code for cutomizable X509 print routines.
|
|
like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages. That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.
This change includes all the name changes needed throughout all C files.
|
|
|
|
certificate: currently this includes trust settings
and a "friendly name".
|
|
tolerated in certificates.
|
|
used by things like Xenroll. Also include documentation for extendedKeyUsage
extension.
|
|
|
|
Submitted by: Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>
|
|
Submitted by:
Reviewed by:
PR:
|
|
|
|
|
|
include an 'indent' option to V3 stuff.
|
|
the main library, but only with printing at present. To see this try:
openssl x509 -in cert.pem -text
on a certificate with some extensions in it.
|
|
GeneralizedTime.
|
|
GeneralizedTime. At several points PKIX specifies that GeneralizedTime can be
used but OpenSSL doesn't currently support it. This patch adds several files
and a bunch of functions.
Of interest is the ASN1_TIME structure and its related functions. At several
points certificates, CRLs et al specify that a time can be expressed as a
choice of UTCTime and GeneralizedTime. Currently OpenSSL interprets this
(wrongly) as UTCTime because GeneralizedTime isn't supported. The ASN1_TIME
stuff provides this functionality.
Still todo is to trace which cert and CRL points need an ASN1_TIME and modify
the utilities appropriately and of course fix all the bugs.
Note new OpenSSL copyright in the new file a_time.c. I didn't put it in
a_gentm.c because it is a minimally modified form a_utctm.c .
Since this adds new files and error codes you will need to do a 'make errors'
at the top level to add the new codes.
|
|
handling to x509.c
|
|
|
|
|
