summaryrefslogtreecommitdiffstats
path: root/crypto/ocsp
AgeCommit message (Collapse)Author
2016-05-10GH837: Avoid double-free in OCSP parse.Rich Salz
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-10-23Remove useless codeAlessandro Ghedini
RT#4081 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 070c23325af4526c9a8532a60d63522c58d5554b)
2015-09-15RT4044: Remove .cvsignore files.Rich Salz
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-05-23Fix the update target and remove duplicate file updatesRichard Levitte
We had updates of certain header files in both Makefile.org and the Makefile in the directory the header file lived in. This is error prone and also sometimes generates slightly different results (usually just a comment that differs) depending on which way the update was done. This removes the file update targets from the top level Makefile, adds an update: target in all Makefiles and has it depend on the depend: or local_depend: targets, whichever is appropriate, so we don't get a double run through the whole file tree. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 0f539dc1a2f45580435c39dada44dd276e79cb88) Conflicts: Makefile.org apps/Makefile test/Makefile
2015-04-16Code style: space after 'if'Viktor Dukhovni
Reviewed-by: Matt Caswell <gitlab@openssl.org>
2015-03-25Fix RAND_(pseudo_)?_bytes returnsMatt Caswell
Ensure all calls to RAND_bytes and RAND_pseudo_bytes have their return value checked correctly Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-24Make OCSP response verification more flexible.Dr. Stephen Henson
If a set of certificates is supplied to OCSP_basic_verify use those in addition to any present in the OCSP response as untrusted CAs when verifying a certificate chain. PR#3668 Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 4ca5efc2874e094d6382b30416824eda6dde52fe)
2015-01-22Run util/openssl-format-source -v -c .Matt Caswell
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22Further comment amendments to preserve formatting prior to source reformatMatt Caswell
(cherry picked from commit 4a7fa26ffd65bf36beb8d1cb8f29fc0ae203f5c5) Conflicts: crypto/x509v3/pcy_tree.c Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22mark all block comments that need format preserving so thatTim Hudson
indent will not alter them when reformatting comments (cherry picked from commit 1d97c8435171a7af575f73c526d79e1ef0ee5960) Conflicts: crypto/bn/bn_lcl.h crypto/bn/bn_prime.c crypto/engine/eng_all.c crypto/rc4/rc4_utl.c crypto/sha/sha.h ssl/kssl.c ssl/t1_lib.c Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-10RT2560: missing NULL check in ocsp_req_find_signerRich Salz
If we don't find a signer in the internal list, then fall through and look at the internal list; don't just return NULL. Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit b2aa38a980e9fbf158aafe487fb729c492b241fb)
2014-06-27Handle IPv6 addresses in OCSP_parse_url.Tom Greenslade
PR#2783 (cherry picked from commit b36f35cda964544a15d53d3fdfec9b2bab8cacb1)
2014-06-10Fix null pointer errors.Dr. Stephen Henson
PR#3394 (cherry picked from commit 7a9d59c148b773f59a41f8697eeecf369a0974c2)
2014-04-01Don't try and verify signatures if key is NULL (CVE-2013-0166)Dr. Stephen Henson
Add additional check to catch this in ASN1_item_verify too. (cherry picked from commit 66e8211c0b1347970096e04b18aa52567c325200)
2013-10-07Constification.Ben Laurie
2013-01-17constifyDr. Stephen Henson
2013-01-15Generalise OCSP I/O functions to support dowloading of other ASN1Dr. Stephen Henson
structures using HTTP. Add wrapper function to handle CRL download.
2012-12-26Revert incompatible OCSP_basic_verify changes.Dr. Stephen Henson
Make partial chain chekcing work with EE certificates only. Remove unneeded -trust_other option from tocsp. (Backport from HEAD)
2012-12-19Check chain is not NULL before assuming we have a validated chain. TheDr. Stephen Henson
modification to the OCSP helper purpose breaks normal OCSP verification. It is no longer needed now we can trust partial chains.
2012-12-14Use new partial chain flag instead of modifying input parameters.Dr. Stephen Henson
(backport from HEAD)
2012-12-14Backport OCSP fixes.Ben Laurie
2012-11-29PR: 2803Dr. Stephen Henson
Submitted by: jean-etienne.schwartz@bull.net In OCSP_basic_varify return an error if X509_STORE_CTX_init fails.
2011-06-03Backport libcrypto audit: check return values of EVP functions insteadDr. Stephen Henson
of assuming they will always suceed.
2011-05-25Fix the ECDSA timing attack mentioned in the paper at:Dr. Stephen Henson
http://eprint.iacr.org/2011/232.pdf Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for bringing this to our attention.
2010-10-06We can't always read 6 bytes in an OCSP response: fix so error statusesDr. Stephen Henson
are read correctly for non-blocking I/O.
2010-06-15Fix warnings (From HEAD, original patch by Ben).Dr. Stephen Henson
2010-03-12missing goto meant signature was never printed outDr. Stephen Henson
2009-09-30PR: 2063Dr. Stephen Henson
Submitted by: Julia Lawall <julia@diku.dk> Approved by: steve@openssl.org Correct BIO_write error handling in ocsp_prn.c
2009-09-30PR: 2064, 728Dr. Stephen Henson
Submitted by: steve@openssl.org Add support for custom headers in OCSP requests.
2009-01-01Calculate offset correctly. (Coverity ID 233)Ben Laurie
2008-12-29If we're going to return errors (no matter how stupid), then we shouldBen Laurie
test for them!
2008-12-22This _WIN32-specific patch makes it possible to "wrap" OpenSSL in anotherAndy Polyakov
.DLL, in particular static build. The issue has been discussed in RT#1230 and later on openssl-dev, and mutually exclusive approaches were suggested. This completes compromise solution suggested in RT#1230. PR: 1230
2008-11-05Update obsolete email address...Dr. Stephen Henson
2007-12-04Submitted by: Victor B. Wagner <vitus@cryptocom.ru>, steveDr. Stephen Henson
Use default algorithms for OCSP request and response signing. New command line option to support other digest use for OCSP certificate IDs.
2007-10-13Bunch of constifications.Andy Polyakov
2007-09-26Support for certificate status TLS extension.Dr. Stephen Henson
2007-08-12Fix warnings.Dr. Stephen Henson
2007-06-07Finish gcc 4.2 changes.Dr. Stephen Henson
2006-11-30Update dependencies.Dr. Stephen Henson
2006-11-21Update from 0.9.8 stable. Eliminate duplicate error codes.Dr. Stephen Henson
2006-11-13Don't assume requestorName is present for signed requests. ASN1 OCSP moduleDr. Stephen Henson
fix: certs field is OPTIONAL.
2006-11-13OCSP library tidy. Use extension to encode OCSP extensions instead of doingDr. Stephen Henson
it manually. Make OCSP_CERTID_dup() a real function instead of a macro.
2006-07-17WIN32 fixes signed/unsigned issues and slightly socket semantics.Dr. Stephen Henson
2006-07-17Fix various error codes to match functions.Dr. Stephen Henson
2006-07-17New non-blocking OCSP functionality.Dr. Stephen Henson
2005-07-26improved error checking and some fixesNils Larsch
PR: 1170 Submitted by: Yair Elharrar Reviewed and edited by: Nils Larsch
2005-05-16Further BUILDENV refinement, further fool-proofing of Makefiles andAndy Polyakov
[most importantly] put back dependencies accidentaly eliminated in check-in #13342.
2005-05-15Fool-proofing MakefilesAndy Polyakov
2005-05-12Some C compilers produce warnings or compilation errors if an attemptDr. Stephen Henson
is made to directly cast a function of one type to what it considers and incompatible type. In particular gcc 3.4.2. Add new openssl_fcast macro to place functions into a form where the compiler will allow them to be cast. The current version achives this by casting to: void function(void).
2005-05-11Fix more error codes.Bodo Möller
(Also improve util/ck_errf.pl script, and occasionally fix source code formatting.)
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-03 19:08:23 +0000