| Age | Commit message (Collapse) | Author |
|---|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
|
|
|
|
key ASN1 handling through a single EVP_PKEY_ASN1_METHOD structure and move
the spaghetti algorithm specific code to a single ASN1 module for each
algorithm.
|
|
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
|
|
|
|
|
|
See the commit log message for that for more information.
NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.
|
|
Tidy existing code.
|
|
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.
I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
|
|
|
|
|
|
|
|
|
|
returns int (1 = ok, 0 = not seeded). New function RAND_add() is the
same as RAND_seed() but takes an estimate of the entropy as an additional
argument.
|
|
|
|
yet.
Add a function X509_STORE_CTX_purpose_inherit() which implements the logic
of "inheriting" purpose and trust from a parent structure and using a default:
this will be used in the SSL code and possibly future S/MIME.
Partial documentation of the 'verify' utility. Still need to document how all
the extension checking works and the various error messages.
|
|
trust settings of the root CA.
After a few fixes it seems to work OK.
Still need to add support to SSL and S/MIME code though.
|
|
in a table. Doesn't do too much yet.
Make the -<digestname> options in 'x509' affect all relevant
options.
Change the name of the 'notrust' options to 'reject' as this
causes less confusion and is a better description of the
effect.
A few constification changes.
|
|
New universal public key format.
Fix CRL+cert load problem in by_file.c
Make verify report errors when loading files or dirs
|
|
Add a bunch of functions to simplify the creation of X509_NAME structures.
Change the X509_NAME_entry_add stuff in req/ca so it no longer uses
X509_NAME_entry_count(): passing -1 has the same effect.
|
|
|
|
script, translates function codes better and doesn't need the K&R function
prototypes to work (NB. the K&R prototypes can't be wiped just yet: they are
still needed by the DEF generator...). I also ran the script with the -rewrite
option to update all the header and source files.
|
|
Submitted by:
Reviewed by:
PR:
|
|
|
|
files associated with them. This stuff is all obsoleted by the new X509V3 code.
|
|
|
|
in place.
|
|
|
|
|
|
|
