| Age | Commit message (Collapse) | Author |
|---|
|
attribute in EVP_PKEY structure.
|
|
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
|
|
Remove more bogus shadow warnings.
|
|
Fix Win32 build system to use 'Makefile' instead of 'Makefile.ssl'.
|
|
|
|
|
|
|
|
a security threat on unexpecting applications. Document and test.
|
|
|
|
|
|
|
|
|
|
- Enforce that there should be no policy settings when the language
is one of id-ppl-independent or id-ppl-inheritAll.
- Add functionality to ssltest.c so that it can process proxy rights
and check that they are set correctly. Rights consist of ASCII
letters, and the condition is a boolean expression that includes
letters, parenthesis, &, | and ^.
- Change the proxy certificate configurations so they get proxy
rights that are understood by ssltest.c.
- Add a script that tests proxy certificates with SSL operations.
Other changes:
- Change the copyright end year in mkerr.pl.
- make update.
|
|
|
|
are performed.
|
|
failure and freeing up memory if a failure occurs.
PR:620
|
|
|
|
|
|
CA setting in each certificate on the chain is correct. As a side-
effect always do the following basic checks on extensions, not just
when there's an associated purpose to the check:
- if there is an unhandled critical extension (unless the user has
chosen to ignore this fault)
- if the path length has been exceeded (if one is set at all)
- that certain extensions fit the associated purpose (if one has been
given)
|
|
if $(EXHEADER) is empty.
Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
|
|
|
|
|
|
|
|
for the PKCS#9 OID then the non standard MS OID.
|
|
|
|
This tidies up verify parameters and adds support for integrated policy
checking.
Add support for policy related command line options. Currently only in smime
application.
WARNING: experimental code subject to change.
|
|
|
|
when trying to build a shared library on VMS or Windows...
|
|
the Makefiles. NB: this commit is probably going to generate a huge posting
and it is highly uninteresting to read.
|
|
|
|
tree. This further reduces header interdependencies, and makes some
associated cleanups.
|
|
|
|
verified structure can contain its own CRLs (such as PKCS#7 signedData).
Tidy up some of the verify code.
|
|
I'll remember to try to compile this with warnings enabled next time :-)
|
|
This is currently *very* experimental and needs to be more fully integrated
with the main verification code.
|
|
functions and macros.
This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const. Those will be removed when this change has been
properly reviewed.
|
|
when X509_V_FLAG_X509_STRICT is set. Check for CRLSign in
CRL issuer certificates. Reject CRLs with unhandled (any)
critical extensions.
|
|
|
|
VMS. The C RTL can handle it well if the "directory" is a logical
name with no colon, therefore ending being 'logname/file'. However,
if the given logical names actually has a colon, or if you use a full
VMS-syntax directory, you end up with 'logname:/file' or
'dev:[dir1.dir2]/file', and that isn't handled in any good way.
So, on VMS, we need to check if the directory string ends with a
separator (one of ':', ']' or '>' (< and > can be used instead [ and
])), and handle that by not inserting anything between the directory
spec and the file name. In all other cases, it's assumed the
directory spec is a logical name, so we need to place a colon between
it and the file.
Notified by Kevin Greaney <kevin.greaney@hp.com>.
|
|
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
|
|
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
|
|
PR: 771
Submitted by: c zhang <czhang2005@hotmail.com>
|
|
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
|
|
as this is already included by x509.h anyway.
|
|
|
|
|
|
PR: 587
|
|
PR: 617
|
|
|
|
Submitted by: Nils Larsch
|
