summaryrefslogtreecommitdiffstats
path: root/crypto/x509
AgeCommit message (Collapse)Author
2008-04-17Apply mingw patches as supplied by Roumen Petrov an Alon Bar-LevLutz Jänicke
PR: 1552 Submitted by: Roumen Petrov <openssl@roumenpetrov.info>, "Alon Bar-Lev" <alon.barlev@gmail.com>
2008-03-12And so it begins...Dr. Stephen Henson
Initial support for CMS. Add zlib compression BIO. Add AES key wrap implementation. Generalize S/MIME MIME code to support CMS and/or PKCS7.
2008-02-28Avoid warnings.Dr. Stephen Henson
2008-02-28Fix typo and avoid warning.Dr. Stephen Henson
2008-02-12Typo.Dr. Stephen Henson
2008-02-11Utility attribute function to retrieve attribute data from an expectedDr. Stephen Henson
type. Useful for many attributes which are single valued and can only have one type.
2008-02-11Extend attribute setting routines to support non-string types.Dr. Stephen Henson
2007-10-261. Changes for s_client.c to make it return non-zero exit code in caseDr. Stephen Henson
of handshake failure 2. Changes to x509_certificate_type function (crypto/x509/x509type.c) to make it recognize GOST certificates as EVP_PKT_SIGN|EVP_PKT_EXCH (required for s3_srvr to accept GOST client certificates). 3. Changes to EVP - adding of function EVP_PKEY_CTX_get0_peerkey - Make function EVP_PKEY_derive_set_peerkey work for context with ENCRYPT operation, because we use peerkey field in the context to pass non-ephemeral secret key to GOST encrypt operation. - added EVP_PKEY_CTRL_SET_IV control command. It is really GOST-specific, but it is used in SSL code, so it has to go in some header file, available during libssl compilation 4. Fix to HMAC to avoid call of OPENSSL_cleanse on undefined data 5. Include des.h if KSSL_DEBUG is defined into some libssl files, to make debugging output which depends on constants defined there, work and other KSSL_DEBUG output fixes 6. Declaration of real GOST ciphersuites, two authentication methods SSL_aGOST94 and SSL_aGOST2001 and one key exchange method SSL_kGOST 7. Implementation of these methods. 8. Support for sending unsolicited serverhello extension if GOST ciphersuite is selected. It is require for interoperability with CryptoPro CSP 3.0 and 3.6 and controlled by SSL_OP_CRYPTOPRO_TLSEXT_BUG constant. This constant is added to SSL_OP_ALL, because it does nothing, if non-GOST ciphersuite is selected, and all implementation of GOST include compatibility with CryptoPro. 9. Support for CertificateVerify message without length field. It is another CryptoPro bug, but support is made unconditional, because it does no harm for draft-conforming implementation. 10. In tls1_mac extra copy of stream mac context is no more done. When I've written currently commited code I haven't read EVP_DigestSignFinal manual carefully enough and haven't noticed that it does an internal digest ctx copying. This implementation was tested against 1. CryptoPro CSP 3.6 client and server 2. Cryptopro CSP 3.0 server
2007-10-13Bunch of constifications.Andy Polyakov
2007-09-26Support for certificate status TLS extension.Dr. Stephen Henson
2007-09-19Fix dependencies. Make depend.Ben Laurie
2007-09-07Change safestack reimplementation to match 0.9.8.Dr. Stephen Henson
Fix additional gcc 4.2 value not used warnings.
2007-06-07Finish gcc 4.2 changes.Dr. Stephen Henson
2007-05-19Typo in x509_txt.c.Andy Polyakov
Submitted by: Martin.Kraemer@Fujitsu-Siemens.com
2007-02-18Updates from 0.9.8-stable branch.Dr. Stephen Henson
2007-02-07After objects have been freed, NULLify the pointers so there will be no doubleRichard Levitte
free of those objects
2007-01-21Constify version strings and some structures.Dr. Stephen Henson
2006-12-11use const ASN1_TIME *Nils Larsch
2006-12-06Fix change to OPENSSL_NO_RFC3779Dr. Stephen Henson
2006-12-05avoid duplicate entries in add_cert_dir()Nils Larsch
PR: 1407 Submitted by: Tomas Mraz <tmraz@redhat.com>
2006-12-04allocate a new attributes entry in X509_REQ_add_extensions()Nils Larsch
if it's NULL (in case of a malformed pkcs10 request) PR: 1347 Submitted by: Remo Inverardi <invi@your.toilet.ch>
2006-11-27Add RFC 3779 support.Ben Laurie
2006-11-21Update from 0.9.8 stable. Eliminate duplicate error codes.Dr. Stephen Henson
2006-11-16Remove illegal IMPLEMENT macros from header file.Dr. Stephen Henson
2006-11-06remove SSLEAY_MACROS codeNils Larsch
2006-10-03Place standard CRL behaviour in default X509_CRL_METHOD new functions toDr. Stephen Henson
create, free and set default CRL method.
2006-09-26Initialize new callbacks and make sure hent is always initialized.Dr. Stephen Henson
2006-09-25Complete the change for VMS.Richard Levitte
2006-09-21Tidy up CRL handling by checking for critical extensions when it isDr. Stephen Henson
loaded. Add new function X509_CRL_get0_by_serial() to lookup a revoked entry to avoid the need to access the structure directly. Add new X509_CRL_METHOD to allow common CRL operations (verify, lookup) to be redirected.
2006-09-17Overhaul of by_dir code to handle dynamic loading of CRLs.Dr. Stephen Henson
2006-09-14Support for AKID in CRLs and partial support for IDP. Overhaul of CRLDr. Stephen Henson
handling to support this.
2006-09-11Fixes for new CRL/cert callbacks. Update CRL processing code to use newDr. Stephen Henson
callbacks.
2006-09-10Add verify callback functions to lookup a STACK of matching certs or CRLsDr. Stephen Henson
based on subject name. New thread safe functions to retrieve matching STACK from X509_STORE. Cache some IDP components.
2006-07-25Support for multiple CRLs with same issuer name in X509_STORE. ModifyDr. Stephen Henson
verify logic to try to use an unexpired CRL if possible.
2006-07-24Cache some CRL related extensions.Dr. Stephen Henson
2006-07-20Use correct pointer types for various functions.Dr. Stephen Henson
2006-07-18Store canonical encodings of Name structures. Update X509_NAME_cmp() to useDr. Stephen Henson
them.
2006-05-17Extended PBES2 function supporting application supplied IV and PRF NID.Dr. Stephen Henson
2006-05-03Update from stable branch.Dr. Stephen Henson
2006-04-28Update EVP_PKEY_cmp() and X509_check_private() to return sensible values andDr. Stephen Henson
handle unsupported key types.
2006-03-20Initial support for pluggable public key ASN1 support. Process most publicDr. Stephen Henson
key ASN1 handling through a single EVP_PKEY_ASN1_METHOD structure and move the spaghetti algorithm specific code to a single ASN1 module for each algorithm.
2006-03-04no need to cast away the constNils Larsch
2006-02-12RFC 3161 compliant time stamp request creation, response generationUlf Möller
and response verification. Submitted by: Zoltan Glozik <zglozik@opentsa.org> Reviewed by: Ulf Moeller
2006-02-04Update filenames in makefiles.Dr. Stephen Henson
2006-01-29add additional checks + cleanupNils Larsch
Submitted by: David Hartman <david_hartman@symantec.com>
2005-12-18Keep disclaiming 16-bit platform support. For now remove WIN16 referencesAndy Polyakov
from .h files...
2005-11-03Mask libcrypto references to stat with OPENSSL_NO_POSIX_IO.Andy Polyakov
2005-09-02Two new verify flags functions.Dr. Stephen Henson
2005-07-26improved error checking and some fixesNils Larsch
PR: 1170 Submitted by: Yair Elharrar Reviewed and edited by: Nils Larsch
2005-07-16makeNils Larsch
./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa] make depend all test work again PR: 1159
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-21 10:01:44 +0000