summaryrefslogtreecommitdiffstats
path: root/crypto/x509
AgeCommit message (Collapse)Author
2016-12-14CRL critical extension bugfixRich Salz
More importantly, port CRL test from boringSSL crypto/x509/x509_test.cc Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1775)
2016-12-13Add X509_VERIFY_PARAM inheritance flag set/getRich Salz
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2079)
2016-12-02Restore last-resort expired untrusted intermediate issuersViktor Dukhovni
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-11-17Add support for reference counting using C11 atomicsKurt Roeckx
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1500
2016-11-09Simplify and clean X509_VERIFY_PARAM new/free code.FdaSilvaYY
Split x509_verify_param_zero code to the right place Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2016-11-07Allow null in X509_CRL_METHOD_freeFdaSilvaYY
and fix documentation. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1634)
2016-10-11Fix X509_NAME decode for malloc failures.Dr. Stephen Henson
The original X509_NAME decode free code was buggy: this could result in double free or leaks if a malloc failure occurred. Simplify and fix the logic. Thanks to Guido Vranken for reporting this issue. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1691)
2016-09-22Add -Wswitch-enumRich Salz
Change code so when switching on an enumeration, have case's for all enumeration values. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-09-21Revert "Constify code about X509_VERIFY_PARAM"Rich Salz
This reverts commit 81f9ce1e1965e0e33db6d2391285c4c1b6af0434. Reviewed-by: Matt Caswell <matt@openssl.org>
2016-09-18Constify code about X509_VERIFY_PARAMFdaSilvaYY
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1594)
2016-08-24Un-delete still documented X509_STORE_CTX_set_verifyViktor Dukhovni
It should not have been removed. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-23Constify a bit X509_NAME_get_entryFdaSilvaYY
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-23Constify some X509_NAME, ASN1 printing codeFdaSilvaYY
ASN1_buf_print, asn1_print_*, X509_NAME_oneline, X509_NAME_print Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-23Constify some inputs buffersFdaSilvaYY
remove useless cast to call ASN1_STRING_set Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-23Add some sanity checks when checking CRL scoresMatt Caswell
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-21Add X509_getm_notBefore, X509_getm_notAfterDr. Stephen Henson
Add mutable versions of X509_get0_notBefore and X509_get0_notAfter. Rename X509_SIG_get0_mutable to X509_SIG_getm. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-08-19Constify certificate and CRL time routines.Dr. Stephen Henson
Update certificate and CRL time routines to match new standard. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-19Avoid duplicated code.Dr. Stephen Henson
The certificate and CRL time setting functions used similar code, combine into a single utility function. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-19Add X509_get0_serialNumber() and constify OCSP_cert_to_id()Dr. Stephen Henson
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-19constify X509_REQ_get0_signature()Dr. Stephen Henson
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-18Convert X509_REVOKED* functions to use const gettersMatt Caswell
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-17Constify X509_certificate_type()Dr. Stephen Henson
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17Constify X509_get0_signature()Dr. Stephen Henson
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17Convert X509* functions to use const gettersDr. Stephen Henson
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17Convert X509_CRL* functions to use const gettersMatt Caswell
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-17Make X509_NAME_get0_der() conform to OpenSSL styleMatt Caswell
Put the main object first in the params list. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-16Add ASN1_STRING_get0_data(), deprecate ASN1_STRING_data().Dr. Stephen Henson
Deprecate the function ASN1_STRING_data() and replace with a new function ASN1_STRING_get0_data() which returns a constant pointer. Update library to use new function. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-05spelling fixes, just comments and readme.klemens
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1413)
2016-08-04Constify some ASN1_OBJECT *obj input parametersFdaSilvaYY
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-04Constify inputs of two X509_LOOKUP_METHOD methodsFdaSilvaYY
... get_by_fingerprint() and get_by_alias() Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-04Constify input bufferFdaSilvaYY
of X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID, X509_NAME_ENTRY_create_by_NID Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-03Don't check any revocation info on proxy certificatesRichard Levitte
Because proxy certificates typically come without any CRL information, trying to check revocation on them will fail. Better not to try checking such information for them at all. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-01Constify some X509_CRL, X509_REQ functions.Dr. Stephen Henson
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-01Constify some X509_CRL functions.Dr. Stephen Henson
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-30Ignore the serial number for now and just do the rest.Richard J. Moore
Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1367)
2016-07-30Make some more X509 functions const.Richard J. Moore
Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1367)
2016-07-29Fix CRL time comparison.Dr. Stephen Henson
Thanks to David Benjamin <davidben@google.com> for reporting this bug. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-26Deprecate X509_LU_FAIL, X509_LU_RETRYDr. Stephen Henson
Instead of X509_LU_FAIL, X509_LU_RETRY use 0/1 for return values. RT#4577 Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-26Use X509_LOOKUP_TYPE for lookup type consistently.Dr. Stephen Henson
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-26Remove current_method from X509_STORE_CTXDr. Stephen Henson
Remove current_method: it was intended as a means of retrying lookups bit it was never used. Now that X509_verify_cert() is a "one shot" operation it can never work as intended. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-25Add X509_STORE lock and unlock functionsRichard Levitte
Since there are a number of function pointers in X509_STORE that might lead to user code, it makes sense for them to be able to lock the store while they do their work. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-25Add setter and getter for X509_STORE's check_policyRichard Levitte
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-25Add getters / setters for the X509_STORE_CTX and X509_STORE functionsRichard Levitte
We only add setters for X509_STORE function pointers except for the verify callback function. The thought is that the function pointers in X509_STORE_CTX are a cache for the X509_STORE functions. Therefore, it's preferable if the user makes the changes in X509_STORE before X509_STORE_CTX_init is called, and otherwise use the verify callback to override any results from OpenSSL's internal calculations. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-25Constify X509|X509_CRL|X509_REVOKED_get_extFdaSilvaYY
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
2016-07-25Constify ... X509|X509_CRL|X509_REVOKED|_get_ext*()FdaSilvaYY
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
2016-07-25Constify ...FdaSilvaYY
X509_REVOKED_get0_extensions X509_check_private_key Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
2016-07-25Constify (X509|X509V3|X509_CRL|X509_REVOKED)_get_ext_d2i ...FdaSilvaYY
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
2016-07-25Constify input parameters of methods :FdaSilvaYY
- X509_NAME_entry_count, X509_ATTRIBUTE_count - X509_NAME_add_entry_by_OBJ, X509_NAME_ENTRY_create_by_OBJ, X509_NAME_ENTRY_set_object Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
2016-07-25Constify ASN1_TYPE_get, ASN1_STRING_type, ASN1_STRING_to_UTF8, ↵FdaSilvaYY
ASN1_TYPE_get_octetstring & co... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
2016-07-23Properly initialise the internal proxy certificate path length cacheRichard Levitte
Reviewed-by: Rich Salz <rsalz@openssl.org>
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-06 03:56:33 +0000