Age | Commit message (Collapse) | Author |
|
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
|
|
|
|
|
|
(the same keys can be used for ECC schemes other than ECDSA)
and add some new options.
Similarly, use string "EC PARAMETERS" instead of "ECDSA PARAMETERS"
in 'PEM' format.
Fix ec_asn1.c (take into account the desired conversion form).
'make update'.
Submitted by: Nils Larsch
|
|
handled properly.
Part of PR 75
|
|
Reinstate -reqout code.
Avoid coredump in ocsp if setup_verify
fails.
Fix typo in ocsp usage message.
|
|
structures for fields that are not OPTIONAL.
However in the AUTHORITY_INFO_ACCESS case
the 'location' field was set to NULL in
the old code.
So in 0.9.7+ we should free up the field before
overwriting it in v2i_AUTHORITY_INFO_ACCESS.
|
|
PR: 49
|
|
|
|
Submitted by: Nils Larsch <nla@trustcenter.de>
|
|
[See
Message-ID: <3BB07999.30432AD2@celocom.com>
Date: Tue, 25 Sep 2001 13:33:29 +0100
From: Dr S N Henson <drh@celocom.com>
To: openssl-dev@openssl.org
Subject: Re: Error in v3_purp.c
]
|
|
making X509_check_issued() properly match an issuer that's found in a
Authority Key Identifier.
|
|
|
|
|
|
|
|
with existing code.
Modify library to use digest *_ex() functions.
|
|
|
|
Fix X509V3 macro so they compile.
|
|
|
|
|
|
|
|
Split private key PEM and normal PEM handling. Private key
handling needs to link in stuff like PKCS#8.
Relocate the ASN1 *_dup() functions, to the relevant ASN1
modules using new macro IMPLEMENT_ASN1_DUP_FUNCTION. Previously
these were all in crypto/x509/x_all.c along with every ASN1
BIO/fp function which linked in *every* ASN1 function if
a single dup was used.
Move the authority key id ASN1 structure to a separate file.
This is used in the X509 routines and its previous location
linked in all the v3 extension code.
Also move ASN1_tag2bit to avoid linking in a_bytes.c which
is now largely obsolete.
So far under Linux stripped binary with single PEM_read_X509
is now 238K compared to 380K before these changes.
|
|
Add new extension functions which work with NCONF.
Tidy up extension config routines and remove redundant code.
Fix NCONF_get_number().
Todo: more testing of apps to see they still work...
|
|
Tidy existing code.
|
|
extension instead of just copying it. That makes a certificate comply
even more with PKIX recommendations according to RFC 2459.
|
|
the 'ca' utility. This can now be extensively
customised in the configuration file and handles
multibyte strings and extensions properly.
This is required when extensions copying from
certificate requests is supported: the user
must be able to view the extensions before
allowing a certificate to be issued.
|
|
errors can be tolerated, hide the error from 'make'.
This gives shorter output both if ranlib fails and if
it works.
|
|
find emailAddress at start of subject name.
|
|
Note that all *_it variables are suddenly non-existant according to
libeay.num. This is a bug that will be corrected. Please be patient.
|
|
prototype hack. This unfortunately means that
every ASN1_*_END construct cannot have a
trailing ;
|
|
change the way ASN1 modules are exported.
Still needs a bit of work for example the hack which a
dummy function prototype to avoid compilers warning about
multiple ;s.
|
|
and make all files the depend on it include it without prefixing it
with openssl/.
This means that all Makefiles will have $(TOP) as one of the include
directories.
|
|
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.
I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
|
|
Add revelant new X509V3 extensions.
Add OIDs.
Fix ASN1 memory leak code to pop info if external allocation used.
|
|
|
|
|
|
certificates.
One is a valid CA which has no basicConstraints
but does have certSign keyUsage.
Other is S/MIME signer with nonRepudiation but
no digitalSignature.
|
|
Enhance s2i_ASN1_INTEGER().
|
|
it just supports a "trusted OCSP global root CA".
|
|
Set correct type in ASN1_STRING for
INTEGER and ENUMERATED types.
Make ASN1_INTEGER_get() and ASN1_ENUMERATED_get()
return -1 for invalid type rather than 0 (which is
often valid). -1 may also be valid but this is less
likely.
Load OCSP error strings in ERR_load_crypto_strings().
|
|
Remove extensions argument from various functions
because it is not needed with the new extension
code.
New function OCSP_cert_to_id() to convert a pair
of certificates into an OCSP_CERTID.
New simple OCSP HTTP function. This is rather primitive
but just about adequate to send OCSP requests and
parse the response.
Fix typo in CRL distribution points extension.
Fix ASN1 code so it adds a final null to constructed
strings.
|
|
|
|
STACK_OF(X509_EXTENSION) so it should be passed
STACK_OF(X509_EXTENSION) ** in the first argument.
Modify wrappers appropriately.
|
|
encoding, replacing and deleting extensions.
Fix X509V3_get_d2i() so it uses takes note of
new critical behaviour.
|
|
Don't try to print request certificates if signature is not present.
Remove unnecessary test for certificates being NULL.
Fix typos in printed output.
Tidy up output.
Fix for typo in OCSP_SERVICELOC ASN1 template.
Also give a bit more info in CHANGES about the ASN1 revision.
|
|
|
|
just a NULL and appears in a certificate.
|
|
are all raw print only extensions at present.
|
|
This is a little unusual because it can contain no
structure i.e. the extension OCTET STRING content
octets do not contain a DER encoded structure.
|
|
from the print routines.
Reorganisation of OCSP code: initial print routines in ocsp_prn.c. Doesn't
work fully because OCSP extensions aren't reimplemented yet.
Implement some ASN1 functions needed to compile OCSP code.
|