Age | Commit message (Collapse) | Author |
|
Add revelant new X509V3 extensions.
Add OIDs.
Fix ASN1 memory leak code to pop info if external allocation used.
|
|
|
|
|
|
certificates.
One is a valid CA which has no basicConstraints
but does have certSign keyUsage.
Other is S/MIME signer with nonRepudiation but
no digitalSignature.
|
|
Enhance s2i_ASN1_INTEGER().
|
|
it just supports a "trusted OCSP global root CA".
|
|
Set correct type in ASN1_STRING for
INTEGER and ENUMERATED types.
Make ASN1_INTEGER_get() and ASN1_ENUMERATED_get()
return -1 for invalid type rather than 0 (which is
often valid). -1 may also be valid but this is less
likely.
Load OCSP error strings in ERR_load_crypto_strings().
|
|
Remove extensions argument from various functions
because it is not needed with the new extension
code.
New function OCSP_cert_to_id() to convert a pair
of certificates into an OCSP_CERTID.
New simple OCSP HTTP function. This is rather primitive
but just about adequate to send OCSP requests and
parse the response.
Fix typo in CRL distribution points extension.
Fix ASN1 code so it adds a final null to constructed
strings.
|
|
|
|
STACK_OF(X509_EXTENSION) so it should be passed
STACK_OF(X509_EXTENSION) ** in the first argument.
Modify wrappers appropriately.
|
|
encoding, replacing and deleting extensions.
Fix X509V3_get_d2i() so it uses takes note of
new critical behaviour.
|
|
Don't try to print request certificates if signature is not present.
Remove unnecessary test for certificates being NULL.
Fix typos in printed output.
Tidy up output.
Fix for typo in OCSP_SERVICELOC ASN1 template.
Also give a bit more info in CHANGES about the ASN1 revision.
|
|
|
|
just a NULL and appears in a certificate.
|
|
are all raw print only extensions at present.
|
|
This is a little unusual because it can contain no
structure i.e. the extension OCTET STRING content
octets do not contain a DER encoded structure.
|
|
from the print routines.
Reorganisation of OCSP code: initial print routines in ocsp_prn.c. Doesn't
work fully because OCSP extensions aren't reimplemented yet.
Implement some ASN1 functions needed to compile OCSP code.
|
|
This was caused by no initialising the buffer
to NULL when using the auto allocating version
if i2d.
|
|
for its ASN1 operations as well as the old style function
pointers (i2d, d2i, new, free). Change standard extensions
to support this.
Fix a warning in BN_mul(), bn_mul.c about uninitialised 'j'.
|
|
to main trunk.
Lets see if the makes it to openssl-cvs :-)
|
|
|
|
|
|
make update done.
|
|
|
|
acceptable, since all that happens if it fails is a library with
an index, which makes linking slower, but still working correctly.
|
|
of complaints from the compiler about data pointers and function
pointers not being compatible with each other.
|
|
the OpenSSL commands x50 and req work better on a EBCDIC system.
|
|
|
|
The old code was painfully primitive and couldn't handle
distinct certificates using the same subject name.
The new code performs several tests on a candidate issuer
certificate based on certificate extensions.
It also adds several callbacks to X509_VERIFY_CTX so its
behaviour can be customised.
Unfortunately some hackery was needed to persuade X509_STORE
to tolerate this. This should go away when X509_STORE is
replaced, sometime...
This must have broken something though :-(
|
|
test utility, I added the bits to get a EVP interface, the command line utility and the speed test
|
|
could be done automagically, much like the numbering in libeay.num and
ssleay.num. The solution works as follows:
- New object identifiers are inserted in objects.txt, following the
syntax given in objects.README.
- objects.pl is used to process obj_mac.num and create a new
obj_mac.h.
- obj_dat.pl is used to create a new obj_dat.h, using the data in
obj_mac.h.
This is currently kind of a hack, and the perl code in objects.pl
isn't very elegant, but it works as I intended. The simplest way to
check that it worked correctly is to look in obj_dat.h and check the
array nid_objs and make sure the objects haven't moved around (this is
important!). Additions are OK, as well as consistent name changes.
|
|
Submitted by: bowe@chip.ma.certco.com
|
|
After some messing around this seems to work but needs
a few more tests. Working out the syntax for sk_set_cmp_func()
(cast it to a function that itself returns a function pointer)
was painful :-(
Needs some testing to see what other compilers think of this
syntax.
Also needs similar stuff for ASN1_SET_OF etc etc.
|
|
Also, "make update" has added some missing functions to libeay.num,
updated the TABLE for the alpha changes, and updated thousands of
dependancies that have changed from recent commits.
|
|
to support multiple calls.
New function to retrieve email address from certificates and
requests.
|
|
like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages. That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.
This change includes all the name changes needed throughout all C files.
|
|
libeay.num and ssleay.num.
|
|
yet tighter, and also put some heat on the rest of the library by
insisting (correctly) that compare callbacks used in stacks are prototyped
with "const" parameters. This has led to a depth-first explosion of
compiler warnings in the code where 1 constification has led to 3 or 4
more. Fortunately these have all been resolved to completion and the code
seems cleaner as a result - in particular many of the _cmp() functions
should have been prototyped with "const"s, and now are. There was one
little problem however;
X509_cmp() should by rights compare "const X509 *" pointers, and it is now
declared as such. However, it's internal workings can involve
recalculating hash values and extensions if they have not already been
setup. Someone with a more intricate understanding of the flow control of
X509 might be able to tighten this up, but for now - this seemed the
obvious place to stop the "depth-first" constification of the code by
using an evil cast (they have migrated all the way here from safestack.h).
Fortunately, this is the only place in the code where this was required
to complete these type-safety changes, and it's reasonably clear and
commented, and seemed the least unacceptable of the options. Trying to
take the constification further ends up exploding out considerably, and
indeed leads directly into generalised ASN functions which are not likely
to cooperate well with this.
|
|
|
|
|
|
|
|
|
|
"Jan Mikkelsen" <janm@transactionsite.com> correctly states that the
OpenSSL header files have #include's and extern "C"'s in an incorrect
order. Thusly fixed.
|
|
|
|
|
|
|
|
|
|
where the new functions are mentioned.
|
|
|
|
and add example of extension aliasing. Also fix
the extension aliasing because it didn't work :-)
|