apps: directly inclusion of "e_os.h when needed

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/

apps: directly inclusion of "e_os.h when needed

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14344)

show more ...

Copyright year updates


Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes

apps: ca,req,x509: Add explicit start and end dates options

- Added options `-not_before` (start date) and `-not-after` (end date)
for explicit setting of the validity period of a cert

apps: ca,req,x509: Add explicit start and end dates options

- Added options `-not_before` (start date) and `-not-after` (end date)
for explicit setting of the validity period of a certificate in the
apps `ca`, `req` and `x509`
- The new options accept time strings or "today"
- In app `ca`, use the new options as aliases of the already existing
options `-startdate` and `-enddate`
- When used in apps `req` and `x509`, the end date must be >= the start
date, in app `ca` end date < start date is also accepted
- In any case, `-not-after` overrides the `-days` option
- Added helper function `check_cert_time_string` to validate given
certificate time strings
- Use the new helper function in apps `ca`, `req` and `x509`
- Moved redundant code for time string checking into `set_cert_times`
helper function.
- Added tests for explicit start and end dates in apps `req` and `x509`
- test: Added auxiliary functions for parsing fields from `-text`
formatted output to `tconversion.pl`
- CHANGES: Added to new section 3.4

Signed-off-by: Stephan Wurm <atomisirsi@gsklan.de>

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21716)

show more ...

Copyright year updates


Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes

APPS: replace awkward and error-prone pattern by calls to new app_conf_try_number()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by

APPS: replace awkward and error-prone pattern by calls to new app_conf_try_number()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20971)

show more ...

APPS: replace awkward and error-prone pattern by calls to new app_conf_try_string()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by

APPS: replace awkward and error-prone pattern by calls to new app_conf_try_string()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20971)

show more ...

apps: silent warning when loading CSR files with vfyopt option

When verifying or signing a CSR file with the -vfyopt option,
a warning message similar to the following will appear:

apps: silent warning when loading CSR files with vfyopt option

When verifying or signing a CSR file with the -vfyopt option,
a warning message similar to the following will appear:

Warning: CSR self-signature does not match the contents

This happens especially when the SM2 algorithm is used and the
distid parameter is added. Pass the vfyopts parameter to the
do_X509_REQ_verify() function to eliminate the warning message.

Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20799)

show more ...

apps/x509 etc.: allow private key input when public key is expected

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David

apps/x509 etc.: allow private key input when public key is expected

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19076)

show more ...

APPS: generated certs bear X.509 V3, unless -x509v1 option of req app is given

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by:

APPS: generated certs bear X.509 V3, unless -x509v1 option of req app is given

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19271)

show more ...

APPS: Move load_csr_autofmt() from apps/cmp.c to apps.c and use it also for apps, too

Also add related references to FR #15725.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>

APPS: Move load_csr_autofmt() from apps/cmp.c to apps.c and use it also for apps, too

Also add related references to FR #15725.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18900)

show more ...

APPS/x509: With -CA but both -CAserial and -CAcreateserial not given, use random serial.

Also improve openssl-x509.pod.in and error handling of load_serial() in apps.c.

Reviewed-by:

APPS/x509: With -CA but both -CAserial and -CAcreateserial not given, use random serial.

Also improve openssl-x509.pod.in and error handling of load_serial() in apps.c.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18373)

show more ...

Add tests for do_updatedb

Fixes #13944

Moved "opt_printf_stderr" out of apps.c to avoid duplicate definition in tests.

Added function "asn1_string_to_time_t" including test

Add tests for do_updatedb

Fixes #13944

Moved "opt_printf_stderr" out of apps.c to avoid duplicate definition in tests.

Added function "asn1_string_to_time_t" including tests.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17645)

show more ...

Move e_os.h to include/internal

Including e_os.h with a path from a header file doesn't work well on
certain exotic platform. It simply fails to build.

Since we don't seem to b

Move e_os.h to include/internal

Including e_os.h with a path from a header file doesn't work well on
certain exotic platform. It simply fails to build.

Since we don't seem to be able to stop ourselves, the better move is
to move e_os.h to an include directory that's part of the inclusion
path given to the compiler.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17641)

show more ...

Standardize progress callback for dhparam, dsaparam, etc.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed

Standardize progress callback for dhparam, dsaparam, etc.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17359)

show more ...

x509: Return a nonzero exit code on error when checking ip/email/host

In the x509 app when doing the ip/email/host validation of a
certificate we return nonzero exit code if the validati

x509: Return a nonzero exit code on error when checking ip/email/host

In the x509 app when doing the ip/email/host validation of a
certificate we return nonzero exit code if the validation fails.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17022)

show more ...

Move more general parts of internal/cryptlib.h to new internal/common.h

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15847)

Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/

Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15847)

show more ...

X509: Fix handling of AKID and SKID extensions according to configuration

Fixes #16300

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.o

X509: Fix handling of AKID and SKID extensions according to configuration

Fixes #16300

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16342)

show more ...

APPS: Fix result type of dump_cert_text() and behavior of print_name() on out==NULL

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged fro

APPS: Fix result type of dump_cert_text() and behavior of print_name() on out==NULL

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16344)

show more ...

add libctx and property query to fetch functions

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15687)

Add support for ISO 8601 datetime format

Fixes #5430

Added the configuration file option "date_opt" to the openssl applications ca,
crl and x509.
Added ASN1_TIME_print_ex wh

Add support for ISO 8601 datetime format

Fixes #5430

Added the configuration file option "date_opt" to the openssl applications ca,
crl and x509.
Added ASN1_TIME_print_ex which supports the new datetime format using the
flag ASN1_DTFLGS_ISO8601

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14384)

show more ...

Fix s_server app to not report an error when using a non DH certificate.

Fixes #15071

It always tries loading the cert as DH which previously did not produce
an error. The error

Fix s_server app to not report an error when using a non DH certificate.

Fixes #15071

It always tries loading the cert as DH which previously did not produce
an error. The errors are not suppressed for these operations.
The output now matches previous versions of OpenSSL.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15670)

show more ...

Add warning to key/param generating apps on potential delay due to missing entropy

This also introduces app_keygen() and app_paramgen() and cleans up err reporting.

Reviewed-by: Tom

Add warning to key/param generating apps on potential delay due to missing entropy

This also introduces app_keygen() and app_paramgen() and cleans up err reporting.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12095)

show more ...

apps/ocsp: Add -proxy and -no_proxy options

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15245)

HTTP client API: Generalize to arbitrary request and response contents

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15053)