| #
995101d6 |
| 29-Apr-2015 |
Rich Salz |
Add HTTP GET support to OCSP server
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
| #
88806cfc |
| 26-Apr-2015 |
Rich Salz |
Fix main build breakage.
A variable declaration got dropped during a merge.
And if a compiler inlines strcmp() and you put a strcmp in an
assert message, the resultant stringificatio
Fix main build breakage.
A variable declaration got dropped during a merge.
And if a compiler inlines strcmp() and you put a strcmp in an
assert message, the resultant stringification exceeds ANSI string
limits.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
show more ...
|
| #
c6724060 |
| 25-Apr-2015 |
Rich Salz |
RT2206: Add -issuer flag to ocsp command
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
7e1b7485 |
| 24-Apr-2015 |
Rich Salz |
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
| #
62adbcee |
| 11-Apr-2015 |
Rich Salz |
free NULL cleanup 10
Avoid checking for NULL before calling free functions. This gets
ssl.*free:
ssl_sess_cert_free ssl_free ssl_excert_free ssl_cert_free
SSL_free SSL_S
free NULL cleanup 10
Avoid checking for NULL before calling free functions. This gets
ssl.*free:
ssl_sess_cert_free ssl_free ssl_excert_free ssl_cert_free
SSL_free SSL_SRP_CTX_free SSL_SESSION_free SSL_CTX_free
SSL_CTX_SRP_CTX_free SSL_CONF_CTX_free
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
show more ...
|
| #
ca3a82c3 |
| 25-Mar-2015 |
Rich Salz |
free NULL cleanup
This commit handles BIO_ACCEPT_free BIO_CB_FREE BIO_CONNECT_free
BIO_free BIO_free_all BIO_vfree
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Revision tags: OpenSSL_0_9_8zf, OpenSSL_1_0_0r, OpenSSL_1_0_1m, OpenSSL_1_0_2a |
|
| #
6ef869d7 |
| 05-Mar-2015 |
Dr. Stephen Henson |
Make OCSP structures opaque.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| #
25690b7f |
| 27-Jan-2015 |
Matt Caswell |
Add -no_alt_chains option to apps to implement the new
X509_V_FLAG_NO_ALT_CHAINS flag. Using this option means that when building
certificate chains, the first chain found will be the one use
Add -no_alt_chains option to apps to implement the new
X509_V_FLAG_NO_ALT_CHAINS flag. Using this option means that when building
certificate chains, the first chain found will be the one used. Without this
flag, if the first chain found is not trusted then we will keep looking to
see if we can build an alternative chain instead.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
show more ...
|
|
Revision tags: OpenSSL_1_0_2, master-post-auto-reformat |
|
| #
0f113f3e |
| 22-Jan-2015 |
Matt Caswell |
Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Revision tags: OpenSSL_1_0_2-post-auto-reformat, OpenSSL_0_9_8-post-auto-reformat, OpenSSL_0_9_8-pre-auto-reformat, OpenSSL_1_0_0-post-auto-reformat, OpenSSL_1_0_0-pre-auto-reformat, OpenSSL_1_0_1-post-auto-reformat, OpenSSL_1_0_1-pre-auto-reformat, master-post-reformat, OpenSSL_0_9_8-pre-reformat, OpenSSL_0_9_8ze, OpenSSL_1_0_0-pre-reformat, OpenSSL_1_0_0q, OpenSSL_1_0_1-pre-reformat, OpenSSL_1_0_1l, master-pre-reformat, OpenSSL_1_0_2-pre-reformat, OpenSSL_0_9_8zd, OpenSSL_1_0_0p, OpenSSL_1_0_1k, OpenSSL_0_9_8-post-reformat |
|
| #
961d2ddb |
| 29-Nov-2014 |
Kurt Roeckx |
Use the SSLv23 method by default
If SSLv2 and SSLv3 are both disabled we still support SSL/TLS.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
5e31a40f |
| 27-Nov-2014 |
Matt Caswell |
Tidy up ocsp help output
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
| #
de87dd46 |
| 27-Nov-2014 |
André Guerreiro |
Add documentation on -timeout option in the ocsp utility
PR#3612
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
Revision tags: OpenSSL-fips-2_0_9, OpenSSL_1_0_1j, OpenSSL_1_0_0o, OpenSSL_0_9_8zc, OpenSSL_1_0_2-beta3, OpenSSL_0_9_8zb, OpenSSL_1_0_0n, OpenSSL_1_0_1i, OpenSSL_1_0_2-beta2, OpenSSL-fips-2_0_8 |
|
| #
7c206db9 |
| 28-Jun-2014 |
Dr. Stephen Henson |
Typo.
PR#3107
|
| #
6d3d5793 |
| 18-Jun-2014 |
Hubert Kario |
Document -trusted_first option in man pages and help.
Add -trusted_first description to help messages and man pages
of tools that deal with certificate verification.
|
|
Revision tags: OpenSSL_1_0_1h, OpenSSL_1_0_0m, OpenSSL_0_9_8za, OpenSSL-fips-2_0_7 |
|
| #
5219d3dd |
| 09-Apr-2014 |
Dr. Stephen Henson |
Fix free errors in ocsp utility.
Keep copy of any host, path and port values allocated by
OCSP_parse_url and free as necessary.
|
|
Revision tags: OpenSSL_1_0_1g, OpenSSL_1_0_2-beta1 |
|
| #
ded18639 |
| 20-Feb-2014 |
Dr. Stephen Henson |
Move CT viewer extension code to crypto/x509v3
|
| #
b263f212 |
| 19-Feb-2014 |
Rob Stradling |
Move the SCT List extension parser into libssl.
Add the extension parser in the s_client, ocsp and x509 apps.
|
|
Revision tags: OpenSSL_1_0_0l, OpenSSL_1_0_1f, OpenSSL-fips-2_0_6, OpenSSL-fips-2_0_5, OpenSSL-fips-2_0_4 |
|
| #
c45a48c1 |
| 07-Oct-2013 |
Ben Laurie |
Constification.
|
|
Revision tags: OpenSSL-fips-2_0_3, OpenSSL_1_0_1e, OpenSSL_0_9_8y, OpenSSL_1_0_0k, OpenSSL_1_0_1d |
|
| #
09d0d67c |
| 21-Dec-2012 |
Dr. Stephen Henson |
add missing newline
|
| #
bbdfbacd |
| 16-Dec-2012 |
Dr. Stephen Henson |
add -rmd option to set OCSP response signing digest
|
| #
99fc818e |
| 15-Dec-2012 |
Dr. Stephen Henson |
Return success when the responder is active.
Don't verify our own responses.
|
| #
265f835e |
| 15-Dec-2012 |
Dr. Stephen Henson |
typo
|
| #
33826fd0 |
| 14-Dec-2012 |
Dr. Stephen Henson |
Add support for '-' as input and output filenames in ocsp utility.
Recognise verification arguments.
|
| #
92821996 |
| 14-Dec-2012 |
Dr. Stephen Henson |
oops, revert, committed in error
|
| #
11e2957d |
| 14-Dec-2012 |
Dr. Stephen Henson |
apps/ocsp.c
|
