#
a28d06f3 |
| 18-Feb-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14235)
|
#
d0190e11 |
| 08-Feb-2021 |
Rich Salz |
Process digest option after loading providers Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.or
Process digest option after loading providers Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14135)
show more ...
|
#
021410ea |
| 28-Nov-2020 |
Rich Salz |
Check non-option arguments Make sure all commands check to see if there are any "extra" arguments after the options, and print an error if so. Made all error messages consistent
Check non-option arguments Make sure all commands check to see if there are any "extra" arguments after the options, and print an error if so. Made all error messages consistent (which is to say, minimal). Fixes: #13527 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13563)
show more ...
|
#
22dddfb9 |
| 24-Oct-2020 |
Richard Levitte |
APPS: Remove the format argument where it's not used Also, restore a behaviour change, where load_cert() would look at stdin when the input file name is NULL, and make sure to call l
APPS: Remove the format argument where it's not used Also, restore a behaviour change, where load_cert() would look at stdin when the input file name is NULL, and make sure to call load_cert_pass() with a corresponding argument where load_cert() was used in OpenSSL 1.1.1. Fixes #13235 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13236)
show more ...
|
#
639bb581 |
| 18-Sep-2020 |
Tomas Mraz |
apps/ocsp: Return non zero exit code with invalid certID Fixes #7151 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/1291
apps/ocsp: Return non zero exit code with invalid certID Fixes #7151 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12916)
show more ...
|
#
e74e562f |
| 03-Sep-2020 |
Matt Caswell |
Fix safestack issues in conf.h Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/1
Fix safestack issues in conf.h Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
show more ...
|
#
fd3ed85c |
| 03-Sep-2020 |
Matt Caswell |
Fix safestack issues in ocsp.h Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/1
Fix safestack issues in ocsp.h Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
show more ...
|
#
24c4ea95 |
| 03-Sep-2020 |
Matt Caswell |
Fix stacks of OPENSSL_STRING, OPENSSL_CSTRING and OPENSSL_BLOCK Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://
Fix stacks of OPENSSL_STRING, OPENSSL_CSTRING and OPENSSL_BLOCK Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
show more ...
|
#
e6623cfb |
| 03-Sep-2020 |
Matt Caswell |
Fix safestack issues in x509.h Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/1
Fix safestack issues in x509.h Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
show more ...
|
#
08073700 |
| 06-Sep-2020 |
Randall S. Becker |
NonStop port updates for 3.0.0. HPE NonStop Port Changes for 3.0.0 Includes unthreaded, PUT, and SPT for OSS. The port changes include wrapping where necessary for FLOSS and ap
NonStop port updates for 3.0.0. HPE NonStop Port Changes for 3.0.0 Includes unthreaded, PUT, and SPT for OSS. The port changes include wrapping where necessary for FLOSS and appropriate configuration changes to support that. Two tests are excluded as being inappropriate for the platform. The changes are: * Added /usr/local/include to nonstop-nsx_spt_floss to load floss.h * Added SPT Floss variant for NonStop * Wrapped FLOSS definitions in OPENSSL_TANDEM_FLOSS to allow selective enablement. * SPT build configuration for NonStop * Skip tests not relevant for NonStop * PUT configuration changes required for NonStop platforms * Configurations/50-nonstop.conf: updates for TNS/X platform. * FLOSS instrumentation for HPE NonStop TNS/X and TNS/E platforms. * Configurations/50-nonstop.conf: modifications for non-PUT TNS/E platform b * Fix use of DELAY in ssltestlib.c for HPNS. * Fixed commit merge issues and added floss to http_server.c CLA: Permission is granted by the author to the OpenSSL team to use these modifications. Fixes #5087. Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12800)
show more ...
|
#
d7fcee3b |
| 03-Sep-2020 |
Dr. David von Oheimb |
OSSL_HTTP_parse_url(): add optional port number return parameter and strengthen documentation Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/
OSSL_HTTP_parse_url(): add optional port number return parameter and strengthen documentation Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12786)
show more ...
|
#
b3c5aadf |
| 14-Aug-2020 |
Dr. David von Oheimb |
apps: make use of OSSL_STORE for generalized certs and CRLs loading Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12647)
|
#
00493490 |
| 16-Jun-2020 |
Sebastian Andrzej Siewior |
APPS: Properly pass -no-CAstore Since its introduction the option no-CAstore maps to OPT_NOCAPATH and so behaves like -no-CApath. Map no-CAstore to OPT_NOCASTORE. Signe
APPS: Properly pass -no-CAstore Since its introduction the option no-CAstore maps to OPT_NOCAPATH and so behaves like -no-CApath. Map no-CAstore to OPT_NOCASTORE. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12171)
show more ...
|
#
5a2ba207 |
| 25-May-2020 |
Dr. David von Oheimb |
Add request URL path checking and status responses to HTTP server Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
|
#
6d382c74 |
| 06-May-2020 |
Dr. David von Oheimb |
Use OSSL_STORE for load_{,pub}key() and load_cert() in apps/lib/apps.c This also adds the more flexible and general load_key_cert_crl() as well as helper functions get_passwd(), cleanse(
Use OSSL_STORE for load_{,pub}key() and load_cert() in apps/lib/apps.c This also adds the more flexible and general load_key_cert_crl() as well as helper functions get_passwd(), cleanse(), and clear_free() to be used also in apps/cmp.c etc. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11755)
show more ...
|
#
582311d7 |
| 04-May-2020 |
Dr. David von Oheimb |
Extract HTTP server code from apps/ocsp.c to apps/lib/http_server.c Also adds apps/include/http_server.h. This is used so far by apps/ocsp.c and is going to be used for apps/cmp.c an
Extract HTTP server code from apps/ocsp.c to apps/lib/http_server.c Also adds apps/include/http_server.h. This is used so far by apps/ocsp.c and is going to be used for apps/cmp.c and will be helpful also for any future app acting as HTTP server. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11736)
show more ...
|
Revision tags: OpenSSL_1_0_2u |
|
#
852c2ed2 |
| 19-Dec-2019 |
Rich Salz |
In OpenSSL builds, declare STACK for datatypes ... ... and only *define* them in the source files that need them. Use DEFINE_OR_DECLARE which is set appropriately for internal builds
In OpenSSL builds, declare STACK for datatypes ... ... and only *define* them in the source files that need them. Use DEFINE_OR_DECLARE which is set appropriately for internal builds and not non-deprecated builds. Deprecate stack-of-block Better documentation Move some ASN1 struct typedefs to types.h Update ParseC to handle this. Most of all, ParseC needed to be more consistent. The handlers are "recursive", in so far that they are called again and again until they terminate, which depends entirely on what the "massager" returns. There's a comment at the beginning of ParseC that explains how that works. {Richard Levtte} Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10669)
show more ...
|
#
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
|
#
1ae56f2f |
| 04-Mar-2020 |
Rich Salz |
Don't compile commands if disabled Rather than wrapping whole files in "ifndef OPENSSL_NO_xxx" we handle the changes in build.info Reviewed-by: Paul Dale <paul.dale@oracle.com>
Don't compile commands if disabled Rather than wrapping whole files in "ifndef OPENSSL_NO_xxx" we handle the changes in build.info Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/11250)
show more ...
|
#
8cc86b81 |
| 23-Mar-2020 |
Dr. David von Oheimb |
Constify various mostly X509-related parameter types in crypto/ and apps/ in particular X509_NAME*, X509_STORE{,_CTX}*, and ASN1_INTEGER *, also some result types of new functions, which
Constify various mostly X509-related parameter types in crypto/ and apps/ in particular X509_NAME*, X509_STORE{,_CTX}*, and ASN1_INTEGER *, also some result types of new functions, which does not break compatibility Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/10504)
show more ...
|
#
6bd4e3f2 |
| 25-Feb-2020 |
Pauli |
cmdline app: add provider commandline options. Add a -provider option to allow providers to be loaded. This option can be specified multiple times. Add a -provider_path option t
cmdline app: add provider commandline options. Add a -provider option to allow providers to be loaded. This option can be specified multiple times. Add a -provider_path option to allow the path to providers to be specified. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11167)
show more ...
|
#
29f178bd |
| 30-Oct-2019 |
Dr. David von Oheimb |
Generalize the HTTP client so far implemented mostly in crypto/ocsp/ocsp_ht.c The new client has become an independent libcrpyto module in crypto/http/ and * can handle any types of requests
Generalize the HTTP client so far implemented mostly in crypto/ocsp/ocsp_ht.c The new client has become an independent libcrpyto module in crypto/http/ and * can handle any types of requests and responses (ASN.1-encoded and plain) * does not include potentially busy loops when waiting for responses but * makes use of a new timeout mechanism integrated with socket-based BIO * supports the use of HTTP proxies and TLS, including HTTPS over proxies * supports HTTP redirection via codes 301 and 302 for GET requests * returns more useful diagnostics in various error situations Also adapts - and strongly simplifies - hitherto uses of HTTP in crypto/ocsp/, crypto/x509/x_all.c, apps/lib/apps.c, and apps/{ocsp,s_client,s_server}.c Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/10667)
show more ...
|
#
d5e66eab |
| 04-Feb-2020 |
Shane Lontis |
Fix coverity issues CID 1457745...1457752, 1457853, 1457854 CID 1457854 - keymgmt_lib.c : OVERRUN CID 1457853 - self_test_kats.c : UNINT CID 1457752 - fipsprov.c RESOURCE_LEAK (code
Fix coverity issues CID 1457745...1457752, 1457853, 1457854 CID 1457854 - keymgmt_lib.c : OVERRUN CID 1457853 - self_test_kats.c : UNINT CID 1457752 - fipsprov.c RESOURCE_LEAK (code change in another PR removed this) CID 1457751 - apps/pkcs12.c CHECKED_RETURN CID 1457750 - dsa_ossl.c RESOURCE_LEAK (marked as false positive since tmp can not be NULL) CID 1457749 - apps/nseq.c : CHECKED_RETURN CID 1457748 - cipher_aes_cbc_hmac_sha.c : SIZEOF_MISMATCH CID 1457747 - cipher_aes_cbc_hmac_sha.c : SIZEOF_MISMATCH CID 1457746 - same as 1457752 CID 1457745 - apps/ocsp : CHECKED_RETURN Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10934)
show more ...
|
#
1cf20ca3 |
| 26-Dec-2019 |
kaysond |
Add `-passin` arg to `ocsp` Fix #10682 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraprojec
Add `-passin` arg to `ocsp` Fix #10682 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10718)
show more ...
|
#
e9b95e42 |
| 25-Nov-2019 |
Richard Levitte |
apps/ocsp.c: sock_timeout -> socket_timeout It appears that 'sock_timeout' is defined at least with DJGPP, so we rename our symbol and hope the new name isn't taken. Reviewed-by
apps/ocsp.c: sock_timeout -> socket_timeout It appears that 'sock_timeout' is defined at least with DJGPP, so we rename our symbol and hope the new name isn't taken. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10515)
show more ...
|