Revision tags: openssl-3.0.0-alpha7 |
|
#
d7e498ac |
| 04-Oct-2020 |
Richard Levitte |
Deprecate RSA harder This deprecates all functions that deal with the types RSA and RSA_METHOD Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/open
Deprecate RSA harder This deprecates all functions that deal with the types RSA and RSA_METHOD Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13096)
show more ...
|
#
a18cf8fc |
| 12-Nov-2020 |
Rich Salz |
Remove -C option from x509 command Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pu
Remove -C option from x509 command Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13384)
show more ...
|
#
22dddfb9 |
| 24-Oct-2020 |
Richard Levitte |
APPS: Remove the format argument where it's not used Also, restore a behaviour change, where load_cert() would look at stdin when the input file name is NULL, and make sure to call l
APPS: Remove the format argument where it's not used Also, restore a behaviour change, where load_cert() would look at stdin when the input file name is NULL, and make sure to call load_cert_pass() with a corresponding argument where load_cert() was used in OpenSSL 1.1.1. Fixes #13235 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13236)
show more ...
|
#
d8652be0 |
| 24-Sep-2020 |
Matt Caswell |
Run the withlibctx.pl script Automatically rename all instances of _with_libctx() to _ex() as per our coding style. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged fro
Run the withlibctx.pl script Automatically rename all instances of _with_libctx() to _ex() as per our coding style. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12970)
show more ...
|
Revision tags: OpenSSL_1_1_1h |
|
#
50eb2a50 |
| 16-Sep-2020 |
Dr. David von Oheimb |
load_key_certs_crls(): Restore output of fatal errors Also improve credentials loading diagnostics for many apps. Fixes #12840 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.
load_key_certs_crls(): Restore output of fatal errors Also improve credentials loading diagnostics for many apps. Fixes #12840 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12893)
show more ...
|
#
b4780134 |
| 03-Sep-2020 |
Matt Caswell |
Fix safestack issues in asn1.h Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/1
Fix safestack issues in asn1.h Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
show more ...
|
#
24c4ea95 |
| 03-Sep-2020 |
Matt Caswell |
Fix stacks of OPENSSL_STRING, OPENSSL_CSTRING and OPENSSL_BLOCK Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://
Fix stacks of OPENSSL_STRING, OPENSSL_CSTRING and OPENSSL_BLOCK Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
show more ...
|
#
e6623cfb |
| 03-Sep-2020 |
Matt Caswell |
Fix safestack issues in x509.h Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/1
Fix safestack issues in x509.h Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
show more ...
|
#
5a0991d0 |
| 02-Sep-2020 |
Dr. David von Oheimb |
Add/harmonize multi-valued RDN support and doc of ca, cmp, req, storeutl, and x509 apps Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/
Add/harmonize multi-valued RDN support and doc of ca, cmp, req, storeutl, and x509 apps Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12769)
show more ...
|
#
2a33470b |
| 16-Aug-2020 |
Dr. David von Oheimb |
Make better use of new load_cert_pass() variant of load_cert() in apps/ allows loading password-protected PKCS#12 files in x509, ca, s_client, s_server Reviewed-by: Richard Levitte
Make better use of new load_cert_pass() variant of load_cert() in apps/ allows loading password-protected PKCS#12 files in x509, ca, s_client, s_server Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12647)
show more ...
|
Revision tags: openssl-3.0.0-alpha6, openssl-3.0.0-alpha5 |
|
#
57c05c57 |
| 27-Jun-2020 |
Dr. David von Oheimb |
apps: Correct and extend diagnostics of parse_name() Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12296) |
#
6725682d |
| 24-Jul-2020 |
Shane Lontis |
Add X509 related libctx changes. - In order to not add many X509_XXXX_with_libctx() functions the libctx and propq may be stored in the X509 object via a call to X509_new_with_libctx().
Add X509 related libctx changes. - In order to not add many X509_XXXX_with_libctx() functions the libctx and propq may be stored in the X509 object via a call to X509_new_with_libctx(). - Loading via PEM_read_bio_X509() or d2i_X509() should pass in a created cert using X509_new_with_libctx(). - Renamed some XXXX_ex() to XXX_with_libctx() for X509 API's. - Removed the extra parameters in check_purpose.. - X509_digest() has been modified so that it expects a const EVP_MD object() and then internally it does the fetch when it needs to (via ASN1_item_digest_with_libctx()). - Added API's that set the libctx when they load such as X509_STORE_new_with_libctx() so that the cert chains can be verified. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12153)
show more ...
|
#
7e4f01d8 |
| 19-Jul-2020 |
Nihal Jere |
fixed swapped parameter descriptions for x509 CLA: trivial Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged fro
fixed swapped parameter descriptions for x509 CLA: trivial Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12482)
show more ...
|
#
1337a3a9 |
| 13-Jul-2020 |
Dr. David von Oheimb |
Constify X509_check_akid and prefer using X509_get0_serialNumber over X509_get_serialNumber Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/open
Constify X509_check_akid and prefer using X509_get0_serialNumber over X509_get_serialNumber Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12375)
show more ...
|
Revision tags: openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
#
ade08735 |
| 23-Dec-2019 |
Dr. David von Oheimb |
Improve documentation, layout, and code comments regarding self-issued certs etc. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1
Improve documentation, layout, and code comments regarding self-issued certs etc. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10587)
show more ...
|
#
6d382c74 |
| 06-May-2020 |
Dr. David von Oheimb |
Use OSSL_STORE for load_{,pub}key() and load_cert() in apps/lib/apps.c This also adds the more flexible and general load_key_cert_crl() as well as helper functions get_passwd(), cleanse(
Use OSSL_STORE for load_{,pub}key() and load_cert() in apps/lib/apps.c This also adds the more flexible and general load_key_cert_crl() as well as helper functions get_passwd(), cleanse(), and clear_free() to be used also in apps/cmp.c etc. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11755)
show more ...
|
#
01c12100 |
| 22-Apr-2020 |
Dr. David von Oheimb |
Clean up the use of ERR_print_errors() in apps.c and in four apps Also make sure that all error messages in apps.c consistently begin upper-case. Changed files: apps/lib/apps.c and apps/
Clean up the use of ERR_print_errors() in apps.c and in four apps Also make sure that all error messages in apps.c consistently begin upper-case. Changed files: apps/lib/apps.c and apps/{req.c,s_client.c,s_server.c,x509.c} Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/4940)
show more ...
|
Revision tags: OpenSSL_1_0_2u, OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d, OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b, OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i, OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3, OpenSSL_1_1_1-pre2, OpenSSL_1_1_1-pre1 |
|
#
9d5aca65 |
| 15-Dec-2017 |
David von Oheimb |
Add function load_csr(file,format,desc) to apps/lib/apps.c Make use of new load_csr() in 'ca', 'req', and 'x509' app Add '-inform' and '-certform' option to 'ca' app Add 'desc' param
Add function load_csr(file,format,desc) to apps/lib/apps.c Make use of new load_csr() in 'ca', 'req', and 'x509' app Add '-inform' and '-certform' option to 'ca' app Add 'desc' parameter to load_crl() function defined in apps/lib/apps.c Allow 'desc' parameter to be NULL (gives option to suppress error output) Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/4940)
show more ...
|
#
852c2ed2 |
| 19-Dec-2019 |
Rich Salz |
In OpenSSL builds, declare STACK for datatypes ... ... and only *define* them in the source files that need them. Use DEFINE_OR_DECLARE which is set appropriately for internal builds
In OpenSSL builds, declare STACK for datatypes ... ... and only *define* them in the source files that need them. Use DEFINE_OR_DECLARE which is set appropriately for internal builds and not non-deprecated builds. Deprecate stack-of-block Better documentation Move some ASN1 struct typedefs to types.h Update ParseC to handle this. Most of all, ParseC needed to be more consistent. The handlers are "recursive", in so far that they are called again and again until they terminate, which depends entirely on what the "massager" returns. There's a comment at the beginning of ParseC that explains how that works. {Richard Levtte} Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10669)
show more ...
|
#
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616) |
#
2b264aee |
| 06-Mar-2020 |
Dr. David von Oheimb |
Fix descriptions of credentials and verification options for various apps fix doc of s_client and s_server credentials and verification options fix doc of verification options also for s
Fix descriptions of credentials and verification options for various apps fix doc of s_client and s_server credentials and verification options fix doc of verification options also for s_time, x509, crl, req, ts, and verify correcting and extending texts regarding untrusted and trusted certs, making the order of options in the docs and help texts more consistent, etc. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11273)
show more ...
|
#
2292c8e1 |
| 10-Mar-2020 |
Richard Levitte |
APPS: Remove all traces of special SM2 treatment. SM2 IDs are now passed entirely as '-pkeyopt', '-sigopt' or '-vfyopt' values, just like any other valid option. Fixes #11293
APPS: Remove all traces of special SM2 treatment. SM2 IDs are now passed entirely as '-pkeyopt', '-sigopt' or '-vfyopt' values, just like any other valid option. Fixes #11293 Reviewed-by: Paul Yang <kaishen.yy@antfin.com> (Merged from https://github.com/openssl/openssl/pull/11302)
show more ...
|
#
6bd4e3f2 |
| 25-Feb-2020 |
Pauli |
cmdline app: add provider commandline options. Add a -provider option to allow providers to be loaded. This option can be specified multiple times. Add a -provider_path option t
cmdline app: add provider commandline options. Add a -provider option to allow providers to be loaded. This option can be specified multiple times. Add a -provider_path option to allow the path to providers to be specified. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11167)
show more ...
|
#
d4c3bdb0 |
| 13-Feb-2020 |
Bastian Germann |
apps x509: restrict CAkeyform option to OPT_FMT_PDE CAkeyform may be set to PEM, DER or ENGINE, but the current options are not using the proper optionformat 'E' (OPT_FMT_PDE) for this.
apps x509: restrict CAkeyform option to OPT_FMT_PDE CAkeyform may be set to PEM, DER or ENGINE, but the current options are not using the proper optionformat 'E' (OPT_FMT_PDE) for this. Set the valtype for CAkeyform to 'E' and use OPT_FMT_PDE when extracting the option value. This amends 0ab6fc79a9a ("Fix regression on x509 keyform argument") which did the same thing for keyform and changed the manpage synopsis entries for both keyform and CAkeyform but did not change the option section. Hence, change the option section for both of them. CLA: trivial Co-developed-by: Torben Hohn <torben.hohn@linutronix.de> Signed-off-by: Torben Hohn <torben.hohn@linutronix.de> Signed-off-by: Bastian Germann <bage@linutronix.de> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11085)
show more ...
|
#
16d56043 |
| 13-Feb-2020 |
Bastian Germann |
apps x509: passing PKCS#11 URL as -signkey OpenSSL 1.1.0 has extended option checking, and rejects passing a PKCS#11 engine URL to "-signkey" option. The actual code is ready to take it.
apps x509: passing PKCS#11 URL as -signkey OpenSSL 1.1.0 has extended option checking, and rejects passing a PKCS#11 engine URL to "-signkey" option. The actual code is ready to take it. Change the option parsing to allow an engine URL to be passed and modify the manpage accordingly. CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11086)
show more ...
|