|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13 |
|
| #
23b795d3 |
| 20-Feb-2021 |
FdaSilvaYY |
apps: directly inclusion of "e_os.h when needed
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/
apps: directly inclusion of "e_os.h when needed
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14344)
show more ...
|
| #
7ed6de99 |
| 05-Sep-2024 |
Tomas Mraz |
Copyright year updates
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
|
| #
81202237 |
| 09-Aug-2023 |
Stephan Wurm |
apps: ca,req,x509: Add explicit start and end dates options
- Added options `-not_before` (start date) and `-not-after` (end date)
for explicit setting of the validity period of a cert
apps: ca,req,x509: Add explicit start and end dates options
- Added options `-not_before` (start date) and `-not-after` (end date)
for explicit setting of the validity period of a certificate in the
apps `ca`, `req` and `x509`
- The new options accept time strings or "today"
- In app `ca`, use the new options as aliases of the already existing
options `-startdate` and `-enddate`
- When used in apps `req` and `x509`, the end date must be >= the start
date, in app `ca` end date < start date is also accepted
- In any case, `-not-after` overrides the `-days` option
- Added helper function `check_cert_time_string` to validate given
certificate time strings
- Use the new helper function in apps `ca`, `req` and `x509`
- Moved redundant code for time string checking into `set_cert_times`
helper function.
- Added tests for explicit start and end dates in apps `req` and `x509`
- test: Added auxiliary functions for parsing fields from `-text`
formatted output to `tconversion.pl`
- CHANGES: Added to new section 3.4
Signed-off-by: Stephan Wurm <atomisirsi@gsklan.de>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21716)
show more ...
|
| #
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
|
| #
ccb2f308 |
| 24-Jul-2023 |
Fatih Arslan Tugay |
Correct spelling of database
Apply normal sentence case to db update message
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@
Correct spelling of database
Apply normal sentence case to db update message
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21535)
show more ...
|
| #
af99d550 |
| 08-Mar-2023 |
Richard Levitte |
apps/ca.c: Handle EVP_PKEY_get_default_digest_name() returning 1 with "UNDEF"
EVP_PKEY_get_default_digest_name() may return 1 with the returned digest
name "UNDEF". This case hasn't bee
apps/ca.c: Handle EVP_PKEY_get_default_digest_name() returning 1 with "UNDEF"
EVP_PKEY_get_default_digest_name() may return 1 with the returned digest
name "UNDEF". This case hasn't been documented, and the meaning has been
left undefined, until now.
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20460)
show more ...
|
| #
b7782687 |
| 16-May-2023 |
Dr. David von Oheimb |
APPS: replace awkward and error-prone pattern by calls to new app_conf_try_number()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by
APPS: replace awkward and error-prone pattern by calls to new app_conf_try_number()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20971)
show more ...
|
| #
da7f81d3 |
| 16-May-2023 |
Dr. David von Oheimb |
APPS: replace awkward and error-prone pattern by calls to new app_conf_try_string()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by
APPS: replace awkward and error-prone pattern by calls to new app_conf_try_string()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20971)
show more ...
|
| #
c8aec163 |
| 15-May-2023 |
Dr. David von Oheimb |
APPS/ca: remove spurious errors when certain config file entries are not provided
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by:
APPS/ca: remove spurious errors when certain config file entries are not provided
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20971)
show more ...
|
| #
a75f707f |
| 21-Apr-2023 |
Tianjia Zhang |
apps: silent warning when loading CSR files with vfyopt option
When verifying or signing a CSR file with the -vfyopt option,
a warning message similar to the following will appear:
apps: silent warning when loading CSR files with vfyopt option
When verifying or signing a CSR file with the -vfyopt option,
a warning message similar to the following will appear:
Warning: CSR self-signature does not match the contents
This happens especially when the SM2 algorithm is used and the
distid parameter is added. Pass the vfyopts parameter to the
do_X509_REQ_verify() function to eliminate the warning message.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20799)
show more ...
|
| #
342e3652 |
| 24-Sep-2022 |
Dr. David von Oheimb |
APPS: generated certs bear X.509 V3, unless -x509v1 option of req app is given
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by:
APPS: generated certs bear X.509 V3, unless -x509v1 option of req app is given
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19271)
show more ...
|
| #
200d8447 |
| 06-Jul-2021 |
Dr. David von Oheimb |
APPS: Move load_csr_autofmt() from apps/cmp.c to apps.c and use it also for apps, too
Also add related references to FR #15725.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
APPS: Move load_csr_autofmt() from apps/cmp.c to apps.c and use it also for apps, too
Also add related references to FR #15725.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18900)
show more ...
|
| #
ec8a3409 |
| 30-May-2022 |
Dr. David von Oheimb |
APPS/x509: With -CA but both -CAserial and -CAcreateserial not given, use random serial.
Also improve openssl-x509.pod.in and error handling of load_serial() in apps.c.
Reviewed-by:
APPS/x509: With -CA but both -CAserial and -CAcreateserial not given, use random serial.
Also improve openssl-x509.pod.in and error handling of load_serial() in apps.c.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18373)
show more ...
|
| #
c540a827 |
| 24-May-2022 |
Peiwei Hu |
Fix the checks of X509_REVOKED_add1_ext_i2d
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/ope
Fix the checks of X509_REVOKED_add1_ext_i2d
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18400)
show more ...
|
| #
fba140c7 |
| 12-Apr-2022 |
Dmitry Belyavskiy |
str[n]casecmp => OPENSSL_strncasecmp
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18069)
|
| #
065121ff |
| 04-Feb-2022 |
Armin Fuerst |
Add tests for do_updatedb
Fixes #13944
Moved "opt_printf_stderr" out of apps.c to avoid duplicate definition in tests.
Added function "asn1_string_to_time_t" including test
Add tests for do_updatedb
Fixes #13944
Moved "opt_printf_stderr" out of apps.c to avoid duplicate definition in tests.
Added function "asn1_string_to_time_t" including tests.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17645)
show more ...
|
| #
a414fd67 |
| 22-Dec-2021 |
Philip Prindeville |
Add -verbose/-queit flags to dhparam
Allow dhparam to run quietly in scripts, etc.
For other commands that took a -verbose flag already, also support -quiet.
For genpkey wh
Add -verbose/-queit flags to dhparam
Allow dhparam to run quietly in scripts, etc.
For other commands that took a -verbose flag already, also support -quiet.
For genpkey which only supported -quiet, add the -verbose flag.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17336)
show more ...
|
| #
e52698f9 |
| 16-Jan-2022 |
Pauli |
apps/ca: replace ;; with ; as statement separator
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@op
apps/ca: replace ;; with ; as statement separator
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17528)
show more ...
|
| #
79b2a2f2 |
| 18-Dec-2021 |
Dr. David von Oheimb |
add OSSL_STACK_OF_X509_free() for commonly used pattern
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17307)
|
| #
adbd77f6 |
| 17-Aug-2021 |
Dr. David von Oheimb |
X509: Fix handling of AKID and SKID extensions according to configuration
Fixes #16300
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.o
X509: Fix handling of AKID and SKID extensions according to configuration
Fixes #16300
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16342)
show more ...
|
| #
db226bf2 |
| 12-Jul-2021 |
Tianjia Zhang |
Remove executable mode attributes of non-executable files
Remove the executable attributes of some C code files and key files,
change the file mode from 0755 to 0644.
Signed-off
Remove executable mode attributes of non-executable files
Remove the executable attributes of some C code files and key files,
change the file mode from 0755 to 0644.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16045)
show more ...
|
| #
8c5bff22 |
| 01-Mar-2021 |
William Edmisten |
Add support for ISO 8601 datetime format
Fixes #5430
Added the configuration file option "date_opt" to the openssl applications ca,
crl and x509.
Added ASN1_TIME_print_ex wh
Add support for ISO 8601 datetime format
Fixes #5430
Added the configuration file option "date_opt" to the openssl applications ca,
crl and x509.
Added ASN1_TIME_print_ex which supports the new datetime format using the
flag ASN1_DTFLGS_ISO8601
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14384)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
| #
ca29cc14 |
| 13-Jan-2020 |
Florian Mickler |
openssl ca: make index.txt parsing error more verbose
If index.txt exists but has some problems (like for example a single \n character in it) openssl will just exit without any error messag
openssl ca: make index.txt parsing error more verbose
If index.txt exists but has some problems (like for example a single \n character in it) openssl will just exit without any error message.
Bug at least expirienced twice: https://superuser.com/questions/1327848/openssl-ca-fails-after-password-without-error-message
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15360)
show more ...
|
| #
d382e796 |
| 30-Apr-2021 |
Tomas Mraz |
Make the -inform option to be respected if possible
Add OSSL_STORE_PARAM_INPUT_TYPE and make it possible to be
set when OSSL_STORE_open_ex() or OSSL_STORE_attach() is called.
Th
Make the -inform option to be respected if possible
Add OSSL_STORE_PARAM_INPUT_TYPE and make it possible to be
set when OSSL_STORE_open_ex() or OSSL_STORE_attach() is called.
The input type format is enforced only in case the file
type file store is used.
By default we use FORMAT_UNDEF meaning the input type
is not enforced.
Fixes #14569
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15100)
show more ...
|
| #
b0f96018 |
| 01-May-2021 |
Dr. David von Oheimb |
APPS: Replace 'OPT_ERR = -1, OPT_EOF = 0, OPT_HELP' by OPT_COMMON macro
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15111)
|
