| #
5a0991d0 |
| 02-Sep-2020 |
Dr. David von Oheimb |
Add/harmonize multi-valued RDN support and doc of ca, cmp, req, storeutl, and x509 apps
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/
Add/harmonize multi-valued RDN support and doc of ca, cmp, req, storeutl, and x509 apps
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12769)
show more ...
|
| #
bb30bce2 |
| 08-Sep-2020 |
Dr. David von Oheimb |
bugfix in apps/cmp.c and cmp_client.c: inconsistencies on retrieving extraCerts in code and doc
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/
bugfix in apps/cmp.c and cmp_client.c: inconsistencies on retrieving extraCerts in code and doc
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12822)
show more ...
|
| #
a877d262 |
| 03-Sep-2020 |
Dr. David von Oheimb |
apps/cmp.c: clear leftover errors on loading libengines.so etc.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12824)
|
| #
a0745e2b |
| 28-Aug-2020 |
Dr. David von Oheimb |
Clean up CMP chain building for CMP signer, TLS client, and newly enrolled certs
* Use strenghtened cert chain building, verifying chain using optional trust store
while making sure th
Clean up CMP chain building for CMP signer, TLS client, and newly enrolled certs
* Use strenghtened cert chain building, verifying chain using optional trust store
while making sure that no certificate status (e.g., CRL) checks are done
* Use OSSL_CMP_certConf_cb() by default and move its doc to OSSL_CMP_CTX_new.pod
* Simplify certificate and cert store loading in apps/cmp.c
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12741)
show more ...
|
| #
b434b2c0 |
| 28-Aug-2020 |
Dr. David von Oheimb |
Allow unauthenticated CMP server if missing -trusted, -srvcert, and -secret options
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pu
Allow unauthenticated CMP server if missing -trusted, -srvcert, and -secret options
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12806)
show more ...
|
| #
d96486dc |
| 04-Sep-2020 |
Dr. David von Oheimb |
apps/cmp.c: Allow default HTTP path (aka CMP alias) given with -server option
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/127
apps/cmp.c: Allow default HTTP path (aka CMP alias) given with -server option
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12786)
show more ...
|
| #
6e477a60 |
| 04-Sep-2020 |
Dr. David von Oheimb |
apps/cmp.c: Use enhanced OSSL_HTTP_parse_url(), removing parse_addr() and atoint()
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pul
apps/cmp.c: Use enhanced OSSL_HTTP_parse_url(), removing parse_addr() and atoint()
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12786)
show more ...
|
| #
0b86eefd |
| 28-Aug-2020 |
Dr. David von Oheimb |
OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12
OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12788)
show more ...
|
| #
15076c26 |
| 04-Sep-2020 |
Dr. David von Oheimb |
Strengthen chain building for CMP
* Add -own_trusted option to CMP app
* Add OSSL_CMP_CTX_build_cert_chain()
* Add optional trust store arg to ossl_cmp_build_cert_chain()
* Exten
Strengthen chain building for CMP
* Add -own_trusted option to CMP app
* Add OSSL_CMP_CTX_build_cert_chain()
* Add optional trust store arg to ossl_cmp_build_cert_chain()
* Extend the tests in cmp_protect_test.c and the documentation accordingly
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12791)
show more ...
|
| #
39082af2 |
| 04-Sep-2020 |
Dr. David von Oheimb |
Add OSSL_CMP_CTX_get1_newChain() and related CLI option -chainout
Also simplify certificate saving in apps/cmp.c
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https:
Add OSSL_CMP_CTX_get1_newChain() and related CLI option -chainout
Also simplify certificate saving in apps/cmp.c
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12790)
show more ...
|
| #
2c0e356e |
| 28-Aug-2020 |
Dr. David von Oheimb |
apps/cmp.c: Clean up loading of certificates and CRLs
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12751)
|
| #
1a5ae1da |
| 26-Aug-2020 |
Dr. David von Oheimb |
Add -verbosity option to apps/cmp.c and add log output also in crypto/cmp
* In the cmp app so far the -verbosity option had been missing.
* Extend log output helpful for debugging CMP ap
Add -verbosity option to apps/cmp.c and add log output also in crypto/cmp
* In the cmp app so far the -verbosity option had been missing.
* Extend log output helpful for debugging CMP applications
in setup_ssl_ctx() of the cmp app, ossl_cmp_msg_add_extraCerts(),
OSSL_CMP_validate_msg(), and OSSL_CMP_MSG_http_perform().
* Correct suppression of log output with insufficient severity.
* Add logging/severity level OSSL_CMP_LOG_TRACE = OSSL_CMP_LOG_MAX.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12739)
show more ...
|
| #
6d1f50b5 |
| 13-Aug-2020 |
Dr. David von Oheimb |
Use in CMP+CRMF libctx and propq param added to sign/verify/HMAC/decrypt
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
|
|
Revision tags: openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2 |
|
| #
1a7cd250 |
| 13-May-2020 |
Dr. David von Oheimb |
Add libctx and propq parameters to OSSL_CMP_{SRV_},CTX_new() and ossl_cmp_mock_srv_new()
Also remove not really to-the-point error message if call fails in apps/cmp.c
Reviewed-by: S
Add libctx and propq parameters to OSSL_CMP_{SRV_},CTX_new() and ossl_cmp_mock_srv_new()
Also remove not really to-the-point error message if call fails in apps/cmp.c
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
show more ...
|
| #
b3c5aadf |
| 14-Aug-2020 |
Dr. David von Oheimb |
apps: make use of OSSL_STORE for generalized certs and CRLs loading
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12647)
|
| #
3b1fd0b0 |
| 19-Aug-2020 |
Pauli |
cmp: handle error return from OBJ_obj2txt()
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12678)
|
| #
eeccc237 |
| 26-Apr-2020 |
Dr. David von Oheimb |
Introduce X509_add_cert[s] simplifying various additions to cert lists
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12615)
|
| #
aff8c0a4 |
| 27-Jun-2020 |
Dr. David von Oheimb |
Fix error message on setting cert validity period in apps/cmp.c
Fixes #12268
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/1
Fix error message on setting cert validity period in apps/cmp.c
Fixes #12268
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12296)
show more ...
|
| #
57c05c57 |
| 27-Jun-2020 |
Dr. David von Oheimb |
apps: Correct and extend diagnostics of parse_name()
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12296)
|
| #
8f7e8979 |
| 26-Jun-2020 |
Dr. David von Oheimb |
apps/cmp.c: Defer diagnostic output on server+proxy to be contacted
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12296)
|
| #
1202de44 |
| 11-Jul-2020 |
Dr. David von Oheimb |
Add OSSL_CMP_MSG_write(), use it in apps/cmp.c
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12421)
|
| #
fafa56a1 |
| 11-Jul-2020 |
Dr. David von Oheimb |
Export ossl_cmp_msg_load() as OSSL_CMP_MSG_read(), use it in apps/cmp.c
Fixes #12403
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openss
Export ossl_cmp_msg_load() as OSSL_CMP_MSG_read(), use it in apps/cmp.c
Fixes #12403
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12421)
show more ...
|
| #
87d20a96 |
| 11-Jul-2020 |
Dr. David von Oheimb |
apps/cmp.c: Improve documentation of -recipient option
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12421)
|
| #
bf19b64a |
| 18-Jul-2020 |
Dr. David von Oheimb |
Fix UI method setup, which should be independent of (deprecated) engine use
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12422)
|
| #
9283e9bd |
| 28-Jun-2020 |
Pauli |
cmp: remove NULL check.
Instead appease coverity by marking 1464986 as a false positive.
Coverity is confused by the engine reference counting.
Reviewed-by: Tim Hudson <tjh@open
cmp: remove NULL check.
Instead appease coverity by marking 1464986 as a false positive.
Coverity is confused by the engine reference counting.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12309)
show more ...
|
