#
0339382a |
| 19-Apr-2024 |
Randall S. Becker |
Remove all references to FLOSS for NonStop Builds. FLOSS is no longer a dependency for NonStop as of the deprecation of the SPT thread model builds. Fixes: #24214 Signe
Remove all references to FLOSS for NonStop Builds. FLOSS is no longer a dependency for NonStop as of the deprecation of the SPT thread model builds. Fixes: #24214 Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24217)
show more ...
|
#
81202237 |
| 09-Aug-2023 |
Stephan Wurm |
apps: ca,req,x509: Add explicit start and end dates options - Added options `-not_before` (start date) and `-not-after` (end date) for explicit setting of the validity period of a cert
apps: ca,req,x509: Add explicit start and end dates options - Added options `-not_before` (start date) and `-not-after` (end date) for explicit setting of the validity period of a certificate in the apps `ca`, `req` and `x509` - The new options accept time strings or "today" - In app `ca`, use the new options as aliases of the already existing options `-startdate` and `-enddate` - When used in apps `req` and `x509`, the end date must be >= the start date, in app `ca` end date < start date is also accepted - In any case, `-not-after` overrides the `-days` option - Added helper function `check_cert_time_string` to validate given certificate time strings - Use the new helper function in apps `ca`, `req` and `x509` - Moved redundant code for time string checking into `set_cert_times` helper function. - Added tests for explicit start and end dates in apps `req` and `x509` - test: Added auxiliary functions for parsing fields from `-text` formatted output to `tconversion.pl` - CHANGES: Added to new section 3.4 Signed-off-by: Stephan Wurm <atomisirsi@gsklan.de> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21716)
show more ...
|
#
90849b52 |
| 12-Jan-2024 |
Drokov Pavel |
Remove receiving of unused return value CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://githu
Remove receiving of unused return value CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/23276)
show more ...
|
#
1d768852 |
| 09-Oct-2023 |
Tomas Mraz |
apps.c: Remove a redundant error print-out Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github
apps.c: Remove a redundant error print-out Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22318)
show more ...
|
#
edc2b6e3 |
| 09-Oct-2023 |
Tomas Mraz |
apps: Print out a proper message when a store cannot be opened Fixes #22306 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Richard Levitte <levitte@op
apps: Print out a proper message when a store cannot be opened Fixes #22306 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22318)
show more ...
|
#
8c040c08 |
| 11-Sep-2023 |
Bernd Edlinger |
Fix some memory leaks in the openssl app In some error cases the normal cleanup did not happen, but instead an exit(1) which caused some memory leaks, as reported in #22049.
Fix some memory leaks in the openssl app In some error cases the normal cleanup did not happen, but instead an exit(1) which caused some memory leaks, as reported in #22049. Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/22055)
show more ...
|
#
bbaeadb0 |
| 16-Jul-2023 |
Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com> |
"foo * bar" should be "foo *bar" Found by running the checkpatch.pl Linux script to enforce coding style. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tom
"foo * bar" should be "foo *bar" Found by running the checkpatch.pl Linux script to enforce coding style. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21468)
show more ...
|
#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
49e09734 |
| 04-Aug-2023 |
Dr. David von Oheimb |
apps.c: improve warning texts of parse_name() when skipping RDN input Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau
apps.c: improve warning texts of parse_name() when skipping RDN input Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21659)
show more ...
|
#
81d037b8 |
| 03-Aug-2023 |
Dr. David von Oheimb |
apps.c: fix error messages (newline and needless text) in load_key_certs_crls() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hu
apps.c: fix error messages (newline and needless text) in load_key_certs_crls() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21659)
show more ...
|
#
4085ba87 |
| 05-Jun-2023 |
Dr. David von Oheimb |
APPS load_key_certs_crls(): improve error string macro FAIL_NAME Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.co
APPS load_key_certs_crls(): improve error string macro FAIL_NAME Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21129)
show more ...
|
#
84945074 |
| 23-Jun-2023 |
Matt Caswell |
Don't truncate the input when decrypting in pkeyutl The pkeyutl app was truncating the input file for decryption leading to incorrect results. This was probably ok historically when RSA
Don't truncate the input when decrypting in pkeyutl The pkeyutl app was truncating the input file for decryption leading to incorrect results. This was probably ok historically when RSA was being used for decryption which has short maximum sizes. This is not ok with SM2. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21272)
show more ...
|
#
8a2e74d0 |
| 08-Jun-2023 |
Michael Baentsch <57787676+baentsch@users.noreply.github.com> |
Cast the argument to unsigned char when calling isspace() Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/ope
Cast the argument to unsigned char when calling isspace() Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21151)
show more ...
|
#
3ca28c9e |
| 01-Jun-2023 |
Vladimír Kotal |
allow to disable http Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21108)
|
#
586b5407 |
| 30-May-2023 |
Dr. David von Oheimb |
apps.c: add comment to do_X509_sign() referring to question #19805 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheim
apps.c: add comment to do_X509_sign() referring to question #19805 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21086)
show more ...
|
#
b7782687 |
| 16-May-2023 |
Dr. David von Oheimb |
APPS: replace awkward and error-prone pattern by calls to new app_conf_try_number() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by
APPS: replace awkward and error-prone pattern by calls to new app_conf_try_number() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20971)
show more ...
|
#
da7f81d3 |
| 16-May-2023 |
Dr. David von Oheimb |
APPS: replace awkward and error-prone pattern by calls to new app_conf_try_string() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by
APPS: replace awkward and error-prone pattern by calls to new app_conf_try_string() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20971)
show more ...
|
#
30b9a6ec |
| 12-Jan-2023 |
Dr. David von Oheimb |
CMP app and app_http_tls_cb(): pick the right TLS hostname (also without port) Fixes #20031 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.o
CMP app and app_http_tls_cb(): pick the right TLS hostname (also without port) Fixes #20031 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20034)
show more ...
|
#
a75f707f |
| 21-Apr-2023 |
Tianjia Zhang |
apps: silent warning when loading CSR files with vfyopt option When verifying or signing a CSR file with the -vfyopt option, a warning message similar to the following will appear:
apps: silent warning when loading CSR files with vfyopt option When verifying or signing a CSR file with the -vfyopt option, a warning message similar to the following will appear: Warning: CSR self-signature does not match the contents This happens especially when the SM2 algorithm is used and the distid parameter is added. Pass the vfyopts parameter to the do_X509_REQ_verify() function to eliminate the warning message. Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20799)
show more ...
|
#
57c0205b |
| 29-Jul-2022 |
Dr. David von Oheimb |
APPS: make sure the -CAfile argument can be in DER format Note that PKCS#12 input is still not supported here- Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas
APPS: make sure the -CAfile argument can be in DER format Note that PKCS#12 input is still not supported here- Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18917)
show more ...
|
#
0e89b396 |
| 26-Aug-2022 |
Dr. David von Oheimb |
apps/x509 etc.: allow private key input when public key is expected Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David
apps/x509 etc.: allow private key input when public key is expected Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19076)
show more ...
|
#
fedab100 |
| 16-Jan-2023 |
Dr. David von Oheimb |
APPS load_key_certs_crls(): improve diagnostics on not finding expected types of contents Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merg
APPS load_key_certs_crls(): improve diagnostics on not finding expected types of contents Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20156)
show more ...
|
#
342e3652 |
| 24-Sep-2022 |
Dr. David von Oheimb |
APPS: generated certs bear X.509 V3, unless -x509v1 option of req app is given Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by:
APPS: generated certs bear X.509 V3, unless -x509v1 option of req app is given Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19271)
show more ...
|
#
efec0f46 |
| 07-Dec-2022 |
wangyuhang <524413304@qq.com> |
unbuffer stdin before get passwd from stdin commond LD_LIBRARY_PATH= openssl rsa -aes256 -passout stdin <<< "xxxxxx” will get pass(fun app_get_pass()) from stdin first, and then load key(fun
unbuffer stdin before get passwd from stdin commond LD_LIBRARY_PATH= openssl rsa -aes256 -passout stdin <<< "xxxxxx” will get pass(fun app_get_pass()) from stdin first, and then load key(fun load_key()). but it unbuffer stdin before load key, this will cause the load key to fail. now unbuffer stdin before get pass, this will solve https://github.com/openssl/openssl/issues/19835 CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19851)
show more ...
|
#
2fea5683 |
| 14-Nov-2022 |
Simo Sorce |
Drop explicit check for engines in opt_legacy_okay The providers indication should always indicate that this is not a legacy request. This makes a check for engines redundant as the
Drop explicit check for engines in opt_legacy_okay The providers indication should always indicate that this is not a legacy request. This makes a check for engines redundant as the default return is that legacy is ok if there are no explicit providers. Fixes #19662 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19671)
show more ...
|