#
a5f4099d |
| 10-Aug-2021 |
Dmitry Belyavskiy |
Disclaimer about the default provider activation added to config Fixes #16249 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merge
Disclaimer about the default provider activation added to config Fixes #16249 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16280)
show more ...
|
#
92c03668 |
| 28-Jul-2021 |
Pauli |
Add config_diagnostics to our configuration files. The change to a more configuration based approach to enable FIPS mode operation highlights a shortcoming in the default should do somet
Add config_diagnostics to our configuration files. The change to a more configuration based approach to enable FIPS mode operation highlights a shortcoming in the default should do something approach we've taken for bad configuration files. Currently, a bad configuration file will be automatically loaded and once the badness is detected, it will silently stop processing the configuration and continue normal operations. This is good for remote servers, allowing changes to be made without bricking things. It's bad when a user thinks they've configured what they want but got something wrong and it still appears to work. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16171)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8 |
|
#
7bfd9340 |
| 04-Nov-2020 |
Dmitry Belyavskiy |
Check the configuration file by default Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13310)
|
Revision tags: openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5 |
|
#
e45d9436 |
| 01-Jul-2020 |
Shane Lontis |
Add FIPS related configuration data to the default openssl application configuration file Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/opens
Add FIPS related configuration data to the default openssl application configuration file Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12333)
show more ...
|
Revision tags: openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
#
4e6e57cf |
| 04-Mar-2020 |
Rich Salz |
Cleanup cert config files for tests Merge test/P[12]ss.cnf into one config file Merge CAss.cnf and Uss.cnf into ca-and-certs.cnf Remove Netscape cert extensions, add keyUsage comment
Cleanup cert config files for tests Merge test/P[12]ss.cnf into one config file Merge CAss.cnf and Uss.cnf into ca-and-certs.cnf Remove Netscape cert extensions, add keyUsage comment from some cnf files Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11347)
show more ...
|
#
8d9a4d83 |
| 03-Apr-2020 |
Dr. David von Oheimb |
Chunk 11 of CMP contribution to OpenSSL: CMP command-line interface Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL Also includes CRMF (RFC 4211) and HTTP transfer (
Chunk 11 of CMP contribution to OpenSSL: CMP command-line interface Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712). Adds the CMP and CRMF API to libcrypto and the "cmp" app to the CLI. Adds extensive documentation and tests. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11470)
show more ...
|
Revision tags: OpenSSL_1_0_2u, OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d, OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b |
|
#
df443918 |
| 31-Jan-2019 |
Sam Roberts |
Remove unnecessary trailing whitespace Trim trailing whitespace. It doesn't match OpenSSL coding standards, AFAICT, and it can cause problems with git tooling. Trailing whitespa
Remove unnecessary trailing whitespace Trim trailing whitespace. It doesn't match OpenSSL coding standards, AFAICT, and it can cause problems with git tooling. Trailing whitespace remains in test data and external source. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8092)
show more ...
|
Revision tags: OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a |
|
#
0f582209 |
| 13-Sep-2018 |
Bernd Edlinger |
Create the .rnd file it it does not exist It's a bit annoying, since some commands try to read a .rnd file, and print an error message if the file does not exist. But previously
Create the .rnd file it it does not exist It's a bit annoying, since some commands try to read a .rnd file, and print an error message if the file does not exist. But previously a .rnd file was created on exit, and that does no longer happen. Fixed by continuing in app_RAND_load_conf regardless of the error in RAND_load_file. If the random number generator is still not initalized on exit, the function RAND_write_file will fail and no .rnd file would be created. Remove RANDFILE from openssl.cnf Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/7217)
show more ...
|
Revision tags: OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i, OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3, OpenSSL_1_1_1-pre2 |
|
#
b524b808 |
| 27-Feb-2018 |
Tomas Mraz |
Add support for .include directive in config files Either files or directories of *.cnf or *.conf files can be included. Recursive inclusion of directories is not supported.
Add support for .include directive in config files Either files or directories of *.cnf or *.conf files can be included. Recursive inclusion of directories is not supported. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5351)
show more ...
|
Revision tags: OpenSSL_1_1_1-pre1, OpenSSL_1_0_2n, OpenSSL_1_0_2m, OpenSSL_1_1_0g, OpenSSL_1_0_2l, OpenSSL_1_1_0f, OpenSSL-fips-2_0_16, OpenSSL_1_1_0e, OpenSSL_1_0_2k, OpenSSL_1_1_0d, OpenSSL-fips-2_0_15, OpenSSL-fips-2_0_14, OpenSSL_1_1_0c, OpenSSL_1_0_2j, OpenSSL_1_1_0b, OpenSSL_1_0_1u, OpenSSL_1_0_2i, OpenSSL_1_1_0a, OpenSSL_1_1_0, OpenSSL_1_1_0-pre6, OpenSSL-fips-2_0_13, OpenSSL_1_0_1t, OpenSSL_1_0_2h, OpenSSL_1_1_0-pre5, OpenSSL_1_1_0-pre4 |
|
#
f0ef20bf |
| 01-Mar-2016 |
Marek Klein |
Added support for ESSCertIDv2 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/771)
|
#
a7be5759 |
| 13-Jun-2016 |
Rich Salz |
RT3809: basicConstraints is critical This is really a security bugfix, not enhancement any more. Everyone knows critical extensions. Reviewed-by: Dr. Stephen Henson <steve@opens
RT3809: basicConstraints is critical This is really a security bugfix, not enhancement any more. Everyone knows critical extensions. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_0_1s, OpenSSL_1_0_2g, OpenSSL_1_1_0-pre3, OpenSSL-fips-2_0_12, OpenSSL_1_0_1r, OpenSSL_1_0_2f, OpenSSL_1_1_0-pre2, OpenSSL_1_1_0-pre1, OpenSSL_0_9_8zh, OpenSSL_1_0_0t, OpenSSL_1_0_1q, OpenSSL_1_0_2e |
|
#
2cc7acd2 |
| 19-Nov-2015 |
Dr. Stephen Henson |
Use better defaults for TSA. Use SHA256 for TSA and setted permitted digests to a sensible value. Based on PR#4141 Reviewed-by: Matt Caswell <matt@openssl.org>
|
#
e20b4727 |
| 11-Sep-2015 |
Dr. Stephen Henson |
Add support for signer_digest option in TS. Based on PR#2145 Reviewed-by: Matt Caswell <matt@openssl.org>
|
Revision tags: OpenSSL_1_0_1p, OpenSSL_1_0_2d, OpenSSL-fips-2_0_11, OpenSSL_1_0_1o, OpenSSL_1_0_2c, OpenSSL_0_9_8zg, OpenSSL_1_0_0s, OpenSSL_1_0_1n, OpenSSL_1_0_2b, OpenSSL-fips-2_0_10, OpenSSL_0_9_8zf, OpenSSL_1_0_0r, OpenSSL_1_0_1m, OpenSSL_1_0_2a, OpenSSL_1_0_2, master-post-auto-reformat, OpenSSL_1_0_2-post-auto-reformat, OpenSSL_0_9_8-post-auto-reformat, OpenSSL_0_9_8-pre-auto-reformat, OpenSSL_1_0_0-post-auto-reformat, OpenSSL_1_0_0-pre-auto-reformat, OpenSSL_1_0_1-post-auto-reformat, OpenSSL_1_0_1-pre-auto-reformat, master-post-reformat, OpenSSL_0_9_8-pre-reformat, OpenSSL_0_9_8ze, OpenSSL_1_0_0-pre-reformat, OpenSSL_1_0_0q, OpenSSL_1_0_1-pre-reformat, OpenSSL_1_0_1l, master-pre-reformat, OpenSSL_1_0_2-pre-reformat, OpenSSL_0_9_8zd, OpenSSL_1_0_0p, OpenSSL_1_0_1k, OpenSSL_0_9_8-post-reformat, OpenSSL-fips-2_0_9, OpenSSL_1_0_1j, OpenSSL_1_0_0o, OpenSSL_0_9_8zc, OpenSSL_1_0_2-beta3 |
|
#
44e0c2ba |
| 08-Sep-2014 |
Kurt Roeckx |
RT2626: Change default_bits from 1K to 2K This is a more comprehensive fix. It changes all keygen apps to use 2K keys. It also changes the default to use SHA256 not SHA1. This is f
RT2626: Change default_bits from 1K to 2K This is a more comprehensive fix. It changes all keygen apps to use 2K keys. It also changes the default to use SHA256 not SHA1. This is from Kurt's upstream Debian changes. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
show more ...
|
Revision tags: OpenSSL_0_9_8zb, OpenSSL_1_0_0n, OpenSSL_1_0_1i, OpenSSL_1_0_2-beta2, OpenSSL-fips-2_0_8 |
|
#
a5a31787 |
| 03-Jul-2014 |
Rich Salz |
RT3408; fix some (not all suggested) typo's in openssl.cnf
|
Revision tags: OpenSSL_1_0_1h, OpenSSL_1_0_0m, OpenSSL_0_9_8za, OpenSSL-fips-2_0_7, OpenSSL_1_0_1g, OpenSSL_1_0_2-beta1, OpenSSL_1_0_0l, OpenSSL_1_0_1f, OpenSSL-fips-2_0_6, OpenSSL-fips-2_0_5, OpenSSL-fips-2_0_4 |
|
#
478b50cf |
| 12-Jun-2013 |
Veres Lajos |
misspellings fixes by https://github.com/vlajos/misspell_fixer
|
Revision tags: OpenSSL-fips-2_0_3, OpenSSL_1_0_1e, OpenSSL_0_9_8y, OpenSSL_1_0_0k, OpenSSL_1_0_1d, OpenSSL-fips-2_0-pl1, OpenSSL-fips-2_0_2, OpenSSL-fips-2_0_1, OpenSSL_1_0_1c, OpenSSL_1_0_0j, OpenSSL_0_9_8x, OpenSSL_1_0_1b, OpenSSL_0_9_8w, OpenSSL_1_0_1a, OpenSSL_0_9_8v, OpenSSL_1_0_0i, OpenSSL_1_0_1, OpenSSL_1_0_0h, OpenSSL_0_9_8u, OpenSSL_1_0_1-beta3, OpenSSL_1_0_1-beta2, OpenSSL-fips-2_0, OpenSSL_1_0_0g, OpenSSL_0_9_8t, OpenSSL_0_9_8s, OpenSSL_1_0_0f, OpenSSL-fips-2_0-rc8, OpenSSL_1_0_1-beta1, OpenSSL-fips-2_0-rc7 |
|
#
df0cdf4c |
| 06-Dec-2011 |
Dr. Stephen Henson |
The default CN prompt message can be confusing when often the CN needs to be the server FQDN: change it. [Reported by PSW Group]
|
Revision tags: OpenSSL-fips-2_0-rc6, OpenSSL-fips-2_0-rc5, OpenSSL-fips-2_0-rc4, OpenSSL-fips-2_0-rc3, OpenSSL-fips-2_0-rc2, OpenSSL-fips-2_0-rc1, OpenSSL-fips-1_2_3, OpenSSL-fips-1_2_2, OpenSSL-fips-1_2_1, OpenSSL_1_0_0e, OpenSSL_1_0_0d, OpenSSL_0_9_8r, OpenSSL_0_9_8q, OpenSSL_1_0_0c, OpenSSL_0_9_8p, OpenSSL_1_0_0b, OpenSSL_0_9_8o, OpenSSL_1_0_0a, OpenSSL_1_0_0, OpenSSL_0_9_8n, OpenSSL_0_9_8m, OpenSSL_0_9_8m-beta1, OpenSSL_1_0_0-beta5, OpenSSL_1_0_0-beta4, OpenSSL_0_9_8l, OpenSSL_1_0_0-beta3, OpenSSL_1_0_0-beta2 |
|
#
06ddf8eb |
| 04-Apr-2009 |
Dr. Stephen Henson |
Updates from 1.0.0-stable
|
Revision tags: OpenSSL_1_0_0-beta1, OpenSSL_0_9_8k, OpenSSL_0_9_8j, OpenSSL_0_9_8i, OpenSSL_0_9_8h, OpenSSL_0_9_8g, OpenSSL_0_9_8f, FIPS_098_TEST_8, FIPS_098_TEST_7, FIPS_098_TEST_6, FIPS_098_TEST_5, FIPS_098_TEST_4, FIPS_098_TEST_3, FIPS_098_TEST_2, FIPS_098_TEST_1, OpenSSL_0_9_7m, OpenSSL_0_9_8e |
|
#
54565832 |
| 07-Nov-2006 |
Dr. Stephen Henson |
Don't add the TS EKU by default in openssl.cnf because it then makes certificates genereated by ca, CA.pl etc useless for anything else.
|
Revision tags: OpenSSL_0_9_7l, OpenSSL_0_9_8d, OpenSSL_0_9_8c, OpenSSL_0_9_7k |
|
#
03919683 |
| 07-May-2006 |
Dr. Stephen Henson |
Add support for default public key digest type ctrl.
|
Revision tags: OpenSSL_0_9_7j, OpenSSL_0_9_8b |
|
#
c7235be6 |
| 12-Feb-2006 |
Ulf Möller |
RFC 3161 compliant time stamp request creation, response generation and response verification. Submitted by: Zoltan Glozik <zglozik@opentsa.org> Reviewed by: Ulf Moeller
|
Revision tags: OpenSSL_FIPS_1_0, OpenSSL_0_9_7i, OpenSSL_0_9_8a, OpenSSL_0_9_7h |
|
#
29b9763d |
| 16-Sep-2005 |
Dr. Stephen Henson |
Change openssl.cnf to use UTF8Strings by default and not always include issuer and serial versions of AKID.
|
Revision tags: OpenSSL_0_9_8, FIPS_TEST_10, OpenSSL_0_9_8-beta6, OpenSSL_0_9_8-beta5, FIPS_TEST_9, OpenSSL_0_9_8-beta4, OpenSSL_0_9_8-beta3, BEN_FIPS_TEST_8, OpenSSL_0_9_8-beta2, OpenSSL_0_9_8-beta1, OpenSSL_0_9_7g |
|
#
12bdb643 |
| 02-Apr-2005 |
Nils Larsch |
use SHA-1 as the default digest for the apps/openssl commands
|
Revision tags: OpenSSL_0_9_7f |
|
#
6951c23a |
| 28-Dec-2004 |
Richard Levitte |
Add functionality needed to process proxy certificates.
|
Revision tags: BEN_FIPS_TEST_7, BEN_FIPS_TEST_6, OpenSSL_0_9_7e, OpenSSL_0_9_7d, OpenSSL-engine-0_9_6m, OpenSSL_0_9_6m, LEVITTE_after_const, LEVITTE_before_const, BEN_FIPS_TEST_5, BEN_FIPS_TEST_4, OpenSSL-engine-0_9_6l, OpenSSL_0_9_6l, BEN_FIPS_TEST_3, BEN_FIPS_TEST_2, BEN_FIPS_TEST_1, OpenSSL-engine-0_9_6k, OpenSSL_0_9_6k, OpenSSL_0_9_7c |
|
#
fd4ef699 |
| 19-Jun-2003 |
Richard Levitte |
Implement CRL numbers. Contributed in whole by Laurent Genier <Laurent.Genier@intrinsec.com> PR: 644
|