Remove an option related to a deprecated flag

CMS_NOOLDMIMETYPE and PKCS7_NOOLDMIMETYPE are unused in pkcs7/cms code.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by

Remove an option related to a deprecated flag

CMS_NOOLDMIMETYPE and PKCS7_NOOLDMIMETYPE are unused in pkcs7/cms code.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1585)

show more ...

Fix various missing option help messages ...

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl

Fix various missing option help messages ...

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1585)

show more ...

Constify char* input parameters in apps code

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

Typo and comment fix

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1301)

Use correct EOL in headers.

RT#1817

Reviewed-by: Rich Salz <rsalz@openssl.org>

Copyright consolidation 01/10

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>

Fix signer option and support format SMIME.

Fix -signer option in smime utility to output signer certificates
when verifying.

Add support for format SMIME for -inform and -outfo

Fix signer option and support format SMIME.

Fix -signer option in smime utility to output signer certificates
when verifying.

Add support for format SMIME for -inform and -outform with cms and
smime utilities.

PR#4215

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

show more ...

GH932: Add more help messages to some apps options.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

Remove unused parameters from internal functions

Reviewed-by: Richard Levitte <levitte@openssl.org>

Refactor apps load_certs/load_crls to work incrementally

Reviewed-by: Richard Levitte <levitte@openssl.org>

Centralise loading default apps config file

Loading the config file after processing command line options can
cause problems, e.g. where an engine provides new ciphers/digests
these

Centralise loading default apps config file

Loading the config file after processing command line options can
cause problems, e.g. where an engine provides new ciphers/digests
these are not then recoginised on the command line. Move the
default config file loading to before the command line option
processing. Whilst we're doing this we might as well centralise
this instead of doing it individually for each application. Finally
if we do it before the OpenSSL_add_ssl_algorithms() call then
ciphersuites provided by an engine (e.g. GOST) can be available to
the apps.

RT#4085
RT#4086

Reviewed-by: Richard Levitte <levitte@openssl.org>

show more ...

Add support for -no-CApath and -no-CAfile options

For those command line options that take the verification options
-CApath and -CAfile, if those options are absent then the default path

Add support for -no-CApath and -no-CAfile options

For those command line options that take the verification options
-CApath and -CAfile, if those options are absent then the default path or
file is used instead. It is not currently possible to specify *no* path or
file at all. This change adds the options -no-CApath and -no-CAfile to
specify that the default locations should not be used to all relevant
applications.

Reviewed-by: Andy Polyakov <appro@openssl.org>

show more ...

Change the way apps open their input and output files

The different apps had the liberty to decide whether they would open their
input and output files in binary mode or not, which could

Change the way apps open their input and output files

The different apps had the liberty to decide whether they would open their
input and output files in binary mode or not, which could be confusing if
two different apps were handling the same type of file in different ways.

The solution is to centralise the decision of low level file organisation,
and that the apps would use a selection of formats to state the intent of
the file.

Reviewed-by: Tim Hudson <tjh@openssl.org>

show more ...

Make the handling of output and input formats consistent

Most of all, we needed to sort out which ones are binary and which
ones are text, and make sure they are treated accordingly and

Make the handling of output and input formats consistent

Most of all, we needed to sort out which ones are binary and which
ones are text, and make sure they are treated accordingly and
consistently so

Reviewed-by: Tim Hudson <tjh@openssl.org>

show more ...

Restore module loading

The module loading feature got broken a while ago, so restore it, but
have it a bit more explicit this time around.

Reviewed-by: Stephen Henson <steve@ope

Restore module loading

The module loading feature got broken a while ago, so restore it, but
have it a bit more explicit this time around.

Reviewed-by: Stephen Henson <steve@openssl.org>

show more ...

Use p==NULL not !p (in if statements, mainly)

Reviewed-by: Tim Hudson <tjh@openssl.org>

free NULL cleanup -- coda

After the finale, the "real" final part. :) Do a recursive grep with
"-B1 -w [a-zA-Z0-9_]*_free" to see if any of the preceeding lines are
an "if NULL" che

free NULL cleanup -- coda

After the finale, the "real" final part. :) Do a recursive grep with
"-B1 -w [a-zA-Z0-9_]*_free" to see if any of the preceeding lines are
an "if NULL" check that can be removed.

Reviewed-by: Tim Hudson <tjh@openssl.org>

show more ...

free null cleanup finale

Don't check for NULL before calling OPENSSL_free

Reviewed-by: Richard Levitte <levitte@openssl.org>

free NULL cleanup 5a

Don't check for NULL before calling a free routine. This gets X509_.*free:
x509_name_ex_free X509_policy_tree_free X509_VERIFY_PARAM_free
X509_STORE_fre

free NULL cleanup 5a

Don't check for NULL before calling a free routine. This gets X509_.*free:
x509_name_ex_free X509_policy_tree_free X509_VERIFY_PARAM_free
X509_STORE_free X509_STORE_CTX_free X509_PKEY_free
X509_OBJECT_free_contents X509_LOOKUP_free X509_INFO_free

Reviewed-by: Richard Levitte <levitte@openssl.org>

show more ...

Remove needless bio_err argument

Many functions had a BIO* parameter, and it was always called
with bio_err. Remove the param and just use bio_err.

Reviewed-by: Matt Caswell <m

Remove needless bio_err argument

Many functions had a BIO* parameter, and it was always called
with bio_err. Remove the param and just use bio_err.

Reviewed-by: Matt Caswell <matt@openssl.org>

show more ...

fewer NO_ENGINE #ifdef's

Make setup_engine be a dummy if NO_ENGINE is enabled.
The option is not enabled if NO_ENGINE is enabled, so the one "wasted"
variable just sits there. Remove

fewer NO_ENGINE #ifdef's

Make setup_engine be a dummy if NO_ENGINE is enabled.
The option is not enabled if NO_ENGINE is enabled, so the one "wasted"
variable just sits there. Removes some variables and code.

Reviewed-by: Richard Levitte <levitte@openssl.org>

show more ...

Big apps cleanup (option-parsing, etc)

This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-

Big apps cleanup (option-parsing, etc)

This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.

Special thanks to Matt for the long and detailed code review.

TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main

Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong

Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag

Reviewed-by: Matt Caswell <matt@openssl.org>

show more ...

Add -no_alt_chains option to apps to implement the new
X509_V_FLAG_NO_ALT_CHAINS flag. Using this option means that when building
certificate chains, the first chain found will be the one use

Add -no_alt_chains option to apps to implement the new
X509_V_FLAG_NO_ALT_CHAINS flag. Using this option means that when building
certificate chains, the first chain found will be the one used. Without this
flag, if the first chain found is not trusted then we will keep looking to
see if we can build an alternative chain instead.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

show more ...

Dead code clean: #if 0 removal in apps

Reviewed-by: Tim Hudson <tjh@openssl.org>

Run util/openssl-format-source -v -c .

Reviewed-by: Tim Hudson <tjh@openssl.org>