#
81202237 |
| 09-Aug-2023 |
Stephan Wurm |
apps: ca,req,x509: Add explicit start and end dates options - Added options `-not_before` (start date) and `-not-after` (end date) for explicit setting of the validity period of a cert
apps: ca,req,x509: Add explicit start and end dates options - Added options `-not_before` (start date) and `-not-after` (end date) for explicit setting of the validity period of a certificate in the apps `ca`, `req` and `x509` - The new options accept time strings or "today" - In app `ca`, use the new options as aliases of the already existing options `-startdate` and `-enddate` - When used in apps `req` and `x509`, the end date must be >= the start date, in app `ca` end date < start date is also accepted - In any case, `-not-after` overrides the `-days` option - Added helper function `check_cert_time_string` to validate given certificate time strings - Use the new helper function in apps `ca`, `req` and `x509` - Moved redundant code for time string checking into `set_cert_times` helper function. - Added tests for explicit start and end dates in apps `req` and `x509` - test: Added auxiliary functions for parsing fields from `-text` formatted output to `tconversion.pl` - CHANGES: Added to new section 3.4 Signed-off-by: Stephan Wurm <atomisirsi@gsklan.de> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21716)
show more ...
|
#
b6461792 |
| 20-Mar-2024 |
Richard Levitte |
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes (cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0) Reviewed-by: Hugo Lan
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes (cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0) Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24034)
show more ...
|
#
5c846d32 |
| 08-Feb-2024 |
Tomas Mraz |
apps/x509.c: No warning reading from stdin if redirected Fixes #22893 Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Rev
apps/x509.c: No warning reading from stdin if redirected Fixes #22893 Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23526)
show more ...
|
#
4e5bf933 |
| 10-Jan-2024 |
Job Snijders |
Add apps/x509 -set_issuer & -set_subject option to override issuer & subject This changeset adds the counterpart to the '-subj' option to allow overriding the Issuer. For consistency, th
Add apps/x509 -set_issuer & -set_subject option to override issuer & subject This changeset adds the counterpart to the '-subj' option to allow overriding the Issuer. For consistency, the `-subj` option is aliased to `-set_subject`. The issuer can be specified as following apps/openssl x509 -new -set_issuer '/CN=example-nro-ta' -subj '/CN=2a7dd1d787d793e4c8af56e197d4eed92af6ba13' ... This is useful in constructing specific test-cases or rechaining PKI trees Joint work with George Michaelson (@geeohgeegeeoh) Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23257)
show more ...
|
#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
7f4cc3bc |
| 29-May-2023 |
Yannik Sembritzki |
Remove restriction to only cross-sign self-signed certificates CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Re
Remove restriction to only cross-sign self-signed certificates CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21137)
show more ...
|
#
da7f81d3 |
| 16-May-2023 |
Dr. David von Oheimb |
APPS: replace awkward and error-prone pattern by calls to new app_conf_try_string() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by
APPS: replace awkward and error-prone pattern by calls to new app_conf_try_string() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20971)
show more ...
|
#
a75f707f |
| 21-Apr-2023 |
Tianjia Zhang |
apps: silent warning when loading CSR files with vfyopt option When verifying or signing a CSR file with the -vfyopt option, a warning message similar to the following will appear:
apps: silent warning when loading CSR files with vfyopt option When verifying or signing a CSR file with the -vfyopt option, a warning message similar to the following will appear: Warning: CSR self-signature does not match the contents This happens especially when the SM2 algorithm is used and the distid parameter is added. Pass the vfyopts parameter to the do_X509_REQ_verify() function to eliminate the warning message. Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20799)
show more ...
|
#
0e89b396 |
| 26-Aug-2022 |
Dr. David von Oheimb |
apps/x509 etc.: allow private key input when public key is expected Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David
apps/x509 etc.: allow private key input when public key is expected Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19076)
show more ...
|
#
342e3652 |
| 24-Sep-2022 |
Dr. David von Oheimb |
APPS: generated certs bear X.509 V3, unless -x509v1 option of req app is given Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by:
APPS: generated certs bear X.509 V3, unless -x509v1 option of req app is given Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19271)
show more ...
|
#
200d8447 |
| 06-Jul-2021 |
Dr. David von Oheimb |
APPS: Move load_csr_autofmt() from apps/cmp.c to apps.c and use it also for apps, too Also add related references to FR #15725. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
APPS: Move load_csr_autofmt() from apps/cmp.c to apps.c and use it also for apps, too Also add related references to FR #15725. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18900)
show more ...
|
#
51024f75 |
| 07-Jul-2021 |
Dr. David von Oheimb |
apps/x509.c: Remove legacy call to OBJ_create() Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.vo
apps/x509.c: Remove legacy call to OBJ_create() Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18900)
show more ...
|
#
c54a6a4b |
| 31-May-2022 |
Dr. David von Oheimb |
apps/x509: add warnings for options ignored when -CA is not specified Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau
apps/x509: add warnings for options ignored when -CA is not specified Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18373)
show more ...
|
#
ec8a3409 |
| 30-May-2022 |
Dr. David von Oheimb |
APPS/x509: With -CA but both -CAserial and -CAcreateserial not given, use random serial. Also improve openssl-x509.pod.in and error handling of load_serial() in apps.c. Reviewed-by:
APPS/x509: With -CA but both -CAserial and -CAcreateserial not given, use random serial. Also improve openssl-x509.pod.in and error handling of load_serial() in apps.c. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18373)
show more ...
|
#
10c78873 |
| 20-May-2022 |
Dr. David von Oheimb |
apps/x509: Fix -CAfile option being neglected with -new or -in Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlanda
apps/x509: Fix -CAfile option being neglected with -new or -in Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18373)
show more ...
|
#
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
|
#
e4cdcb8b |
| 25-Mar-2022 |
Tomas Mraz |
req, x509: Allow printing modulus of RSA-PSS keys Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/open
req, x509: Allow printing modulus of RSA-PSS keys Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17990)
show more ...
|
#
2a6994cf |
| 06-Feb-2022 |
Daniel |
Send auxiliary messages to bio_err. Fixes openssl#17613. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.c
Send auxiliary messages to bio_err. Fixes openssl#17613. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17650)
show more ...
|
#
2c272447 |
| 24-Aug-2021 |
Dr. David von Oheimb |
APPS: Add check for multiple 'unknown' options Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16416)
|
#
d9f07357 |
| 27-Aug-2021 |
Dr. David von Oheimb |
APPS: Improve diagnostics on missing/extra args and unknown cipher/digest Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16450)
|
#
9567fd38 |
| 23-Nov-2021 |
Rami Khaldi |
x509: Return a nonzero exit code on error when checking ip/email/host In the x509 app when doing the ip/email/host validation of a certificate we return nonzero exit code if the validati
x509: Return a nonzero exit code on error when checking ip/email/host In the x509 app when doing the ip/email/host validation of a certificate we return nonzero exit code if the validation fails. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17022)
show more ...
|
#
adbd77f6 |
| 17-Aug-2021 |
Dr. David von Oheimb |
X509: Fix handling of AKID and SKID extensions according to configuration Fixes #16300 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.o
X509: Fix handling of AKID and SKID extensions according to configuration Fixes #16300 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16342)
show more ...
|
#
9bf1061c |
| 27-Aug-2021 |
Dr. David von Oheimb |
APPS/x509: Fix generation of AKID via v2i_AUTHORITY_KEYID() Fixes #16300 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16442)
|
#
18e0c544 |
| 05-Oct-2021 |
Dr. David von Oheimb |
apps/x509: Fix self-signed check to happen before setting issuer name Fixes #16720 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pu
apps/x509: Fix self-signed check to happen before setting issuer name Fixes #16720 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16747)
show more ...
|
#
611ef4f3 |
| 27-Aug-2021 |
Dr. David von Oheimb |
APPS/{x509,req}: Fix description and diagnostics of -key, -in, etc. options Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16440)
|