#
6a3579e1 |
| 15-May-2024 |
Rajeev Ranjan |
CMP: add support for requesting cert template using genm/genp Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from ht
CMP: add support for requesting cert template using genm/genp Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24409)
show more ...
|
#
40a200f9 |
| 03-Dec-2022 |
Dr. David von Oheimb |
CMP: add support for genm with crlStatusList and genp with crls Introduce the capability to retrieve and update Certificate Revocation Lists (CRLs) in the CMP client, as specified in sec
CMP: add support for genm with crlStatusList and genp with crls Introduce the capability to retrieve and update Certificate Revocation Lists (CRLs) in the CMP client, as specified in section 4.3.4 of RFC 9483. To request a CRL update, the CMP client can send a genm message with the option -infotype crlStatusList. The server will respond with a genp message containing the updated CRL, using the -infoType id-it-crls. The client can then save the CRL in a specified file using the -crlout parameter. Co-authored-by: Rajeev Ranjan <ranjan.rajeev@siemens.com> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23768)
show more ...
|
#
b6461792 |
| 20-Mar-2024 |
Richard Levitte |
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes (cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0) Reviewed-by: Hugo Lan
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes (cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0) Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24034)
show more ...
|
#
f21409fa |
| 04-Jan-2023 |
Dr. David von Oheimb |
ossl_cmp_msg_check_update(): improve diagnostics of checking expected sender name Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Revi
ossl_cmp_msg_check_update(): improve diagnostics of checking expected sender name Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19948)
show more ...
|
#
bedffe17 |
| 28-Apr-2023 |
Dr. David von Oheimb |
crypto/cmp/,apps/lib/cmp_mock_srv.c: various improvements on delayed delivery Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed
crypto/cmp/,apps/lib/cmp_mock_srv.c: various improvements on delayed delivery Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20727)
show more ...
|
#
7c6577ba |
| 13-Jun-2023 |
Dr. David von Oheimb |
CMP lib and app: add optional certProfile request message header and respective -profile option Also add missing getter functionss OSSL_CMP_{CTX,HDR}_get0_geninfo_ITAVs() to CMP API.
CMP lib and app: add optional certProfile request message header and respective -profile option Also add missing getter functionss OSSL_CMP_{CTX,HDR}_get0_geninfo_ITAVs() to CMP API. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21281)
show more ...
|
#
01b04851 |
| 17-Sep-2022 |
Dr. David von Oheimb |
CMP: add support for genm with rootCaCert and genp with rootCaKeyUpdate Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://gi
CMP: add support for genm with rootCaCert and genp with rootCaKeyUpdate Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21129)
show more ...
|
#
d477484d |
| 03-Dec-2021 |
Dr. David von Oheimb |
CMP: add support for genm/genp messages with id-it-caCerts Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david
CMP: add support for genm/genp messages with id-it-caCerts Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19231)
show more ...
|
#
2d658598 |
| 25-Apr-2023 |
Dr. David von Oheimb |
CMP client: fix error response on -csr without private key, also in docs Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David vo
CMP client: fix error response on -csr without private key, also in docs Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20832)
show more ...
|
#
fc933357 |
| 22-Nov-2022 |
Dr. David von Oheimb |
OSSL_CMP_validate_msg(): make sure to reject protection type mismatch Do not accept password-based if expected signature-based and no secret is available and do not accept signature-base
OSSL_CMP_validate_msg(): make sure to reject protection type mismatch Do not accept password-based if expected signature-based and no secret is available and do not accept signature-based if expected password-based and no trust anchors available. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19729)
show more ...
|
#
7df56ada |
| 16-Jun-2021 |
Dr. David von Oheimb |
CMP: Add missing getter functions to CRMF API and CMP API Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.
CMP: Add missing getter functions to CRMF API and CMP API Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15790)
show more ...
|
#
38fc02a7 |
| 17-Jun-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15801)
|
#
b93f6c2d |
| 25-May-2021 |
Pauli |
err: rename err_load_xxx_strings_int functions The new names are ossl_err_load_xxx_strings. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@ope
err: rename err_load_xxx_strings_int functions The new names are ossl_err_load_xxx_strings. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15446)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9 |
|
#
14a6c6a4 |
| 12-Nov-2020 |
Richard Levitte |
ERR: Rebuild all generated error headers and source files This is the result of 'make errors ERROR_REBUILD=-rebuild' Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from ht
ERR: Rebuild all generated error headers and source files This is the result of 'make errors ERROR_REBUILD=-rebuild' Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13390)
show more ...
|
Revision tags: openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h |
|
#
15076c26 |
| 04-Sep-2020 |
Dr. David von Oheimb |
Strengthen chain building for CMP * Add -own_trusted option to CMP app * Add OSSL_CMP_CTX_build_cert_chain() * Add optional trust store arg to ossl_cmp_build_cert_chain() * Exten
Strengthen chain building for CMP * Add -own_trusted option to CMP app * Add OSSL_CMP_CTX_build_cert_chain() * Add optional trust store arg to ossl_cmp_build_cert_chain() * Extend the tests in cmp_protect_test.c and the documentation accordingly Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12791)
show more ...
|
#
6d1f50b5 |
| 13-Aug-2020 |
Dr. David von Oheimb |
Use in CMP+CRMF libctx and propq param added to sign/verify/HMAC/decrypt Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11808)
|
Revision tags: openssl-3.0.0-alpha6, openssl-3.0.0-alpha5 |
|
#
299e0f1e |
| 13-Jul-2020 |
Dr. David von Oheimb |
Streamline the CMP request session API, adding the generalized OSSL_CMP_exec_certreq() Fixes #12395 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/
Streamline the CMP request session API, adding the generalized OSSL_CMP_exec_certreq() Fixes #12395 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12431)
show more ...
|
Revision tags: openssl-3.0.0-alpha4 |
|
#
11baa470 |
| 17-Jun-2020 |
Dr. David von Oheimb |
Fix CMP -days option range checking and test failing with enable-ubsan Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12175)
|
Revision tags: openssl-3.0.0-alpha3 |
|
#
032b13c7 |
| 27-May-2020 |
Dr. David von Oheimb |
Correct error reason of verify_signature() in cmp_vfy.c Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
|
Revision tags: openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g |
|
#
753283cd |
| 17-Apr-2020 |
Dr. David von Oheimb |
Add CMP error reason 'missing reference cert' Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/p
Add CMP error reason 'missing reference cert' Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11386)
show more ...
|
#
d8039304 |
| 31-Mar-2020 |
Dr. David von Oheimb |
Fix misleading error msg for PBM check w/o secret in OSSL_CMP_validate_msg() Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Fix misleading error msg for PBM check w/o secret in OSSL_CMP_validate_msg() Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11448)
show more ...
|
Revision tags: OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
#
7e765f46 |
| 10-Mar-2020 |
Dr. David von Oheimb |
Chunk 9 of CMP contribution to OpenSSL: CMP client and related tests Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL Also includes CRMF (RFC 4211) and HTTP transfer
Chunk 9 of CMP contribution to OpenSSL: CMP client and related tests Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712). Adds the CMP and CRMF API to libcrypto and the "cmp" app to the CLI. Adds extensive documentation and tests. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11300)
show more ...
|
#
62dcd2aa |
| 10-Mar-2020 |
Dr. David von Oheimb |
Chunk 8 of CMP contribution to OpenSSL: CMP server and cmp_mock_srv.c for testing Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL Also includes CRMF (RFC 4211) and H
Chunk 8 of CMP contribution to OpenSSL: CMP server and cmp_mock_srv.c for testing Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712). Adds the CMP and CRMF API to libcrypto and the "cmp" app to the CLI. Adds extensive documentation and tests. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11142)
show more ...
|
#
31b28ad9 |
| 15-Feb-2020 |
Dr. David von Oheimb |
chunk 7 of CMP contribution to OpenSSL add CMP message validation and related tests; while doing so: * add ERR_add_error_mem_bio() to crypto/err/err_prn.c * move ossl_cmp_add_error_t
chunk 7 of CMP contribution to OpenSSL add CMP message validation and related tests; while doing so: * add ERR_add_error_mem_bio() to crypto/err/err_prn.c * move ossl_cmp_add_error_txt() as ERR_add_error_txt() to crypto/err/err_prn.c * add X509_STORE_CTX_print_verify_cb() to crypto/x509/t_x509.c, adding internally x509_print_ex_brief(), print_certs(), and print_store_certs() * move {ossl_cmp_,}X509_STORE_get1_certs() to crypto/x509/x509_lu.c Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/10620)
show more ...
|
Revision tags: OpenSSL_1_0_2u |
|
#
29f178bd |
| 30-Oct-2019 |
Dr. David von Oheimb |
Generalize the HTTP client so far implemented mostly in crypto/ocsp/ocsp_ht.c The new client has become an independent libcrpyto module in crypto/http/ and * can handle any types of requests
Generalize the HTTP client so far implemented mostly in crypto/ocsp/ocsp_ht.c The new client has become an independent libcrpyto module in crypto/http/ and * can handle any types of requests and responses (ASN.1-encoded and plain) * does not include potentially busy loops when waiting for responses but * makes use of a new timeout mechanism integrated with socket-based BIO * supports the use of HTTP proxies and TLS, including HTTPS over proxies * supports HTTP redirection via codes 301 and 302 for GET requests * returns more useful diagnostics in various error situations Also adapts - and strongly simplifies - hitherto uses of HTTP in crypto/ocsp/, crypto/x509/x_all.c, apps/lib/apps.c, and apps/{ocsp,s_client,s_server}.c Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/10667)
show more ...
|