#
6a3579e1 |
| 15-May-2024 |
Rajeev Ranjan |
CMP: add support for requesting cert template using genm/genp Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from ht
CMP: add support for requesting cert template using genm/genp Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24409)
show more ...
|
#
40a200f9 |
| 03-Dec-2022 |
Dr. David von Oheimb |
CMP: add support for genm with crlStatusList and genp with crls Introduce the capability to retrieve and update Certificate Revocation Lists (CRLs) in the CMP client, as specified in sec
CMP: add support for genm with crlStatusList and genp with crls Introduce the capability to retrieve and update Certificate Revocation Lists (CRLs) in the CMP client, as specified in section 4.3.4 of RFC 9483. To request a CRL update, the CMP client can send a genm message with the option -infotype crlStatusList. The server will respond with a genp message containing the updated CRL, using the -infoType id-it-crls. The client can then save the CRL in a specified file using the -crlout parameter. Co-authored-by: Rajeev Ranjan <ranjan.rajeev@siemens.com> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23768)
show more ...
|
#
b6461792 |
| 20-Mar-2024 |
Richard Levitte |
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes (cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0) Reviewed-by: Hugo Lan
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes (cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0) Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24034)
show more ...
|
#
1caaf073 |
| 19-Dec-2022 |
Dr. David von Oheimb |
CMP app and doc: add -no_cache_extracerts option / OSSL_CMP_OPT_NO_CACHE_EXTRACERTS Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Re
CMP app and doc: add -no_cache_extracerts option / OSSL_CMP_OPT_NO_CACHE_EXTRACERTS Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19948)
show more ...
|
#
192bfec4 |
| 13-Mar-2023 |
Rajeev Ranjan |
crypto/cmp/,apps/lib/cmp_mock_srv.c: add delayed delivery for all types of responses Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> R
crypto/cmp/,apps/lib/cmp_mock_srv.c: add delayed delivery for all types of responses Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20727)
show more ...
|
#
7c6577ba |
| 13-Jun-2023 |
Dr. David von Oheimb |
CMP lib and app: add optional certProfile request message header and respective -profile option Also add missing getter functionss OSSL_CMP_{CTX,HDR}_get0_geninfo_ITAVs() to CMP API.
CMP lib and app: add optional certProfile request message header and respective -profile option Also add missing getter functionss OSSL_CMP_{CTX,HDR}_get0_geninfo_ITAVs() to CMP API. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21281)
show more ...
|
#
ac0677bd |
| 11-Jun-2023 |
Dr. David von Oheimb |
CMP: fix OSSL_CMP_MSG_http_perform() by adding option OSSL_CMP_OPT_USE_TLS Fixes #21120 Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
CMP: fix OSSL_CMP_MSG_http_perform() by adding option OSSL_CMP_OPT_USE_TLS Fixes #21120 Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21176)
show more ...
|
#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
01b04851 |
| 17-Sep-2022 |
Dr. David von Oheimb |
CMP: add support for genm with rootCaCert and genp with rootCaKeyUpdate Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://gi
CMP: add support for genm with rootCaCert and genp with rootCaKeyUpdate Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21129)
show more ...
|
#
1d32ec20 |
| 11-Apr-2023 |
Rajeev Ranjan |
CMP: support specifying certificate to be revoked via issuer and serial number Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed
CMP: support specifying certificate to be revoked via issuer and serial number Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21116)
show more ...
|
#
3ca28c9e |
| 01-Jun-2023 |
Vladimír Kotal |
allow to disable http Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21108)
|
#
d477484d |
| 03-Dec-2021 |
Dr. David von Oheimb |
CMP: add support for genm/genp messages with id-it-caCerts Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david
CMP: add support for genm/genp messages with id-it-caCerts Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19231)
show more ...
|
#
e0f1ec3b |
| 25-Apr-2023 |
Dr. David von Oheimb |
CMP client: fix checking new cert enrolled with oldcert and without private key Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: D
CMP client: fix checking new cert enrolled with oldcert and without private key Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20832)
show more ...
|
#
25b18e62 |
| 15-Feb-2023 |
Dr. David von Oheimb |
crypto/cmp: fix CertReqId to use in p10cr transactions acc. to RFC 4210 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: David
crypto/cmp: fix CertReqId to use in p10cr transactions acc. to RFC 4210 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20298)
show more ...
|
#
084d3afd |
| 06-Jul-2021 |
Dr. David von Oheimb |
Compensate for CMP-related TODOs removed by PR #15539 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb
Compensate for CMP-related TODOs removed by PR #15539 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/16006)
show more ...
|
#
357bfe73 |
| 17-Sep-2022 |
Dr. David von Oheimb |
CMP+CRMF: fix formatting nits in crypto/, include/, and test/ Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oh
CMP+CRMF: fix formatting nits in crypto/, include/, and test/ Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19230)
show more ...
|
#
1567a821 |
| 23-Aug-2022 |
FdaSilvaYY |
crypto: Fix various typos, repeated words, align some spelling to LDP. partially revamped from #16712 - fall thru -> fall through - time stamp -> timestamp - file name -> filename
crypto: Fix various typos, repeated words, align some spelling to LDP. partially revamped from #16712 - fall thru -> fall through - time stamp -> timestamp - file name -> filename - host name -> hostname Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19059)
show more ...
|
#
b6fbef11 |
| 14-Dec-2021 |
Dr. David von Oheimb |
Add OSSL_CMP_CTX_get0_validatedSrvCert(), correcting OSSL_CMP_validate_msg() Also change ossl_cmp_ctx_set0_validatedSrvCert() to ossl_cmp_ctx_set1_validatedSrvCert(), and add respective
Add OSSL_CMP_CTX_get0_validatedSrvCert(), correcting OSSL_CMP_validate_msg() Also change ossl_cmp_ctx_set0_validatedSrvCert() to ossl_cmp_ctx_set1_validatedSrvCert(), and add respective tests as well as the -srvcertout CLI option using the new function. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18656)
show more ...
|
#
74107c44 |
| 06-Aug-2021 |
Dr. David von Oheimb |
CMP: implement optional hashAlg field of certConf CMPv3 message Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hland
CMP: implement optional hashAlg field of certConf CMPv3 message Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18294)
show more ...
|
#
c4ad4e5b |
| 04-May-2022 |
Dr. David von Oheimb |
CMP: introduce version 3, while version 2 stays the default Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@o
CMP: introduce version 3, while version 2 stays the default Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18294)
show more ...
|
#
95f8c1e1 |
| 18-Aug-2021 |
Matt Caswell |
Fix CMP code to not assume NUL terminated strings ASN.1 strings may not be NUL terminated. Don't assume they are. CVE-2021-3712 Reviewed-by: Viktor Dukhovni <viktor@openssl
Fix CMP code to not assume NUL terminated strings ASN.1 strings may not be NUL terminated. Don't assume they are. CVE-2021-3712 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David Benjamin <davidben@google.com>
show more ...
|
#
7df56ada |
| 16-Jun-2021 |
Dr. David von Oheimb |
CMP: Add missing getter functions to CRMF API and CMP API Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.
CMP: Add missing getter functions to CRMF API and CMP API Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15790)
show more ...
|
#
991519ae |
| 23-Jun-2021 |
Dr. David von Oheimb |
CMP: Improve reporting of error codes and related strings via 'error' msg Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15879)
|
#
7b3990e3 |
| 23-Jun-2021 |
Dr. David von Oheimb |
CMP: Clean up internal message creation API and its documentation Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15879)
|
#
c6313780 |
| 26-May-2021 |
Matt Caswell |
Use the new ASN.1 libctx aware capabilities in CMP Make sure we pass the libctx/propq around everywhere that we need it to ensure we get provider keys when needed. Reviewed-by:
Use the new ASN.1 libctx aware capabilities in CMP Make sure we pass the libctx/propq around everywhere that we need it to ensure we get provider keys when needed. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15591)
show more ...
|