| #
b893ceef |
| 11-Mar-2024 |
Dr. David von Oheimb |
OSSL_CMP_validate_msg(): fix check such that OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR becomes usable again
Fixes #23706
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-b
OSSL_CMP_validate_msg(): fix check such that OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR becomes usable again
Fixes #23706
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23814)
show more ...
|
| #
b6461792 |
| 20-Mar-2024 |
Richard Levitte |
Copyright year updates
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0)
Reviewed-by: Hugo Lan
Copyright year updates
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24034)
show more ...
|
| #
2464d8dc |
| 10-Jun-2023 |
Dr. David von Oheimb |
cmp_vfy.c/check_msg_all_certs(): remove needless trace output in case 3GPP mode is not enabled
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.
cmp_vfy.c/check_msg_all_certs(): remove needless trace output in case 3GPP mode is not enabled
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19948)
show more ...
|
| #
f21409fa |
| 04-Jan-2023 |
Dr. David von Oheimb |
ossl_cmp_msg_check_update(): improve diagnostics of checking expected sender name
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Revi
ossl_cmp_msg_check_update(): improve diagnostics of checking expected sender name
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19948)
show more ...
|
| #
1caaf073 |
| 19-Dec-2022 |
Dr. David von Oheimb |
CMP app and doc: add -no_cache_extracerts option / OSSL_CMP_OPT_NO_CACHE_EXTRACERTS
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Re
CMP app and doc: add -no_cache_extracerts option / OSSL_CMP_OPT_NO_CACHE_EXTRACERTS
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19948)
show more ...
|
| #
bedffe17 |
| 28-Apr-2023 |
Dr. David von Oheimb |
crypto/cmp/,apps/lib/cmp_mock_srv.c: various improvements on delayed delivery
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed
crypto/cmp/,apps/lib/cmp_mock_srv.c: various improvements on delayed delivery
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20727)
show more ...
|
| #
192bfec4 |
| 13-Mar-2023 |
Rajeev Ranjan |
crypto/cmp/,apps/lib/cmp_mock_srv.c: add delayed delivery for all types of responses
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
R
crypto/cmp/,apps/lib/cmp_mock_srv.c: add delayed delivery for all types of responses
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20727)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha17 |
|
| #
080bd08f |
| 06-May-2021 |
Dr. David von Oheimb |
cmp_vfy.c: Use verification callback if cert_acceptable() finds expired cert
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https
cmp_vfy.c: Use verification callback if cert_acceptable() finds expired cert
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21656)
show more ...
|
| #
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
|
| #
e0f1ec3b |
| 25-Apr-2023 |
Dr. David von Oheimb |
CMP client: fix checking new cert enrolled with oldcert and without private key
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: D
CMP client: fix checking new cert enrolled with oldcert and without private key
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20832)
show more ...
|
| #
ed9c6f36 |
| 01-Feb-2023 |
Dr. David von Oheimb |
CMP check_transactionID_or_nonce(): fix reason code on unmatched recipNonce
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https:
CMP check_transactionID_or_nonce(): fix reason code on unmatched recipNonce
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20190)
show more ...
|
| #
7f7dafe9 |
| 01-Feb-2023 |
Dr. David von Oheimb |
ossl_cmp_msg_check_update(): fix two wrong error return values (-1 instead of 0)
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from h
ossl_cmp_msg_check_update(): fix two wrong error return values (-1 instead of 0)
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20190)
show more ...
|
| #
fc933357 |
| 22-Nov-2022 |
Dr. David von Oheimb |
OSSL_CMP_validate_msg(): make sure to reject protection type mismatch
Do not accept password-based if expected signature-based and no secret is available and
do not accept signature-base
OSSL_CMP_validate_msg(): make sure to reject protection type mismatch
Do not accept password-based if expected signature-based and no secret is available and
do not accept signature-based if expected password-based and no trust anchors available.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19729)
show more ...
|
| #
084d3afd |
| 06-Jul-2021 |
Dr. David von Oheimb |
Compensate for CMP-related TODOs removed by PR #15539
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb
Compensate for CMP-related TODOs removed by PR #15539
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/16006)
show more ...
|
| #
357bfe73 |
| 17-Sep-2022 |
Dr. David von Oheimb |
CMP+CRMF: fix formatting nits in crypto/, include/, and test/
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oh
CMP+CRMF: fix formatting nits in crypto/, include/, and test/
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19230)
show more ...
|
| #
c7340583 |
| 23-Aug-2022 |
FdaSilvaYY |
crypto/*: Fix various typos, repeated words, align some spelling to LDP.
partially revamped from #16712
- fall thru -> fall through
- time stamp -> timestamp
- host name -> hostname
crypto/*: Fix various typos, repeated words, align some spelling to LDP.
partially revamped from #16712
- fall thru -> fall through
- time stamp -> timestamp
- host name -> hostname
- ipv6 -> IPv6
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19059)
show more ...
|
| #
aeadd298 |
| 01-Aug-2022 |
Dr. David von Oheimb |
CMP: fix crash in check_transactionID_or_nonce() on 'actual' being NULL
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David vo
CMP: fix crash in check_transactionID_or_nonce() on 'actual' being NULL
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18929)
show more ...
|
| #
b6fbef11 |
| 14-Dec-2021 |
Dr. David von Oheimb |
Add OSSL_CMP_CTX_get0_validatedSrvCert(), correcting OSSL_CMP_validate_msg()
Also change ossl_cmp_ctx_set0_validatedSrvCert() to ossl_cmp_ctx_set1_validatedSrvCert(),
and add respective
Add OSSL_CMP_CTX_get0_validatedSrvCert(), correcting OSSL_CMP_validate_msg()
Also change ossl_cmp_ctx_set0_validatedSrvCert() to ossl_cmp_ctx_set1_validatedSrvCert(),
and add respective tests as well as the -srvcertout CLI option using the new function.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18656)
show more ...
|
| #
c4ad4e5b |
| 04-May-2022 |
Dr. David von Oheimb |
CMP: introduce version 3, while version 2 stays the default
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@o
CMP: introduce version 3, while version 2 stays the default
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18294)
show more ...
|
| #
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
|
| #
e304aa87 |
| 02-Jan-2022 |
Dimitris Apostolou |
Fix typos
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17392)
|
| #
79b2a2f2 |
| 18-Dec-2021 |
Dr. David von Oheimb |
add OSSL_STACK_OF_X509_free() for commonly used pattern
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17307)
|
| #
e4699711 |
| 09-Dec-2021 |
Dr. David von Oheimb |
ossl_cmp_msg_check_update(): align recipNone check with improved transactionID check
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17251)
|
| #
ecf60b9e |
| 01-Dec-2021 |
x2018 |
remove redundant ERR_raise
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from
remove redundant ERR_raise
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17175)
show more ...
|
| #
318e9799 |
| 01-Dec-2021 |
x2018 |
check the return value of BIO_new() in t_x509.c:471 & cmp_vfy.c:36
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul D
check the return value of BIO_new() in t_x509.c:471 & cmp_vfy.c:36
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17175)
show more ...
|
